resources:resources_keros_fw_3.3.3
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
resources:resources_keros_fw_3.3.3 [2018/08/14 15:17] 127.0.0.1 external edit |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Wirnet™ iBTS firmware 3.3.3 (March 2018) ====== | ||
| - | |||
| - | ===== Change from 3.1.16 ===== | ||
| - | |||
| - | ==== New features ==== | ||
| - | |||
| - | * [Radio] Add Boot Noise Measurment at board startup. | ||
| - | * [Hardware] Add support for CPU thermal sensors. | ||
| - | * [Network] Add script to get modem information | ||
| - | * [Network] Add two network monitoring systems | ||
| - | * [Network] Add network tools into the firmware: ''ip'' and ''ss'' from iproute2. | ||
| - | |||
| - | ====Evolutions==== | ||
| - | |||
| - | * [Upgrade] Improved error handling during upgrades. | ||
| - | * [Upgrade] Re-installation of a package now possible. | ||
| - | * [Network] Allow modification of connman connectivity check URL. | ||
| - | * [Firewall] ICMP incoming traffic is now accepted by default. | ||
| - | * [Firewall] The same firewall rules as IPV4 are applied to IPV6. | ||
| - | * [Firewall] Firewall rules are now in user-editable files. | ||
| - | * [System] Add remote syslog functionnality. | ||
| - | |||
| - | ====Release corrections==== | ||
| - | |||
| - | * [Firewall] No more delay for pings when activating/deactivating the firewall. | ||
| - | * [Firewall] Firewall will now reject packet instead of dropping them. | ||
| - | * [Network] Fix error message when there is no SIM into the GSM module. | ||
| - | * [Network] Fix OpenVPN TLS client error when run with option. | ||
| - | * [Network] Fix certificate issue while setting up a VPN. | ||
| - | * [Network] Board will not get stuck while upgrading with an openvpn package. | ||
| - | * [Network] Connman now detect cellular roaming services correctly and can auto connect to this services. | ||
| - | * [GPS] Command restart for kgpsd is now working properly. | ||
| - | * [System] Fix option -l on store-config tool. | ||
| - | * [System] Syslog trace will no longer be truncated if they are longer than 230 characters. | ||
| - | * [System] Display all frontends information in ''/tmp/board_info.json'' | ||
| - | * [System] Correct cases of wrong value of ''loraboard_type'' in ''/tmp/board_info.json''. | ||
| - | |||
| - | ==== Restrictions ==== | ||
| - | |||
| - | * [Network] No hardware modems reboot on Dual WAN module with networkmonitoring.py | ||
| - | * [Network] ifupdown should handle IPv4 configuration | ||
| - | * [System] Rarely, ''/tmp/board_info.json'' is not created at boot | ||
| - | * [LoRa] Some stability issue on radio scanning fonctionnality | ||
| - | ==== Important firewall change ==== | ||
| - | |||
| - | This release removes the automatic acceptance of incoming packets which are analyzed by the kernel as belonging to the same (or some related) flow. This “stateful” behavior was provided by the “state” module (subset of “conntrack”), and must now be explicitly specified in your firewall rules if you specifically want it. Be aware that stateful filtering can cause hard-to-debug behaviors for network services. For your information, the removed rule was: \\ | ||
| - | |||
| - | <code> | ||
| - | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
| - | </code> | ||
| - | |||
| - | Note also that all ICMP incoming traffic is now accepted, and all outgoing traffic for any protocol is also accepted by default. These rules also apply for IPv6, which now benefits from the same filtering rules as IPv4. \\ | ||
| - | |||
| - | Also, note that the firewall now has rejection rules at the end of the INPUT and OUTPUT chains, to properly disallow non-matching trafic. This implies that new rules 'appendend to the chain' will never be matched; if you want to add new rules, either make sure to add them to a file in /etc/firewall.d/, or **if you add them in your application, 'prepend' them to the chain by using “-I” (insert) instead of “-A” (append)**. | ||
| - | |||
| - | If some rules were already applied on your gateway (example: packet forwarder firewall rules), make sure that the rules are correctly saved in a file under the ''/user/rootfs_rw/etc/firewall.d'' directory before doing the upgrade. The procedure to save firewall rules, on firmware version v3.1.x, is described is the [[wiki:firewall#firmware_version_v31x1|dedicated section]]. | ||
| - | |||
| - | ==== System configuration files modification ==== | ||
| - | |||
| - | <note important>Only for upgrade with a KerOS IPK (not liveburner)</note> | ||
| - | |||
| - | If a system configuration file (for example fileX) has been customized in version N, it will be kept in version N+1. In addition a new file named fileX.opkg is created during the upgrade. | ||
| - | |||
| - | Some of the system configuration files have changed from 3.1.16 to 3.3.3. Those files are: | ||
| - | * ''/user/rootfs_rw/etc/network/connman/main.conf'' | ||
| - | * ''/user/rootfs_rw/etc/syslog.conf.busybox'' | ||
| - | |||
| - | If one of those 2 configuration files has been customized in previous version. After the upgarde you will have to manually merge the fileX and filesX.opkg files to get a full working version. | ||
| - | |||
| - | To know if you must merge configuration files consult the upgrade result file ''/.update/update.log''. | ||
| - | |||
| - | ++++ Example: | | ||
| - | |||
| - | * Check the upgrade result: | ||
| - | |||
| - | <code> | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat /.update/update.log | ||
| - | Installing spf2 (5.1.0-klk2_5.1.0-klk1) on root. | ||
| - | Configuring spf2. | ||
| - | 2018.02.19-13:39:08 -- Update from spf2_5.1.0-klk2_5.1.0-klk1_klk_lpbs.ipk: OK | ||
| - | Backuping spf2.ipk... | ||
| - | -> Updating u-boot ... | ||
| - | Upgrading keros from 3.1.16-0-gfd3610aa to 3.3.3-0-g6e100f4f on root. | ||
| - | Removing obsolete file /user/rootfs_rw/etc/monit.d/netctl. | ||
| - | Not deleting modified conffile /user/rootfs_rw/etc/monit.d/netctl. | ||
| - | Existing conffile /user/rootfs_rw/etc/network/connman/main.conf is different from the conffile in the new package. The new conffile will be placed at /user/rootfs_rw/etc/network/connman/main.conf-opkg. | ||
| - | Existing conffile /user/rootfs_rw/etc/syslog.conf.busybox is different from the conffile in the new package. The new conffile will be placed at /user/rootfs_rw/etc/syslog.conf.busybox-opkg. | ||
| - | Existing conffile /user/rootfs_rw/etc/shadow is different from the conffile in the new package. The new conffile will be placed at /user/rootfs_rw/etc/shadow-opkg. | ||
| - | Configuring keros. | ||
| - | 2018.02.19-13:45:45 -- Update from keros_3.3.3_klk-lpbs.ipk: OK | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # | ||
| - | </code> | ||
| - | |||
| - | The report indicates that there is conflicted files for ''syslog.conf.busybox'' and ''connman/main.conf''. | ||
| - | |||
| - | * Check modifications between conflicted files | ||
| - | |||
| - | <code> | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat /user/rootfs_rw/etc/syslog.conf.busybox | ||
| - | # /etc/syslog.conf Configuration file for busybox's syslogd utility | ||
| - | # | ||
| - | cron.* /var/log/cron.log | ||
| - | local0.* /user/snmp/traces/snmp.log | ||
| - | local1.* /user/spf2/var/log/spf2.log | ||
| - | </code> | ||
| - | |||
| - | <code> | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat /user/rootfs_rw/etc/syslog.conf.busybox-opkg | ||
| - | # /etc/syslog.conf Configuration file for busybox's syslogd utility | ||
| - | # | ||
| - | cron.* /var/log/cron.log | ||
| - | local0.* /user/snmp/traces/snmp.log | ||
| - | local2.* /var/log/networkmonitoring.log | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # | ||
| - | </code> | ||
| - | |||
| - | |||
| - | * Merge the files | ||
| - | |||
| - | <code> | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # echo "local2.* /var/log/networkmonitoring.log" >> syslog.conf.busybox | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc # cat syslog.conf.busybox | ||
| - | # /etc/syslog.conf Configuration file for busybox's syslogd utility | ||
| - | # | ||
| - | cron.* /var/log/cron.log | ||
| - | local0.* /user/snmp/traces/snmp.log | ||
| - | local1.* /user/spf2/var/log/spf2.log | ||
| - | local2.* /var/log/networkmonitoring.log | ||
| - | </code> | ||
| - | |||
| - | * Follow the same process and merge the ''connman/main.conf'' file | ||
| - | |||
| - | <code> | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc/network/connman # ll | ||
| - | drwxr-xr-x 3 root root 4.0K Feb 19 13:45 . | ||
| - | drwxr-xr-x 6 root root 4.0K Feb 19 13:45 .. | ||
| - | drwx------ 2 root root 4.0K Feb 19 15:04 ethernet_7076ff0101d0_cable | ||
| - | -rw-rw---- 1 root www-data 105 Jan 25 17:12 lan.config | ||
| - | -rw-r--r-- 1 root root 4.3K Feb 19 13:35 main.conf | ||
| - | -rw-r--r-- 1 root root 6.5K Jan 25 17:12 main.conf-opkg | ||
| - | -rw-r--r-- 1 root root 182 Jan 25 17:12 settings | ||
| - | -rw-rw---- 1 root www-data 147 Jan 25 17:12 wlan.config | ||
| - | root@klk-lpbs-04018B:/user/rootfs_rw/etc/network/connman # | ||
| - | </code> | ||
| - | |||
| - | ++++ | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ===== Firmware ===== | ||
| - | |||
| - | ====Compatibility==== | ||
| - | |||
| - | ===Hardware=== | ||
| - | |||
| - | * Fully compatible with Wirnet™ iBTS ATc03 architecture and above. | ||
| - | * Partially compatible with Wirnet™ iBTS ATa01 and ATb02 architecture (issue with reset Button). | ||
| - | |||
| - | ===Software=== | ||
| - | |||
| - | * Compatible with Wirnet™ iBTS products with Kerlink Production fuses or without any fuses flashed. | ||
| - | * Simple update (keros.ipk) incompatible with 1.x or 2.x firmwares → Use of liveburner packages is MANDATORY | ||
| - | * ProvenCore firmware and utilities (uploader) changed as of v3.1.0, and files to be uploaded to the ProvenCore have to be processed by “pnrcipher” before uploading. | ||
| - | |||
| - | ==== Download ==== | ||
| - | |||
| - | <note important> | ||
| - | __KerOS:__ Basic Firmware for Wirnet™ iBTS | ||
| - | * Does not reset the password | ||
| - | * Does not erase the user partition | ||
| - | * Does not update the stock restore version | ||
| - | * Create ''-opkg'' files if a configuration file has been previously modify. [[resources:resources_keros_fw_3.3.3#system_configuration_files_modification|More information here]] | ||
| - | |||
| - | __Liveburner:__ | ||
| - | * Update stock restore version with FW 3.3.3. | ||
| - | * Reset the default password on your gateway. | ||
| - | * Erase the whole partition to reinstall the firmware. | ||
| - | </note> | ||
| - | |||
| - | KerOS IPK : {{ :resources:keros_3.3.3_klk-lpbs.ipk | keros_3.3.3_klk-lpbs.ipk }} md5: ''17bf29777b89ec05f6dfca84a305f830'' \\ | ||
| - | Liveburner IPK : {{ :resources:liveburner_3.3.3_klk-lpbs.ipk | liveburner_3.3.3_klk-lpbs.ipk}} md5: ''c3917b96e9da11aee67e8c754a2029b3'' | ||
| - | |||
| - | <note warning>Due to multiple changes in eMMC layout, 3.x.y and 1.x.y firmwares ARE NOT compatible. liveburner_legacy is the ONLY package able to upgrade from 1.x.y to 3.x.y. | ||
| - | In order to update from 1.x.y firmware, please contact [[support@kerlink.fr ]]. | ||
| - | </note> | ||
resources/resources_keros_fw_3.3.3.1534252626.txt.gz · Last modified: 2019/01/17 10:01 (external edit)
