RouterOS 7.8 [stable] について

この記事は約18分で読めます。

はじめに

これについての記事もサボっていました。

RouterOS 7.8が2月下旬に公開になっていました。7.7が1月中旬なので大体一ヶ月間隔になるでしょうか。なので更新内容も多めとなります。

更新一覧

このバージョンでは、以下のような新機能や改善が行われています。

What’s new in 7.8 (2023-Feb-24 11:03):

!) storage – added new “rose-storage” package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp – fixed setting of “default-prepend” parameter;
*) bridge – fixed adding disabled MSTI;
*) bridge – fixed DHCP packet flow when using DHCP snooping, HW offloading and “use-ip-firewall”;
*) bridge – fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge – fixed PVID warning typo;
*) bridge – improved HW offloading logic;
*) certificate – fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate – fixed PBES2 certificate import;
*) certificate – improved certificate management, signing and storing processes;
*) certificate – improved multiple certificate import process;
*) conntrack – improved system stability when changing connection tracking state;
*) conntrack – improved system stability when PPTP helper is used;
*) console – added “as-string” parameter to the “:execute” command;
*) container – added authentication option for registry (CLI only);
*) container – fixed “.type” file ownership;
*) container – fixed file ownership after system upgrade for containers running on internal disk;
*) container – fixed multiple container automatic startup on boot;
*) dhcpv4-client – send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk – limit maximum TMPFS size;
*) dns – added configurable DoH concurrent query limitation parameters;
*) dns – do not cache results from “:resolve” command with specific server;
*) dns – fixed CNAME reading from the cache;
*) dns – limited “DoH max concurrent queries reached” logging messages to once per minute;
*) dns – respond with “NOERROR” to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall – fixed bridge priority target;
*) firewall – fixed DSCP priority target for IPv6 Mangle;
*) firewall – fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing – fixed hiding of target queues when “allow-target” is disabled;
*) graphing – fixed sorting of interface and queue graphs;
*) graphing – properly handle disabled and static-binding interface graphs;
*) graphing – removed “move” command for graphing rules;
*) health – fixed “temperature” and “power-consumption” readings for RB1100AHx4;
*) hotspot – fixed setting of “address” parameter for IP binding;
*) hotspot – restore cookie timeout on reboot;
*) ike2 – added support for “address”, “key-id” and “dn” for Remote ID matching (CLI only);
*) ike2 – fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec – added support for “Framed-Route” RADIUS attribute support;
*) ipsec – do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec – fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 – added “pref64” option configuration for RA;
*) ipv6 – improved handling of “advertise” IPv6 address status changes;
*) ipv6 – limited “hop-limit” parameter value range to 255;
*) ipv6 – made distributed DNS lifetime RFC8106 compliant;
*) l3hw – added destination MAC address check for offloaded FastTrack connections;
*) led – fixed signal reading for KNOT device;
*) leds – always require to set interface name when setting “modem-signal” indication;
*) lte – added AT support for Telit LE910C4 in MBIM mode;
*) lte – fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte – fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte – fixed dialing for Fibocom L850-GL module;
*) lte – fixed displaying of “subscriber-number”;
*) lte – fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte – improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte – improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte – improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte – LtAP improved modem detection in lower mini-PCie slot (“/system routerboard upgrade” required);
*) lte – parse USSD even if encoding is unsupported;
*) mpls – fixed handling of more than 9 VRF’s;
*) mpls – fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls – improved stability when neighboring router reboots;
*) ospf – fixed “ospf-type” parameter for OSPFv3 routes;
*) ospf – fixed simple auth for OSPFv3;
*) ovpn – added AES-GCM and multicore encryption support;
*) ovpn – improved server stability;
*) ovpn – improved TLS-related error logging;
*) pimsm – improved system stability;
*) poe – added LLDP power management support for 802.3at PSE;
*) poe – properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port – fixed modem channel number on KNOT;
*) pppoe – fixed PPPoE client scan showing only one server;
*) resource – show filesystem related statistics on CCR2004;
*) route – fixed IPv6 default route presence when received from RA;
*) route – fixed printing of routing table’s “count-only” parameter;
*) route – show hoplimit and MTU properties under the “/routing route” menu for SLAAC routes;
*) routerboot – fixed format storage for RBM33G device (“/system routerboard upgrade” required);
*) routerboot – fixed protected routerboot for RBM33G device (“/system routerboard upgrade” required);
*) sfp – fixed false link detection with S+RJ10 on RB5009;
*) sfp – fixed reading of SFP EEPROM on single SFP port devices;
*) sfp – improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms – improved reporting of SMS sending errors;
*) sms – log USSD response when USSD is sent over MBIM;
*) sniffer – added additional filtering parameters;
*) snmp – do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp – fixed handling of disabled routes;
*) snmp – fixed reporting of total number of routes counter;
*) ssh – hard-coded “localhost” address for forwarding requests;
*) ssh – improved system stability when processing none-crypto SSH connection;
*) sstp – fixed TLS session establishment when “connect-to” is DNS name;
*) switch – fixed SFP rate select for CRS354 devices;
*) switch – improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch – improved system stability for 98DXxxxx switch chips;
*) swos – removed “/system swos” menu for CRS5xx series switches;
*) torch – allow “without-paging” parameter for Torch;
*) traffic-generator – increased maximum allowed stream count;
*) upgrade – show error message when license prohibits upgrade;
*) usb – changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan – added “dont-fragment” setting that allows managing fragmentation;
*) vxlan – added “max-fdb-size” parameter;
*) vxlan – added FastPath support;
*) webfig – allow setting numeric values in time interval fields;
*) webfig – fixed accessing of WebFig when “Interface” menu is disabled by skin;
*) webfig – fixed editing of multi-field parameters with “not” checkbox;
*) webfig – fixed handling of empty skin files;
*) webfig – improved navigation responsiveness;
*) webfig – improved skin file parsing;
*) webfig – improved terminal operation;
*) webfig – properly escape all reserved URI characters;
*) webfig – updated WebFig and graph web pages to HTML5;
*) wifiwave2 – added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 – adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 – enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 – fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 – fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 – implement 802.11w management protection SA Query procedures;
*) wifiwave2 – improve protections from denial-of-service attacks on WPA3;
*) winbox – added “Connect” button under “WifiWave2/Scan” menu;
*) winbox – added “Disable/Enable” buttons under “WifiWave2” menu;
*) winbox – added “Match Subdomain” parameter under “IP/DNS/Static” menu;
*) winbox – added “Provision” button under “WifiWave2” menu;
*) winbox – added “Start On Boot” checkbox under “Container” menu;
*) winbox – added “Tx Rate” and “Rx Rate” columns under “WifiWave2/Registration” menu;
*) winbox – added missing properties when setting “Use DoH Server”;
*) winbox – added missing WifiWave2 related parameters under “WifiWave2” menu;
*) winbox – added support for manual RAM file system (TMPFS) creation under “System/Disk” menu;
*) winbox – added Type “https-get” parameter under “Tools/Netwatch” menu;
*) winbox – allow selecting bridge for static entries under “Bridge/MDB” menu;
*) winbox – fixed displaying of “Default Prepend” value under “Routing/BGP/Sessions” menu;
*) winbox – fixed displaying of “Tx/Rx CCQ” values under “Wireless/Registration” menu;
*) winbox – fixed displaying of flags under “System/Console” menu;
*) winbox – fixed displaying of multiple character flags;
*) winbox – fixed usage of IPv6 family addresses under “IP/Web Proxy/Access” menu;
*) winbox – hide “TTL” value for static DNS entries with FWD type;
*) winbox – hide unnecessary properties for virtual interfaces under “WifiWave2” menu;
*) winbox – improved mouseover hint for “local” policy under “System/Users/Groups” menu;
*) winbox – rename “Multicast Router” monitoring property to “Is Multicast Router” under “Bridge” menu;
*) winbox – show “Gateway” column by default under “IPv6/Routes” menu;
*) x86 – added support for TP-Link TG-3468;
*) x86 – fixed SR-IOV support for Intel X710 series NIC;
*) x86 – improved Intel 500 series 10G SFP module support;
*) x86 – improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier – fixed routes after VRF change;

その他

現在、betaが公開された7.9系列では引き続きSFPの安定性の向上、switchに動作安定性の向上、LTEやwifiwave2の機能改善が進められているようです。

タイトルとURLをコピーしました