Feature Summary

Jump to: navigation, search

Treck features added since Release 6.0

  1. Added EAPoL Interface (IEEE 802.1X).
  2. Added the EAP-TLS authentication method for EAP (RFC 5216).
  1. Updates and improvements to the Web Server:
    • Added support for 100 Continue status.
  1. Added Simple Network Time Protocol (SNTP) Version 4.
  2. Added support for IPv6 promiscuous mode TM_6_DEV_OPTIONS_IP_PROMISCUOUS
  3. Speed up SNMP agent trap code processing
  4. Moved SNMP Mib subtrees into a separate 'C' module for easier integration when adding custom MIBs.
  5. Added fix for TCP Vulnerability Note VU#637934
  1. Various bug fixes.
  1. Updates and improvements to SSL/TLS:
    • Added support for TLS 1.2 (including new cipher suites that use SHA-256).
  2. Updates and improvements to TCP:
    • Added TCP Syn flood attack protection using SYN cookies.
  1. Updates and improvements to SSL/TLS:
    • Added support for TLS 1.1.
  2. Updates and improvements to TCP:
    • Added support for TCP New Reno Congestion Algorightm (RFC 6582)
    • Added support for TCP Hybla Congestion Algorithm.
    • Added support for TCP Westwood+ Congestion Algorithm.
    • Added support for TCP PACING
    • Added support for draft-ietf-tcpm-initcwnd (Modified the initial cwnd from 4 segments to 10 segments
    • Added support for TCP RFC 2861: Congestion Window Validation after idle time
  3. Updates and improvements to DHCPv6:
    • Added support for DHCPv6 NTP server option (OPTION_NTP_SERVER) (RFC 5908).
  4. Updates and improvements to [[Programmer's Reference|BSD 4.4 Socket API]:
    • Added support for poll() API (non-blocking mode only)
  1. Updates and improvements to the Web Server:
  2. Updates and improvements to the Web Client:
  1. Updates and improvements to SMTP:
  1. New feature for IKE/IPsec:
    • Add support for an on-demand IPsec policy that allows communication with IPsec and non-IPsec peers based on how the peer initiates (IKE on port 500/4500 vs. some other protocol on any other port). See TM_IPSEC_ONLY_WHEN_REQUIRED.
  1. Added DHCP Server.
  2. Added DHCPv6 Server and Lightweight DHCPv6 Relay Agent.
  1. The Domain Search feature of the DNS Resolver now includes domain suffixes from the following:
  1. Added support for Dynamic DNS Update per RFC 2136.
  1. New DHCPv4 features:
  2. New DNS Resolver feature:
    • Automatically use the DHCP Domain Name and Domain Search options when resolving a partial hostname.
  3. New SSL Client and Server feature:
    • SSL Secure Renegotiation Support. See RFC 5746 for more information.
  1. Added support for IP Multicast Fowarding to the NAT product for partial support of RFC 5135.
  2. Added support for DHCP options longer than 255 bytes (RFC 3396 - Encoding Long Options in DHCP). Use new functions tfNgDhcpSetOption() and tfNgDhcpGetOption() to send and receive long options, respectively. This also includes support for concatenation of any option that appears more than once in a received message.
  1. Added the following enhancements to the Telnet Server:
    The dialog between client and server can now be encrypted.
    The user can run a collection of autonomous Telnet servers on the same Treck context. Different SSL configurations and bindings (port, IP address, IP protocol, interface) can be used for each server.
  1. Enhanced UDP socket lookup for applications that need to support thousands of UDP sockets. This brings UDP in line with TCP for speed in matching incoming packets with application sockets. See compile time macro TM_USE_UDP_LOOKUP_PERF.
  2. New DHCPv4 features:
    1. User can manually configure an IP address and simultaneously send a DHCPINFORM message to obtain the other configuration parameters (e.g. default router, DNS servers).
    2. New functions tfDhcpConfInformRefresh() and tfDhcpUserInformRefresh() to force a refresh of the parameters that were previously obtained via DHCPINFORM.
    3. New functions tfDhcpConfRenewLease() and tfDhcpUserRenewLease() to force lease renewal on an address obtained via DHCP.
  1. New options to allow fast reboot and reuse of IPv6 addresses that were autoconfigured by DHCPv6 or Router Advertisement. See Fast Reboot when using Autoconfigured Addresses.
  2. New DHCPv6 feature: Rapid Commit option.
  1. Added support for adjacent IPsec headers (Outer IP+ESP+AH+Innter IP)
  2. New protocol: Multicast Listener Discovery version 2 (MLDv2) for IPv6 (RFC 3810, RFC 4604 and RFC 3678).
  3. IPv6 Neighbor Discovery: Updated code to support RFC 4861. See compile time macro TM_6_ENABLE_ONLINK_ASSUMPTION.
  4. IPv6: Added support for RFC 4941 (see Privacy Extensions for Stateless Address Autoconfiguration). This allows random, temporary, global scope IPv6 addresses to be generated at regular intervals for each interface for which it is enabled.
  1. The IKE NAT-T Keep Alive timers were modified to remain active even when no IKE SA is present. This allows NAT-T to send keep alive packets with IKE Phase 1 PFS.
  2. The Treck SNMP Agent supports sending encrypted traps.
  3. NETSTAT can now output NAT Trigger information.
  1. The Treck SNMP Agent supports AES CFB encryption.
  2. The Treck SMTP Client supports SSL/TLS (RFC 3207).
  1. tfKernelUnInitialize() was added to the kernel interface. When the user calls tfStopTreck() this user-provided function will be called by Treck to uninitialize the kernel.

Treck Release 6.0 features

  • General
    1. Added ability for the user to stop the Treck stack and free all of its allocated memory.
    2. Added support for the following RFC’s:
      1. RFC 3484: Default Address Selection for Internet Protocol version 6 (IPv6)
      2. RFC 3493: Basic Socket Interface Extensions for IPv6
      3. RFC 4443: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
      4. RFC 4862: IPv6 Stateless Address Autoconfiguration
      5. RFC 5095: Deprecation of Type 0 Routing Headers in IPv6
  • New macros
    1. New macro definition to prevent the stack from writing into user buffers. By default the stack is allowed to write into user buffers that are owned by the stack to improve efficiency, however some environments prohibit write access to this memory from the stack.
    2. New macro definition for 16-bit processors compilation.
  • TCP
    1. Added user notification when the TCP connection transitions to the CLOSED state.
    2. Add ttUserGenericUnion field to the TCP socket to allow user data to be maintained per socket by calling setsockopt() and getsockopt() with option TM_TCP_USER_PARAM.
      1. Define TM_USE_USER_PARAM in trsystem.h to enable this feature.
      2. If TM_USE_DRV_SCAT_RECV and TM_USE_DRV_ONE_SCAT_SEND are also defined, the user’s device driver send and receive functions will also be able to access the user’s TCP socket data in the packet structure.
    3. Implemented the segmentation of the ISN space on a per-host, per-connection basis using MD5 cryptographic hashed secrets, as suggested in the US-CERT VU#498440. Previously the segmentation was done on a per-host, per-connection basis but using a 16-bits random number.
    4. TCP sockets/vectors are now closed when reaching the TIME WAIT state. A smaller time wait TCP vector is allocated then, but only if the total number of allocated TIME WAIT vectors allocated has not reached a configurable maximum.
  • Sockets
    1. Modifications were made to speed socket look-up and random port insertion so that less CPU time is required. As a result of these modifications, Treck is now capable of supporting on the order of 70,000 concurrent sockets.
    2. Added modification to delay inserting a socket in the socket lookup table until either connect/bind to a non zero port for TCP, bind without restriction for UDP, sendto, or listen occurs. This is so a socket is not visible to the outside world when it is not meant to be, and also to avoid having to insert a connecting TCP socket twice (the first time when the socket is opened, and the second time when connect is called.)
    3. The socket lookup table has been split into two separate tables, one for non TCP sockets, and one for TCP sockets. The TCP socket lookup table now uses the 4-tuple as a search criteria (i.e. the local address is included in the search). Prior to this the local address search was done in a separate linked list. This is done to speed up the TCP sockets lookup.
    4. We have conditionally added a hash table for each socket lookup table. The two hash tables can be used either with a doubly linked list per bucket, or a Red Black tree per bucket. Using a doubly linked list, or a Red Black tree per bucket is a compile time decision.
      1. By default the Red Black tree code is not enabled.
      2. By default the hash tables are enabled, and the hash tables' sizes are TM_SOC_INDEX_MAX.
      3. The hash table sizes are configurable at compile time and at run time, but prior to starting the stack.
      4. You can use
        1. two hash tables with a doubly-linked list per bucket (default and recommended),
        2. two hash tables with a red black tree per bucket,
        3. no hash table with a single doubly-linked list per socket lookup table, or
        4. no hash table with a single red black tree per socket lookup table.
    5. We changed tfRandPortInsert() to speed up picking a random local port for a socket. This is important when thousands of TCP connecting sockets are used concurrently.
  • Sockets API
    1. Added support for SO_BINDTODEVICE to getsockopt().
  • Timer
    Changes were made to ease the load of the Timer Execute thread.
    1. Use a separate queue for suspended timers so that the Timer Execute Thread does not have to scan them.
    2. The task of adding and removing a timer is now done by the calling thread, instead of being deferred to the Timer Execute thread.
    3. Conditionally added a timer wheel, and one or more active timer queues with a cache of the next time to scan each queue (On by default with a single active timer queue.) The timer wheel size is configurable at compile time and at run time prior to starting the Treck stack.
  • IPv4
    1. Conditionally allow the user to peek at the data in the user filter call back
  • Web Client
    Note: All web client documentation can be found in the web client document in the pdf directory
    1. Added SSL support
  • Telnet Server
    1. Allow the user to instruct the telnet server to buffer the user data instead of sending it immediately
  • BOOTP/DHCPv4 Client
    1. Allow the user to specify an infinite number of retries when sending the BOOTP/DHCPv4 requests.
  • DHCPv4 Client
    1. Added ability for the user to set the FQDN S bit off, or to set the FQDN N bit on in the DHCP messages sent to the server. (TM_USE_DHCP_FQDN)
    2. Added ability to disable FQDN by specifying new flag, TM_DHCPF_FQDN_DISABLE, to tfDhcpUserSet() or tfDhcpConfSet().
    3. Allow user to select from multiple DHCPOFFER replies received from a DHCP server. Alternative modes of operation include:
      1. Legacy mode. Treck selects the first offer received from any DHCP server. This is the default mode of operation.
      2. User-defined IP address, if available. Wait for an offer containing a pre-defined IP address. If the IP address is not offered within a reasonable length of time, take any other offer.
      3. User-defined IP address exclusively. Wait for a pre-defined IP address and, if is not offered within a reasonable length of time, cancel the DHCP operation on the interface and return a timeout indication.
      4. Full control. The user supplies a callback function that can examine each offer and select the one that is suitable.
  • DHCPv6 Client
    Note: All DHCPv6 documentation can be found in the DHCPv6 document in the pdf directory
    1. Added tf6DhcpUserStop() API
    2. Added tf6DhcpUninitialize() API
    3. Delayed the DHCPv6 negotiation until DAD has completed on the link-local address
  • Crypto Library
    Note: All crypto documentation can be found in the crypto and IPSec documents in the pdf directory
    1. Added support for SHA256
    2. Fixed BasicConstraints and Null-Prefix vulnerabilities. Also added TM_PKI_ROOTCA_IGNORE_BCCRITICAL macro to trsystem.h to allow the user to bypass the check that the BasicConstraints extension is marked as ‘critical’ for root CAs. Note that the BasicConstraints check for the CA flag and for being marked ‘critical’ can both be disabled via the TM_PKI_CERT_NOT_VERIFY macro.
  • DNS Resolver
    1. Patch to address the CERT Vulnerability Note US-CERT VU#800113. Treck now randomizes the source port number and Transaction ID for DNS requests on a per-request basis.
    2. Add hosts table support similar to UNIX hosts file. Allow the user to assign an IPv4 or IPv6 address to a user-defined hostname. Add new tfGetHostByName() and tfGetHostByAddr() (for IPv4 only) that search the host table first before generating a DNS query.
    3. A new option has been added to the tfDnsSetUserOption() API: TM_DNS_OPTION_BINDTODEVICE
    4. Added support for IPv6 MX records
  • IPv6
    1. New API tf6GetAddrLifetimes(). This function retrieves the valid and preferred lifetimes for a given address.
    2. New tfInterfaceSetOptions() option TM_6_DEV_OPTIONS_NO_INIT_DELAY. If this option is non-zero, Treck will not delay before sending a Neighbor Advertisement for the newly configured address. Also, Treck will not send Router Solicitations. This violates the RFC.
    3. Added IPv6 packet filtering capability.
    4. Update ICMPv6 to support RFC 4443 requirements.
      1. New tfInterfaceSetOptions() option TM_6_DEV_OPTIONS_NO_DEST_UNREACH to allow the user to prevent the stack from generating ICMPv6 Destination Unreachable error responses. This does not prevent forwarding of ICMPv6 Destination Unreachable error messages that were generated by some other node.
      2. New tfInitTreckOptions() and tfSetTreckOptions() option TM_6_OPTION_ICMP_TX_ERR_BURST to allow the user to dynamically set the maximum burst of ICMPv6 error packets generated by this node as part of a new send rate limiting method.
      3. New macro TM_6_ICMP_DEF_TX_ERR_LIMIT_BURST that can defined in trsystem.h to set the default value for the maximum burst of ICMPv6 error packets generated by this node.
  • Device
    1. Allow the user to enable/disable IP-level promiscuous mode without closing and re-opening the interface with TM_DEV_OPTIONS_IP_PROMISCUOUS.
    2. Allow the user to enable/disable packet forwarding (reflecting) to the same interface on which the packet was received. Option name: TM_DEV_OPTIONS_FORWARD_REFLECT.
  • PPP
    1. Add support for PPP Callback Control Protocol (CBCP) as described in IETF draft draft-ietf-pppext-callback-cp-02.txt.
  • SNMP
    1. Complete overhaul of the MIB compiler/code generator.

Treck Release 5.0 features

  • General
    1. Added new macros to trsystem.h:
        New macro to allow the user to force the TCP stack to use a smaller TCP IW (according to RFC 2414, RFC 2001 and RFC 2581) even on directly connected networks.
    2. Added new options for tfInterfaceSetOptions():
      1. TM_DEV_OPTIONS_NO_DHCP_RELEASE is used to determine whether a DHCP Release is sent when an interface is closed or DHCP is stopped.
      2. TM_DEV_OPTIONS_BOOT_ARP_RETRIES is used to specify the number of ARP probe retries before configuring a DHCP/BOOTP address.
      3. TM_DEV_OPTIONS_BOOT_ARP_INTVL is used to set the interval, in seconds, between ARP probes if ARP probes are to be sent prior to configuring a DHCP/BOOTP address.
      4. TM_DEV_OPTIONS_BOOT_ARP_TIMEOUT is used to configure the number of seconds to wait after sending the first ARP probe/ARP request before finishing DHCP/BOOTP address configuration.
      5. TM_DEV_OPTIONS_BOOT_PK_HOST_NM allows the user to pick which host name to send to the DHCP server in the DHCP host name option and DHCP FQDN option. 0 means pick user set values (default) 1 means pick server set values.
      6. TM_DEV_OPTIONS_BOOT_PK_DOMAIN_NM allows the user to pick which domain name to send to the DHCP server in the DHCP FQDN option. 0 means pick user set values (default) 1 means pick server set values.
      7. TM_DEV_OPTIONS_FORWARDING is used to dynamically enable or disable IP forwarding.
      8. TM_DEV_OPTIONS_FILTER is used to enable/disable IP filtering, a new feature described below.
      9. TM_DEV_OPTIONS_NO_GRAT_ARP is used to enable/disable transmission of gratuitous ARP’s.
      10. TM_6_DEV_OPTIONS_DHCP_FQDN_FULL is used to request a fully qualified domain name from the DHCPv6 server via FQDN.
      11. TM_6_DEV_OPTIONS_DHCP_FQDN_PART is used to request a partial domain name from the DHCPv6 server via FQDN.
      12. TM_6_DEV_OPTIONS_DHCP_FQDN_S_BIT is used to configure the S bit in the flags field of the FQDN option for DHCPv6.
      13. TM_6_DEV_OPTIONS_DHCP_FQDN_N_BIT is used to configure the N bit in the flags field of the FQDN option for DHCPv6.
      14. TM_6_DEV_OPTIONS_NO_AUTOCONFIG is used to disable IPv6 site-local and global address auto configuration.
    3. Added new API: tfInterfaceGetOptions()
      1. TM_DEV_OPTIONS_FORWARDING: Only option currently supported by this API.
    4. DNS Resolver Enhancements
      1. tfDnsSetOption() has been deprecated by tfDnsSetUserOption().
      2. tfDnsSetUserOption() supports all of options previously supported by tfDnsSetOption().
      3. TM_DNS_OPTION_CACHE_TTL has been added to tfDnsSetUserOption(). It allows the user to configure the TTL of the DNS resolver cache at runtime.
      4. tfDnsGetSrvHost() can now be used to perform SRV queries for the given service and domain.
      5. tfDnsCacheInvalidate() API added allowing user to invalidate the DNS cache.
    5. Added new processor data-cache management features
      1. TM_PACKET_BUF_CACHE_ALIGN can be set to the processor’s data cache line size (in bytes). This will cause all packet buffers to be aligned to a cache line boundary, and be a multiple of the cache line in length.
      2. TM_USE_DCACHE_MANAGEMENT can be defined to allow the stack to manage the processor data cache (i.e., flushing and invalidating) internally. This should remove the need for the user to flush or invalidate the cache in the driver. There are 4 main pieces to this functionality:
        1. tfUseInterfaceCacheInvalFunc(): Allows the user to register a callback function which can be used by the stack to invalidate a buffer in the cache.
        2. tfUseInterfaceCacheFlushFunc(): Allows the user to register a callback function which can be used by the stack to flush a buffer from the cache.
        3. tfGetCacheSafeDrvBuf(): Allocates a cache-safe (i.e., cache invalidated) buffer for use in the interface driver.
        4. Changes to the device buffer pool (i.e., tfPoolXXX functions). These functions will now call allocate cache-safe packet buffers on interfaces configured to use the stack’s cache-management features.
    6. Forwarding Statistics
      1. tfInterfaceGetStats(): Retrieve statistics associated with an interface
        1. TM_INTF_STAT_FORW_INC_PKT: Number of packets received on the specified interface which are forwarded to another interface.
        2. TM_INTF_STAT_FORW_INC_BYTE: Number of bytes received on the specified interface which are forwarded to another interface.
        3. TM_INTF_STAT_FORW_OUT_PKT: Number of packets forwarded to the given interface.
        4. TM_INTF_STAT_FORW_OUT_BYTE: Number of bytes forwarded to the given interface.
    7. Timer Interface Modifications for Power-save Mode of Operation
      Many embedded systems support a power save mode of operation. In this state, the Treck Stack should not be called unnecessarily. However, the original design requires the user to call tfTimerUpdate() every x milliseconds and tfTimerExecute() periodically. We modified the timer interface so that the user only needs to call tfTimerExecute() when needed.
  • Sockets
    1. Added support for SO_REUSEPORT option (if macro TM_USE_REUSEPORT is defined)
      1. UDP: multiple SO_REUSEPORT sockets can bind to the same local IP address, and local UDP port.
      2. TCP: multiple SO_REUSEPORT sockets can share the same local IP address and local TCP port as long as the 4-tuple local IP address, local TCP port, remote IP address, remote TCP port is unique for each connected TCP socket.
    2. Added support to allow multiple matching UDP sockets (which have set the SO_REUSEADDR, or SO_REUSEPORT option) to receive copies of the same multicast/broadcast datagram.
      1. Previously UDP multicast and broadcast datagrams were only received by the best matching socket.
      2. TM_USE_REUSEADDR_LIST needs to be defined to allow multiple sockets with different local IP addresses to share the same local UDP port. Also each socket has to have the SO_REUSEADDR option set.
      3. TM_USE_REUSEPORT needs to be defined to allow multiple sockets with the same local IP address to share the same local UDP port. Also each socket has to have the SO_REUSEPORT option set.
    3. Added IP_RCV_TOS option (getsockopt API only)
    4. Added support for IGMPv3 APIs (see IGMPv3 documentation in the pdf directory)
  • ARP
    1. Added the ability to flush the ARP cache entries.
      1. tfArpFlush() allows the user to flush the IPv4 and/or IPv6 ARP cache entries.
  • IP
    1. Added IP packet filtering capabilities
      1. TM_USE_FILTERING is used to enable IP packet filtering.
      2. tfUserRegisterFilter() is used to register a callback of type ttUserFilterCallback, which contains user-written (custom) IP filtering code.
      3. TM_USE_FILTERING is used to enable IP packet filtering.
      4. tfUserRegisterFilter() is used to register a callback of type ttUserFilterCallback, which contains user-written (custom) IP filtering code.
      5. tfInterfaceSetOptions(): TM_DEV_OPTIONS_FILTER is used to enable/disable the registered callback filter.
    2. Added dynamic enable/disable of Limited Broadcasts
      1. TM_USE_LBCAST_CONFIG enables the user to turn on the dynamic enabling/disabling of Limited Broadcasts.
      2. TM_IP_DEF_LBCAST_ENABLE allows the user to determine whether this feature is enabled or disabled by default.
      3. TM_OPTION_IP_LBCAST_ENABLE is used with tfSetTreckOptions() to enable or disable Limited Broadcasts.
    3. Improved security of IPID field
      1. In the past, the predictability of the IPID field across the whole system made it possible to exploit Treck as part of a network attack. Now, the IPID is saved on the socket, whenever a socket is available. The socket-based IPID will increase by one every time a packet is sent on that socket. For non-socket packets (ping replies, for example), the IPID will be random.
  • ICMP
    1. Added dynamic enable/disable of ICMP Echo Responses
      1. TM_USE_ECHO_CONFIG enables the user to turn on the dynamic enabling/disabling of ICMP Echo Responses.
      2. TM_ICMP_DEF_ECHO_ENABLE allows the user to determine whether this feature is enabled or disabled by default.
      3. TM_OPTION_ICMP_ECHO_ENABLE is used with tfSetTreckOptions() to enable or disable ICMP Echo Responses.
  • IGMP
    1. Added support for IGMPv3. Please see IGMPv3 document in the pdf directory.
  • TCP
    1. Added ability to Pause, Reset, and Resume the TCP Retransmission Timer
      1. TM_USE_TCP_REXMIT_CONTROL enables the user to turn on controls for the TCP Retransmission Timer.
      2. setsockopt() has a new option, TM_TCP_REXMIT_CONTROL, which allows the user to Pause, Resume, and/or Reset the TCP Retransmission Timer.
      3. getsockopt() supports the ability to query the socket to see if the Retransmission Timer is Paused or Running.
  • HTTP Client
    1. Added ability to bind client socket
      1. tfHttpcUserBind() allows users to bind the HTTP client socket to the desired address and port.
  • DHCPv6 Client
    1. Added support for DHCPv6 authentication
    2. Added support for FQDN option
    3. User can now access DHCPv6 server’s IPv6 address, if available
    4. User can now set timeout for Solicit messages
  • IPv6
    1. Added new API, tf6NgAddDefaultGatewayTunnel(), which deprecates tf6AddDefaultGatewayTunnel() and allows the user to specify the source IPV6 address of the tunnel.
    2. Added new API, tf6GetDefaultGateway(), to get the active IPv6 default gateway.
    3. Added new API, tf6UserSendNeighSolicit(), to send an IPv6 Neighbor Discovery solicitation.
    4. tf6Eui48SetInterfaceId() is now a public API. It allows the user to set the interface Id in EUI-64 format, based on the user supplied MAC address.
    5. When configuring a static address, the user can now specify that the static address is temporary, by setting the TM_6_DEV_IP_TEMPORARY flag in the ipv6Flags field of tfNgConfigInterface()/tfNgOpenInterface(), so that the stack will later on use an address of the same scope acquired via DHCPv6 or via a router advertisement as a preferred source address.
    6. A statically configured IPv6 default gateway, will now be automatically replaced by an advertised one, unless the user sets the TM_6_GWY_NOT_TEMPORARY flag when calling tf6AddDefaultGateway()

Treck Release 4.7 features

  • General
    1. Added Strong End System Model support
    2. New APIs for adding and deleting IPv6 Default “Gateways” (Routers)
    3. New API allows the user to specify the remote MAC address, output interface, and remote and local IP addresses when sending a packet.
    4. New API allows the user to get the remote MAC address, input interface, and remote and local IP addresses when receiving a packet.
  • IKE
    1. Added IKE Policy Support
    2. Added NAT-T support
    3. Added DPD support
    4. Added support for IKE as a separate task
  • IPsec
    1. Added support for IPsec as a separate task
    2. IPsec Policy Enhancements
      • Multiple phase 2 proposals
      • Enhanced bundle processing
      • IPsec policy opaque data support
    3. Added IP Compression negotiation support
  • IKE and IPsec
    1. Added IKE and IPsec priority processing
    2. Security Protocol Enhancements
      • Simultaneous re-keying optimizations
      • AES authentication and encryption algorithm support
      • Diffie-Hellman Group 14 support
      • ESP/UDP Encapsulation support with NAT-Translation (NAT-T)
      • 64-bit SA lifetime support
      • 64-bit sequence number support
      • Infinite lifetime support
      • Enhanced logging
    3. Added Security Statistics
      • Statistic information is available for IKE and IPsec.
  • BOOTP and DHCP
    1. Added support for setting and retrieving DHCP and BOOTP options not recognized by Treck
    2. Added support for setting the hostname option with BOOTP
    3. Added API tfFinishConfigInterface()
      • The user can open an interface without configuring an IP address immediately, then, once an IP address has been obtained using AUTO-IP, user BOOTP, or user DHCP, the user can finish the configuration. This is an extension to tfFinishOpenInterface() allowing the user to choose any multihome index.
    4. Added support for switching from BOOTP to DHCP (or vice versa) without having to close the interface
    5. Added BOOTP user interface similar to the DHCP user interface IKE, IPsec and SSL
    6. Asynchronous Crypto Processing
      • The user can block a crypto engine while it is executing and then awaken it when the processing has completed.
  • POP3
    1. Added support for POP3 with SSL
    2. Added support for the POP3 UIDL command

Treck Release 4.5 features

  • New Products/Protocols
    1. Added Universal Plug and Play
    2. Added PPPoE
    3. Added DHCPv6
  • General
    1. Added pre-allocated timers for ARP, Neighbor Discovery, TCP, IPsec, and IKE
    2. Added 802.3 Link Layer support
    3. Added 64-bit compiler support
    4. Updated WinPcap device driver to work with latest version (3.1)
    5. IKE ported to 16-bit platform
    6. Added protection from attacks
      • Now protected from Denial of Service “Land Attack” and TCP SYN flood attack
      • Now protected from length analysis attack
  • PPP
    1. Dialer ported to DSP
  • HTTP Server
    1. New APIs for web server
      • Allow user to set first parameter to the File System Interface.
      • Allow app to tell webserver if URL is CGI or not.
      • Allow app to add new content types for static pages.
      • Allow app to set content type for CGI pages
      • Allow app to retrieve username & password for a connection
      • Allow app access to "Host Name" and "Date and Time" header fields (this functionality all ready exists in the dev path).
      • Change format of header fields given to user to contain field name as well
      • Check problems with server timing out on multiple connections from the same IP address, especially via SSL
      • tfHttpdUserCgiSend/tfHttpdUserSendBuffer never returns TM_EWOULDBLOCK like documentation indicates
      • Added enhancements for UPnP such as low-level APIs, HEAD method support, RANGE and CONNECTION header support, chunked body receiving, etc.
  • FTP
    1. Added FTP over SSL (client only)

Treck Release 4.2 features

  • General
    1. Treck TCP certification using Ixia’s ixANVL test suites
    2. New macro TM_DISABLE_TCP removes TCP code for smaller ROM footprint
    3. New Treck option TM_OPTION_TCP_SOCKETS_MAX
      • Limits the maximum number of TCP sockets, including TCP sockets in the TIME_WAIT state. This option can be used to reduce RAM usage.
    4. New TCP socket option TM_TCP_PEND_ACCEPT_RECV_WND
    5. Using TM_TCP_PEND_ACCEPT_RECV_WND, a user can set a pre-accept TCP receive window size on the TCP listening socket that is smaller than the TCP receive window size of the accepted socket. This socket option can be used to reduce RAM usage.
    6. New Treck RAM file system, enabled using macro TM_USE_RAM_FS
    7. New macro TM_SHEAP_MARK_MEMORY, detects corruption of Treck simple heap
    8. When TM_SHEAP_MARK_MEMORY, TM_ERROR_CHECKING and TM_USE_SHEAP macros are all enabled, special diagnostic code is included that can detect Treck simple heap corruption.
    9. Added support for UDP wild port listener
      • Treck TCP already supported TCP sockets listening on the wild port (TM_WILD_PORT), so that connection to any TCP port can be accepted. Added support for UDP wild port reception, so that a UDP application can receive data for all ports.
  • Secure Sockets Layer (SSL 3.0) and IETF Transport Layer Security (TLS 1.0)
    1. Fully integrated with Treck web server
    2. Extends standard BSD socket APIs: send() and recv() are used with Treck TLS
    3. Both SSL client and SSL server
    4. RSA and ephemeral Diffie-Hellman key exchange method
    5. RSA and DSS signature algorithms
    6. Mutual authentication with certificates
    7. SSL server supports SSL 2.0 client hello handshake, compatible with existing web browsers
    8. DES, 3DES, AES, RC2, and ARCFOUR (compatible with RC4) algorithms
    9. Resumed handshake allows a new connection to avoid the asymmetric key exchange
    10. Supports exportable cipher suites (40-bit encryption), as well as strong encryption
  • DHCP client enhancements:
    1. Added support for client FQDN option, option code 81. To use ASCII encoding with the FQDN option (for compatibility with legacy DHCP servers), specify the flag TM_DHCPF_FQDN_ASCII, otherwise binary encoding is used. Note that ASCII encoding is deprecated in the IETF draft.
    2. Added support for WINS server (NetBIOS Name Server) option, option code 44
    3. Added support for host name option, option code 12
    4. Added support to send all options in lease renewal request
  • Additional device drivers and ports
    1. Port to DSP-BIOS RTOS
    2. Port to Quadros RTXC RTOS
    3. Device driver for TI DM642 (TI C6x DSP) EMAC
    4. Device drivers for Motorola ColdFire FECs: MCF5282, MCF5485
    5. Device driver for Intel 80314 Gigabit Ethernet EMAC
    6. PowerPC optimized assembly checksum and critical sections for GNU compiler
  • Fixed compiler warnings for various “C” embedded cross-compilers
    1. MetaWare compiler for 80386 protected mode, PowerPC, ARM, Thumb, MIPS
    2. ARM Ltd. ADS compiler for ARM, Thumb
    3. ARM Ltd. Realview compiler for ARM, Thumb
    4. Diab-SDS compiler for PowerPC, ColdFire, 68000
    5. TASKING compiler for 68000
    6. Mentor Compiler for 68000
    7. Metrowerks CodeWarrior for PowerPC, ColdFire, 68000
    8. Paradigm compiler for 80386 protected mode, x86 real mode, VAutomation 24-bit real mode
  • Added support for IEEE 802.3 Ethernet
    1. Treck TCP already supported Ethernet II (Ethernet version 2, also known as DIX Ethernet). We have added new link-layer that supports both Ethernet II and IEEE 802.3, which is enabled by calling the new public API tfUseE8023().
  • HTTP Server
    1. Added Treck web server support for customer-defined SSI (Server Side Includes) tags
      • Customer-defined SSI tags are embedded by the user in their static HTML pages, and then are replaced with dynamic HTML by the user’s registered SSI handler at run-time.
    2. Added Treck web server support for Treck generic file system interface
      • Initially, Treck web server only supported Treck ROM FS. Now, Treck web server supports Treck ROM FS, RAM FS, DOS FS, etc. through the Treck generic file system interface.
  • Cryptography
    1. Authentication and encryption algorithms moved to new “cryptlib” subdirectory

Treck Release 4.1 features

  • General
    1. Dual stack support for IPv6:
      • Stack can be configured at compile-time as an IPv4-only stack, IPv6-only stack, or dual (IPv4 + IPv6) stack
      • Full compliance with TAHI IPv6 conformance test suites including IPv6 Neighbor Discovery, IPv6 Path MTU Discovery, IPv6 Stateless Address Auto-Configuration (Prefix Discovery), IPv6 Robustness, IPv6 Specification, IPv6+IPsec
      • Mobile IPv6 mobile node and correspondent node (fully compliant with latest draft RFCs) with Intersil Prism 2.5 WiFi device driver
      • Dual stack applications support both IPv4 and IPv6 (DNS Resolver, FTP, TFTP, Telnet, SNMP Agent, Ping, Web Server, SMTP and POP3 clients)
      • IPv6 support for Ethernet and PPP link-layers
    2. WAP2.0 enhancements for Wireless TCP, including FACK (Forward Acknowledgement)
    3. IPsec and IKE fully integrated with dual stack:
      • PFS (Perfect Forward Secrecy)
      • AH and ESP in either transport mode or tunnel mode
      • SA bundles (AH+ESP)
      • all mandatory authentication and encryption algorithms; additional optional algorithms such as AES, Blowfish, Twofish, Cast
      • generic interface to IPsec hardware acceleration, with support for Hifn 7951 security chipset
    4. Win32 and Linux preemptive OS ports for prototyping purposes (runs at application level, not kernel level)
    5. Automated test suite
    6. Network Statistic APIs (NETSTAT) providing application access to and presentation formatting of:
      • Device table information
      • UDP socket table information
      • TCP socket table information
      • ARP table information
      • Routing table information
      • Mobile IPv6 correspondent node binding information
    7. PPP MS-CHAP
    8. SNMP Agent enhancements:
      • new improved MIB compiler based on industry-standard “libsmi”
      • support for 16-bit and 8-bit OIDs
      • ported to also run on 16-bit microprocessors
      • support for SNMPv3 community MIB
      • support for IPv6
    9. FTP client enhancement to support passive mode for both IPv4 and IPv6 (FTP server already supported it)
    10. DNS Resolver enhancement to support returning multiple IP addresses for a specified domain name
    11. Enhanced support for HTTP web server, POP3 and SMTP clients
    12. TCP/UDP hardware acceleration (checksum offload, TCP segmentation offload)
    13. DHCP enhancements:
      • New API to allow the user to set the DHCP initial state to either INIT or INITREBOOT prior to configuration
      • New API to allow the user to request a preferred IP address prior to configuration
      • New API to allow the user to set its own DHCP client ID option, or to suppress sending a DHCP client ID option prior to configuration
    14. Turbo Treck Simple Heap enhancements, to prevent heap fragmentation as well as to support multiple memory pages for targets that have a memory segment length restriction (for example, 16-bit microprocessor with a 64K-byte memory page limitation).
    15. Turbo Treck dynamic memory enhancement to automatically flush all internal and recycled queues when memory allocation fails, to make more memory available for allocation.
    16. Additional device drivers and ports, including Intel XScale with Gigabit Ethernet 82544, Hitachi S8/7616 and H8/2674R, Intersil PRISM 2.5 WiFi device driver, CMX RTOS, Infineon C161P, SMSC LAN91C113I, etc.
    17. Socket options for multicast group join/leave are now compliant with BSD IGMP and MLD (IPv6 Multicast Listener Discovery) have been modified to implement socket join/leave reference counting, and also to auto-leave all multicast groups joined on a specific socket when that socket is closed. Refer to bug ID 895. Please note that previous IGMP functionality of leaving all IGMP multicast groups when the device is closed has been removed to make it consistent with IPv6 MLD.

Treck Release 4.0 features

  • General
    1. Timer redesign which minimizes tfTimerExecute latency, and can improve performance of applications that use many TCP sockets.
    2. ATM virtual channel support.
    3. New features to prevent packet loss when ARP entries age.
    4. Configurable packet trailer.
    5. Optimized assembly checksum routines for the ARM7 and PowerPC processors with Green Hills compiler.
    6. Preconfigured support for ThreadX and the Green Hills tools on an ARM7 platform.
    7. Support for the TI C5000 and C6000 DSP's.
    8. New API to easily support multiple Ethernet interfaces using a single device driver.
    9. Ability to add a multicast route associating a specific multicast destination IP address with a specific outgoing interface.
    10. TM_TCP_PACKET socket option: force TCP to respect packet boundaries and behave as a message oriented protocol.
    11. Ability to be notified when a packet cannot be forwarded.
    12. Jumbo frame support for Ethernet frames using tfSetIfMtu() API.
  • Socket
    1. SO_REUSEADDR socket option: support for multiple sockets to be able to bind to the same port with different IP addresses.
    2. Multi-instance IP allows for the execution of multiple instances of the Treck stack in the same embedded system application.
    3. Raw socket support.
    4. Support for sending IP or UDP datagrams directly from a user's scattered buffers.
    5. Capability of setting the Type-Of-Service field in an IPv4 packet which is sent on a socket.
  • PPP
    1. PPP LQM (link quality monitoring).
  • TCP
    1. Support for RFC 2414 - "Increasing TCP's Initial Window".
    2. Full duplex TCP close.
    1. Configurable DHCP/BOOTP timeouts and retries.
  • Quality
    1. ANVL (Automated Network Validation Library) testing of Version 3.0 release, confirming 100% RFC compliance.
    2. Completely PC-Linted source code.
    3. Confirmed testing for performance benchmarking, APIs and interoperability.