Contact Us

Release 2016a

(1) For users of systems having 10 Gbps interfaces, the GUI for the rate limiter impairment was updated to allow setting rates of up to 4 Gbps.

(2) The following changes were made that affect TCP/IP protocol testing:

(2.1) The TCP/IP test plugin was truncating some 802.2 packets coming into the maxtap interface. This was not affecting any tests, but was disconcerting to see the malformed packet errors appear on Wireshark.
(2.2) There was a bug in the way the echoserver.c program was handling UDP receive errors. This would not cause any problems itself, but potentially useful debug info was being lost for users who ad ported the program to their DUT.
(2.3) A quicker way to select all the tests in a protocol or group for inclusion or exclusion from "Run All" requests has been added to the GUI. Simply right-click on the protocol name (e.g. IPv6) or subgroup (e.g. Datagram) in the "Impairments or Tests to Run" tree selection panel. A dialog window will pop-up and allow you to choose whether to include or exclude all the tests in that protocol or group.

(3) TLS protocol tests: in some cases if a DUT sent the expected response but failed to close its socket connection and also did not send a close notify alert, the connection was considered "timed out" and the grader would report "Fewer bytes than expected." This was an incorrect and misleading error message. It has been changed to a message saying "All data received but timed out waiting for DUT to close its end."

Release 2015c

(1) The maximum value that can be entered into the the Buffer Count field in the Edit Scenario dialog has been increased from 128k to 16M. The actual number of buffers allocated will be silently truncated if the packet buffer size times the number of packet buffers exceeds 2G bytes of space.

(2) The following changes were made to the TCP/IP tests:

(2.1) The naming convention for the PCAP file names generated by the system has been modified so that a unique number is now used in place of the flow number.
(2.2) When multiple runs had been made on the same test with the same traffic source without any clearing of results, clicking on the PCAP button for that test's traffic source would cause a Wireshark to be launched for each run (and incorrectly display the same packet capture on each.) The PCAP button will now just display one instance of Wireshark using only the capture from the last run.
(2.3) In the rare case where tests TCP.Connected.037 - 039, TCP.Setup.027, and TCP.Setup.030 saw no RTO window groups, the grader for those tests would perform a divide by zero and crash the test engine. This has been corrected.

Release 2015b

(1) A "--whitelist" command line argument was added to the stdiserver program. When a series of IP addresses or subnets follows it then the only clients from one of the addresses or subnets will be allowed to connect to the Remote API control port.

(2) ICMPv4 and ICMPv6 error messages that contained TCP or UDP headers, such as those for destination unreachable, were getting assigned to flows that were set to match TCP or UDP header fields. In other words the flow classification was treating the TCP and UDP headers inside the ICMP messages as if they were tunneled inside ICMP rather than data. This is not correct behavior and has been corrected.

(3) The following changes were made to the TCP/IP tests:

(3.1) Two bugs were fixed that were introduced some time ago. They caused problems with some tests that delayed outgoing packets and would generate failing grades on legal dialogs. The following tests were affected by the bugs:
TCP.Setup.027 Verify Jacobson Slow Start algorithm.
TCP.Setup.033 Verify SYN-RCVD state remembers last state....
TCP.Connected.016 Change the window size to 0.
TCP.Connected.035 Verify that zero offered windows get probed.
TCP.Connected.036 Verify zero window probe occurs with....
TCP.Connected.037 Verify Jacobson Congestion-Avoidance algorithm.
TCP.Connected.038 Verify Karn's algorithm.
TCP.Connected.039 Verify Jacobson's RTO estimation algorithm.
TCP.Connected.041 Should use delayed ACKs.

(3.2) Test TCP.Connected.017 was modified to wait up to 3 seconds to allow stacks that don't use window scaling to complete transmission of the thousands of segments they need to send to finish this test.

(3.3) TCP.Setup.030 has been changed so that stacks that previously passed it WILL NOW FAIL. Stacks that previously failed it WILL NOW PASS. We had always mentioned in the test that RFC 6633 proposed deprecating use of source quench messages, which is directly OPPOSITE to the requirements of RFC 1122. Even though it is still a proposed standard, we have adopted RFC 6633 as a de facto standard since most stacks now follow it.

(3.4) TCP.Connected.040 was treating some packets from the DUT as retransmissions when they were not. This would cause failing grades. The problem has been fixed.

Release 2015a

(1) All the statistics on all the flows may now be obtained using a single command call. An argument was added to the getstats command to provide this capability. The extension is described in the "Maxwell Application Programming Interface Guide" (control_api_guide.pdf). The new command also returns statistic counters associated with the physical interfaces, making them available to remote machines.

(2) The following changes were made to the TCP/IP and TLS tests:

(2.1) The following tests have been added to the TLS test suite to test DUTs for vulnerabilities to the POODLE attack: TLS.ServerH.070 Attempt to negotiate to SSLv3. TLS.ServerH.071 Set CBC pad values to zero. TLS.ServerH.072 Set CBC pad values to one greater than expected. TLS.ClientH.030 Attempt to negotiate to SSLv3. TLS.ClientH.031 Set CBC pad values to zero. TLS.ClientH.032 Set CBC pad values to one greater than expected.

(2.2) The grading for TLS test TLS.ServerH.003 was corrected to properly accept Handshake terminated as a valid result.

(2.3) The "OldId" tag in the XML test description files for TCP/IP and TLS tests have been removed because the deprecation period ended.

Release 2014g

(1) Fixed a problem that was causing the firewall to block access to several important service ports on our Fedora 19 based systems. This included VNC server and TCP/IP test suite servers.

(2) Corrected the grader for the TLS.DataXfer.003 test. It was not catching one of the main PASS responses.

Release 2014f

(1) A count of bytes in and bytes out of each flow has been added to the set of available statistics.

(2) A new command, clearqueue, has been added to the API that removes all packets for a slot that are waiting to be transmitted from that slot's rate limit queue.

(3) Corrected a bug that was preventing the VLAN ID checkmark from being properly restored when a saved scenario file was reloaded.

(4) The TLS sanity tests are now included only in the Calibration and TLS protocol test groups.

Release 2014e

(1) Selections have been added to the GUI Help menu that will display the PDF versions of the documentation. The HTML (web browser) versions are still available for viewing.

(2) The following changes have been made to the TCP/IP Test Suite:

(2.1) The test result and test ID columns in the RFC 1122 test summaries result file were reversed from what actually appeared in the columns. The content of the columns has been been reversed so they now match the order shown in the table header.

(2.2) When neither interface was set to maxtap then both the Data Source and Device Under Test panels were being disabled. The logic has been fixed so if neither is set to maxtap then both panels are enabled and it is up to the user to choose the desired direction for the impairment or testing.

(2.3) Two new Python API functions have been added: FutureExec() and CancelFutureExec() that allow functions or object methods to be executed at future times.

(2.4) Test IPv4.Datagram.039 was not issuing a pass grade even when the DUT properly switched default routers. The test has been re-written in Python, which fixes the problem and also doubles as a source code example of the Python Test API usage.

(2.5) Test TCP.Connected.042 was not using the proper event times when it computed the response time of the DUT ACKs so it would improperly issue failing grades. This test has also been re-written in Python so as to fix the problem and provide a Python test API usage example.

(2.6) Test TCP.Connected.043 was not recognizing some of the ACK segments from the DUT so it would sometimes improperly issue failing grades. This test was also re-written in Python during the fix of the problem.

Release 2014d
(1) The following changes have been made to the TCP/IP Test Suite:

(1.1) Some typographic errors in the reference sections have been corrected.

(1.2) More information has been added to the document that describes how to add your own tests (tcpip_api_guide.pdf). It discusses several template files that have been added that should help get you started more quickly when you want to write custom tests.

(1.3) The algorithm that recomputes the TCP checksum has been modified slightly so that it will recompute the checksum in some cases where it previously would not (such as when the IPv4 header length had a length less than allowed.)

(1.4) Tests IPv4.Datagram.001 through IPv4.Datagram.007 have been converted from C++ to Python.

Release 2014c
(1) The operation of the GUI interface selection tabs has changed! Now when you click on interface tab 0 or 1 in any flow impairment then that interface will remain selected when you click on any other flow impairment. Previously each flow impairment retained its own memory of the last interface selected for that impairment. So if you clicked on delay for flow 0 and clicked on interface 1, then clicked on delay for flow 1 you would likely see it showing delay for interface 0 on flow 1. Clicking back to delay for flow 0 would show delay for interface 1. Many users have stated they prefer interface selection to be globally selected while navigating the flows.

(2) Scenario control buttions have been added to the flow description panels to make these operations more visible to users. These button replicate some of the operations avaiable on the "Edit" menu, but the new buttons are expected to be in more expected location.

(3) The following changes have been made to the TCP/IP plugin:

(3.1) Corrected a bug in the TLS tests that occurs on Maxwell Pro systems running Fedora 16 and 19. Earlier Maxwell Pro systems are not affected. The bug would cause TLS tests to sometimes prematurely exit when the Maxwell side would attempt to sign a certificate. The test would then generate a failing grade.

(3.2) The TCP/IP GUI was unable to load scenarios that reference a traffic source that wasn't available on that machine. The logic was corrected to handle such situations.

(3.3) Added the following source code and example files (with supporting documentation) to the test suite: echoserver.c testdefs_template.xml auto_tcpip_tests_template_example.sce

(3.4) The "Maxwell Automated TCP/IP Tests" (auto_tcpip_tests.pdf) document has been split into two documents: "Maxwell Automated TCP/IP Test Guide" (auto_tcpip_tests_guide.pdf) which contains only usage instructions and guidance, and "Maxwell Automated TCP/IP Tests" (auto_tcpip_tests.pdf) which contains only the detailed descriptions of all the tests.

Release 2014b
(1) Fixed a bug in the ITU G.1050 plugin that would cause it to coredump sometimes when it was being unloaded.

(2) The following changes have been made to the TCP/IP plugin:

(2.1) Fixed a bug in TCP/IP plugin that caused it to fail to recognize and properly load some scenario files.

(2.2) The TLS Server was not properly handling the case where no response file is specified. This would cause some tests to fail.

(2.3) If the entry field for the the DUT's IPv4 Default Router was set and then cleared, the maxtap interface would incorrectly use the router address as its primary address. This has been corrected.

Release 2014a
(1) The following features have been added to the TCP/IP plugin:

(1.1) You can now add your own tests using simple Python scripts. A PDF document describing how to write tests using the new Python API is installed on your machine at: /usr/local/iwl/docs/tcpip_api_guide.pdf The C++ API for writing tests is deprecated.

(1.2) You can now bind to specific UDP and TCP source port when using those traffic sources.

(1.3) Test TCP.Setup.013, which had several setup changes to the DUT that were very difficult to implement, has been removed.

(1.4) Tests TCP.Setup.007 to .012 have been modified to use the new Python programming interface. They now generate pass/fail grades.

Release 2013f
(1) The following changes have been made to the TCP/IP plugin:

(1.1) A bug was fixed in the 2013e release of the TCP/IP plugin that would cause test runs to hang if the optional TLS test traffic sources were not installed.

(1.2) The plugin should now be able to better handle loading of scenario files created on Maxwell Pro systems that use different interface naming conventions. Most users are not affected by this.

Release 2013e
(1) Internal parsing of packets containing MPLS labels has been improved so that control words are properly handled.

(2) The following changes have been made to the TCP/IP plugin:

(2.1) A new traffic source, dhcpc, has been added so that DHCPv4 and DHCPv6 server tests can now be automatically run and graded.

(2.2) A new field has been added to the traffic source configurations that makes it easier to designate an alternate executable for the standard traffic sources. This affects the GUI and the CLI. The return values for the CLI commands getnextsource and starttraffic of the plugin have been changed. Any scripts you developed that call on these changed commands need to be updated. The documentation for the plugin describes the new return values.

(2.3) A bug was fixed that was preventing the PCAP buttons from displaying the wireshark window on those Maxwell platforms that use the interface labeling convention of p1p1/p1p2. The bug did not affect those using eth1/eth2 convention.

(2.4) A bug was fixed that was causing calibration problems if the new "Router IPv4" field was left blank.

Release 2013d
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: The standard packet libraries (libiwl++) have been modified, so any custom plugins that use them will need to be recompiled.

(2) Corrected a bug in the Alter impairment's cut operation.

(3) Corrected a bug in the PluginPacket class that would cause the method ToNextStage() to not always send packets at the requested time.

(4) The following changes have been made to the TCP/IP plugin:

(4.1) An IPv4 router address input field was added to the main GUI to make it possible to test router redirects. This will be used in the future for other host routing tests and DHCPv4 client testing.

(4.2) The maxtap address configuration fields also now appear on the main TCP/IP GUI panel. This was done to insure that these are not overlooked during initial setup.

(4.3) The "Save Results" dialog now supports saving of results in Plain Text (.txt) files, XML files (with HTML rendering via an XSL file), Comma Separated Value (CSV) files, and a CSV subset for only those tests that cover the requirements listed in the Summary tables of RFC 1122 "Requirements for Internet Hosts -- Communication Layers." PCAP files are no longer saved in uuencode format in the results file. Instead the user is given the option to save the PCAP files to the same directory that the result file is saved to. Extracting the desired uusencoded file from the result files proved to be too cumbersome for users. The dialog now alerts you if you try to overwrite an existing file and gives you the option to overwrite or cancel the save.

(4.4) The "File to execute prior to each test" field in the "Edit Traffic Sources" dialog now appears in all traffic sources and is always available. Previously that field was only available in traffic sources that allowed customized payload traffic.

(4.5) The format of the references section of all the tests have been revised to a slightly different format. In addition, all tests that test any of the requirements that appear in RFC 1122 requirement summary tables in sections 2.5, 3.5, 4.1.5, and 4.2.5 now include the section number and text that appears in the table. This should aid cross-checking against these tables for those requirements that Maxwell is capable of verifying.

(4.6) The following existing tests were renamed, putting some of them in another group:
IPv4.ICMP.001 -> IPv4.ICMP.009
IPv4.ICMP.004 -> TCP.Setup.014
IPv4.ICMP.005 -> TCP.Setup.015
IPv4.ICMP.006 -> TCP.Setup.016
IPv4.ICMP.007 -> TCP.Setup.017
IPv4.ICMP.008 -> TCP.Setup.018
IPv4.ICMP.009 -> TCP.Setup.019
IPv4.ICMP.010 -> TCP.Setup.020
IPv4.ICMP.011 -> TCP.Setup.021
IPv4.ICMP.012 -> TCP.Setup.022
IPv4.ICMP.013 -> TCP.Setup.023
IPv4.ICMP.014 -> TCP.Setup.024
IPv4.ICMP.015 -> TCP.Setup.025

IPv4.ICMP.016 -> IPv4.ICMP.004
IPv4.ICMP.017 -> IPv4.ICMP.005
IPv4.ICMP.018 -> IPv4.ICMP.006
IPv4.ICMP.019 -> IPv4.ICMP.007
IPv4.ICMP.020 -> IPv4.ICMP.008

IPv6.ICMP.004 -> TCP.Setup.034
IPv6.ICMP.005 -> TCP.Setup.035
IPv6.ICMP.006 -> TCP.Setup.036
IPv6.ICMP.007 -> TCP.Setup.037
IPv6.ICMP.008 -> TCP.Setup.038
IPv6.ICMP.009 -> TCP.Setup.039
IPv6.ICMP.010 -> TCP.Setup.040
IPv6.ICMP.012 -> TCP.Setup.041
IPv6.ICMP.013 -> TCP.Setup.042
IPv6.ICMP.014 -> TCP.Setup.043
IPv6.ICMP.015 -> TCP.Setup.044

IPv6.ICMP.011 -> IPv6.ICMP.004
IPv6.ICMP.016 -> IPv6.ICMP.005
IPv6.ICMP.017 -> IPv6.ICMP.006
IPv6.ICMP.018 -> IPv6.ICMP.007
IPv6.ICMP.019 -> IPv6.ICMP.008
IPv6.ICMP.020 -> IPv6.ICMP.009

(4.7) The TCP and UDP traffic sources for tests IPv6.Datagram.012 and IPv6.Datagram.013 were removed and those traffic sources were placed into the following four new tests (although nothing new is being tested, this is just a re-categorization):


(4.8) The following tests have been modified, grading updated, or a bug corrected:





(4.9) New tests have also been added to the TCP/IP plugin test suite. These new tests verify conformance of a TCP stack against some of the requirements tabulated in the RFC 1122 summary tables that were not previously verified. These new tests are:
IPv4.Datagram.027       Silently discard Version != 4
IPv4.Datagram.028       Verify IP checksum, silently discard bad dgram
IPv4.Datagram.029       Verify IP checksum, silently discard bad dgram
IPv4.Datagram.030       Verify IP checksum, silently discard bad dgram
IPv4.Datagram.031       Verify IP checksum, silently discard bad dgram
IPv4.Datagram.032       Verify IP checksum, silently discard bad dgram
IPv4.Datagram.033       Send packet with TTL of 0
IPv4.Datagram.034       Discard Echo Request to multicast address
IPv4.Datagram.035       Ping gateways continuously
IPv4.Datagram.036       Ping only when traffic being sent
IPv4.Datagram.037       Silently discard link-layer-only b'cast dg's
IPv4.Datagram.038       Reply with same addr as spec-dest addr
IPv4.Datagram.039      Treat Host and Net Redirect the same

IPv4.Fragment.026       Send ICMP Time Exceeded on reassembly timeout
IPv4.Fragment.027       Non-initial fragment
IPv4.Fragment.028       Local fragmentation of outgoing packets
IPv4.Fragment.029       Send max 576 to off-net destination

IPv4.Framing.005         Receive RFC-1042 encapsulation

IPv4.ICMP.001             Use specific-dest addr as Echo Reply src
IPv4.ICMP.010             Link-layer b'cast
IPv4.ICMP.011             Interpret Dest Unreach as only hint
IPv4.ICMP.012             Discard illegal Redirect
IPv4.ICM.013               Reflect Record Route, Time Stamp options

IPv4.Options.019         IP layer silently ignore unknown options

UDP.Other.001           UDP send Port Unreachable
UDP.Other.002           UDP send Port Unreachable

TCP.Setup.026           Passive Open call interfere with others,
TCP.Setup.027           Jacobson Slow Start algorithm
TCP.Setup.028           SYN RTO calc same as data
TCP.Setup.029           Recommended initial values and bounds
TCP.Setup.030           Source Quench => slow start
TCP.Setup.033           SYN-RCVD remembers last state
TCP.Setup.045           TCP handling of ICMPv6.
TCP.Setup.046           TCP handling of ICMPv6.

TCP.Options.059         Send MSS option unless 536
TCP.Options.060         Send-MSS default is 536,
TCP.Options.061         Build return route from src rt
TCP.Options.062         Later src route overrides
TCP.Options.063         Ignore options TCP doesn't understand

TCP.Connected.034    Robust against shrinking window
TCP.Connected.035    Sender probe zero window
TCP.Connected.036    First probe after RTO, Exponential backoff
TCP.Connected.037    Jacobson Congestion-Avoidance algorithm
TCP.Connected.038    Karn's algorithm
TCP.Connected.039    Jacobson's RTO estimation alg.
TCP.Connected.040    Exponential backoff
TCP.Connected.041    Delayed ACK's
TCP.Connected.042    Delay < 0.5 seconds
TCP.Connected.043    Every 2nd full-sized segment ACK'd

TCP.Close.004            RST can contain data

Release 2013c
(1) The following changes have been made to the TCP/IP plugin:

(1.1) The term "echo client" has been replaced in many cases with the term "traffic source" since it is more descriptive.

(1.2) The "Maxwell Automated TCP/IP Tests" guide has been updated and additional information added.

(1.3) The /usr/local/iwl/src/ script has been updated so it is capable of running all the TCP/IP tests from a remote machine (no GUI control needed.) Previously it only demonstrated stepping through a series of impairments.

(1.4) A bug appears to exist on some Linux stacks that causes incorrect computation of the checksum field of ICMPv6 messages whenever a destination options header is appended. In most cases the plugin correctly recomputes the checksum before forwarding it to the DUT, so it is generally not a concern. However, when the message is fragmented we do not recompute the checksum, so icmpb.v6 pings would fail on these machines (Maxwells running Fedora 16.) We have partially resolved this problem by not appending our bogus destination options header on icmpb.v6 message.

(1.5) An initialization race condition was occuring when the plugin is first loaded that would cause the stdiserver to sometimes core dump when loading a TCP/IP test scenario. This has been corrected.

Release 2013b
(1) When the MTU for a Maxwell physical interface is set between 1500 and 1503, Maxwell will now round this up to 1504. This is to insure forwarding of packets coming from systems that incorrectly forget to reduce their MTU when they are addng VLAN tags. While such systems are operating incorrectly, Maxwell's "bump on a wire" operation should still forward these. Previously Maxwell would discard such packets. All other MTU changes will be honored as originally requested.

(2) The following important changes have been made to the TCP/IP plugin:

(2.1) TCP/IP plugin test names have been changed to a more human-readable convention. Instead of having test IDs like "050.009.002" it now uses the protocol and group names, so the same test will now be named "IPv4.Datagram.001". The old ID is displayed in the summary line in the details panel when the test is selected on the GUI. The old ID is also in a field in the XML testdefs files, which are located in the /usr/local/lib/iwl/autotcpip_xml/ directory.

(2.2) The TCP/IP plugin "Save Results" operation has been rewritten. Output filtering options have been added. An XML output format and an XSLT template have been provided to allow rendering the results in most modern web browsers.

(2.3) The TCP/IP plugin fields that controlled whether PCAP files should be saved in /tmp, the number of runs in "Run All" requests, and other such fields have been moved to a new "Configure Testing Options" dialog window. That new window is displayed by clicking on the "Configure Testing Options" button.

(2.4) Tests TCP.Checksum.003, .004, and .005 (090.014.004, .005, and .006) were incorrectly grading these tests whenever the server was able to close the connection prior to the client closing it. This has been corrected.

Release 2013a
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: The standard packet libraries (libiwl++) have been modified, so any custom plugins that use them will need to be recompiled.

(2) New methods have been added to the C++ protocol packet classes, providing easier ways to clone and modify incoming packets.

(3) The TCP/IP plugin has been extensively changed so that test definitions and traffic sources are now described in XML files. This was done to make it much easier for you to add your own tests without writing any new code at all. When a test does require some C++ coding, the plugin has been modularized into a core library that you link your own library to by defining either an impairment or grader object (or both) - thus removing the need for you to first study and understand all the source code of the automated TCP/IP plugin. The source code for the plugin core is no longer supplied in any case since it no longer contains any user-adjustable aspects.

(4) The following TCP/IP tests were modified; some were previously disabled but can now be enabled in your saved scenarios (uncheck "Exclude this Test from "Run All" Requests".) Or you can load the shipped scenario which has also been modified:
050.010.023 to 050.010.026 now allow Parameter Problem as a valid response.
050.013.003 had its expectation description slightly changed.
050.013.005 to 050.013.016 were rewritten to use an ICMP response to a TCP connection to grade the stack's response. Previously these tests were skipped, but should now get graded if there is a valid TCP traffic source available.

(5) The IPv6 tests in the TCP/IP test suite would impair neighbor discovery messages sent to the DUT even on tests where this should not have been done. This has been corrected so neighbor discovery messages are allowed through unimpaired.

Release 2012d
(1) The names of the TCP/IP plugin traffic sources now correspond directly to the name of the program that gets launched. This allows users to substitute local versions with completely new programs, rather than having to rely on the preset payloads stored in files.

(2) A bug in the GUI launch code was causing the stdiserver to fail to start when the diagnostic file was being renamed, and the target name already existed but was owned by another user.

(3) The source code for the sample TCP and UDP servers now includes code for ignoring SIGPIPE to avoid termination on write failures.

Release 2012c
(1) The "cut" alter impairment was causing the impairment engine to segment fault on the newer 64-bit Maxwell systems. This has been corrected.

(2) The makefiles for the sample plugins were missing the paths to the correct library and header directories, causing plugin builds to fail.

(3) The control files for the plugin have been reduced in size by converting them from their original ITU text format to a native binary formart. As a result, the "gx" RPM that held them has shrunk from over 200MB to just under 4MB. This should save considerable time when users need to download software upgrades.

Release 2012b
(1) The ITU-T G.1050 test environment has been extended to include the test cases of Edition 3 (03/2011). The plugin was added along supporting scenario and documentation. The older Edition 2 (11/2007) is still included.

(2) A field has been added to the Edit Preferences dialog that allows you to remove the 5 second limit on packet delay impairments in the GUI. (The CLI never had that limitation.) However, when the 5 second limit is removed, the slider control for that field is no longer available because its granularity is too large to be of any use.

(3) A checkmark field was added to the GUI for the Automated TCP/IP Test Suite GUI plugin that, when checked, automatically saves test PCAP files to the /tmp directory. Previously the GUI only allowed saving the packet captures to files by calling up Wireshark.

(4) The format of the TCP/IP test report has been modified. It now contains details on the test environment, such as the traffic sources used, option settings, and DUT address information. Multi-line text can now be unambiguously parsed because a "+" is used at a fixed column location to indicate line continuation.

(5) A bug was fixed that was causing the impairment engine to crash when duplication impairments were enabled at the same time as Alter impairments.

Release 2012a
(1) The Automated TCP/IP Test Suite plugin has had the following changes:

(1.1) A set of tests for TLS 1.2 have been implemented. The tests are only available as a extension option; they are not included in the standard set. Both client and server side are tested for robustness and conformance.

(1.2) The parameter problem types that were expected for several of the IPv6 hop-by-hop tests were corrected.

(1.3) The "Ambiguous" result type has been changed to "Ungraded" since that word is a more accurate description of those results.

(1.4) When a test contains any mix of results of pass, ungraded, or skipped, then the summary result for the whole series of traffic sources for that test is now set to "mixed". Previously the result from the last traffic sources was placed in the summary. If there are one or more fail results, then the summary is always fail even if there are pass results.

(2) A bug in the InsertStatEntry() API call was fixed that prevented additional stat entries from being created by custom plugins.

Release 2011i
(1) A setlogfile command was added to the Remote API to allow the fate log to be closed and reopened under different paths without having to perform a restart of the stdiserver server process. The supporting documentation and support libraries were updated to reflect the new command.

(2) The enabled flag of several of the object classes in the Python support library were not being set to True when initialized from the impairment server. This has been corrected. Additionally, some Posix-specific calls were placed into conditionals so that would operate properly on non-Posix systems.

Release 2011h
(1) Sometimes when the GUI (or CLI) has to start the stdiserver process, it would not wait long enough for the latter process to finish initializing, so would issue an error complaining that it could not connect. This problem has been fixed.

Release 2011g
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: The standard packet libraries (libiwl++) have been modified, so any custom plugins that use them will need to be recompiled.

(2) The Alter impairment was not handling IPv6 extension headers correctly, causing the impairment process to become unstable and sometimes crash. This has been corrected.

(3) The TCP Setup tests were not properly handling datagrams shorter than the minimum data size allowed for Ethernet frames. This has been corrected.

(4) DHCP impairments in the Automated TCP/IP test suite were corrected so that client and server impairments were applied to the correct set of packets. Previously the server impairments were being applied to both traffic classes.

(5) The Automated TCP/IP tests now properly clean up temporary files in the /tmp directory. The wireshark user prompt that would appear when trying to view a test's packet capture has been suppressed, making display quicker.

(6) The API command to restart the impairment server process would sometimes cause it to segment fault. This has been corrected entirely on the latest 64 bit binary machines and reduced in severity on machines running older versions of Linux.

Release 2011f
(1) Some of the Automated TCP/IP IPv6 tests had bugs that would cause all tests subequent to them to fail to give correct results. These errors have been located and corrected.

(2) The pass/fail evaluation mechanism for the Automated TCP/IP tests has been made more flexible so that it can provide more accurate results.

(3) When the class names UdpDatagramBase and TcpSegmentBase were deprecated in Release 2011b, the operation of triggers and some UDP and TCP flow matching were inadvertently broken. This release corrects that.

(4) There was a bug in the handling of vlan tagged frames that would cause problems in parsing of the remainder of the packet, so that flow matching would fail and sometimes cause processing threads to hang or halt.

Release 2011e
(1) Changes were made to support an optional set of tests for the TLS 1.2 protocol.

(2) Automated TCP/IP tests 060.013.004 to 060.013.010 have been removed because they test a nonexisting field. They will be replaced with a different set of tests in the next release.

Release 2011d
(1) A "-r"/"--run" option has been added to the and programs to allow them to be started with time varying impairments running on any scenarios that have also been specified and loaded via the command line options. (2) A bug was fixed in the TCP Setup category of the Automated TCP/IP tests that was causing trailing Ethernet frame padding to appear as payload data of short TCP/IPv4 packets. Release 2011c
(1) A bug in the IPv6 fragmentation code of the Automated TCP/IP Test Suite plugin was causing short IPv6 datagrams to have their "next header" fields incorrectly set to the fragment extension offset, thereby causing packets such as TCP SYN segments and ICMPv6 neighbor discovery datagrams to become corrupted.

(2) An additional statistics field, "Rate Limit Queue Usage," has been added to the set of statistics gathered. It contains the fraction, in percent, of the rate limiter bit serialization queue that is oocupied at the instant the statistic query is being made.

Release 2011b
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: The standard packet libraries (libiwl++) have been modified, so any custom plugins that use them will need to be recompiled.

(2) A packet resequencing plugin has been added, along with an example scenario "Packet Resequencing - User control" [resequence.sce].

(3) A scenario titled "Radio Communication Handoff" [radio_handoff.sce] has been added that emulates a moving mobile radio device using IP or Ethernet-like protocols.

(4) Five example scenarios, titled "ICMPv4 payload cut short", "ICMPv4 payload extended by 3", "TCP RST on SYN segment", "TCP Sequence one too large on SYN segment", and "Insert new Ethernet frame after ARP requests" have been added. These all attempt to demonstrate how the Alter impairment can be used.

(5) The documentation has been updated to include discussions of the new features such as the Alter impairment and changes that were made in the Automated TCP/IP plugin.

(6) A bug was fixed for a problem that would cause the GUI to behave incorrectly for multi-flow scenarios that used plugins.

(7) The Alter protocol names may now be mixed case. In addition the protocol name UdpDatagramBase has been renamed UdpDatagram and TcpSegmentBase has been renamed TcpSegment.

(8) A Tcl API has been added; more details may be found in the documentation.

(9) A bug in the Alter command was causing operations on protocol name Ethernet to be ignored. This was fixed.

Release 2011a
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: Headers and library entry points have changed, so your custom plugins MUST be recompiled.

(2) The Automated TCP/IP Test Suite plugin has had the following changes:

(2.1) You have many more options available to configure the echo clients. You can now specify the payloads and expected responses, of TCP and UDP packets. This allows you to utilize existing applications on your test devices rather than having to port or otherwise rely on echo server applications.

(2.2) Two new traffic sources, TCP Server and UDP Server, have been added. These allow you to use applications on your test device to initiate connections and tests for TCP and UDP protocols.

(2.3) The arguments for the "starttraffic" command for the plugin have been modified and extended (old scripts will have to be modified.) It now supports setting of many more traffic source parameters.

(2.4) The ID strings for the existing traffic sources has been slighty changed (the ".p" suffix has been dropped.)

(2.5) Eleven new TCP segmentation tests have been added to the TCP Connected group of tests. These tests validate that a TCP implementation properly handles TCP segments whose data overlap or that arrive out of order. Ten of these tests, 090.011.026 to 090.011.035, are designed to provide pass/fail capabilities when run in automated mode. Test 090.011.900 provides you a way to set any amount of overlap and subsegment size.

(2.6) There was a bug in the handling of test activation of external user supplied traffic. The first test activated after any new test group was selected was activating the last selected test.

(2.7) Double-clicking on an impairment while another impairment is already running when in "external user supplied traffic" mode will now stop the running impairment and start the double-clicked impairment. Previously double-click was inoperative when an impairment was running.

(2.8) The GPRS Tunneling Protocol (GTP) version 1 was added to the list of protocols that Maxwell understands. It will now know how to apply impairments to the tunneled TCP header.

(3) A new standard impairment, Alter, has been added. This allows you to insert, modify, or delete octet sequences at locations inside packets that you specify. Additional operations such as addition, bit-wise "and," "or," "xor," and checksum recomputations are also supported.

(4) Flow match selectors are now capable of handling tunneling so that they will automatically apply any TCP or UDP criteria to those protocols even if they are riding on top of, for example, IPv6 over IPv4.

(5) Added a GUI menu entry that may be used to check for software updates to Maxwell from the IWL online repositories.

(6) The return value for GetSettingsPointer(LUS_Context_t) has changed from StdImpairmentSettings_t to ModelSettings_t.

(7) The structure StdImpairmentSettings_t has been removed and its contents integrated into the ModelSettings_t structure, which has also been modified.

(8) A bug was fixed in the fragmentation tests of the older non-automated TCP/IP Test Suite plugin that was causing a segmentation fault in the impairment server process.

(9) The Flow Selector Match Expression selection criteria was not properly applying the Offset Amount when the Offset began at the TCP/UDP payload.

(10) Several changes have been made to the engine to make it run much faster (particularly on our multi-core platforms.) The changes have also made delay impairments more accurate and consistent.

(11) A new GUI flag (-L | --bypasslock) was added to allow multiple GUI controls to be active to allow control of multiple stdiserver instances. This is intended only to allow control of more than two Ethernet data interfaces (i.e. two or more independent bridges when additional Ethernet interfaces are added.)

(12) The G.1050 plugin also now updates jitter, reorder, rate limit drop, and couple drop statistic fields.

Release 5.5.1
(1) Added LogMessage callback function to the plugin API so that plugin authors can append fate log entries to the log file.

(2) Corrected the G.1050 plugin so that it properly updates the standard impairment statistics fields and makes entries into the fate log.

(3) Corrected a makefile not covered by item (10) in the notes for Release 5.5.0.

(4) Added option to the GUI system screen to bypass the lock check that permits only one stdiserver process at a time. Previously the bypass was only available to shell launched stdiserver processes. Does require the user to use multiple GUI processes to manage the multiple stdiserver processes. This option is really only useful when a machine has more than two data interfaces.

Release 5.5.0
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: Headers and library entry points have changed, so your custom plugins will need to be recompiled.

(2) The GUI interface tabs have been changed so that they now show the interface name and whether there is a physical connection to the interface, and if so, the negotiated speed and duplex.

(3) Deterministic triggering of impairments has been added to the flow selection capability. This capability allows impairments to begin a user specified number of packets after a matching packet (called the trigger packet) is detected (which differs from impairing all matching packets.) The impairments may also be ended after a fixed number of impaired packets have been processed. The triggering may be set to repeat any number of times. An option allows multiple TCP and UDP subflows to be independently impaired in the same manner (e.g. drop packets 3,4, 7,8, 11,12, and so on in all matching TCP connections.) The System and Remote API documents contain details on usage and operation of the new triggering capability.

(4) Bit corruption impairment has been added to the set of standard impairments. Unlike many other systems, bit corruption is specified as a probability of occurence for any one bit (i.e. bit error rate.) So any given packet may have more than one bit error. Most other systems operate only at the packet level and can corrupt only one bit per packet. The System and Remote API documents contain details on usage and operation of the new bit corruption capability.

(5) The Remote API has been extended in several ways (full details are in the documentation):

(5.1) A new command, 'getifinfo', has been added that returns the speed, duplex, and link state of the requested interface number.

(5.2) The 'setmatch', 'getmatch', and 'getstats' commands have been augmented with a 'trigger' option to support control and monitoring of the delayed triggering of impairments.

(5.3) The 'setimpair' and 'getimpair' commands have been augmented with a 'corrupt' option to support control and monitoring of the bit corruption impairments.

(6) The Automated TCP/IP Impairment Tests GUI panel no longer automatically clears the results of the last test runs when either a single test is double-clicked to re-run it, or when a subset is selected using Ctrl-left-clicks and "Run Selected" is clicked. You must now use the "Clear Results" button to clear all previous test run results. However, "Run All in the Group" and "Run All" still clear all results automatically prior to their runs.

(7) The format of the success and failure messages for the TCP/IP Impairment plugin has been modified so the meanings are clearer.

(8) The descriptive text and images for some of the factory installed scenarios has been edited, however they still operate as before.

(9) The format of Packet Fate Logging has been changed; please see the System guide for details on the new syntax and features.

(10) The makefiles for example plugins were missing a make dependency command and a directory from the INCDIRS path. As a result the example makefiles had to be edited by the users before they would build properly. They have been corrected so users do not need to make these edits.

Release 5.4.0
(1) An extra statistics count field has been added to the impairment engine that contains the running total of those packets dropped by just the rate limiting algorithm.

(2) The plugin API and Remote API have been extended so that additional statistics count fields may be created by plugins for the purpose of displaying real time totals of plugin-specific counters. The changes maintain backward compatability with older Remote API applications and the GUI has been enhanced to automatically display plugin counters, if any.

(3) Thirtysix new tests have been added to the automated TCP/IP test set, covering such areas as truncated packets (i.e. a next header or payload is indicated as following but does not,) invalid IPv4 source and destination addresses, and some variants on the famous "ping of death" fragmentation issue (where a reconstructed fragmented packet's data can exceed the largest allowed datagram length.) The new tests are:
050.009.002 to .027       Various IPv4 datagram field impairments.
050.010.023 to .026       IPv4 "ping of death" fragmentation impairments.
060.011.064 to .065       IPv6 datagram truncation impairments.
060.013.029 to .031       IPv6 "ping of death" fragmentation impairments.
080.012.005                  UDP header truncation impairment.

Release 5.3.0
(1) A preferences dialog has been added to the GUI to allow easy changing of the following aspects:

(1.1) time units for time input fields (seconds or milliseconds),

(1.2) host and port connection information,

(1.3) default starting scenario and plugin directories,

(1.4) time varying field and statistics display update frequencies,

(1.5) and font sizes.

(2) Several other improvements were made to the look and feel of the GUI:

(2.1) All primary subpanels now display scroll bars when resizing might otherwise have caused their contents to be clipped.

(2.2) The ability to delete scenario files was added to the GUI so there is no need to use shell commands to remove them.

(2.3) The GUI scenarios selection window now automatically updates when scenarios are added, updated, or deleted. (No more Refresh button.)

(3) The impairment engine now allows a minimum MTU of 1400. Smaller values are not yet supported due to the discovery of a serious bug in the Linux tunneling device driver.

(4) If the control interface eth0 is never initialized via DHCP or via manual address assignment, the impairment system was incorrectly assuming it was available for use as a data port and assigning it as one. This has been corrected.

(5) Documentation has been expanded on the GUI operation of the packet fate log and packet capture log of the TCP/IP plugin.

(6) Added a noisy factory floor scenario.

(7) Added 15 network storage emulation scenarios that we consider the most representative access rate and severity level permutations from the ITU-T G.1050 tables.

Release 5.2.1
(1) The program is now better able to handle capture files that contain unusual TCP segment sequences. The documentation of the program has been expanded.

(2) Corrected the source code for the example UDP echo server (udpechoserver.c) so that remote address length is always properly initialized.

Release 5.2.0
(1) IMPORTANT NOTE TO PLUGIN PROGRAMMERS: Headers and library entry points have changed, so custom plugins will need to be recompiled from scratch.

(2) Added 30 checksum tests for ICMPv4, ICMPv6, TCPv4, TCPv6, UDPv4 and UDPv6. Also added 3 UDP length field tests.

(3) Previously, the TCP tests in the automated plugin were only applied on TCP/IPv4 connections. The tests have been generalized and are now also applied to TCP/IPv6 connections.

(4) Several changes were made to both the classes declared in the iwl_packet_lib.h and iwl_std_pkts.h headers. These include the ComputeCheckSum methods (moved up to the corresponding base classes) and addition and changes to the mechanisms that higher layer protocols can quickly locate the enclosing IPv4/v6 datagrams (mostly for checksum computations).

(5) The echoclient.cpp has been changed so that it ignores the first two bytes when comparing sent data with received data. This was done to allow the newly added checksum tests an opportunity to modify packets so that checksums would work out to the correct values.

Release 5.1.2
(1) Setting the maximum number of runs to zero was not properly setting the number of runs to infinite - logic corrected.

(2) When the GUI starts or restart the stdiserver process, it will now first check to see if the /tmp/stdiserver_log.txt file (if any) is larger than 100k characters. If it is, it moves that file out of the way by renaming it to /tmp/stdiserver_log.txt.1 , thus limiting the length.

(3) The tcpdump captures launched by the GUI during test runs were adding a great deal of useless output to the /tmp/stdiserver_log.txt file. This output has been silenced.

(4) Forced restart of the stdiserver from the GUI (and possibly some other restart sequences) would fail to update the maxtap static routes to the DUT. This has been corrected.

(5) If stdiserver was terminated at the right moment, then tcpdump processes that the automated TCP/IP plugin has launched would become orphaned. The orphaned processes would hold open the TCP/IP remote API port, denying another stdiserver process to start. Corrective code was added to prevent this problem.

(6) Corrected problem wherein when switching to external impairments, in many cases it was not possible enable any impairments.

(7) Corrected problem where the automated TCP/IP impairment plugin would ignore standard impairment delay and jitter when running external impairment traffic. Only when automated traffic is being used will the delay and jitter settings be ignored. (This is because automated tests are timed and variable delays can lead to false failure results.)

(8) An hour:minute:second timestamp is now prefixed to the automated results text lines. These will appear in saved results files.

(9) Fixed a bug that caused automated TCP/IP tests to hang if the /tmp directory had the "t" mode (sticky bit) set.

(10) Added a "Skipped" count to the automated TCP/IP test GUI.

Release 5.1.1
(1) The TCP/IP test output analyzer program,, was added to the /usr/local/bin directory. Documentation is in the /usr/local/iwl/docs/tcp_output_analyzer.pdf file. The program analyzes tcpdump text files or pcap files and alerts you to problems in the captured TCP streams.

(2) The meaning of the error limit count in the automated TCP/IP plugin panel was changed so that it terminates a run immediately when the error count reaches the limit, rather then terminating at the end of a run.

(3) Some of the IPv6 datagram tests cause a DUT to issue responses that can cause the DUT's entry in Maxwell's neighbor table to become invalid, causing subsequent tests to return erroneous results. To avoid that problem the nud (Neighbour Unreachability Detection) state is set to "permanent" for the DUT's entry in the neighbor table at the beginning of each run and returned to a "reachable" nud state when a run ends or is stopped.

Release 5.1.0
(1) The GUI layout has been extensively revised to provide users finer control over testing, a more natural sequence of steps, and to support repeated test runs. The fine tuning parameters of tests are now automatically saved in the scenario files. (2) A new plugin function has been added that allows plugins to get the names of the selected data interfaces. (3) Support for ambiguous results has been added to the automated tests. (4) The following dependencies were added to the RPM files to insure that users of older Maxwell systems would be able to upgrade with few or no error messages complaining about missing packages or run-time errors caused by incorrect package versions: wxPython >= 2.8 pcapy libpcap sharutils

Release 5.0.0
(1) A new Automated TCP/IP testing plugin has been written that is intended to replace the older non-automated TCP/IP testing plugin. The new plugin automatically generates test traffic and performs basic analysis that yields quick pass/fail type results. Corresponding scenarios have been written. The new plugin also allows entry and saving of DUT addresses and echo ports

(2) Scenarios are now saved so that GUI plugin settings are also included. So their values are preserved when the scenario is reloaded. This includes time varying equations as well as plugin-specific attributes.

(3) The old non-automated TCP/IP test plugin is now deprecated and will be removed in future releases. Users should begin using the newer plugin.

(4) IP addresses and netmasks for the Maxtap device can now be set using the GUI. There is no longer a need to configure it from a shell. Plus, the interface device selection radio box has been moved from the System dialog panel to the Scenario dialog panel to allow saving the maxtap settings to scenario files.

(5) The impairment engine, stdiserver, has had several major changes:

(a) Two new startup flags, --bpf0 and --bpf1, allow users to employ Berkeley Packet Filters on the Ethernet interfaces. These filters can be used to reduce load on Maxwell by dropping uninteresting traffic early.

(b) The code allowing control via the shared memory/message queue mechanism has been removed (long deprecated). All control must now be done via the Remote API.

(c) The alternate rendezvous, ring slot, and slot size startup flags have been removed as they are no longer relevant.

(d) A new optional plugin entry point function, lus_stdi_update(), has been added. It provides a way for a plugin to get immediate notification of setplugin commands (for validation and other purposes.) It also now provides a way for plugins to send arbitrary string data to and from Remote API clients.

(e) There were 21 informational function entry points (all related to describing GUI controls) that have been marked deprecated. They are now all optional. A new callback, SetLusGuiInfo(), has been added to replace the need for a plugin to define so many entry points.

(f) The Remote API syntax has been modified so that arbitrary strings can be sent and received from the stdiserver process. This was mostly in support of the lus_stdi_update() plugin function.

(g) The responses of the Remote API commands has been slightly modified so that syntax "markers" (e.g. "IPv4", "End", "Src", etc.) are sent entirely in lower case rather than mixed case (e.g. "ipv4", "end", "src", etc.) Scripts that relied on exact matches on the mixed case should be changed.

(h) The Remote API setplugin command has been extended to support arbitrary argument strings and responses.

(6) Sample source code for TCP and UDP echo servers has been provided to aid users in writing such echo servers on their DUTs. (Echo servers are used by the new Automated TCP/IP testing plugin.)

Release 4.1.1
(1) Corrected a bug in the new GUI that caused time values in the bitwise distribution fields to be sent to the impairment engine a factor 1000 times too small.

(2) Changed the default font size of to smaller value but added two environment variables that may be used by the user to modify the size. The new environment variables are described in Reference section of the System Guide.

Release 4.1.0
(1) A new plugin, the plugin, has been added to the full- featured version of Maxwell. It is designed to perform the test cases set forth in the ITU-T G.1050 recommendation.

(2) The impairment parameter GUI sliders were rotated from a vertical orientation to a horizontal orientation. This provided a larger range of movement.

(3) The maximum allowed delay and jitter time parameters in the GUI were reduced to more reasonable values to allow finer control using sliders and to avoid excessive queueing inside the server due to unreasonably large delays.

(4) Fixed bug in DHCP tests 050.014.20 - 25 and 050.015.20 - 25 that caused the user specified changes to be applied incorrectly.

(5) Rearranged the contents of the RPMs so that scenarios and documentation for the SIP, TCP/IP, and G.1050 plugins are in their correct RPMs.

Release 4.0.0
Since this is a major release, the release notes have been reset. The major changes from previous releases include, but are not limited to, the following:

(1) The maxwelld,, and runiptests have been removed from the installation. You should use stdiserver,, and the setplugin commands respectively in place of those commands. The GUI is being retained for one more release cycle but is deprecated and you are urged to begin using the new GUI.

(2) The documentation has been heavily revised and now references the new GUI program ( and Remote API for programmatic control. The documentation now directs you to use the shell commands that correspond to the Remote API commands rather than runiptests or

(3) Maxwell now runs on 64-bit hardware.

(4) The new GUI incorporates a scenario-based mechanism and many pre-defined scenarios have been included. The new GUI will automatically start the stdiserver and automatically load plugins as needed when scenarios are loaded or created. In effect, the new GUI removes the need to use a command line shell for ad hoc testing. Likewise, the "automation" mechanism of the older GUIs has been generalized and greatly expanded.