Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:dpi:changelog:versions:ver_14 [2026/06/11 08:39] – elena.krasnobryzh | en:dpi:changelog:versions:ver_14 [2026/06/15 15:24] (current) – [Changes in Version 14.2.1] elena.krasnobryzh | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| =====Changes in Version 14.2.1===== | =====Changes in Version 14.2.1===== | ||
| + | |||
| + | <note important> | ||
| + | |||
| ===DPI=== | ===DPI=== | ||
| - Improved RFC standards compliance for redirects in Service 16 (HTTP redirect and IP address whitelist with TCP session termination on SSG): the ISN in SYN+ACK is replaced with an unpredictable value, and the session is terminated using the full TCP termination sequence | - Improved RFC standards compliance for redirects in Service 16 (HTTP redirect and IP address whitelist with TCP session termination on SSG): the ISN in SYN+ACK is replaced with an unpredictable value, and the session is terminated using the full TCP termination sequence | ||
| Line 11: | Line 14: | ||
| * '' | * '' | ||
| + | ===Utilities=== | ||
| + | - Added the '' | ||
| + | =====Changes in Version 14.2===== | ||
| + | ===DPI=== | ||
| + | - [DPDK] Migrated to DPDK version 25.11. [[en: | ||
| + | - [DPDK] Increased the maximum memory size to 256 GB. | ||
| + | - [DPDK] Note: the distribution package includes the fastdpi_dpdk2411 build based on DPDK 24.11 to support certain older Mellanox models. If this affects your deployment, please plan a network adapter upgrade, as support for these models has likely been discontinued in the current and future DPDK versions. | ||
| + | - [DPDK] New '' | ||
| + | - [DPDK] Added the new '' | ||
| + | - [BALANCER] Added support for using vlan rule to filter packets. [[en: | ||
| + | - [DNS] Fixed an issue with Service 19 processing IPv6 traffic and added the dic2dns utility. [[en: | ||
| + | - Added GRE ERSPAN tunnel parsing support for '' | ||
| + | - The " | ||
| + | - Added MARK2 flag verification to override the protocol with QUIC_UNKNOWN_MARKED while the QUIC protocol is still in the SNI detection stage. [[en: | ||
| + | - Added validated FakeTLS protocol detection. | ||
| + | - Fixed switching from QUIC_UNKNOWN to QUIC after successful SNI parsing. | ||
| + | - [LLDP] Added LLDP support. [[en: | ||
| + | - Added viber_cl detection by container. | ||
| + | - Fixed overriding of cloud protocols by some built-in protocols. | ||
| + | - Fixed protocol assignment by address when SNI is already present in the first packet to preserve IP/SNI priority. | ||
| + | - Fixed DSCP detection from the first packet for cloud protocols identified by address. | ||
| + | - Changed: FakeSNI checks are skipped if the protocol has already been identified by IP and mark1 is absent. | ||
| + | - Changed: after IPSNI verification, | ||
| + | - Changed: reduced the inspection depth for CNAME/SNI decoding attempts. | ||
| + | - Resolved TX port selection issues in multi-path configurations: | ||
| + | - [RATING GROUP] Added Service 20: policing by rating groups (RG) and traffic volume quota control.\\ Creating a Service 20 profile: | ||
| + | - Enable RG support in fastdpi.conf\\ '' | ||
| + | - Prepare a text file defining TBF policing, quotas, and actions to take when the quota is reached for each rating group, for example:< | ||
| + | rg5 tbf rate 8Mbit burst 1Mbit inbound.rate 8Mbit inbound.burst 1Mbit quota 1GB block</ | ||
| + | - Convert the text file to binary format:< | ||
| + | - Copy the resulting binary file to the directory from which DPI will read it:< | ||
| + | - Create the service profile:< | ||
| + | - [RATING GROUP][TETHERING] Added support for assigning a rating group and controlling tethering through Service 18. The profile configuration now includes the following optional fields:\\ '' | ||
| + | * teth0 — no tethering control (default) | ||
| + | * teth1 — tethering control enabled: tethering detected | ||
| + | * teth2 — tethering control enabled: tethering not detected\\ \\ '' | ||
| + | * rg0 — default (RG not assigned) | ||
| + | * rg1 — assign rg=1\\ .. | ||
| + | * rg65535 — assign rg=65535\\ \\ **Example of configuring Service 18:** | ||
| + | - Prepare a text configuration file example.txt:< | ||
| + | https cs0 teth1 rg1 | ||
| + | http cs0 teth2 rg2 | ||
| + | https cs0 teth2 rg2 | ||
| + | |||
| + | dns cs1 teth1 rg1 | ||
| + | dns cs1 teth2 rg2 | ||
| + | |||
| + | default cs7 teth0 rg3</ | ||
| + | - Convert it to the internal format:< | ||
| + | - Optionally verify it by converting it back:< | ||
| + | - Create a Service 18 profile and assign it to a subscriber (or assign an unnamed profile directly):< | ||
| + | fdpi_ctrl load --service 18 --profile.name test_dscp --login test_subs</ | ||
| + | |||
| + | ===BRAS=== | ||
| + | - [DHCP-Dual] Added support for '' | ||
| + | - [Router] Changed how the Linux route table is read during router startup. [[en: | ||
| + | - [DHCP6-Proxy] Added DHCPv6 Option 79 (Client-LinkLayer-Address), | ||
| + | - [DHCP-Dual] Fixed incorrect generation of IPv6 PD prefixes for addresses from Framed-IPv6-Pool. | ||
| + | - [DHCP-Dual] Fixed a crash when enabling MAC-based tracing using '' | ||
| + | - [DHCP-Dual] Fixed an issue where requesting a DHCPv6 address followed by a DHCPv4 address resulted in redundant authorization. | ||
| + | - [DHCP-Dual] Fixed tracing of DHCPv6 responses when the subscriber' | ||
| + | - [DHCP-Dual] Fixed IPv4 address announcement for subscribers. | ||
| + | - [VLAN-Rule][PPPoE] Added full Service-Name support for QinQ. [[en: | ||
| + | - [DHCPv6] Fixed periodic ICMPv6 Router Advertisement transmission for DHCPv6 subscribers. | ||
| + | - [PPPoE] Fixed src/dst MAC address modification in the Ethernet header during termination. Ethernet header termination must always be performed for PPPoE packets. However, when '' | ||
| + | |||
| + | ===NAT=== | ||
| + | - Added support for disabling the public address cache used for NAT translation export. Configure '' | ||
| + | - Improved session limit management: for the '' | ||
| + | - Fixed: added validation of NAT translations in FullCone mode when '' | ||
| + | - Added explicit TCP connection termination when a port is reused by another subscriber. | ||
| + | - Changed public port queue handling: ports with short and long lifetimes are now maintained in separate queues. Ports are now elements of a private address subqueue. A port that has been accessed by a non-owner flow can now be reused immediately. | ||
| + | - Optimized the '' | ||
| + | - Fixed consistency issues in the private address queue. | ||
| + | - Fixed and optimized private address port queue handling: | ||
| + | - The private address port queue is now distributed across processing threads. | ||
| + | - The private address port queue is now divided into " | ||
| + | - Optimized behavior when the private-to-public cache is full. | ||
| + | |||
| + | ===CLI=== | ||
| + | - [LLDP] New CLI commands: '' | ||
| + | - [PCAP] Added a command to capture pcap traffic from a port:< | ||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | * '' | ||
| + | - [RATING GROUP] Added the '' | ||
| + | - [VLAN] Added a parameter to the '' | ||
| + | - [DPI] Extended the output of the '' | ||
| + | - [VLAN-Rule][PPPoE] Added display of all Service-Name permissions to the '' | ||
| + | - [VLAN-Rule][PPPoE] Refactored Service-Name support. The '' | ||
| + | - [VRF] Added support for the '' | ||
| + | - [NAT] Fixed '' | ||
| + | - [NAT] Fixed the '' | ||
| + | |||
| + | ===IPFIX=== | ||
| + | - Added support for sending UDP data exceeding the MTU size (using IP fragmentation). | ||
| + | - Fixed an issue with setting the default data export timeout. | ||
| + | - Fixed an issue when changing the '' | ||
| + | - [DNS] Added the '' | ||
| ===Utilities=== | ===Utilities=== | ||
| - | - Added the '' | + | - Added the lst2rg and rg2lst utilities for converting Service 20 profiles. |
| =====Changes in version 14.1===== | =====Changes in version 14.1===== | ||