Changelog of SSG BETA-version [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_components:platform:dpi_admin:testversion_install [2025/01/15 08:24] elena.krasnobryzhen:dpi:dpi_components:platform:dpi_admin:testversion_install [2025/08/18 07:13] (current) – [Changes in version 14.0 BETA4.4] elena.krasnobryzh
    Line 2: Line 2:
     {{indexmenu_n>3}} {{indexmenu_n>3}}
      
    -====Changes in version 13.BETA1====+====Changes in version 14.BETA1====
      
    -  - [DPINew protocols added: BIGOTV [49305], SAYHI [49306], AZARLIVE [49307]. +  - [BRASSupport for L2TP termination 
    -  - Added: hot parameter ''smartdrop = 1''If ''drop'' is set for the protocolit will be deferred until the TLS is parsed or a TLS parsing error occurs. +  - [BRASSupport for DHCP-Dual 
    -  - Fixed: Adding HTTP domains ending with '':'' (port number). +  - [DPI]  Migration to DPDK 24.11, support for new NICs (Intel E830 200GIntel E630, Napatech SmartNIC) 
    -  - [Utils] Fixed: ''checkproto'' now considers MARK1 and checks if the port number is specified. For example, ''checkproto 8.8.8.8 443 www.google.com'' and ''checkproto 8.8.8.8 www.google.com'' may return different results. +  - [CLI] Added support for ''subs_id'' in commands: ''dhcp show'', ''dhcp reauth''''dhcp6 show''''dhcp6 reauth'', and ''dhcp disconnect''
    -  - Changed the path for loading ASNUM from VAS Cloud (cloud.vasexperts.ru). +
    -  - Blacklist blocking in GTP tunnel (with the ''detect_gtp_tunnel'' setting). +
    -  - Fixed: HTTPS blocking with the ''hard'' option.+
      
    -====Changes in version 13.BETA2====+====Changes in version 14.BETA2====
      
    -  - [DPI] Improved Viber recognition+  - [DPI] New protocols added: AGORA_STREAMS(49314), AZAR_CALL(49315), WECHAT_CALL(49316), TEAMS_CALL(49317)[[en:dpi:dpi_options:protocols]] 
    -  - Support for reload of ''/etc/dpi/asnum6.bin''+  - [DPI] Improved support for LINE_CALL, VYKE_CALL protocols. [[en:dpi:dpi_options:protocols]] 
    -  - [Utils''bin2as'' now accepts any number of input files as arguments. +  - [DPI] Fixed smartdrop behavior 
    -  - [Utils] ''ascheckip'' accepts addresses for batch verification via ''stdin''+  - [DPI] Added validation for complex protocols[[en:dpi:dpi_options:protocols]] 
    -  - [Utils] ''bgp2bin'' works similarly to ''as2bin'', but only accepts /24 or larger subnetsIt recognizes the IP1-IP2 range format as in RIPE records (extracting /24 or larger subnets from it). Subsequent entries take precedence over previous ones, creating a slightly larger file than ''as2bin''However, in this file, subnet ranges do not overlap (as less prioritized entries are filtered out). This allows the utility to process data from multiple sources in order of priority. +  - [DPDKIncreased the maximum number of dispatchers to 32 
    -  - [BRAS][PPP] FixedHeterogeneous dual-stack. One address (IPv4 or IPv6) is explicitly set, while the other (IPv6 or IPv4) is assigned via framed-pool.+  - [IPFIX/NetflowAdded the ability to change IPFIX/Netflow parameters without restarting fastDPI. A new config parameter ''ipfix_reserved'' has been added to reserve memory for enabling/changing IPFIX/Netflow parameters. If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled and parameters/new exporter types can be changed without restarting fastDPI
     +  - [FastRadiusIt is now possible to set both ''bind_ipv6_address'' and ''bind_ipv6_subnet''If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the ''bind_ipv6_subnet'' restriction. 
     +  - CLI command ''dev info'' now includes the name of the LAG that the port belongs to 
     +  - [PCRF][PPP][Framed-pool] AddedDHCP option ''Client-Id'' now includes ''tunnel-IP'' as part of the subscriber ID. Format of DHCP option ''Client-Id'' with fastpcrf.conf option ''dhcp_client_id=1'' is as follows: <code> 
     +     [conntype][subs_id][tunnel_ip]
      
     +     conntype = 1 (1 byte)
     +     subs_id  - 16 bytes
     +     tunnel_ip - 4 bytes</code> Tunnel IP is available in L2TP; for PPPoE, tunnel IP = 0.
     +  - [IPFIX] Message aggregation added for IPFIX streams: FullFlow/DNS/META/NAT
     +  - [IPFIX] Added parameter ''ipfix_mtu_limit'' to restrict maximum message size for IPFIX UDP packets
     +  - [IPFIX DNS] New elements added to IPFIX DNS: 224 (ipTotalLength) and 43823:3206 (DNS transaction id)
     +  - [VRRP] Fixed proper handling of the ''vrrp_enable'' option change
     +  - [BRAS][PPP] PPP session key is now compound: ''l2subs_id'' + ''tunnel-IP''. For PPPoE sessions, tunnel IP = 0. CLI commands that use ''subs_id'' as a key (''subs prop show'', ''l2tp show session'', ''l2tp term'', etc.) may now return multiple entries with the same ''l2subs_id''.
      
     +====Changes in version 14.0 BETA3====
     +
     +  - [DPI] Added cloud protocols with identifiers 55296..58367
     +  - [IPFIX] Fixed IPFIX exporter reinitialization bugs
     +  - [BRAS][subs_grooming] Fixed potential crash due to race condition during fastDPI shutdown
     +  - [CLI] Added commands to display mempool properties and statistics<code>
     +    hal mempool props
     +    hal mempool stat</code>DPDK must be built with statistics collection enabled to display mempool stats
     +  - [BRAS][DHCP] Fixed crash when parsing Framed-Pool Renew response if it contains no DHCP options
     +  - [PCRF][Acct] Fixed: Interim-Update sending is now disabled when ''Acct-Interim-Interval = 0'' is explicitly set in the RADIUS response
     +  - [VASE_CLI] Created a unified CLI for managing DPI, BRAS, DHCP (KEA), ROUTER (BIRD) with support for authorization and command logging via TACACS (VEOS 8.x required)
     +  - [SNMP] Created a module for monitoring system components via SNMP
     +
     +====Changes in version 14.0 BETA4====
     +  - [DPI] Added DOQ 49318 protocol (DNS-over-QUIC)
     +  - [Router] Announcing subscriber white addresses for 1:1 NAT individually and after authentication
     +  - [PCRF] Added support for service 19 "DNS spoofing", profile required.
     +  - [DPDK] Added ''dpdk_engine=6'' (''mqrx-bridge'') — number of RSS dispatchers per bridge. Total number of dispatchers = ''dpdk_rss * number of bridges''. NIC configuration: RX queue count = ''dpdk_rss'', TX queue count = number of worker threads (''num_threads''). Intended for setups with many bridges (dev1:dev2:dev3:...) for 100G+ NICs, as a replacement for the cluster approach. On-stick devices are supported.
     +  - [DPDK] Removed dedicated mempools. The fastdpi.conf option ''dpdk_emit_mempool_size'' is deprecated and no longer used.
     +  - [VLAN-Rule] Moved vlan group data from UDR to SDR. Global rules for vlan drop/pass/hide/permit set by the previous CLI command ''vlan group'' were converted and moved from UDR to SDR, with removal from UDR.
     +  - [VLAN] VLAN rules — added CLI commands:
     +    - ''vlan rule add'' - add new rule to SDR
     +    - ''vlan rule modify'' - modify existing rule in SDR
     +    - ''vlan rule delete'' - delete rule from SDR
     +    - ''vlan rule show'' - show all rules for the specified VLAN/QinQ
     +    - ''vlan rule dump'' - dump all rules in SDR
     +    - ''vlan rule purge vlan''/''qinq''/''all'' - clear SDR for VLAN/QinQ or both
     +    - ''vlan rule apply'' - apply rules; by default, rules are applied 5 minutes after the last SDR modification
     +  - [IPv6] Added direction detection in combined traffic (IN+OUT on one port) based on the local flag for IP addresses. Enabled via ''combined_io_direction_mode'' option
     +
     +====Changes in version 14.0 BETA4.1====
     +  - [BRAS] Fixed compatibility with the old format of service 18, where there were fewer protocols and both fields in the profile needed to be filled
     +  - [DPI] Lowered detection priority for ''telegram_tls''
     +
     +====Changes in version 14.0 BETA4.2====
     +  - [DPI] Improved detection of ''WECHAT'' and ''WECHAT_CALL''
     +  - [BRAS][Framed-Route] Fixed: possible crash when freeing memory
     +  - [BRAS] Refactored PCRF connectivity: in the new implementation, all connections are equal; an error on any triggers reconnection of all connections and a switch to another PCRF. Added CLI commands:
     +    - ''pcrf connect show'' — show current status and accumulated statistics for PCRF connections.
     +    - Force connection to the specified PCRF ''pcrf connect switch [<pcrf_index>]'', where ''<pcrf_indxed>'' is the index of the connection line in the ''auth_server'' parameter. If ''<pcrf_indxed>'' is not specified — defaults to 0.
     +  - [IPFIX DNS] Added the ability to send DNS MX responses via IPFIX. Enabled by setting bit 3 (4) of the ''ajb_save_dns'' parameter
     +
     +====Changes in version 14.0 BETA4.3====
     +  - [DPI] Added FakeTLS protocol (49319) with validation
     +  - [BRAS][DHCP] Changed: sliding window algorithm for rate limit
     +  - [BRAS] Fixed: time comparison error when loading ip_prop from UDR
     +  - [VLAN-Rule] Added support for 'any' instead of '*' when describing VLAN range <code>
     +'*.*' is interpreted in bash command line as a file search mask, so now instead of '*', you can specify 'any' ('*' is still supported):
     +'any.any' - equivalent to '*.*'
     +'any' - equivalent to '*'
     +'68.any' - equivalent to '68.any'
     +'any.78-90' - equivalent to '*.78-90' </code>
     +  - [BRAS] Removed support for DHCP-Dual (moved to next release)
     +  - [DPI][LOG] Messages about insufficient SSL parsers are written to the slave log not for every event, but at a frequency of 1/50000.
     +
     +====Changes in version 14.0 BETA4.4====
     +  - [DPI] Added protocols ZALO_CALL(49320) and VK_CALL(49321)
     +  - [DPI] Fixed blocking in hard mode for SSL
     +  - [Acct] Added attribute ''VASExperts-Service-Type''. Radius acct start/interim/stop sends the authorization type in the ''VASExperts-Service-Type'' attribute.
     +  - [CLI] Added: ''stat flow ip6'' command to display IPv6 flow statistics
     +  - [CLI] Added: ''stat flow ip4'' command to display IPv4 flow statistics. Analogous to the output in ''fastdpi_stat.log''.
     +  - [IPFIX] Fixed ExportTime formation error in IPFIX Fullflow
     +  - [CLI] Added ''stat netflow'' command. Displays general statistics for Netflow/IPFIX (same as in ''fastdpi_stat.log'' under the "Statistics on NFLW_export" section)
     +  - [DNS] Added support for substitution/blocking/dropping of DNS requests A, AAAA, MX, HTTPS
     +  - [CLI] Added ''stat firewall'' command
     +
     +====Changes in Version 14.0 BETA4.5====
     +  - [DPI] Added BIGO_CDN protocol (49324)
     +  - [DPI] Added UDP support for BIGOTV
     +  - [PCRF][L2TP] Fixed: NAS attributes for L2TP during authorization
     +  - [BRAS][L2TP] Fixed: data race when closing sessions
     +  - [DPDK] Removed deprecated rx channels settings and related checks
     ====Update instructions==== ====Update instructions====
     You can check the current installed version with the command below You can check the current installed version with the command below
    Line 39: Line 120:
     </code> </code>
        
    -Downgrade to 13.1:+Downgrade to 13.3:
      
     <code bash> <code bash>
    -yum downgrade fastdpi-13.fastpcrf-13.1+yum downgrade fastdpi-13.fastpcrf-13.3 dpiutils-13.3 fastradius-13.3 
     </code> </code>