| |
| en:dpi:update:previous:ver_12_0 [2024/09/26 15:29] – created - external edit 127.0.0.1 | en:dpi:update:previous:ver_12_0 [2024/12/04 15:35] (current) – ↷ Links adapted because of a move operation elena.krasnobryzh |
|---|
| - [PCRF][PPPoE][Framed-Pool] Fixed: create acct-session with ''session_id'' announced during authorization | - [PCRF][PPPoE][Framed-Pool] Fixed: create acct-session with ''session_id'' announced during authorization |
| - Added support for ''pcapng'' format for recording to storage | - Added support for ''pcapng'' format for recording to storage |
| - [CoA] Added processing of CoA Update by ''l2subs_id''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa]] | - [CoA] Added processing of CoA Update by ''l2subs_id''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_coa]] |
| - Added: saving ICMP protocol translations in NAT exports | - Added: saving ICMP protocol translations in NAT exports |
| - Changed: ''[[en:dpi:opt_cgnat:сgnat_settings|nat_exclude_private]]'' parameter and corresponding support: ''int nat_exclude_private'';\\ Bitmask to avoid NAT for private addresses: \\ 0 - always do private -> public conversion \\ 1 - do not do NAT for private addresses (''ip_src'' and ''ip_dst'' are private or are in ''psz_prms_user_private'') \\ 2 - ''ip_src'' is private given ''psz_prms_user_private'' and AS for ''dst_ip = local'' \\ 4 - ''ip_src'' - private with ''prms_user_private'' and AS for ''dst_ip = peer''. Description under [[en:dpi:opt_cgnat:сgnat_settings#additional_settings|Settings and management]] | - Changed: ''[[en:dpi:opt_cgnat:сgnat_settings|nat_exclude_private]]'' parameter and corresponding support: ''int nat_exclude_private'';\\ Bitmask to avoid NAT for private addresses: \\ 0 - always do private -> public conversion \\ 1 - do not do NAT for private addresses (''ip_src'' and ''ip_dst'' are private or are in ''psz_prms_user_private'') \\ 2 - ''ip_src'' is private given ''psz_prms_user_private'' and AS for ''dst_ip = local'' \\ 4 - ''ip_src'' - private with ''prms_user_private'' and AS for ''dst_ip = peer''. Description under [[en:dpi:opt_cgnat:сgnat_settings#additional_settings|Settings and management]] |
| - [CoA] Added processing of CoA Reauth by ''l2subs_id''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa]] | - [CoA] Added processing of CoA Reauth by ''l2subs_id''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_coa]] |
| - [CoA] Added CoA Disconnect processing by ''l2subs_id''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa]] | - [CoA] Added CoA Disconnect processing by ''l2subs_id''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_coa]] |
| - [fDPI] Maximal number of clusters increased from 10 to 12 | - [fDPI] Maximal number of clusters increased from 10 to 12 |
| - [PCRF][ACCT] Added: pass ''VasExperts-L2-SubsId'' attribute to ''Acct Start/Interim/Stop''. Description under [[en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr]] | - [PCRF][ACCT] Added: pass ''VasExperts-L2-SubsId'' attribute to ''Acct Start/Interim/Stop''. Description under [[en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr]] |
| - [PCRF] fastpcrf.conf option ''radius_user_name_dhcp'' - added new value ''opt61@opt60: radius_user_name_dhcp=opt61@opt60''. Description under [[en:dpi:bras_bng:bras_l2_vlan:bras_l2_vlan_dhcp:bras_l2_vlan_dhcp_proxy:bras_l2_vlan_dhcp_proxy_pcrf]] \\ User-Name in Access-Request is generated from DHCP options 61 and 60 if these options are present in the DHCP request. \\ New fastpcrf.conf options - in which attributes to pass DHCP options to Access-Request \\ [hot] Specify attributes in which DHCP options are passed. Assignment format: ''attr_dhcp_opt43=vendorId.attrId'' where vendorId is the vendor id, a number from 0 to 2^32-1. \\ If ''vendorId !=0'', the value is passed in the VSA attribute. \\ If ''vendorId == 0'', then the value is passed in the regular Radius attribute (non-VSA) \\ attrId - attribute id, a number between 1 and 255 \\ Attributes are assumed to be of type octets (passed as is in binary form) \\ Value 0.0 - do not pass this attribute to the Radius server. \\ Default values are as follows: ''attr_dhcp_opt43=0.0'', ''attr_dhcp_opt60=43823.34 # VasExperts-DHCP-ClassId, attr_dhcp_opt61=43823.33 # VasExperts-DHCP-ClientId'' | - [PCRF] fastpcrf.conf option ''radius_user_name_dhcp'' - added new value ''opt61@opt60: radius_user_name_dhcp=opt61@opt60''. Description under [[en:dpi:bras_bng:bras_l2_vlan:bras_l2_vlan_dhcp:bras_l2_vlan_dhcp_proxy:bras_l2_vlan_dhcp_proxy_pcrf]] \\ User-Name in Access-Request is generated from DHCP options 61 and 60 if these options are present in the DHCP request. \\ New fastpcrf.conf options - in which attributes to pass DHCP options to Access-Request \\ [hot] Specify attributes in which DHCP options are passed. Assignment format: ''attr_dhcp_opt43=vendorId.attrId'' where vendorId is the vendor id, a number from 0 to 2^32-1. \\ If ''vendorId !=0'', the value is passed in the VSA attribute. \\ If ''vendorId == 0'', then the value is passed in the regular Radius attribute (non-VSA) \\ attrId - attribute id, a number between 1 and 255 \\ Attributes are assumed to be of type octets (passed as is in binary form) \\ Value 0.0 - do not pass this attribute to the Radius server. \\ Default values are as follows: ''attr_dhcp_opt43=0.0'', ''attr_dhcp_opt60=43823.34 # VasExperts-DHCP-ClassId, attr_dhcp_opt61=43823.33 # VasExperts-DHCP-ClientId'' |
| - Added: support for service 16 and corresponding profile - job, delete, view via ''fdpi_ctrl'' profile matches the structure for service 5 \\ Example of setting: ''fdpi_ctrl load profile -service 16 -profile.name portal_info_1 -profile.json '{ "ip_list" : "/var/lib/dpi/ip_list_1.bin", "redirect" : "http://info.test.ru" }' '' parameter ''max_profiles_serv16'' - sets the maximum number of profiles. The default is 32. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response#vasexperts-service-profile|Subscriber authorization attributes]] | - Added: support for service 16 and corresponding profile - job, delete, view via ''fdpi_ctrl'' profile matches the structure for service 5 \\ Example of setting: ''fdpi_ctrl load profile -service 16 -profile.name portal_info_1 -profile.json '{ "ip_list" : "/var/lib/dpi/ip_list_1.bin", "redirect" : "http://info.test.ru" }' '' parameter ''max_profiles_serv16'' - sets the maximum number of profiles. The default is 32. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response#vasexperts-service-profile|Subscriber authorization attributes]] |
| - [DHCP-Proxy] Introduced CoA Disconnect processing modes. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa#flag_to_deny_allow_sending_acct_stop|Radius CoA]] \\ Added new ''bras_dhcp_disconnect'' option, which is a bitmask of the following flags: | - [DHCP-Proxy] Introduced CoA Disconnect processing modes. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_coa#flag_to_deny_allow_sending_acct_stop|Radius CoA]] \\ Added new ''bras_dhcp_disconnect'' option, which is a bitmask of the following flags: |
| * ''0x0001 - disable acct stop'', do not immediately send ''acct stop'' for a disconnected DHCP subscriber | * ''0x0001 - disable acct stop'', do not immediately send ''acct stop'' for a disconnected DHCP subscriber |
| * ''0x0002 - disable L3 auth'', do not perform L3 authorization for disconnected DHCP subscriber | * ''0x0002 - disable L3 auth'', do not perform L3 authorization for disconnected DHCP subscriber |
| - Fixed channel detection in IPFIX for IPv6 | - Fixed channel detection in IPFIX for IPv6 |
| - Adding opt125 with pool name as the first option. Reason: KEA parses only the first vendor when defining the client class (opt125). Description under [[en:dpi:bras_bng:ip_pool:ipv4#fastpcrf_configuration|IPv4 Pools Support — FastPCRF Configuration]] | - Adding opt125 with pool name as the first option. Reason: KEA parses only the first vendor when defining the client class (opt125). Description under [[en:dpi:bras_bng:ip_pool:ipv4#fastpcrf_configuration|IPv4 Pools Support — FastPCRF Configuration]] |
| - Closing DHCP sessions after CoA Disconnect. If after PoD (CoA Disconnect) there is no DHCP request before the lease time expires, the session should be closed by sending a deanonce and acct stop. It should be taken into account that the subscriber's session type may change from DHCP to StaticIP or PPPoE; in this case, the DHCP session should be closed without deanonce and acct stop. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa#disconnect-request|Radius CoA — Disconnect-Request]] | - Closing DHCP sessions after CoA Disconnect. If after PoD (CoA Disconnect) there is no DHCP request before the lease time expires, the session should be closed by sending a deanonce and acct stop. It should be taken into account that the subscriber's session type may change from DHCP to StaticIP or PPPoE; in this case, the DHCP session should be closed without deanonce and acct stop. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_coa#disconnect-request|Radius CoA — Disconnect-Request]] |
| - CLI: new parameter ''ts_lease_expired'' — lease end time — was added to the output of the ''dhcp show'' command. | - CLI: new parameter ''ts_lease_expired'' — lease end time — was added to the output of the ''dhcp show'' command. |
| - Added option ''acct_disable_interim_update'' — prohibit sending Interim-Update. Do not send Interim-Update: ''acct_disable_interim_update=1''. Default ''acct_disable_interim_update=0'' (Interim-Update is sent). Description under [[en:dpi:bras_bng:radius_integration:radius_accounting:setup]] | - Added option ''acct_disable_interim_update'' — prohibit sending Interim-Update. Do not send Interim-Update: ''acct_disable_interim_update=1''. Default ''acct_disable_interim_update=0'' (Interim-Update is sent). Description under [[en:dpi:bras_bng:radius_integration:radius_accounting:setup]] |
| - Added IPv6 support for CoA. ''Command-Code=1'' - search for acct session by IP. The acct session can be searched by IPv6 prefix attributes ''Framed-IPv6-Prefix'' or ''Delegated-IPv6-Prefix''. The command response specifies all known IP addresses of the found acct-session - ''Framed-IP-Address'', ''Framed-IPv6-Prefix'', ''Delegated-IPv6-Prefix''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_coa#accounting_session_request_for_given_ip_address|Radius CoA — Accounting session request for given IP address]] | - Added IPv6 support for CoA. ''Command-Code=1'' - search for acct session by IP. The acct session can be searched by IPv6 prefix attributes ''Framed-IPv6-Prefix'' or ''Delegated-IPv6-Prefix''. The command response specifies all known IP addresses of the found acct-session - ''Framed-IP-Address'', ''Framed-IPv6-Prefix'', ''Delegated-IPv6-Prefix''. Description under [[en:dpi:bras_bng:radius_integration:radius_auth_coa#accounting_session_request_for_given_ip_address|Radius CoA — Accounting session request for given IP address]] |
| - Fixed: cli-command ''dhcp show stat vrf''. Subscriber's ''subs_id'' was not checked when determining session "liveliness" - transfer of IP address to another subscriber may break this statistics | - Fixed: cli-command ''dhcp show stat vrf''. Subscriber's ''subs_id'' was not checked when determining session "liveliness" - transfer of IP address to another subscriber may break this statistics |
| - Fixed: update ''lease expired'' for address from Framed-Pool | - Fixed: update ''lease expired'' for address from Framed-Pool |
