SSG changelog and update [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:update [2025/09/24 14:12] elena.krasnobryzhen:dpi:update [2025/10/22 10:34] (current) elena.krasnobryzh
    Line 79: Line 79:
     ====Changes in version 14.0==== ====Changes in version 14.0====
      
    -  - [BRAS] Support for L2TP termination+  - [BRAS] Support for L2TP termination. [[en:dpi:bras_bng:bras_pppoe|Description]]
       - [DPI]  Migration to DPDK 24.11, support for new NICs (Intel E830 200G, Intel E610, Napatech SmartNIC). [[en:dpi:dpi_brief:dpi_requirements|Description]]   - [DPI]  Migration to DPDK 24.11, support for new NICs (Intel E830 200G, Intel E610, Napatech SmartNIC). [[en:dpi:dpi_brief:dpi_requirements|Description]]
       - [CLI] Added support for ''subs_id'' in commands: ''dhcp show'', ''dhcp reauth'', ''dhcp6 show'', ''dhcp6 reauth'', and ''dhcp disconnect''. [[en:dpi:bras_bng:cli:dhcp|Description]]   - [CLI] Added support for ''subs_id'' in commands: ''dhcp show'', ''dhcp reauth'', ''dhcp6 show'', ''dhcp6 reauth'', and ''dhcp disconnect''. [[en:dpi:bras_bng:cli:dhcp|Description]]
    Line 87: Line 87:
       - [DPI] Added validation for complex protocols. [[en:dpi:dpi_options:protocols]]   - [DPI] Added validation for complex protocols. [[en:dpi:dpi_options:protocols]]
       - [DPDK] Increased the maximum number of dispatchers to 32. [[en:dpi:dpi_components:platform:dpi_config|Description]]   - [DPDK] Increased the maximum number of dispatchers to 32. [[en:dpi:dpi_components:platform:dpi_config|Description]]
    -  - [IPFIX/Netflow] Added the ability to change IPFIX/Netflow parameters without restarting fastDPI. A new config parameter ''ipfix_reserved'' has been added to reserve memory for enabling/changing IPFIX/Netflow parameters. If IPFIX/Netflow parameters are set in the configuration file, memory reservation for IPFIX/Netflow is automatically enabled and parameters/new exporter types can be changed without restarting fastDPI.+  - [IPFIX/Netflow] Added the ability to change IPFIX/Netflow parameters without restarting fastDPI using the ''ipfix_reserved'' parameter[[en:dpi:dpi_options:opt_statistics:statistics_ipfix|Description]]
       - [FastRadius] It is now possible to set both ''bind_ipv6_address'' and ''bind_ipv6_subnet''. If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the ''bind_ipv6_subnet'' restriction. [[en:dpi:dpi_components:radius:radius_requirements#ipv6_support|Description]]   - [FastRadius] It is now possible to set both ''bind_ipv6_address'' and ''bind_ipv6_subnet''. If the Framed-IPv6-Prefix has a /128 mask, it is not checked against the ''bind_ipv6_subnet'' restriction. [[en:dpi:dpi_components:radius:radius_requirements#ipv6_support|Description]]
    -  - CLI command ''dev info'' now includes the name of the LAG that the port belongs to+  - CLI command ''dev info'' now includes the name of the LAG that the port belongs to. [[en:dpi:bras_bng:cli:subs#dev_info|Description]]
       - [PCRF][PPP][Framed-pool] Added: DHCP option ''Client-Id'' now includes ''tunnel-IP'' as part of the subscriber ID. For more details, see sections [[en:dpi:bras_bng:ip_pool:ipv4]] and [[en:dpi:bras_bng:ip_pool:ipv6]]   - [PCRF][PPP][Framed-pool] Added: DHCP option ''Client-Id'' now includes ''tunnel-IP'' as part of the subscriber ID. For more details, see sections [[en:dpi:bras_bng:ip_pool:ipv4]] and [[en:dpi:bras_bng:ip_pool:ipv6]]
       - [IPFIX] Message aggregation added for IPFIX streams: FullFlow/DNS/META/NAT   - [IPFIX] Message aggregation added for IPFIX streams: FullFlow/DNS/META/NAT
    -  - [IPFIX] Added parameter ''ipfix_mtu_limit'' to restrict maximum message size for IPFIX UDP packets+  - [IPFIX] Added parameter ''ipfix_mtu_limit'' to restrict maximum message size for IPFIX UDP packets. Description: [[en:dpi:dpi_options:opt_li:li_ipfix#clickstream_export_setup|ClickStream export Setup]], [[en:dpi:dpi_options:opt_statistics:statistics_ipfix]]
       - [IPFIX DNS] New elements added to IPFIX DNS: 224 (ipTotalLength) and 43823:3206 (DNS transaction id). [[en:dpi:dpi_options:opt_li:li_ipfix#configuring_the_export_of_dns_responses_or_dns_queries|Description]]   - [IPFIX DNS] New elements added to IPFIX DNS: 224 (ipTotalLength) and 43823:3206 (DNS transaction id). [[en:dpi:dpi_options:opt_li:li_ipfix#configuring_the_export_of_dns_responses_or_dns_queries|Description]]
       - [VRRP] Fixed proper handling of the ''vrrp_enable'' option change   - [VRRP] Fixed proper handling of the ''vrrp_enable'' option change
    -  - [BRAS][PPP] PPP session key is now compound: ''l2subs_id'' + ''tunnel-IP''. For PPPoE sessions, tunnel IP = 0. CLI commands that use ''subs_id'' as a key (''subs prop show'', ''l2tp show session'', ''l2tp term'', etc.) may now return multiple entries with the same ''l2subs_id''.+  - [BRAS][PPP] PPP session key is now compound: ''l2subs_id'' + ''tunnel-IP''. For PPPoE sessions, tunnel IP = 0. CLI commands that use ''subs_id'' as a key (''subs prop show'', ''l2tp show session'', ''l2tp term'', etc.) may now return multiple entries with the same ''l2subs_id''[[en:dpi:bras_bng:bras_pppoe|Description]]
       - [DPI] Added cloud protocols with identifiers 55296..58367   - [DPI] Added cloud protocols with identifiers 55296..58367
       - [IPFIX] Fixed IPFIX exporter reinitialization bugs   - [IPFIX] Fixed IPFIX exporter reinitialization bugs
    Line 103: Line 103:
         hal mempool stat</code>DPDK must be built with statistics collection enabled to display mempool stats     hal mempool stat</code>DPDK must be built with statistics collection enabled to display mempool stats
       - [BRAS][DHCP] Fixed crash when parsing Framed-Pool Renew response if it contains no DHCP options   - [BRAS][DHCP] Fixed crash when parsing Framed-Pool Renew response if it contains no DHCP options
    -  - [PCRF][Acct] Fixed: Interim-Update sending is now disabled when ''Acct-Interim-Interval = 0'' is explicitly set in the RADIUS response. For more details, see sections  [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response#acct-interim-interval|Subscriber authorization attributes]], [[en:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_acc]], [[en:dpi:bras_bng:bras_pppoe:bras_pppoe_radius:bras_pppoe_radius_rej]] +  - [PCRF][Acct] Fixed: Interim-Update sending is now disabled when ''Acct-Interim-Interval = 0'' is explicitly set in the RADIUS response. For more details, see sections  [[en:dpi:bras_bng:radius_integration:radius_auth_server_integration:radius_auth_response#acct-interim-interval|]], [[en:dpi:bras_bng:bras_pppoe:pppoe_pppol2tp_parameters:bras_pppoe_radius]] 
    -  - [VASE_CLI] Created a unified CLI for managing DPI, BRAS, DHCP (KEA), ROUTER (BIRD) with support for authorization and command logging via TACACS (VEOS 8.x required)+  - [VASE_CLI] Created a unified CLI for managing DPI, BRAS, DHCP (KEA), ROUTER (BIRD) with support for authorization and command logging via TACACS (VEOS 8.x required). [[en:dpi:dpi_components:utilities:vase_cli|Description]]
       - [SNMP] Created a module for monitoring system components via SNMP   - [SNMP] Created a module for monitoring system components via SNMP
       - [DPI] Added DOQ 49318 protocol (DNS-over-QUIC)   - [DPI] Added DOQ 49318 protocol (DNS-over-QUIC)
    Line 113: Line 113:
       - [VLAN-Rule] Moved vlan group data from UDR to SDR. Global rules for vlan drop/pass/hide/permit set by the previous CLI command ''vlan group'' were converted and moved from UDR to SDR, with removal from UDR. [[en:dpi:dpi_components:platform:vlan_traffic_handling|Description]]   - [VLAN-Rule] Moved vlan group data from UDR to SDR. Global rules for vlan drop/pass/hide/permit set by the previous CLI command ''vlan group'' were converted and moved from UDR to SDR, with removal from UDR. [[en:dpi:dpi_components:platform:vlan_traffic_handling|Description]]
       - Up to version 14, only one built-in database UDR (User Data Repository) is used, intended for permanent storage of data about services, policings, and other FastDPI settings.\\ Starting from Version 14, UDR is split into UDR and SDR. The split occurs automatically during version update.\\ SDR (System Data Repository) is intended for storing FastDPI settings not related to subscribers. It can be considered that SDR is an extension of fastdpi.conf. No special activation of SDR is required — the necessary .mdb files are created automatically when the corresponding mode is enabled in fastdpi.conf.   - Up to version 14, only one built-in database UDR (User Data Repository) is used, intended for permanent storage of data about services, policings, and other FastDPI settings.\\ Starting from Version 14, UDR is split into UDR and SDR. The split occurs automatically during version update.\\ SDR (System Data Repository) is intended for storing FastDPI settings not related to subscribers. It can be considered that SDR is an extension of fastdpi.conf. No special activation of SDR is required — the necessary .mdb files are created automatically when the corresponding mode is enabled in fastdpi.conf.
    -  - [VLAN] VLAN rules — added CLI commands: +  - [VLAN] VLAN rules — added CLI commands. [[en:dpi:dpi_components:platform:vlan_traffic_handling#vlan_rule|Description]]
    -    - ''vlan rule add'' - add new rule to SDR +
    -    - ''vlan rule modify'' - modify existing rule in SDR +
    -    - ''vlan rule delete'' - delete rule from SDR +
    -    - ''vlan rule show'' - show all rules for the specified VLAN/QinQ +
    -    - ''vlan rule dump'' - dump all rules in SDR +
    -    - ''vlan rule purge vlan''/''qinq''/''all'' - clear SDR for VLAN/QinQ or both +
    -    - ''vlan rule apply'' - apply rules; by default, rules are applied 5 minutes after the last SDR modification+
       - [IPv6] Added direction detection in combined traffic (IN+OUT on one port) based on the local flag for IP addresses. Enabled via ''combined_io_direction_mode'' option   - [IPv6] Added direction detection in combined traffic (IN+OUT on one port) based on the local flag for IP addresses. Enabled via ''combined_io_direction_mode'' option
       - [BRAS] Fixed compatibility with the old format of service 18, where there were fewer protocols and both fields in the profile needed to be filled   - [BRAS] Fixed compatibility with the old format of service 18, where there were fewer protocols and both fields in the profile needed to be filled
    Line 133: Line 126:
       - [BRAS][DHCP] Changed: sliding window algorithm for rate limit   - [BRAS][DHCP] Changed: sliding window algorithm for rate limit
       - [BRAS] Fixed: time comparison error when loading ip_prop from UDR   - [BRAS] Fixed: time comparison error when loading ip_prop from UDR
    -  - [VLAN-Rule] Added support for 'any' instead of '*' when describing VLAN range <code> +  - [VLAN-Rule] Added support for 'any' instead of '*' when describing VLAN range. [[en:dpi:dpi_components:platform:vlan_traffic_handling#vlan_rule|Description]]
    -'*.*' is interpreted in bash command line as a file search mask, so now instead of '*', you can specify 'any' ('*' is still supported): +
    -'any.any' - equivalent to '*.*' +
    -'any' - equivalent to '*' +
    -'68.any' - equivalent to '68.any' +
    -'any.78-90' - equivalent to '*.78-90' </code>+
       - [DPI][LOG] Messages about insufficient SSL parsers are written to the slave log not for every event, but at a frequency of 1/50000.   - [DPI][LOG] Messages about insufficient SSL parsers are written to the slave log not for every event, but at a frequency of 1/50000.
       - [DPI] Added protocols ZALO_CALL(49320) and VK_CALL(49321)   - [DPI] Added protocols ZALO_CALL(49320) and VK_CALL(49321)
       - [DPI] Fixed blocking in hard mode for SSL   - [DPI] Fixed blocking in hard mode for SSL
       - [Acct] Added attribute ''VASExperts-Service-Type''. Radius acct start/interim/stop sends the authorization type in the ''VASExperts-Service-Type'' attribute. [[en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr|Description]]   - [Acct] Added attribute ''VASExperts-Service-Type''. Radius acct start/interim/stop sends the authorization type in the ''VASExperts-Service-Type'' attribute. [[en:dpi:bras_bng:radius_integration:radius_accounting:radius_attr|Description]]
    -  - [CLI] Added: ''stat flow ip6'' command to display IPv6 flow statistics +  - [CLI] Added: ''stat flow ip6'' command to display IPv6 flow statistics. [[en:dpi:bras_bng:cli:stat|Description]] 
    -  - [CLI] Added: ''stat flow ip4'' command to display IPv4 flow statistics. Analogous to the output in ''fastdpi_stat.log''.+  - [CLI] Added: ''stat flow ip4'' command to display IPv4 flow statistics. Analogous to the output in ''fastdpi_stat.log''[[en:dpi:bras_bng:cli:stat|Description]]
       - [IPFIX] Fixed ExportTime formation error in IPFIX Fullflow   - [IPFIX] Fixed ExportTime formation error in IPFIX Fullflow
    -  - [CLI] Added ''stat netflow'' command. Displays general statistics for Netflow/IPFIX (same as in ''fastdpi_stat.log'' under the "Statistics on NFLW_export" section)+  - [CLI] Added ''stat netflow'' command. Displays general statistics for Netflow/IPFIX (same as in ''fastdpi_stat.log'' under the "Statistics on NFLW_export" section). [[en:dpi:bras_bng:cli:stat|Description]]
       - [DNS] Added support for substitution/blocking/dropping of DNS requests A, AAAA, MX, HTTPS. [[en:dpi:dpi_options:dns_substitution|Description]]   - [DNS] Added support for substitution/blocking/dropping of DNS requests A, AAAA, MX, HTTPS. [[en:dpi:dpi_options:dns_substitution|Description]]
    -  - [CLI] Added ''stat firewall'' command+  - [CLI] Added ''stat firewall'' command. [[en:dpi:bras_bng:cli:stat|Description]]
       - [DPI] Added BIGO_CDN protocol (49324)   - [DPI] Added BIGO_CDN protocol (49324)
       - [DPI] Added UDP support for BIGOTV   - [DPI] Added UDP support for BIGOTV
    Line 155: Line 143:
       - [DPDK] Removed deprecated rx channels settings and related checks   - [DPDK] Removed deprecated rx channels settings and related checks
       - [IPFIX] Added configurable sending of drop octets/packets counters when generating IPFIX fullflow. [[en:dpi:dpi_options:opt_statistics:statistics_ipfix|Description]]   - [IPFIX] Added configurable sending of drop octets/packets counters when generating IPFIX fullflow. [[en:dpi:dpi_options:opt_statistics:statistics_ipfix|Description]]
    -  - [PCAP] Added capability to save traffic of a specified vlan using the ''ajb_save_vlan'' parameter+  - [PCAP] Added capability to save traffic of a specified vlan using the ''ajb_save_vlan'' parameter. [[en:dpi:dpi_options:opt_li:li_settings#pcap_by_vlan|Description]]
       - [DPIUTILS] Updated checknat utility. [[en:dpi:dpi_components:utilities:management_utilities#checknat|Description]]   - [DPIUTILS] Updated checknat utility. [[en:dpi:dpi_components:utilities:management_utilities#checknat|Description]]
       - [DPIUTILS] Updated dns2dic utility with domain blocking support. [[en:dpi:dpi_options:dns_substitution|Description]]   - [DPIUTILS] Updated dns2dic utility with domain blocking support. [[en:dpi:dpi_options:dns_substitution|Description]]