{{indexmenu_n>1}}
======Beta-version 14.2======

=====Changes in version 14.2 BETA8=====
  - [DPI] Changed: after IPSNI check, fallback to base protocol or protocol defined by SNI (if detected)
  - [DPI] Changed: reduced inspection depth when attempting to decode cname/sni
  - [CLI] Added pcap capture command from port: <code>dev pcap <dev-name> rx|tx|any|off</code> 
    * ''rx'' — record packets received from the port
    * ''tx'' — record packets sent to the port
    * ''any'' — rx and tx
    * ''off'' — stop recording\\ \\ pcap file prefixes (''dev'' - port name):
    * ''rx-dev'' — for rx
    * ''tx-dev'' — for tx
  - [NAT] Fixed consistency of private address queue
  - [DPI] Fixed issue with tx-port selection for multi-valued configurations: return packet is now preferentially sent to the port from which the original packet arrived
  - [NAT] Fixes and optimization of private address port queue:
    - Private address port queue is distributed across threads
    - Private address port queue is split into "short" and "long"
  - [CLI][RG] Added: command ''rg show <IP>'' for viewing current rating group data for a subscriber

=====Changes in version 14.2 BETA7=====
  - [DPI] Changed: FakeSNI check is not performed if protocol is determined by IP and there is no mark1
  - [CG-NAT] Optimized statistics command ''fdpi_ctrl list all status --service 11''
  - [DPDK] Increased maximum memory size to 256 GB
  - [DPI][BRAS] Added service 20: rating group (RG) policing and volume quota control.\\ Creating service 20 profile:
    - Enable RG support in fastdpi.conf\\ ''rating_group_count=0'' — number of rating groups, ''0'' — RG disabled. Default value: ''0'' 
    - Prepare a text file where each rating group defines TBF policing, quota, and action upon quota exhaustion, example:<code>rg4 tbf rate 1Mbit burst 1Mbit inbound.rate 8Mbit inbound.burst 1Mbit quota 100MB report
rg5 tbf rate 8Mbit burst 1Mbit inbound.rate 8Mbit inbound.burst 1Mbit quota 1GB block</code> ''report'' and ''block'' are available actions upon quota reach: ''report'' — notify about quota reached but continue traffic forwarding; ''block'' — notify and block traffic for this rating group
    - Convert text file to binary format: <code>cat rg.txt | lst2rg rg.bin</code>
    - Place resulting binary file into directory from which DPI will read it: <code>cp rg.bin /var/lib/dpi/rg.bin</code>
    - Create service profile: <code>fdpi_ctrl load profile --service 20 --profile.name rg1 --profile.json '{ "rg_list" : "/var/lib/dpi/rg.bin" }'</code> ''max_profiles_serv20'' — maximum number of profiles. Default — 32.\\ \\ Utility rg2lst allows decoding binary file into readable form: <code>rg2lst rg.bin > rg.txt</code>
  - [DPIUTILS] Added utilities lst2rg and rg2lst for converting service 20 profiles

=====Changes in version 14.2 BETA6=====
  - [DPI] Added viber_cl check by container
  - [DPI] Fixed: override of cloud protocols by some built-in ones
  - [DPI] Fixed: added protocol detection for addresses when SNI is already in the first packet to preserve IP/SNI priority
  - [DPI] Fixed: DSCP detection from the first packet for cloud protocols defined by addresses 
  - [NAT] Added explicit TCP connection close when port is reused by another subscriber
  - [CLI] Added new fields in ''fdpi_cli dump flow cache command''. [[en:dpi:qoe_analytics:cases:network_health:flood|Description]]
  - [NAT] Changed public port queue handling: ports with short lifetime and long lifetime are now in separate queues. Ports are now elements of a private address subqueue. A port accessed from a non-owner flow thread can be reused immediately
  - [CLI] Added rating group and tethering control via service 18, where new optional fields were added to the profile configuration:\\ ''tethN'', possible values:
    * teth0 — no tethering control (default)
    * teth1 — tethering control enabled: tethering present
    * teth2 — tethering control enabled: no tethering\\ \\ ''rgN'', possible values:
    * rg0 default (rg not set)
    * rg1 rg=1 is set\\ ..
    * rg65535 rg=65535 is set\\ \\ **Example of service 18 configuration:**
    - prepare configuration file example.txt<code>    
    http cs0  teth1 rg1
    https cs0  teth1 rg1
    http cs0  teth2 rg2
    https cs0  teth2 rg2

    dns  cs1  teth1 rg1
    dns  cs1  teth2 rg2

    default cs7 teth0 rg3</code> :!: **In this example, tethering is tracked for http/https protocols and corresponding RG is assigned depending on it. Note that policing class cs is the same. Similarly for dns protocol. For ALL other protocols (default), tethering control is disabled and a separate RG is specified.**
    - convert to internal format<code>cat example.txt|lst2dscp /tmp/example.bin</code>
    - optionally verify with reverse conversion<code>dscp2lst /tmp/example.bin</code>
    - create service 18 profile and assign to subscriber (or assign unnamed profile directly)<code>    fdpi_ctrl load profile --service 18  --profile.name test_dscp --profile.json '{ "dscp" : "/tmp/example.bin" }'
    fdpi_ctrl load --service 18  --profile.name test_dscp --login test_subs</code> check<code>fdpi_ctrl list --service 18 --login test_subs</code> In trace, field ''rg=N'' is added
  - [BRAS][DHCPv6] Fixed periodic ICMPv6 Router Adv sending for DHCPv6 subscribers  
  - [BRAS][pppoe] Fixed modification of src/dst MAC in Ethernet header during termination. For PPPoE packets, Ethernet termination must always be performed. But with ''bras_term_by_as=1'' enabled, when srcAS is not marked as term, Ethernet src/dst MAC was not changed

=====Changes in version 14.2 BETA5=====
  - [BASE] Added LLDP support.\\ When LLDP support is enabled, fastDPI emits LLDP packets (LLDPDU) on specified ports. Incoming LLDP packets are unconditionally dropped.\\ New fastdpi.conf parameters (all parameters are hot, set in ''lldp'' section):
    * ''enable'' — LLDP support enable flag. By default, if ''lldp'' section exists in config, ''enable=on''; otherwise ''enable=off''
    * ''chassis'' — string — Chassis-Id value. Chassis-Id TLV is mandatory in LLDP packet. If not set, it is taken as MAC address from ''bras_arp_mac'', otherwise port MAC
    * ''ttl'' — number — TTL value in seconds, default 120
    * ''src_mac'' — MAC address — source MAC in Ethernet header of LLDPDU. If not set, taken from ''bras_arp_mac'' or port MAC
    * ''dest_mac'' — MAC address — destination MAC in Ethernet header of LLDPDU. Default — ''01:80:c2:00:00:0e'' (LLDPDU multicast)
    * ''system_name'' — string — System-Name TLV value. If not set, TLV is not included in LLDPDU
    * ''system_desc'' — string — System-Desc TLV value. If not set, TLV is not included in LLDPDU
    * ''device=<port_name>;enable=<on|off>;desc=<port_desc>'' — ports for which LLDPDU should be sent. Each port is defined via separate ''device'' parameter; port name is from in_dev/out_dev. Per-port options:
      * ''enable=on|off'' — enable/disable LLDPDU sending for this port, default ''on''
      * ''desc=string'' — Port-Desc TLV value; if not set, TLV is not included\\ \\ Debug options:
    * ''trace'' — enable LLDP tracing (boolean)
    * ''pcap'' — write LLDP packets to PCAP (boolean)
  - [CLI] New CLI commands: ''lldp enable'', ''lldp disable'' — allow enabling/disabling LLDP packet generation
  - [NAT] Improvements in session limit management: for ''nat_tcp_max_sessions''/''nat_udp_max_sessions'' limits, which define the number of allocated public ports, fixed decrement of allocated port counter which could lead to slight limit overflow. Counters ''whpf'', ''whp_salfs'', ''whp_lalfs'', ''whp_ruse'', ''whp_ruse_salfs'', ''whp_ruse_lalfs'' and similar flow statistics counters (''thr_salfs'' etc.), as well as ''nat show'' output, now reflect current actual usage instead of cumulative usage
  - [NAT] Fixed: NAT translation validity check in FullCone mode when ''nat_whp_lifetime'' < ''lifetime_flow'': if session becomes active again while NAT port is already reused, a new port is allocated

=====Changes in version 14.2 BETA4=====
  - [DPI] Added detection of FakeTLS protocol with validation
  - [DPI] Fixed: switching from QUIC_UNKNOWN to QUIC upon successful SNI parsing
  - [DHCP6-Proxy] Added DHCPv6 option 79 Client-LinkLayer-Address, containing subscriber MAC address, in Relay-Forward requests to DHCPv6 Framed-Pool server
  - [VLAN-Rule][PPPoE] Added to ''vlan rule show'' command output of all permissions for Service-Name
  - [VLAN-Rule][PPPoE] Added full support for Service-Name in QinQ. Supported rules:
    - without CVLAN selectivity: rules of type ''SVLAN.*'' with and without SName
    - full QinQ (''svlan.cvlan'') with SName selectivity
  - [VLAN-Rule][PPPoE] Refactoring of Service-Name support. ''vlan rule add/rm'' commands now support PPPoE and Service-Name.\\ Adding PPPoE processing rule for a given ''<Range>'' VLAN/QinQ: <code>vlan rule add <Range> pppoe [enable | drop | pass | delay N]</code>Adding PPPoE Service-Name processing rule for a given ''<Range>'' VLAN/QinQ:<code>vlan rule add <Range> pppoe sname <Service-Name> [enable | drop | pass | delay N]</code> Here ''<Service-Name>'' is the PPPoE Service-Name in single or double quotes (or without quotes if it is an identifier (''[a-zA-Z_][a-zA-Z_0-9]*'')\\ \\ Permissions:
    - ''enable'' - PPPoE processing allowed
    - ''drop'' - drop PPPoE packets
    - ''pass'' - pass PPPoE packets through without processing
    - ''delay N'' - establish PPPoE session with a delay of N seconds (0 < N < 16)
  - [IPFIX] Added ability to send data over UDP exceeding MTU size (with IP fragmentation)
  - [DNS] Added parameters ''ajb_save_dns_answer_types'' and ''ajb_save_dns_request_types'' allowing definition of DNS request/response types for file logging and IPFIX export
  - [IPFIX] Fixed default timeout configuration error
  - [DHCP-Dual] Fixed incorrect IPv6 PD prefix formation for addresses from Framed-IPv6-Pool
  - [DHCP-Dual] Fixed crash when enabling tracing by MAC ''bras_dhcp_trace_mac''
  - [DHCP-Dual] Fixed issue where DHCPv6 followed by DHCPv4 request sequence caused extra authorization
  - [DHCP-Dual] Fixed DHCPv6 response tracing when MAC address tracing is enabled
  - [DNS] Added utility dic2dns. [[en:dpi:dpi_options:dns_substitution#configuration|Description]]

=====Changes in version 14.2 BETA3=====
===DPI===
  - [DPI] Added GRE ERSPAN tunnel parsing for ''check_tunnels=1'' mode
  - [DPI] Message "Can't allocate record http_state" is now printed once per 50000 occurrences
  - [DPI] Added MARK2 flag check for redefinition into QUIC_UNKNOWN_MARKED when QUIC protocol is still being identified via SNI. [[en:dpi:dpi_options:opt_priority:priority_config_as#file_format_of_autonomous_systems_list_and_their_priorities|Description]]
===BRAS===
  - [BRAS][Router] Changed Linux route table parsing at router startup. [[en:dpi:dpi_components:router#the_internal_router_architecture|Description]]

=====Changes in version 14.2 BETA2.1=====
===NAT===
  - [CG-NAT] NAT optimization changes

=====Changes in version 14.2 BETA2=====
===DPI===
  - [DPI][DNS] Fixed issue with service 19 for IPv6 traffic
===BRAS===
  - [BRAS][DHCP-Dual] Added Lease-Time accounting\\ In DHCP Dual mode, it is critical that ''Session-Timeout'' is at least 4 times greater than ''Lease-Time''. If this condition is violated, ''Lease-Time'' is set to 1/4 of ''Session-Timeout''.\\ ''Lease-Time'' is taken from RADIUS authentication response (in order of priority):
    - attribute ''DHCP-IP-Address-Lease-Time'';
    - attribute ''VasExperts-DHCP-Option-Num'' defining option 51;
    - DHCP option 51 if address is allocated from ''Framed-Pool''.\\ \\ If ''Lease-Time'' is not specified by any of the above methods, it is set to 1/16 of ''Session-Timeout''.\\ Minimum values:
    * ''Session-Timeout'' — 600 seconds
    * ''Lease-Time'' — 60 seconds
===NAT===
  - [CG-NAT] Added support for disabling white address cache for NAT export. Setting ''nat_dstaddr_cache_size=0'' in ''/etc/dpi/fastdpi.conf''

=====Changes in version 14.2 BETA1=====
===DPI===
  - [DPDK] Migration to new DPDK version 25.11. [[en:dpi:dpi_brief:dpi_requirements#minimum_requirements|Description]]
  - [DPI][NAT] Optimization under private-to-public cache overflow
  - [CLI][VLAN] Added parameter to ''vlan rule dump'' command defining rule type output: ''vlan rule dump [type]''\\ ''type'' — rule type: ''perm'', ''dhcp'', ''all'' (default)\\ Show VLAN permissions:<code>vlan rule dump perm</code> Show DHCP-only rules: <code>vlan rule dump dhcp</code> Show all rules: <code>vlan rule dump</code>
  - [CLI][DPI] Extended output of ''fdpi_cli dump flow cache format'' with new fields. [[en:dpi:dpi_components:platform:dpi_admin:flow_statistics|Description]]
  - [BALANCER] Added ability to use vlan rule for packet filtering
  - [DPDK] Added new option ''dpdk_max_memzone'' [cold] — sets DPDK max memzone count. Default in DPDK is ''5120'' (depends on DPDK version)\\ ''0'' — use default value from DPDK. Increasing this is useful for huge configurations with many NICs if startup error occurs: "Number of requested memzone segments exceeds maximum 5120"
  - [CLI][DHCP-Dual] Added support for command ''dhcp show stat vrf''
  - [DPDK] New engine ''dpdk_engine=7'' with explicit dispatcher assignment\\ This engine supports heterogeneous configurations where ports of different types exist in one cluster — e.g. in-dev 100G port and multiple 10G out-dev ports.\\ Dispatchers are defined in ''dpdk_dispatch'': <code>dpdk_dispatch=<port-list>[;params]*</code>
    * ''<port-list>'' defines which ports are handled by this dispatcher
    * ''params'' — additional options:
      * ''rss=N'' — enable RSS on all ports in dispatcher; creates N dispatchers per RX queue
      * ''mempool_size=N'' — size of ''mbuf_pool'' for dispatcher; each dispatcher has its own mempool\\ \\ Multiple ''dpdk_dispatch'' entries may exist; each defines a separate dispatcher (or group if RSS is enabled). Each cluster port must belong to exactly one ''dpdk_dispatch''. On-stick ports must reference the base physical port.\\ Configuration errors:
      * cluster port is not included in any ''dpdk_dispatch''
      * cluster port appears in multiple ''dpdk_dispatch'' entries
      * ports from different clusters are mixed in one dispatcher\\ \\ Example mappings:<code>
dpdk_engine=0: single dispatcher for all ports
dpdk_engine=1: dispatcher per direction
dpdk_engine=3: bridge dispatcher
dpdk_engine=4: per-port dispatcher
dpdk_engine=6: bridge dispatcher with RSS
</code>
  - [IPFIX] Fixed error when changing ''ipfix_dev'' option