====== Test version installation ======
{{indexmenu_n>3}}
====Changes in version 13.2 BETA1====
- [BRAS][PPPoE] Fixed: ping of inactive client with Echo requests
- Support for service profiles 19 (DNS response substitution). [[en:dpi:dpi_options:dns_substitution|Description]]
- For service 19, ability to specify AAAA records and support for wildcard (*) for domains. [[en:dpi:dpi_options:dns_substitution|Description]]
- Fixed: for profile 18, it is not required to set both DSCP and TBF simultaneously
====Changes in version 13.2 BETA2====
- Fixed: IP:PORT priority over IP and CIDR for custom protocol definitions
- Modified: custom protocols have higher priority than cloud protocols
- Fixed: length of AAAA records in service 19
- Added: mask 8 in ''block_options'' - do not generate rst blocking and redirection packets for packets directed from inet-->subs. [[en:dpi:dpi_options:opt_filtration:filtration_settings#blocking_settings|Description]]
====Changes in version 13.2 BETA3====
- [DPI] Improved: analysis of out-of-order packets.
- [DPI] Fixed: recognition of DOT protocol.
- [CTRL] Added: new format for policing output: fdpi_ctrl list profile --policing --profile.name htb_6 --outformat=json2
- [CTRL] Added: loading of policing profiles with the new format (including value and unit).
- [BRAS][IPv6] Added: upon receiving a DHCPv6 confirm from the client and if there is no session in the BRAS database, a response with the status "NotOnLink" is sent.
- [FastPCRF][DHCPv6] Fixed: an error causing the current IPv6 accounting session to close and reopen when processing DHCPv6 requests from the client to renew the address lease.
====Changes in version 13.2 BETA4====
- [DPI] Added: updating ''asnum.bin'' from the cloud, the ''asnum_download'' parameter is similar to the set of values in ''[[dpi:dpi_options:opt_filtration:filtration_settings|federal_black_list]]''.
- [DPI] CUSTOM protocols now have priority over others downloaded from the cloud.
- [DPI] Added: setting the number of buffers for processing out-of-order packets.
- Added: parameter ''mem_ssl_savebl'' (cold). Specifies the number of buffers saved for SSL parsing during packet reordering.\\ Default = 10% of ''mem_ssl_parsers''. If the value == 0, saving and processing do not occur.\\ The first value is from the conf file, in parentheses is the value used.\\ Example output from alert:
- Parameter not set
mem_ssl_parsers : 320000
mem_ssl_savebl : -1 (32000)
- ''mem_ssl_savebl=1234'' is set
mem_ssl_parsers : 320000
mem_ssl_savebl : 1234 (1234)
- Added: utilization statistics for saving SSL request parsing buffers
[STAT ][2024/08/07-13:33:16:262335] Detailed statistics on SSL_SAVEBL :
thread_slave= 0 : 1522/1/32000 0/0/0/0/0/ 1/1/348 348/348/348
Total : 1522/1/32000 0/0/0/0/0/ 1/1/348 348/348/348Let's denote: ''a1/a2/a3 b1/b2/b3/b4/b5 c1/c2/c3 d1/d2/d3''\\ ''a1'' — allocated memory size for saving the record of subsequent parsing (matches snaplen)\\ ''a2'' — records allocated\\ ''a3'' — records used\\ \\ ''b1'' — total number of errors during packet saving processing\\ ''b2'' — buffer size read is too large\\ ''b3'' — an incorrect ''isbl_t ind_'' was passed to the function\\ ''b4'' — error adding a record to arw — no space to save the list of used buffers\\ ''b5'' — error adding data to ''p_data'' (unable to save buffer)\\ \\ ''c1'' — number of requests for data saving\\ ''c2'' — saved packets released\\ ''c3'' — total size of packets that were saved\\ \\ ''d1'' — average size of saved TCP packet\\ ''d2'' — min size of saved TCP packet\\ ''d3'' — max size of saved TCP packet
- [BRAS][DHCPv6] Added the ability to extract option 37 and option 38 from the client packet.
- [Router][tap] Fixed: initialization of bridge status at fastDPI startup. The TAP device for through LAG is in the Up state if at least one port in the through LAG is Up and its other end in the bridge is also Up. The bridge status (Up/Down) was previously calculated only on link Up/Down events, and at fastDPI startup, the bridge status was assumed to be Down. This patch initializes the bridge status (Up/Down) at router startup based on the current port status.
- [BRAS] Fixed: local interconnect is allowed only if srcIP is a known subscriber. Previously, it was not checked whether srcIP was a known subscriber, which could lead to IP address spoofing of a subscriber and DDoS attacks from this spoofed IP against other local subscribers marked as local interconnect.
- Added: CLI command ''permit''.
====Changes in version 13.2 BETA5====
- [DPI] Fixed buffer exhaustion for processing out-of-order packets
- [CLI][Ping] Changed: error message if subs IP not found
- [CLI] Added: boolean flag ''on_stick'' added to the JSON output of the ''dev xstat'' command
- [CLI] Changed: JSON output of the ''dev info'' command for on-stick devices.\\ For an on-stick device, it was:"pci_address": "on-stick based on 82:00.3"Now: // base device address
"pci_address": "82:00.3"
// on-stick flag
"on-stick": "true|false"
- Changed: statistics format
[STAT ][2024/08/19-17:26:05:599912] Detailed statistics on SSL_SAVEBL:
thread_slave= 0 : 1522/1/32000 0/0/0/0/0/ 6/6/2561 426/348/556 1/1/32000
Total: 1522/1/32000 0/0/0/0/0/ 6/6/2561 426/348/556 1/1/32000Explanation: ''a1/a2/a3 b1/b2/b3/b4/b5 c1/c2/c3 d1/d2/d3 e1/e2/e3''\\ ''a1'' — memory size allocated for saving the record of the subsequent analysis (matches snaplen)\\ ''a2'' — records allocated\\ ''a3'' — records used\\ \\ ''b1'' — total number of errors in packet save processing\\ ''b2'' — read buffer size is too large\\ ''b3'' — invalid ''isbl_t ind_'' passed to the function\\ ''b4'' — error adding records to arw — no space to save the list of used buffers\\ ''b5'' — error adding data to ''p_data'' (unable to save buffer)\\ \\ ''c1'' — number of requests to save data\\ ''c2'' — saved packets freed\\ ''c3'' — total size of packets that were saved\\ \\ ''d1'' — average size of the saved TCP packet\\ ''d2'' — min size of the saved TCP packet\\ ''d3'' — max size of the saved TCP packet\\ \\ ''e1'' — records used in the arw queue\\ ''e2'' — free records (can be reused)\\ ''e3'' — records allocated in the queue
- Removed fake yandex sni from TELEGRAM_TLS
====Changes in version 13.2 BETA6====
- [DPI] Added support for fragmented QUIC IETF processing
- Added parameter ''mem_quic_ietf_savebl''. Specifies the number of buffers for parsing ''quic_ietf'' requests consisting of multiple packets. Default value is 15% of ''mem_ssl_parsers''
- [DPI] Added protocols:
"HLS VIDEO" 49298
"ICMP TUNNEL" 49299
"DNS TUNNEL" 49300
"FORTICLIENT_VPN" 49301
- Added the ability to send DNS query via IPFIX
- [DPDK] Added read-only engines: RSS and port dispatcher
- [BRAS][SHCV] Fixed SHCV invocation before full pipeline startup. This was possible in multi-port configurations where pipeline startup time is relatively long.
- [DPDK] Added output of mempool type created at fastDPI startup
- [Router] Added statistics for TAP devices. The CLI command ''router vrf show'' output now includes statistics on TAP devices: how many packets/bytes were read from TAP, how many were written to the port from TAP, how many were sent to TAP, the number of events, and errors.
- [Router] Changed packet sending behavior for TAP devices: the selected slave thread for writing is bound to the TAP interface for the next 5 seconds, which should significantly reduce reordering during high traffic from the TAP interface.
====Update instructions====
You can check the current installed version with the command below
yum info fastdpi
If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:
sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo
and then update as usual.
To install the test version, you should issue the following command:
yum --enablerepo vasexperts-beta update fastdpi
Downgrade to 13.1:
yum downgrade fastdpi-13.1 fastpcrf-13.1
After an update or version change, a restart of the service is required.