1. [BRAS][PPPoE] Fixed: ping of inactive client with Echo requests
2. Support for service profiles 19 (DNS response substitution). Description
3. For service 19, ability to specify AAAA records and support for wildcard (*) for domains. Description
4. Fixed: for profile 18, it is not required to set both DSCP and TBF simultaneously

1. Fixed: IP:PORT priority over IP and CIDR for custom protocol definitions
2. Modified: custom protocols have higher priority than cloud protocols
3. Fixed: length of AAAA records in service 19
4. Added: mask 8 in block_options - do not generate rst blocking and redirection packets for packets directed from inet-→subs. Description

1. [DPI] Improved: analysis of out-of-order packets.
2. [DPI] Fixed: recognition of DOT protocol.
3. [CTRL] Added: new format for policing output:

   fdpi_ctrl list profile --policing --profile.name htb_6 --outformat=json2

4. [CTRL] Added: loading of policing profiles with the new format (including value and unit).
5. [BRAS][IPv6] Added: upon receiving a DHCPv6 confirm from the client and if there is no session in the BRAS database, a response with the status "NotOnLink" is sent.
6. [FastPCRF][DHCPv6] Fixed: an error causing the current IPv6 accounting session to close and reopen when processing DHCPv6 requests from the client to renew the address lease.

1. [DPI] Added: updating asnum.bin from the cloud, the asnum_download parameter is similar to the set of values in federal_black_list.
2. [DPI] CUSTOM protocols now have priority over others downloaded from the cloud.
3. [DPI] Added: setting the number of buffers for processing out-of-order packets.
4. Added: parameter mem_ssl_savebl (cold). Specifies the number of buffers saved for SSL parsing during packet reordering.
   Default = 10% of mem_ssl_parsers. If the value == 0, saving and processing do not occur.
   The first value is from the conf file, in parentheses is the value used.
   Example output from alert:
   1. Parameter not set

          mem_ssl_parsers              : 320000
          mem_ssl_savebl               : -1 (32000)

   2. mem_ssl_savebl=1234 is set

          mem_ssl_parsers              : 320000
          mem_ssl_savebl               : 1234 (1234)

5. Added: utilization statistics for saving SSL request parsing buffers

       [STAT    ][2024/08/07-13:33:16:262335] Detailed statistics on SSL_SAVEBL :
                thread_slave= 0 : 1522/1/32000 0/0/0/0/0/ 1/1/348 348/348/348
                Total : 1522/1/32000 0/0/0/0/0/ 1/1/348 348/348/348

   Let's denote: a1/a2/a3 b1/b2/b3/b4/b5 c1/c2/c3 d1/d2/d3
a1 — allocated memory size for saving the record of subsequent parsing (matches snaplen)
   a2 — records allocated
   a3 — records used
   
   b1 — total number of errors during packet saving processing
   b2 — buffer size read is too large
   b3 — an incorrect isbl_t ind_ was passed to the function
   b4 — error adding a record to arw — no space to save the list of used buffers
   b5 — error adding data to p_data (unable to save buffer)
   
   c1 — number of requests for data saving
   c2 — saved packets released
   c3 — total size of packets that were saved
   
   d1 — average size of saved TCP packet
   d2 — min size of saved TCP packet
   d3 — max size of saved TCP packet

6. [BRAS][DHCPv6] Added the ability to extract option 37 and option 38 from the client packet.
7. [Router][tap] Fixed: initialization of bridge status at fastDPI startup. The TAP device for through LAG is in the Up state if at least one port in the through LAG is Up and its other end in the bridge is also Up. The bridge status (Up/Down) was previously calculated only on link Up/Down events, and at fastDPI startup, the bridge status was assumed to be Down. This patch initializes the bridge status (Up/Down) at router startup based on the current port status.
8. [BRAS] Fixed: local interconnect is allowed only if srcIP is a known subscriber. Previously, it was not checked whether srcIP was a known subscriber, which could lead to IP address spoofing of a subscriber and DDoS attacks from this spoofed IP against other local subscribers marked as local interconnect.
9. Added: CLI command permit.

You can check the current installed version with the command below

yum info fastdpi

If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:

sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo

and then update as usual.

To install the test version, you should issue the following command:

yum --enablerepo vasexperts-beta update fastdpi

Downgrade to 13.1:

yum downgrade fastdpi-13.1 fastpcrf-13.1