1. [LAG] LACP support. Description
2. Only the basic devices for On-Stick must be specified in the LAG description. Mixing On-Stick and conventional devices in one LAG is not allowed. Description
3. [LAG] Apply balancing to outgoing traffic LAG. Description
   The type of balancing algorithm to be applied is specified by the lag.balance_algo parameter. Valid values:
   • 0 — balancing by internal session_id (this is the default balancing). The session_id is taken as a hash
   • 1 — without balancing - the packet will be sent to the paired bridge port
   • 2 — hash from flow key <srcIP, dstIP, srcPort, dstPort, proto>. If there is no flow, we balance by session_id.
     
     Additional hash configuration parameters in the lag section: hash_seed, hash_offset, hash_bits
     How many significant bits we take from a 64-bit hash during balancing. The balancing algorithm in the general case looks like this:
   • calculate a 64-bit hash of some fields of the packet and hash_seed;
   • we take hash_bits bits from the 64-bit hash starting from hash_offset bit;
   • use the resulting number N to determine the port number in the LAG: port := N mod LAG_active_port_count, i.e.

     port := ((hash(packet, hash_seed) >> hash_offset) & (2^hash_bits - 1)) mod LAG_active_port_count

     Example:

     //       +------------------------------------------------+
     // hash: |                                XXXXXXXXXX------|
     //       +------------------------------------------------+
     //                                        ^         ^
     //                                        |         hash_offset = 6
     //                                        hash_bits = 10
     hash_seed=0
     hash_offset=0
     hash_bits=64

4. [LAG] Added traffic balancing tracing. Description
5. [DPDK] Transition to DPDK 23.11
6. Modified: for QUIC and QUIC_IETF: if no SNI is detected, check by AS
7. Modified: when analyzing STUN check AS from Facebook — define VASE_DPI_PROTO_FACEBOOK_VIDEO, not WHATSAPP_VOICE
8. [DPDK][rss-engine] Setting RSS hash flags for UDP and TCP
9. Modified: openvpn protocol definition
10. [BRAS][DHCP] Added: accounting of DHCP packets from subscriber in billing statistics: subscriber CPE (i.e. Wi-Fi router) without clients (e.g. at night) — sends only license renewal requests. Since these requests were intercepted by BRAS and were not included in the accounting, the session was terminated by idle timeout
11. [BRAS][DHCP] Corrected: actions when QinQ/VLAN is changed for a subscriber
12. [DHCP] Fixed: framed-pool renew
    In some cases incorrect DHCP responses were generated. Added tracing to DHCP packets log for framed-pool renew.
13. [DHCPv6] Fixed: receiving packets from the relay. Previously it was checked that the relay was on the fc::/7 network. Now this check is unnecessary and has been removed - the relay can have any address.
14. [PPPoE] Fixed: DHCPv6 options parsing from Radius
15. Fixed: SIGHUP processing only if fastDPI is fully initialized. A crash is possible if a SIGHUP is received during the fastDPI startup process
16. [AJB][PCAP] Trace/debug packet recording moved to new API
17. Added: wechat protocol support for UDP

1. [DPI] Support for additional markup of autonomous systems mark1, mark2, mark3. Description

   vi test.txt
   209446 mark1
   cat test.txt|as2dscp /etc/dpi/asnum.dscp

2. [DPI] Prioritize SNI detection in custom signatures for autonomous systems marked as mark1. Description
3. [DPI] Prioritize more specific custom SNI signatures. Example: for host a.b.c.d, if the signatures *.d, *.c.d and *.b.c.d are present, the protocol defined by the signature *.b.c.d works only for signatures with *. Description
4. [DPI] Support for hard locks (despite hostname/SNI) - set in an additional field in the address blacklist, example: 1.1.1.1.1 443 hard.
5. Improved detection of YOUTUBE, SIGNAL
6. Added the DPITUNNEL protocol, which includes traffic anomalies commonly used for DPI traversal
7. Updating dpiutils

1. [DPI] New protocols VK_CDN_VIDEO, META_CHAT
2. [DPI] FACEBOOK_VIDEO, META_CALLS protocol signatures improvement
3. Updating dpiutils

1. [DPI] Fixed protocol name VK_CDN_VIDEO
2. [DPI] Fixed: SNI decoding in QUIC IETF and possibility of crusting in exceptional cases
3. [DPI] Fixed: clearing search structures when deleting CUSTOM protocols
4. [utils] Added ability to add comments (#) and blank lines in input files for lst2dscp, lst2tbf utilities

1. [DPI] Added protocols QUIC_UNKNOWN - QUIC without SNI and QUIC_UNKNOWN_MARKED - QUIC without SNI and AS labeled MARK2. Description
2. [DPI] Fixed: stun characterization for TCP
3. [DPI] Modified: if the stun packet viewing limit is reached - set this protocol with AS in mind
4. [DPIutils] Updated utilities to support new protocols
5. [Router] Mempool allocation for emit packets: we do not allow full exhaustion of the pool, there should be at least 256 free elements in the pool
6. [Router] The error of route deletion errno=3 (No record found) has been moved to TRACE to avoid clogging the log
7. Added L2 traffic balancer mode. This enhancement allows to use SCAT as a traffic balancer based on IP addresses owned by AS and defined as local in asnum.dscp. DPI functionality does not work in this mode. The maglev algorithm with fixed hash table size is used for traffic balancing: the output interface definition according to the following algorithm:
   1 — if src and dst ip are both local, hash is calculated based on these two addresses;
   2 — If only src ip local, then hash is calculated based on src ip;
   3 — If only dst ip local, hash is calculated based on dst ip;
   4 — hash is calculated based on src and dst ip.
   Based on the calculated hash value, the output interface is determined by determining the index of the hash table cell containing the interface index from the array of output interfaces. The value from the array of output interfaces is substituted into the current context and pcs_accept is returned.
   
   The following settings are required for correct operation:
   • Definition of an autonomous system with IP addresses that are used by subscribers. Description
   • Marking a given autonomous system as local. Description
   • Define input and output interfaces in the configuration file. Input interfaces are defined in the in_dev parameter, and output interfaces in out_dev. Interfaces do not form pairs and constructions of the following kind are allowed:

     in_dev=05-00.0:05-00.1:05-00.2:05-00.3:0b-00.0:0b-00.1:0b-00.2:0b-00.3
     out_dev=08-00.0:08-00.1:08-00.2:08-00.3

     Or

     in_dev=05-00.0
     out_dev=out_dev=08-00.0:08-00.1:08-00.2:08-00.3

   • Enable SORM balancing mode: enable_l2_lb=true
     
     Input parameters:
     enable_l2_lb=false|true - enable traffic balancer for SORM
     lb_hash_out_dev_type = 0|1 - by which value to initialize hash table:
     0 — use the internal index of the output interface
     1 — use the interface name from [in|out]_dev
     
     The following types can be used as dpdk_engine: 0 (default), 1, and 2.

1. [DPI] Improvements in QUIC_UNKNOWN, QUIC_UNKNOWN_MARKED, SIGNAL, DpiTunnel protocols
2. [DPI] SNI/HOST embedded protocol definitions are cloud-based, SNI/IP prioritization is supported
3. [Router] Fixed the order of router components termination
4. [LAG] Increase max number of ports in LAG
5. [SDS] The storage_tag value is set based on directional priority or protocol priority
6. [CLI] The subs prop show active command has been added. The command outputs a dump of L2 properties of all active (non-expired) subscribers.
7. [CLI] Fixed: Prohibit calling CLI commands while stopped
8. [Router] Fixed: system error when clearing route tables. Cleaning of route tables (deleting all entries added by SCAT) is done at stop and start of fastDPI. During cleaning process EBUSY error may occur, which is fatal for netlink socket, socket should be closed.

1. [DPI] Changed: SNI comparison is case-insensitive

1. [DPI] LANTERN_WEAK protocol signature added
2. [DPI] Improved IMAP protocol recognition
3. [DPI] Corrects LPM when selecting channel by IP/CIDR
4. [PPPoE] Fixed: idle-timeout for session. For PPPoE sessions idle timeout should be taken from the bras_ppp_idle_timeout setting if not explicitly set in the authorization response (Idle-Timeout attribute).
5. [Router] Fixed: TAP link down in LAG. If a port enters a lag, TAP this port to Link down state only when ALL LAG ports are down.
6. Added priority redirection with DSCP translation

   in /etc/dpi/fastdpi.conf
   incompatible set_packet_priority (set_packet_priority is prioritized)
   forward_packet_priority=число
   число=bit mask
   which way 
   1 conversion is applied for outgoing traffic (subs->inet)
   2 conversion is applied to outgoing traffic (inet->subs).
   between what and what
   4 vlan<->ip conversion
   8 ip<->ip conversion
   
   If no conversion file is specified (no /etc/dpi/dscpfrw.bin file),
   then vlan<->ip conversion is performed without conversion, that is the priority that was in the header (3 bits),
   is transferred as it is to another header (ip or vlan).
   If a file with conversion is specified, then the conversion of priority is performed according to the rules specified in it.2
   
   Specifying a priority conversion file:
   vi test.txt
   in cs0 cs1
   in cs1 cs2
   in cs2 keep
   in default cs3
   out default keep
   out 0x1 0x2
   out 0x2 0x3
   out cs0 0x3F
   
   cat test.txt|forw2dscp test.bin 
   cp test.bin /etc/dpi/dscpfrw.bin

7. [PCRF] Fixed: Adding unnecessary option 61 (Client-Id) to fastDPI response when distributing address from Framed-Pool
8. [PCRF] Fixed: Logging of DHCP server IP addresses
9. [PCRF] Fixed: Enabling services with profiles. The `VasExperts-Service-Profile` attribute (service profile name, implicitly enables the service) has higher priority than `VasExperts-Enable-Service` (enabling/disabling a service without specifying a profile).
10. Added: to DNS text file record format - format vchnl - virtual channel number.
11. Added: in the IPFIX data transfer template for DNS channel number
12. Fixed: LACP interception in on-stick mode

1. [CLI] Added ping inet command on behalf of subscribers through the entire BRAS/NAT/ROUTER processing chain. Hint - fdpi_cli ping inet ?.
2. Fixed: crash on DNS trace

1. [fastRadius] Added ability to work with standard linux interfaces using libpcap
2. Improved VIBER_VSTREAMS protocol definition
3. [Router] Fixed: control of selfgen mempool exhaustion
4. [Router] Optimization of data readout from TAP
5. [ctl] Fixed: fastDPI does not accept or process any ctl requests during fastDPI stop process
6. Added checknat utility to check the distribution of white addresses

1. [DPI] SSTP protocol added (49296)
2. [L3 BRAS] Fixed: call to deanonce subscriber's IP address when acct idle. A new flag has been added to the router option router_subs_announce: 0x10000 - de-announce L3 subscriber when acct idle occurs (acct session closure by idle timeout)
3. [PCRF] Added support for setting service profile 18 during authorization. The inclusion of service 18 in the Access-Accept Radius response is specified in the usual way for a service with a mandatory profile (here serv18 is the profile name):

   VasExperts-Service-Profile = "18:serv18"

4. [CLI] A search by MAC and subs_id has been added to the subs prop show command. A search result for MAC or subs_id can be multi-valued - several different entries for the same MAC/subs_id. The result of the subs prop show active command has been changed, which may be critical when parsing the json wiggle of the command. Description
5. [Router] Fixed LAG+On-stick: put TAP in link down state. TAP is set to link down only when all ports in LAG are in down state. If there is at least one port in Up state - TAP should be in Link Up state.
6. [DPDK][CLI] Fixed: setting link up/down flag for ports that do not support link up/down interrupts (e.g. af_packet)
7. [Router] Corrected: Traffic diversion in router for on-stick device in LAG. When forming VRF topology, it was not taken into account that the LAG includes the base (physical) device, and the on-stick (virtual) device is specified in the router description.

You can check the current installed version with the command below

yum info fastdpi

If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:

sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo

and then update as usual.

To install the test version, you should issue the following command:

yum --enablerepo vasexperts-beta update fastdpi

Downgrade to 12.3:

yum downgrade fastdpi-12.3 fastpcrf-12.3