docs/aboutvpp/releasenotes/v23.02.rst

Release notes for VPP 23.02
===========================

More than 243 commits since the previous release, including 118 fixes.

Of particular importance, this release contains the fix for
`JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode <https://jira.fd.io/browse/VPP-2037>`__

Features
--------

- Binary API Compiler for Python

  - Include comments in json (`5d2346801 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5d2346801>`_)

- Plugins

  - AVF Device driver

    - Support generic flow (`a6d16b713 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a6d16b713>`_)

  - CNat

    - Add sctp support (`f284c14c7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=f284c14c7>`_)

  - Crypto - ipsecmb

    - Bump ipsecmb library to v1.3 (`2a6f35f24 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=2a6f35f24>`_)

  - DPDK

    - Add Intel QAT 200xx series support (`a57549ad2 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a57549ad2>`_)

  - HTTP

    - Support client connect (`ee4172ef0 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=ee4172ef0>`_)

  - Unicast Reverse Path forwarding

    - Add mode for specific fib index lookup (`b3605eab5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b3605eab5>`_)

- VNET

  - Device Drivers

    - Add support for af-packet v2 (`8b90d89b0 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=8b90d89b0>`_)

  - IPSec

    - Introduce fast path ipv6 inbound matching (`06abf2352 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=06abf2352>`_)
    - Remove redundant policy array in fast path spd (`14bf6a8fb <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=14bf6a8fb>`_)
    - New api for sa ips and ports updates (`4117b24ac <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4117b24ac>`_)

  - Segment Routing (IPv6 and MPLS)

    - SRv6 Path Tracing Midpoint behaviour (`39d6deca5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=39d6deca5>`_)
    - Srv6 path tracing api (`b79d09bbf <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b79d09bbf>`_)

  - UDP

    - Add udp encap source port entropy support (`5c801b362 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5c801b362>`_)
    - Explicit udp output node (`8c1be054b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=8c1be054b>`_)
    - Support for disabling tx csum (`f8ee39ff7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=f8ee39ff7>`_)

- VPP Comms Library

  - Add api to check if vcl disconnected from VPP (`6ff8e90ed <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=6ff8e90ed>`_)

- VPP StrongSwan Daemon

  - Add plugin for VPP-swan (`4e88e041a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4e88e041a>`_)
  - Add scripts for testing (`95875774b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=95875774b>`_)


Known issues
------------

For the full list of issues please refer to fd.io `JIRA <https://jira.fd.io>`_.

Fixed issues
------------

For the full list of fixed issues please refer to:
- fd.io `JIRA <https://jira.fd.io>`_
- git `commit log <https://git.fd.io/vpp/log/?h=master>`_


API changes
-----------

Description of results:

- *Definition changed*: indicates that the API file was modified between releases.
- *Only in image*: indicates the API is new for this release.
- *Only in file*: indicates the API has been removed in this release.

============================================================= ==================
Message Name                                                  Result
============================================================= ==================
bridge_domain_add_del_v2                                      only in image
bridge_domain_add_del_v2_reply                                only in image
ipsec_sad_entry_update                                        only in image
ipsec_sad_entry_update_reply                                  only in image
nat44_del_user                                                only in file
nat44_del_user_reply                                          only in file
nat44_ei_user_session_v2_details                              only in image
nat44_ei_user_session_v2_dump                                 only in image
nat44_user_session_v3_details                                 only in image
nat44_user_session_v3_dump                                    only in image
nat_get_addr_and_port_alloc_alg                               only in file
nat_get_addr_and_port_alloc_alg_reply                         only in file
nat_ha_flush                                                  only in file
nat_ha_flush_reply                                            only in file
nat_ha_get_failover                                           only in file
nat_ha_get_failover_reply                                     only in file
nat_ha_get_listener                                           only in file
nat_ha_get_listener_reply                                     only in file
nat_ha_resync                                                 only in file
nat_ha_resync_completed_event                                 only in file
nat_ha_resync_reply                                           only in file
nat_ha_set_failover                                           only in file
nat_ha_set_failover_reply                                     only in file
nat_ha_set_listener                                           only in file
nat_ha_set_listener_reply                                     only in file
nat_set_addr_and_port_alloc_alg                               only in file
nat_set_addr_and_port_alloc_alg_reply                         only in file
sr_localsids_with_packet_stats_details                        only in image
sr_localsids_with_packet_stats_dump                           only in image
sr_pt_iface_add                                               only in image
sr_pt_iface_add_reply                                         only in image
sr_pt_iface_del                                               only in image
sr_pt_iface_del_reply                                         only in image
sr_pt_iface_details                                           only in image
sr_pt_iface_dump                                              only in image
urpf_update_v2                                                only in image
urpf_update_v2_reply                                          only in image
============================================================= ==================

Found 37 api message signature differences


Newly deprecated API messages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

These messages are still there in the API, but can and probably
will disappear in the next release.

- bridge_domain_add_del
- bridge_domain_add_del_reply
- create_vhost_user_if
- create_vhost_user_if_reply
- ipsec_spd_entry_add_del_reply
- modify_vhost_user_if
- modify_vhost_user_if_reply

In-progress API messages
~~~~~~~~~~~~~~~~~~~~~~~~

These messages are provided for testing and experimentation only.
They are *not* subject to any compatibility process,
and therefore can arbitrarily change or disappear at *any* moment.
Also they may have less than satisfactory testing, making
them unsuitable for other use than the technology preview.
If you are intending to use these messages in production projects,
please collaborate with the feature maintainer on their productization.

- abf_itf_attach_add_del
- abf_itf_attach_add_del_reply
- abf_itf_attach_details
- abf_itf_attach_dump
- abf_plugin_get_version
- abf_plugin_get_version_reply
- abf_policy_add_del
- abf_policy_add_del_reply
- abf_policy_details
- abf_policy_dump
- acl_plugin_use_hash_lookup_get
- acl_plugin_use_hash_lookup_get_reply
- acl_plugin_use_hash_lookup_set
- acl_plugin_use_hash_lookup_set_reply
- adl_allowlist_enable_disable
- adl_allowlist_enable_disable_reply
- adl_interface_enable_disable
- adl_interface_enable_disable_reply
- cnat_get_snat_addresses
- cnat_get_snat_addresses_reply
- cnat_session_details
- cnat_session_dump
- cnat_session_purge
- cnat_session_purge_reply
- cnat_set_snat_addresses
- cnat_set_snat_addresses_reply
- cnat_set_snat_policy
- cnat_set_snat_policy_reply
- cnat_snat_policy_add_del_exclude_pfx
- cnat_snat_policy_add_del_exclude_pfx_reply
- cnat_snat_policy_add_del_if
- cnat_snat_policy_add_del_if_reply
- cnat_translation_del
- cnat_translation_del_reply
- cnat_translation_details
- cnat_translation_dump
- cnat_translation_update
- cnat_translation_update_reply
- crypto_sw_scheduler_set_worker
- crypto_sw_scheduler_set_worker_reply
- det44_get_timeouts_reply
- det44_interface_add_del_feature
- det44_interface_add_del_feature_reply
- det44_interface_details
- det44_interface_dump
- det44_plugin_enable_disable
- det44_plugin_enable_disable_reply
- det44_set_timeouts
- det44_set_timeouts_reply
- flow_add
- flow_add_reply
- flow_add_v2
- flow_add_v2_reply
- flow_del
- flow_del_reply
- flow_disable
- flow_disable_reply
- flow_enable
- flow_enable_reply
- flowprobe_get_params
- flowprobe_get_params_reply
- flowprobe_interface_add_del
- flowprobe_interface_add_del_reply
- flowprobe_interface_details
- flowprobe_interface_dump
- flowprobe_set_params
- flowprobe_set_params_reply
- gbp_bridge_domain_add
- gbp_bridge_domain_add_reply
- gbp_bridge_domain_del
- gbp_bridge_domain_del_reply
- gbp_bridge_domain_details
- gbp_bridge_domain_dump
- gbp_bridge_domain_dump_reply
- gbp_contract_add_del
- gbp_contract_add_del_reply
- gbp_contract_details
- gbp_contract_dump
- gbp_endpoint_add
- gbp_endpoint_add_reply
- gbp_endpoint_del
- gbp_endpoint_del_reply
- gbp_endpoint_details
- gbp_endpoint_dump
- gbp_endpoint_group_add
- gbp_endpoint_group_add_reply
- gbp_endpoint_group_del
- gbp_endpoint_group_del_reply
- gbp_endpoint_group_details
- gbp_endpoint_group_dump
- gbp_ext_itf_add_del
- gbp_ext_itf_add_del_reply
- gbp_ext_itf_details
- gbp_ext_itf_dump
- gbp_recirc_add_del
- gbp_recirc_add_del_reply
- gbp_recirc_details
- gbp_recirc_dump
- gbp_route_domain_add
- gbp_route_domain_add_reply
- gbp_route_domain_del
- gbp_route_domain_del_reply
- gbp_route_domain_details
- gbp_route_domain_dump
- gbp_route_domain_dump_reply
- gbp_subnet_add_del
- gbp_subnet_add_del_reply
- gbp_subnet_details
- gbp_subnet_dump
- gbp_vxlan_tunnel_add
- gbp_vxlan_tunnel_add_reply
- gbp_vxlan_tunnel_del
- gbp_vxlan_tunnel_del_reply
- gbp_vxlan_tunnel_details
- gbp_vxlan_tunnel_dump
- ikev2_child_sa_details
- ikev2_child_sa_dump
- ikev2_initiate_del_child_sa
- ikev2_initiate_del_child_sa_reply
- ikev2_initiate_del_ike_sa
- ikev2_initiate_del_ike_sa_reply
- ikev2_initiate_rekey_child_sa
- ikev2_initiate_rekey_child_sa_reply
- ikev2_initiate_sa_init
- ikev2_initiate_sa_init_reply
- ikev2_nonce_get
- ikev2_nonce_get_reply
- ikev2_profile_add_del
- ikev2_profile_add_del_reply
- ikev2_profile_details
- ikev2_profile_disable_natt
- ikev2_profile_disable_natt_reply
- ikev2_profile_dump
- ikev2_profile_set_auth
- ikev2_profile_set_auth_reply
- ikev2_profile_set_id
- ikev2_profile_set_id_reply
- ikev2_profile_set_ipsec_udp_port
- ikev2_profile_set_ipsec_udp_port_reply
- ikev2_profile_set_liveness
- ikev2_profile_set_liveness_reply
- ikev2_profile_set_ts
- ikev2_profile_set_ts_reply
- ikev2_profile_set_udp_encap
- ikev2_profile_set_udp_encap_reply
- ikev2_sa_details
- ikev2_sa_dump
- ikev2_set_esp_transforms
- ikev2_set_esp_transforms_reply
- ikev2_set_ike_transforms
- ikev2_set_ike_transforms_reply
- ikev2_set_local_key
- ikev2_set_local_key_reply
- ikev2_set_responder
- ikev2_set_responder_hostname
- ikev2_set_responder_hostname_reply
- ikev2_set_responder_reply
- ikev2_set_sa_lifetime
- ikev2_set_sa_lifetime_reply
- ikev2_set_tunnel_interface
- ikev2_set_tunnel_interface_reply
- ikev2_traffic_selector_details
- ikev2_traffic_selector_dump
- ip_route_add_del_v2
- ip_route_add_del_v2_reply
- ip_route_lookup_v2
- ip_route_lookup_v2_reply
- ip_route_v2_details
- ip_route_v2_dump
- l2_emulation
- l2_emulation_reply
- lcp_default_ns_get_reply
- lcp_default_ns_set
- lcp_default_ns_set_reply
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_details
- mdata_enable_disable
- mdata_enable_disable_reply
- nat44_ei_add_del_address_range
- nat44_ei_add_del_address_range_reply
- nat44_ei_add_del_static_mapping
- nat44_ei_add_del_static_mapping_reply
- nat44_ei_address_details
- nat44_ei_address_dump
- nat44_ei_del_session
- nat44_ei_del_session_reply
- nat44_ei_del_user
- nat44_ei_del_user_reply
- nat44_ei_forwarding_enable_disable
- nat44_ei_forwarding_enable_disable_reply
- nat44_ei_ha_flush
- nat44_ei_ha_flush_reply
- nat44_ei_ha_resync
- nat44_ei_ha_resync_completed_event
- nat44_ei_ha_resync_reply
- nat44_ei_ha_set_failover
- nat44_ei_ha_set_failover_reply
- nat44_ei_ha_set_listener
- nat44_ei_ha_set_listener_reply
- nat44_ei_interface_add_del_feature
- nat44_ei_interface_add_del_feature_reply
- nat44_ei_interface_details
- nat44_ei_interface_dump
- nat44_ei_ipfix_enable_disable
- nat44_ei_ipfix_enable_disable_reply
- nat44_ei_plugin_enable_disable
- nat44_ei_plugin_enable_disable_reply
- nat44_ei_set_addr_and_port_alloc_alg
- nat44_ei_set_addr_and_port_alloc_alg_reply
- nat44_ei_set_fq_options
- nat44_ei_set_fq_options_reply
- nat44_ei_set_mss_clamping
- nat44_ei_set_mss_clamping_reply
- nat44_ei_set_timeouts
- nat44_ei_set_timeouts_reply
- nat44_ei_set_workers
- nat44_ei_set_workers_reply
- nat44_ei_show_fq_options
- nat44_ei_show_fq_options_reply
- nat44_ei_show_running_config
- nat44_ei_show_running_config_reply
- nat44_ei_static_mapping_details
- nat44_ei_static_mapping_dump
- nat44_ei_user_details
- nat44_ei_user_dump
- nat44_ei_user_session_details
- nat44_ei_user_session_dump
- nat44_ei_user_session_v2_details
- nat44_ei_user_session_v2_dump
- nat44_ei_worker_details
- nat44_ei_worker_dump
- nat64_plugin_enable_disable
- nat64_plugin_enable_disable_reply
- oddbuf_enable_disable
- oddbuf_enable_disable_reply
- pg_interface_enable_disable_coalesce
- pg_interface_enable_disable_coalesce_reply
- pnat_binding_add
- pnat_binding_add_reply
- pnat_binding_add_v2
- pnat_binding_add_v2_reply
- pnat_binding_attach
- pnat_binding_attach_reply
- pnat_binding_del
- pnat_binding_del_reply
- pnat_binding_detach
- pnat_binding_detach_reply
- pnat_bindings_details
- pnat_bindings_get
- pnat_bindings_get_reply
- pnat_interfaces_details
- pnat_interfaces_get
- pnat_interfaces_get_reply
- sample_macswap_enable_disable
- sample_macswap_enable_disable_reply
- sr_localsids_with_packet_stats_details
- sr_localsids_with_packet_stats_dump
- sr_policies_with_sl_index_details
- sr_policies_with_sl_index_dump
- sw_interface_set_vxlan_gbp_bypass
- sw_interface_set_vxlan_gbp_bypass_reply
- test_addresses
- test_addresses2
- test_addresses2_reply
- test_addresses3
- test_addresses3_reply
- test_addresses_reply
- test_empty
- test_empty_reply
- test_enum
- test_enum_reply
- test_interface
- test_interface_reply
- test_prefix
- test_prefix_reply
- test_string
- test_string2
- test_string2_reply
- test_string_reply
- test_vla
- test_vla2
- test_vla2_reply
- test_vla3
- test_vla3_reply
- test_vla4
- test_vla4_reply
- test_vla5
- test_vla5_reply
- test_vla_reply
- trace_capture_packets
- trace_capture_packets_reply
- trace_clear_capture
- trace_clear_capture_reply
- trace_details
- trace_dump
- trace_dump_reply
- trace_set_filters
- trace_set_filters_reply
- vxlan_gbp_tunnel_add_del
- vxlan_gbp_tunnel_add_del_reply
- vxlan_gbp_tunnel_details
- vxlan_gbp_tunnel_dump
- want_wireguard_peer_events
- want_wireguard_peer_events_reply
- wg_set_async_mode
- wg_set_async_mode_reply
- wireguard_interface_create
- wireguard_interface_create_reply
- wireguard_interface_delete
- wireguard_interface_delete_reply
- wireguard_interface_details
- wireguard_interface_dump
- wireguard_peer_add
- wireguard_peer_add_reply
- wireguard_peer_event
- wireguard_peer_remove
- wireguard_peer_remove_reply
- wireguard_peers_details
- wireguard_peers_dump

Patches that changed API definitions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


``src/plugins/af_packet/af_packet.api``

* `bca76580b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=bca76580b>`_ af_packet: move to plugin

``src/plugins/vhost/vhost_user.api``

* `7eba44d1e <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=7eba44d1e>`_ vhost: convert vhost device driver to a plugin

``src/plugins/nat/nat44-ed/nat44_ed.api``

* `a923ce591 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a923ce591>`_ nat: cleanup of deprecated features
* `91246bc6a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=91246bc6a>`_ nat: report time between current vpp time and last_heard

``src/plugins/nat/nat44-ei/nat44_ei.api``

* `91246bc6a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=91246bc6a>`_ nat: report time between current vpp time and last_heard

``src/plugins/urpf/urpf.api``

* `b3605eab5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b3605eab5>`_ urpf: add mode for specific fib index lookup

``src/vnet/udp/udp.api``

* `5c801b362 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5c801b362>`_ udp: add udp encap source port entropy support

``src/vnet/ip/ip.api``

* `d92524687 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=d92524687>`_ vnet: fix ip4 version and IHL check

``src/vnet/ipsec/ipsec.api``

* `4117b24ac <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4117b24ac>`_ ipsec: new api for sa ips and ports updates
* `520cde406 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=520cde406>`_ ipsec: use correct reply message

``src/vnet/srv6/sr_pt.api``

* `b79d09bbf <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b79d09bbf>`_ sr: srv6 path tracing api

``src/vnet/srv6/sr.api``

* `9503eb59c <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=9503eb59c>`_ sr: new messages created to return packet statistics in sr localsid details

``src/vnet/l2/l2.api``

* `0f8f4351b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=0f8f4351b>`_ l2: Add bridge_domain_add_del_v2 to l2 api

``src/vnet/bfd/bfd.api``

* `415b6a7c7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=415b6a7c7>`_ bfd: fix bfd udp error enum incompatibility