blob: 2e479ccc41750d6d2ab3e60317fb22f389a61d3a [file] [log] [blame]
Andrew Yourtchenko380c62d2023-02-21 12:27:15 +00001Release notes for VPP 23.02
2===========================
3
4More than 243 commits since the previous release, including 118 fixes.
5
6Of particular importance, this release contains the fix for
7`JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode <https://jira.fd.io/browse/VPP-2037>`__
8
9Features
10--------
11
12- Binary API Compiler for Python
13
14 - Include comments in json (`5d2346801 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5d2346801>`_)
15
16- Plugins
17
18 - AVF Device driver
19
20 - Support generic flow (`a6d16b713 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a6d16b713>`_)
21
22 - CNat
23
24 - Add sctp support (`f284c14c7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=f284c14c7>`_)
25
26 - Crypto - ipsecmb
27
28 - Bump ipsecmb library to v1.3 (`2a6f35f24 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=2a6f35f24>`_)
29
30 - DPDK
31
32 - Add Intel QAT 200xx series support (`a57549ad2 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a57549ad2>`_)
33
34 - HTTP
35
36 - Support client connect (`ee4172ef0 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=ee4172ef0>`_)
37
38 - Unicast Reverse Path forwarding
39
40 - Add mode for specific fib index lookup (`b3605eab5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b3605eab5>`_)
41
42- VNET
43
44 - Device Drivers
45
46 - Add support for af-packet v2 (`8b90d89b0 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=8b90d89b0>`_)
47
48 - IPSec
49
50 - Introduce fast path ipv6 inbound matching (`06abf2352 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=06abf2352>`_)
51 - Remove redundant policy array in fast path spd (`14bf6a8fb <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=14bf6a8fb>`_)
52 - New api for sa ips and ports updates (`4117b24ac <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4117b24ac>`_)
53
54 - Segment Routing (IPv6 and MPLS)
55
56 - SRv6 Path Tracing Midpoint behaviour (`39d6deca5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=39d6deca5>`_)
57 - Srv6 path tracing api (`b79d09bbf <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b79d09bbf>`_)
58
59 - UDP
60
61 - Add udp encap source port entropy support (`5c801b362 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5c801b362>`_)
62 - Explicit udp output node (`8c1be054b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=8c1be054b>`_)
63 - Support for disabling tx csum (`f8ee39ff7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=f8ee39ff7>`_)
64
65- VPP Comms Library
66
67 - Add api to check if vcl disconnected from VPP (`6ff8e90ed <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=6ff8e90ed>`_)
68
69- VPP StrongSwan Daemon
70
71 - Add plugin for VPP-swan (`4e88e041a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4e88e041a>`_)
72 - Add scripts for testing (`95875774b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=95875774b>`_)
73
74
75Known issues
76------------
77
78For the full list of issues please refer to fd.io `JIRA <https://jira.fd.io>`_.
79
80Fixed issues
81------------
82
83For the full list of fixed issues please refer to:
84- fd.io `JIRA <https://jira.fd.io>`_
85- git `commit log <https://git.fd.io/vpp/log/?h=master>`_
86
87
88API changes
89-----------
90
91Description of results:
92
93- *Definition changed*: indicates that the API file was modified between releases.
94- *Only in image*: indicates the API is new for this release.
95- *Only in file*: indicates the API has been removed in this release.
96
97============================================================= ==================
98Message Name Result
99============================================================= ==================
100bridge_domain_add_del_v2 only in image
101bridge_domain_add_del_v2_reply only in image
102ipsec_sad_entry_update only in image
103ipsec_sad_entry_update_reply only in image
104nat44_del_user only in file
105nat44_del_user_reply only in file
106nat44_ei_user_session_v2_details only in image
107nat44_ei_user_session_v2_dump only in image
108nat44_user_session_v3_details only in image
109nat44_user_session_v3_dump only in image
110nat_get_addr_and_port_alloc_alg only in file
111nat_get_addr_and_port_alloc_alg_reply only in file
112nat_ha_flush only in file
113nat_ha_flush_reply only in file
114nat_ha_get_failover only in file
115nat_ha_get_failover_reply only in file
116nat_ha_get_listener only in file
117nat_ha_get_listener_reply only in file
118nat_ha_resync only in file
119nat_ha_resync_completed_event only in file
120nat_ha_resync_reply only in file
121nat_ha_set_failover only in file
122nat_ha_set_failover_reply only in file
123nat_ha_set_listener only in file
124nat_ha_set_listener_reply only in file
125nat_set_addr_and_port_alloc_alg only in file
126nat_set_addr_and_port_alloc_alg_reply only in file
127sr_localsids_with_packet_stats_details only in image
128sr_localsids_with_packet_stats_dump only in image
129sr_pt_iface_add only in image
130sr_pt_iface_add_reply only in image
131sr_pt_iface_del only in image
132sr_pt_iface_del_reply only in image
133sr_pt_iface_details only in image
134sr_pt_iface_dump only in image
135urpf_update_v2 only in image
136urpf_update_v2_reply only in image
137============================================================= ==================
138
139Found 37 api message signature differences
140
141
142Newly deprecated API messages
143~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
144
145These messages are still there in the API, but can and probably
146will disappear in the next release.
147
148- bridge_domain_add_del
149- bridge_domain_add_del_reply
150- create_vhost_user_if
151- create_vhost_user_if_reply
152- ipsec_spd_entry_add_del_reply
153- modify_vhost_user_if
154- modify_vhost_user_if_reply
155
156In-progress API messages
157~~~~~~~~~~~~~~~~~~~~~~~~
158
159These messages are provided for testing and experimentation only.
160They are *not* subject to any compatibility process,
161and therefore can arbitrarily change or disappear at *any* moment.
162Also they may have less than satisfactory testing, making
163them unsuitable for other use than the technology preview.
164If you are intending to use these messages in production projects,
165please collaborate with the feature maintainer on their productization.
166
167- abf_itf_attach_add_del
168- abf_itf_attach_add_del_reply
169- abf_itf_attach_details
170- abf_itf_attach_dump
171- abf_plugin_get_version
172- abf_plugin_get_version_reply
173- abf_policy_add_del
174- abf_policy_add_del_reply
175- abf_policy_details
176- abf_policy_dump
177- acl_plugin_use_hash_lookup_get
178- acl_plugin_use_hash_lookup_get_reply
179- acl_plugin_use_hash_lookup_set
180- acl_plugin_use_hash_lookup_set_reply
181- adl_allowlist_enable_disable
182- adl_allowlist_enable_disable_reply
183- adl_interface_enable_disable
184- adl_interface_enable_disable_reply
185- cnat_get_snat_addresses
186- cnat_get_snat_addresses_reply
187- cnat_session_details
188- cnat_session_dump
189- cnat_session_purge
190- cnat_session_purge_reply
191- cnat_set_snat_addresses
192- cnat_set_snat_addresses_reply
193- cnat_set_snat_policy
194- cnat_set_snat_policy_reply
195- cnat_snat_policy_add_del_exclude_pfx
196- cnat_snat_policy_add_del_exclude_pfx_reply
197- cnat_snat_policy_add_del_if
198- cnat_snat_policy_add_del_if_reply
199- cnat_translation_del
200- cnat_translation_del_reply
201- cnat_translation_details
202- cnat_translation_dump
203- cnat_translation_update
204- cnat_translation_update_reply
205- crypto_sw_scheduler_set_worker
206- crypto_sw_scheduler_set_worker_reply
207- det44_get_timeouts_reply
208- det44_interface_add_del_feature
209- det44_interface_add_del_feature_reply
210- det44_interface_details
211- det44_interface_dump
212- det44_plugin_enable_disable
213- det44_plugin_enable_disable_reply
214- det44_set_timeouts
215- det44_set_timeouts_reply
216- flow_add
217- flow_add_reply
218- flow_add_v2
219- flow_add_v2_reply
220- flow_del
221- flow_del_reply
222- flow_disable
223- flow_disable_reply
224- flow_enable
225- flow_enable_reply
226- flowprobe_get_params
227- flowprobe_get_params_reply
228- flowprobe_interface_add_del
229- flowprobe_interface_add_del_reply
230- flowprobe_interface_details
231- flowprobe_interface_dump
232- flowprobe_set_params
233- flowprobe_set_params_reply
234- gbp_bridge_domain_add
235- gbp_bridge_domain_add_reply
236- gbp_bridge_domain_del
237- gbp_bridge_domain_del_reply
238- gbp_bridge_domain_details
239- gbp_bridge_domain_dump
240- gbp_bridge_domain_dump_reply
241- gbp_contract_add_del
242- gbp_contract_add_del_reply
243- gbp_contract_details
244- gbp_contract_dump
245- gbp_endpoint_add
246- gbp_endpoint_add_reply
247- gbp_endpoint_del
248- gbp_endpoint_del_reply
249- gbp_endpoint_details
250- gbp_endpoint_dump
251- gbp_endpoint_group_add
252- gbp_endpoint_group_add_reply
253- gbp_endpoint_group_del
254- gbp_endpoint_group_del_reply
255- gbp_endpoint_group_details
256- gbp_endpoint_group_dump
257- gbp_ext_itf_add_del
258- gbp_ext_itf_add_del_reply
259- gbp_ext_itf_details
260- gbp_ext_itf_dump
261- gbp_recirc_add_del
262- gbp_recirc_add_del_reply
263- gbp_recirc_details
264- gbp_recirc_dump
265- gbp_route_domain_add
266- gbp_route_domain_add_reply
267- gbp_route_domain_del
268- gbp_route_domain_del_reply
269- gbp_route_domain_details
270- gbp_route_domain_dump
271- gbp_route_domain_dump_reply
272- gbp_subnet_add_del
273- gbp_subnet_add_del_reply
274- gbp_subnet_details
275- gbp_subnet_dump
276- gbp_vxlan_tunnel_add
277- gbp_vxlan_tunnel_add_reply
278- gbp_vxlan_tunnel_del
279- gbp_vxlan_tunnel_del_reply
280- gbp_vxlan_tunnel_details
281- gbp_vxlan_tunnel_dump
282- ikev2_child_sa_details
283- ikev2_child_sa_dump
284- ikev2_initiate_del_child_sa
285- ikev2_initiate_del_child_sa_reply
286- ikev2_initiate_del_ike_sa
287- ikev2_initiate_del_ike_sa_reply
288- ikev2_initiate_rekey_child_sa
289- ikev2_initiate_rekey_child_sa_reply
290- ikev2_initiate_sa_init
291- ikev2_initiate_sa_init_reply
292- ikev2_nonce_get
293- ikev2_nonce_get_reply
294- ikev2_profile_add_del
295- ikev2_profile_add_del_reply
296- ikev2_profile_details
297- ikev2_profile_disable_natt
298- ikev2_profile_disable_natt_reply
299- ikev2_profile_dump
300- ikev2_profile_set_auth
301- ikev2_profile_set_auth_reply
302- ikev2_profile_set_id
303- ikev2_profile_set_id_reply
304- ikev2_profile_set_ipsec_udp_port
305- ikev2_profile_set_ipsec_udp_port_reply
306- ikev2_profile_set_liveness
307- ikev2_profile_set_liveness_reply
308- ikev2_profile_set_ts
309- ikev2_profile_set_ts_reply
310- ikev2_profile_set_udp_encap
311- ikev2_profile_set_udp_encap_reply
312- ikev2_sa_details
313- ikev2_sa_dump
314- ikev2_set_esp_transforms
315- ikev2_set_esp_transforms_reply
316- ikev2_set_ike_transforms
317- ikev2_set_ike_transforms_reply
318- ikev2_set_local_key
319- ikev2_set_local_key_reply
320- ikev2_set_responder
321- ikev2_set_responder_hostname
322- ikev2_set_responder_hostname_reply
323- ikev2_set_responder_reply
324- ikev2_set_sa_lifetime
325- ikev2_set_sa_lifetime_reply
326- ikev2_set_tunnel_interface
327- ikev2_set_tunnel_interface_reply
328- ikev2_traffic_selector_details
329- ikev2_traffic_selector_dump
330- ip_route_add_del_v2
331- ip_route_add_del_v2_reply
332- ip_route_lookup_v2
333- ip_route_lookup_v2_reply
334- ip_route_v2_details
335- ip_route_v2_dump
336- l2_emulation
337- l2_emulation_reply
338- lcp_default_ns_get_reply
339- lcp_default_ns_set
340- lcp_default_ns_set_reply
341- lcp_itf_pair_add_del
342- lcp_itf_pair_add_del_reply
343- lcp_itf_pair_add_del_v2
344- lcp_itf_pair_details
345- mdata_enable_disable
346- mdata_enable_disable_reply
347- nat44_ei_add_del_address_range
348- nat44_ei_add_del_address_range_reply
349- nat44_ei_add_del_static_mapping
350- nat44_ei_add_del_static_mapping_reply
351- nat44_ei_address_details
352- nat44_ei_address_dump
353- nat44_ei_del_session
354- nat44_ei_del_session_reply
355- nat44_ei_del_user
356- nat44_ei_del_user_reply
357- nat44_ei_forwarding_enable_disable
358- nat44_ei_forwarding_enable_disable_reply
359- nat44_ei_ha_flush
360- nat44_ei_ha_flush_reply
361- nat44_ei_ha_resync
362- nat44_ei_ha_resync_completed_event
363- nat44_ei_ha_resync_reply
364- nat44_ei_ha_set_failover
365- nat44_ei_ha_set_failover_reply
366- nat44_ei_ha_set_listener
367- nat44_ei_ha_set_listener_reply
368- nat44_ei_interface_add_del_feature
369- nat44_ei_interface_add_del_feature_reply
370- nat44_ei_interface_details
371- nat44_ei_interface_dump
372- nat44_ei_ipfix_enable_disable
373- nat44_ei_ipfix_enable_disable_reply
374- nat44_ei_plugin_enable_disable
375- nat44_ei_plugin_enable_disable_reply
376- nat44_ei_set_addr_and_port_alloc_alg
377- nat44_ei_set_addr_and_port_alloc_alg_reply
378- nat44_ei_set_fq_options
379- nat44_ei_set_fq_options_reply
380- nat44_ei_set_mss_clamping
381- nat44_ei_set_mss_clamping_reply
382- nat44_ei_set_timeouts
383- nat44_ei_set_timeouts_reply
384- nat44_ei_set_workers
385- nat44_ei_set_workers_reply
386- nat44_ei_show_fq_options
387- nat44_ei_show_fq_options_reply
388- nat44_ei_show_running_config
389- nat44_ei_show_running_config_reply
390- nat44_ei_static_mapping_details
391- nat44_ei_static_mapping_dump
392- nat44_ei_user_details
393- nat44_ei_user_dump
394- nat44_ei_user_session_details
395- nat44_ei_user_session_dump
396- nat44_ei_user_session_v2_details
397- nat44_ei_user_session_v2_dump
398- nat44_ei_worker_details
399- nat44_ei_worker_dump
400- nat64_plugin_enable_disable
401- nat64_plugin_enable_disable_reply
402- oddbuf_enable_disable
403- oddbuf_enable_disable_reply
404- pg_interface_enable_disable_coalesce
405- pg_interface_enable_disable_coalesce_reply
406- pnat_binding_add
407- pnat_binding_add_reply
408- pnat_binding_add_v2
409- pnat_binding_add_v2_reply
410- pnat_binding_attach
411- pnat_binding_attach_reply
412- pnat_binding_del
413- pnat_binding_del_reply
414- pnat_binding_detach
415- pnat_binding_detach_reply
416- pnat_bindings_details
417- pnat_bindings_get
418- pnat_bindings_get_reply
419- pnat_interfaces_details
420- pnat_interfaces_get
421- pnat_interfaces_get_reply
422- sample_macswap_enable_disable
423- sample_macswap_enable_disable_reply
424- sr_localsids_with_packet_stats_details
425- sr_localsids_with_packet_stats_dump
426- sr_policies_with_sl_index_details
427- sr_policies_with_sl_index_dump
428- sw_interface_set_vxlan_gbp_bypass
429- sw_interface_set_vxlan_gbp_bypass_reply
430- test_addresses
431- test_addresses2
432- test_addresses2_reply
433- test_addresses3
434- test_addresses3_reply
435- test_addresses_reply
436- test_empty
437- test_empty_reply
438- test_enum
439- test_enum_reply
440- test_interface
441- test_interface_reply
442- test_prefix
443- test_prefix_reply
444- test_string
445- test_string2
446- test_string2_reply
447- test_string_reply
448- test_vla
449- test_vla2
450- test_vla2_reply
451- test_vla3
452- test_vla3_reply
453- test_vla4
454- test_vla4_reply
455- test_vla5
456- test_vla5_reply
457- test_vla_reply
458- trace_capture_packets
459- trace_capture_packets_reply
460- trace_clear_capture
461- trace_clear_capture_reply
462- trace_details
463- trace_dump
464- trace_dump_reply
465- trace_set_filters
466- trace_set_filters_reply
467- vxlan_gbp_tunnel_add_del
468- vxlan_gbp_tunnel_add_del_reply
469- vxlan_gbp_tunnel_details
470- vxlan_gbp_tunnel_dump
471- want_wireguard_peer_events
472- want_wireguard_peer_events_reply
473- wg_set_async_mode
474- wg_set_async_mode_reply
475- wireguard_interface_create
476- wireguard_interface_create_reply
477- wireguard_interface_delete
478- wireguard_interface_delete_reply
479- wireguard_interface_details
480- wireguard_interface_dump
481- wireguard_peer_add
482- wireguard_peer_add_reply
483- wireguard_peer_event
484- wireguard_peer_remove
485- wireguard_peer_remove_reply
486- wireguard_peers_details
487- wireguard_peers_dump
488
489Patches that changed API definitions
490~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
491
492
493``src/plugins/af_packet/af_packet.api``
494
495* `bca76580b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=bca76580b>`_ af_packet: move to plugin
496
497``src/plugins/vhost/vhost_user.api``
498
499* `7eba44d1e <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=7eba44d1e>`_ vhost: convert vhost device driver to a plugin
500
501``src/plugins/nat/nat44-ed/nat44_ed.api``
502
503* `a923ce591 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a923ce591>`_ nat: cleanup of deprecated features
504* `91246bc6a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=91246bc6a>`_ nat: report time between current vpp time and last_heard
505
506``src/plugins/nat/nat44-ei/nat44_ei.api``
507
508* `91246bc6a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=91246bc6a>`_ nat: report time between current vpp time and last_heard
509
510``src/plugins/urpf/urpf.api``
511
512* `b3605eab5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b3605eab5>`_ urpf: add mode for specific fib index lookup
513
514``src/vnet/udp/udp.api``
515
516* `5c801b362 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5c801b362>`_ udp: add udp encap source port entropy support
517
518``src/vnet/ip/ip.api``
519
520* `d92524687 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=d92524687>`_ vnet: fix ip4 version and IHL check
521
522``src/vnet/ipsec/ipsec.api``
523
524* `4117b24ac <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4117b24ac>`_ ipsec: new api for sa ips and ports updates
525* `520cde406 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=520cde406>`_ ipsec: use correct reply message
526
527``src/vnet/srv6/sr_pt.api``
528
529* `b79d09bbf <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b79d09bbf>`_ sr: srv6 path tracing api
530
531``src/vnet/srv6/sr.api``
532
533* `9503eb59c <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=9503eb59c>`_ sr: new messages created to return packet statistics in sr localsid details
534
535``src/vnet/l2/l2.api``
536
537* `0f8f4351b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=0f8f4351b>`_ l2: Add bridge_domain_add_del_v2 to l2 api
538
539``src/vnet/bfd/bfd.api``
540
541* `415b6a7c7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=415b6a7c7>`_ bfd: fix bfd udp error enum incompatibility