Release notes for VPP 23.02
===========================
More than 243 commits since the previous release, including 118 fixes.
Of particular importance, this release contains the fix for
`JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode <https://jira.fd.io/browse/VPP-2037>`__
Features
--------
- Binary API Compiler for Python
- Include comments in json (`5d2346801 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5d2346801>`_)
- Plugins
- AVF Device driver
- Support generic flow (`a6d16b713 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a6d16b713>`_)
- CNat
- Add sctp support (`f284c14c7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=f284c14c7>`_)
- Crypto - ipsecmb
- Bump ipsecmb library to v1.3 (`2a6f35f24 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=2a6f35f24>`_)
- DPDK
- Add Intel QAT 200xx series support (`a57549ad2 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a57549ad2>`_)
- HTTP
- Support client connect (`ee4172ef0 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=ee4172ef0>`_)
- Unicast Reverse Path forwarding
- Add mode for specific fib index lookup (`b3605eab5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b3605eab5>`_)
- VNET
- Device Drivers
- Add support for af-packet v2 (`8b90d89b0 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=8b90d89b0>`_)
- IPSec
- Introduce fast path ipv6 inbound matching (`06abf2352 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=06abf2352>`_)
- Remove redundant policy array in fast path spd (`14bf6a8fb <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=14bf6a8fb>`_)
- New api for sa ips and ports updates (`4117b24ac <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4117b24ac>`_)
- Segment Routing (IPv6 and MPLS)
- SRv6 Path Tracing Midpoint behaviour (`39d6deca5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=39d6deca5>`_)
- Srv6 path tracing api (`b79d09bbf <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b79d09bbf>`_)
- UDP
- Add udp encap source port entropy support (`5c801b362 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5c801b362>`_)
- Explicit udp output node (`8c1be054b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=8c1be054b>`_)
- Support for disabling tx csum (`f8ee39ff7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=f8ee39ff7>`_)
- VPP Comms Library
- Add api to check if vcl disconnected from VPP (`6ff8e90ed <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=6ff8e90ed>`_)
- VPP StrongSwan Daemon
- Add plugin for VPP-swan (`4e88e041a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4e88e041a>`_)
- Add scripts for testing (`95875774b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=95875774b>`_)
Known issues
------------
For the full list of issues please refer to fd.io `JIRA <https://jira.fd.io>`_.
Fixed issues
------------
For the full list of fixed issues please refer to:
- fd.io `JIRA <https://jira.fd.io>`_
- git `commit log <https://git.fd.io/vpp/log/?h=master>`_
API changes
-----------
Description of results:
- *Definition changed*: indicates that the API file was modified between releases.
- *Only in image*: indicates the API is new for this release.
- *Only in file*: indicates the API has been removed in this release.
============================================================= ==================
Message Name Result
============================================================= ==================
bridge_domain_add_del_v2 only in image
bridge_domain_add_del_v2_reply only in image
ipsec_sad_entry_update only in image
ipsec_sad_entry_update_reply only in image
nat44_del_user only in file
nat44_del_user_reply only in file
nat44_ei_user_session_v2_details only in image
nat44_ei_user_session_v2_dump only in image
nat44_user_session_v3_details only in image
nat44_user_session_v3_dump only in image
nat_get_addr_and_port_alloc_alg only in file
nat_get_addr_and_port_alloc_alg_reply only in file
nat_ha_flush only in file
nat_ha_flush_reply only in file
nat_ha_get_failover only in file
nat_ha_get_failover_reply only in file
nat_ha_get_listener only in file
nat_ha_get_listener_reply only in file
nat_ha_resync only in file
nat_ha_resync_completed_event only in file
nat_ha_resync_reply only in file
nat_ha_set_failover only in file
nat_ha_set_failover_reply only in file
nat_ha_set_listener only in file
nat_ha_set_listener_reply only in file
nat_set_addr_and_port_alloc_alg only in file
nat_set_addr_and_port_alloc_alg_reply only in file
sr_localsids_with_packet_stats_details only in image
sr_localsids_with_packet_stats_dump only in image
sr_pt_iface_add only in image
sr_pt_iface_add_reply only in image
sr_pt_iface_del only in image
sr_pt_iface_del_reply only in image
sr_pt_iface_details only in image
sr_pt_iface_dump only in image
urpf_update_v2 only in image
urpf_update_v2_reply only in image
============================================================= ==================
Found 37 api message signature differences
Newly deprecated API messages
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
These messages are still there in the API, but can and probably
will disappear in the next release.
- bridge_domain_add_del
- bridge_domain_add_del_reply
- create_vhost_user_if
- create_vhost_user_if_reply
- ipsec_spd_entry_add_del_reply
- modify_vhost_user_if
- modify_vhost_user_if_reply
In-progress API messages
~~~~~~~~~~~~~~~~~~~~~~~~
These messages are provided for testing and experimentation only.
They are *not* subject to any compatibility process,
and therefore can arbitrarily change or disappear at *any* moment.
Also they may have less than satisfactory testing, making
them unsuitable for other use than the technology preview.
If you are intending to use these messages in production projects,
please collaborate with the feature maintainer on their productization.
- abf_itf_attach_add_del
- abf_itf_attach_add_del_reply
- abf_itf_attach_details
- abf_itf_attach_dump
- abf_plugin_get_version
- abf_plugin_get_version_reply
- abf_policy_add_del
- abf_policy_add_del_reply
- abf_policy_details
- abf_policy_dump
- acl_plugin_use_hash_lookup_get
- acl_plugin_use_hash_lookup_get_reply
- acl_plugin_use_hash_lookup_set
- acl_plugin_use_hash_lookup_set_reply
- adl_allowlist_enable_disable
- adl_allowlist_enable_disable_reply
- adl_interface_enable_disable
- adl_interface_enable_disable_reply
- cnat_get_snat_addresses
- cnat_get_snat_addresses_reply
- cnat_session_details
- cnat_session_dump
- cnat_session_purge
- cnat_session_purge_reply
- cnat_set_snat_addresses
- cnat_set_snat_addresses_reply
- cnat_set_snat_policy
- cnat_set_snat_policy_reply
- cnat_snat_policy_add_del_exclude_pfx
- cnat_snat_policy_add_del_exclude_pfx_reply
- cnat_snat_policy_add_del_if
- cnat_snat_policy_add_del_if_reply
- cnat_translation_del
- cnat_translation_del_reply
- cnat_translation_details
- cnat_translation_dump
- cnat_translation_update
- cnat_translation_update_reply
- crypto_sw_scheduler_set_worker
- crypto_sw_scheduler_set_worker_reply
- det44_get_timeouts_reply
- det44_interface_add_del_feature
- det44_interface_add_del_feature_reply
- det44_interface_details
- det44_interface_dump
- det44_plugin_enable_disable
- det44_plugin_enable_disable_reply
- det44_set_timeouts
- det44_set_timeouts_reply
- flow_add
- flow_add_reply
- flow_add_v2
- flow_add_v2_reply
- flow_del
- flow_del_reply
- flow_disable
- flow_disable_reply
- flow_enable
- flow_enable_reply
- flowprobe_get_params
- flowprobe_get_params_reply
- flowprobe_interface_add_del
- flowprobe_interface_add_del_reply
- flowprobe_interface_details
- flowprobe_interface_dump
- flowprobe_set_params
- flowprobe_set_params_reply
- gbp_bridge_domain_add
- gbp_bridge_domain_add_reply
- gbp_bridge_domain_del
- gbp_bridge_domain_del_reply
- gbp_bridge_domain_details
- gbp_bridge_domain_dump
- gbp_bridge_domain_dump_reply
- gbp_contract_add_del
- gbp_contract_add_del_reply
- gbp_contract_details
- gbp_contract_dump
- gbp_endpoint_add
- gbp_endpoint_add_reply
- gbp_endpoint_del
- gbp_endpoint_del_reply
- gbp_endpoint_details
- gbp_endpoint_dump
- gbp_endpoint_group_add
- gbp_endpoint_group_add_reply
- gbp_endpoint_group_del
- gbp_endpoint_group_del_reply
- gbp_endpoint_group_details
- gbp_endpoint_group_dump
- gbp_ext_itf_add_del
- gbp_ext_itf_add_del_reply
- gbp_ext_itf_details
- gbp_ext_itf_dump
- gbp_recirc_add_del
- gbp_recirc_add_del_reply
- gbp_recirc_details
- gbp_recirc_dump
- gbp_route_domain_add
- gbp_route_domain_add_reply
- gbp_route_domain_del
- gbp_route_domain_del_reply
- gbp_route_domain_details
- gbp_route_domain_dump
- gbp_route_domain_dump_reply
- gbp_subnet_add_del
- gbp_subnet_add_del_reply
- gbp_subnet_details
- gbp_subnet_dump
- gbp_vxlan_tunnel_add
- gbp_vxlan_tunnel_add_reply
- gbp_vxlan_tunnel_del
- gbp_vxlan_tunnel_del_reply
- gbp_vxlan_tunnel_details
- gbp_vxlan_tunnel_dump
- ikev2_child_sa_details
- ikev2_child_sa_dump
- ikev2_initiate_del_child_sa
- ikev2_initiate_del_child_sa_reply
- ikev2_initiate_del_ike_sa
- ikev2_initiate_del_ike_sa_reply
- ikev2_initiate_rekey_child_sa
- ikev2_initiate_rekey_child_sa_reply
- ikev2_initiate_sa_init
- ikev2_initiate_sa_init_reply
- ikev2_nonce_get
- ikev2_nonce_get_reply
- ikev2_profile_add_del
- ikev2_profile_add_del_reply
- ikev2_profile_details
- ikev2_profile_disable_natt
- ikev2_profile_disable_natt_reply
- ikev2_profile_dump
- ikev2_profile_set_auth
- ikev2_profile_set_auth_reply
- ikev2_profile_set_id
- ikev2_profile_set_id_reply
- ikev2_profile_set_ipsec_udp_port
- ikev2_profile_set_ipsec_udp_port_reply
- ikev2_profile_set_liveness
- ikev2_profile_set_liveness_reply
- ikev2_profile_set_ts
- ikev2_profile_set_ts_reply
- ikev2_profile_set_udp_encap
- ikev2_profile_set_udp_encap_reply
- ikev2_sa_details
- ikev2_sa_dump
- ikev2_set_esp_transforms
- ikev2_set_esp_transforms_reply
- ikev2_set_ike_transforms
- ikev2_set_ike_transforms_reply
- ikev2_set_local_key
- ikev2_set_local_key_reply
- ikev2_set_responder
- ikev2_set_responder_hostname
- ikev2_set_responder_hostname_reply
- ikev2_set_responder_reply
- ikev2_set_sa_lifetime
- ikev2_set_sa_lifetime_reply
- ikev2_set_tunnel_interface
- ikev2_set_tunnel_interface_reply
- ikev2_traffic_selector_details
- ikev2_traffic_selector_dump
- ip_route_add_del_v2
- ip_route_add_del_v2_reply
- ip_route_lookup_v2
- ip_route_lookup_v2_reply
- ip_route_v2_details
- ip_route_v2_dump
- l2_emulation
- l2_emulation_reply
- lcp_default_ns_get_reply
- lcp_default_ns_set
- lcp_default_ns_set_reply
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_details
- mdata_enable_disable
- mdata_enable_disable_reply
- nat44_ei_add_del_address_range
- nat44_ei_add_del_address_range_reply
- nat44_ei_add_del_static_mapping
- nat44_ei_add_del_static_mapping_reply
- nat44_ei_address_details
- nat44_ei_address_dump
- nat44_ei_del_session
- nat44_ei_del_session_reply
- nat44_ei_del_user
- nat44_ei_del_user_reply
- nat44_ei_forwarding_enable_disable
- nat44_ei_forwarding_enable_disable_reply
- nat44_ei_ha_flush
- nat44_ei_ha_flush_reply
- nat44_ei_ha_resync
- nat44_ei_ha_resync_completed_event
- nat44_ei_ha_resync_reply
- nat44_ei_ha_set_failover
- nat44_ei_ha_set_failover_reply
- nat44_ei_ha_set_listener
- nat44_ei_ha_set_listener_reply
- nat44_ei_interface_add_del_feature
- nat44_ei_interface_add_del_feature_reply
- nat44_ei_interface_details
- nat44_ei_interface_dump
- nat44_ei_ipfix_enable_disable
- nat44_ei_ipfix_enable_disable_reply
- nat44_ei_plugin_enable_disable
- nat44_ei_plugin_enable_disable_reply
- nat44_ei_set_addr_and_port_alloc_alg
- nat44_ei_set_addr_and_port_alloc_alg_reply
- nat44_ei_set_fq_options
- nat44_ei_set_fq_options_reply
- nat44_ei_set_mss_clamping
- nat44_ei_set_mss_clamping_reply
- nat44_ei_set_timeouts
- nat44_ei_set_timeouts_reply
- nat44_ei_set_workers
- nat44_ei_set_workers_reply
- nat44_ei_show_fq_options
- nat44_ei_show_fq_options_reply
- nat44_ei_show_running_config
- nat44_ei_show_running_config_reply
- nat44_ei_static_mapping_details
- nat44_ei_static_mapping_dump
- nat44_ei_user_details
- nat44_ei_user_dump
- nat44_ei_user_session_details
- nat44_ei_user_session_dump
- nat44_ei_user_session_v2_details
- nat44_ei_user_session_v2_dump
- nat44_ei_worker_details
- nat44_ei_worker_dump
- nat64_plugin_enable_disable
- nat64_plugin_enable_disable_reply
- oddbuf_enable_disable
- oddbuf_enable_disable_reply
- pg_interface_enable_disable_coalesce
- pg_interface_enable_disable_coalesce_reply
- pnat_binding_add
- pnat_binding_add_reply
- pnat_binding_add_v2
- pnat_binding_add_v2_reply
- pnat_binding_attach
- pnat_binding_attach_reply
- pnat_binding_del
- pnat_binding_del_reply
- pnat_binding_detach
- pnat_binding_detach_reply
- pnat_bindings_details
- pnat_bindings_get
- pnat_bindings_get_reply
- pnat_interfaces_details
- pnat_interfaces_get
- pnat_interfaces_get_reply
- sample_macswap_enable_disable
- sample_macswap_enable_disable_reply
- sr_localsids_with_packet_stats_details
- sr_localsids_with_packet_stats_dump
- sr_policies_with_sl_index_details
- sr_policies_with_sl_index_dump
- sw_interface_set_vxlan_gbp_bypass
- sw_interface_set_vxlan_gbp_bypass_reply
- test_addresses
- test_addresses2
- test_addresses2_reply
- test_addresses3
- test_addresses3_reply
- test_addresses_reply
- test_empty
- test_empty_reply
- test_enum
- test_enum_reply
- test_interface
- test_interface_reply
- test_prefix
- test_prefix_reply
- test_string
- test_string2
- test_string2_reply
- test_string_reply
- test_vla
- test_vla2
- test_vla2_reply
- test_vla3
- test_vla3_reply
- test_vla4
- test_vla4_reply
- test_vla5
- test_vla5_reply
- test_vla_reply
- trace_capture_packets
- trace_capture_packets_reply
- trace_clear_capture
- trace_clear_capture_reply
- trace_details
- trace_dump
- trace_dump_reply
- trace_set_filters
- trace_set_filters_reply
- vxlan_gbp_tunnel_add_del
- vxlan_gbp_tunnel_add_del_reply
- vxlan_gbp_tunnel_details
- vxlan_gbp_tunnel_dump
- want_wireguard_peer_events
- want_wireguard_peer_events_reply
- wg_set_async_mode
- wg_set_async_mode_reply
- wireguard_interface_create
- wireguard_interface_create_reply
- wireguard_interface_delete
- wireguard_interface_delete_reply
- wireguard_interface_details
- wireguard_interface_dump
- wireguard_peer_add
- wireguard_peer_add_reply
- wireguard_peer_event
- wireguard_peer_remove
- wireguard_peer_remove_reply
- wireguard_peers_details
- wireguard_peers_dump
Patches that changed API definitions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``src/plugins/af_packet/af_packet.api``
* `bca76580b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=bca76580b>`_ af_packet: move to plugin
``src/plugins/vhost/vhost_user.api``
* `7eba44d1e <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=7eba44d1e>`_ vhost: convert vhost device driver to a plugin
``src/plugins/nat/nat44-ed/nat44_ed.api``
* `a923ce591 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=a923ce591>`_ nat: cleanup of deprecated features
* `91246bc6a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=91246bc6a>`_ nat: report time between current vpp time and last_heard
``src/plugins/nat/nat44-ei/nat44_ei.api``
* `91246bc6a <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=91246bc6a>`_ nat: report time between current vpp time and last_heard
``src/plugins/urpf/urpf.api``
* `b3605eab5 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b3605eab5>`_ urpf: add mode for specific fib index lookup
``src/vnet/udp/udp.api``
* `5c801b362 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=5c801b362>`_ udp: add udp encap source port entropy support
``src/vnet/ip/ip.api``
* `d92524687 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=d92524687>`_ vnet: fix ip4 version and IHL check
``src/vnet/ipsec/ipsec.api``
* `4117b24ac <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=4117b24ac>`_ ipsec: new api for sa ips and ports updates
* `520cde406 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=520cde406>`_ ipsec: use correct reply message
``src/vnet/srv6/sr_pt.api``
* `b79d09bbf <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=b79d09bbf>`_ sr: srv6 path tracing api
``src/vnet/srv6/sr.api``
* `9503eb59c <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=9503eb59c>`_ sr: new messages created to return packet statistics in sr localsid details
``src/vnet/l2/l2.api``
* `0f8f4351b <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=0f8f4351b>`_ l2: Add bridge_domain_add_del_v2 to l2 api
``src/vnet/bfd/bfd.api``
* `415b6a7c7 <https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=415b6a7c7>`_ bfd: fix bfd udp error enum incompatibility