From 5516fc0f3bf50657446c4e68556c9f76ea2a43a4 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Tue, 21 Feb 2023 12:27:15 +0000 Subject: misc: VPP 23.02 Release Notes Type: docs Change-Id: I88ae8452ed1b39a4c6d82b790f63f31deae4c2fa Signed-off-by: Andrew Yourtchenko Signed-off-by: Dave Wallace --- docs/aboutvpp/releasenotes/index.rst | 1 + docs/aboutvpp/releasenotes/v23.02.rst | 541 ++++++++++++++++++++++++++++++++++ 2 files changed, 542 insertions(+) create mode 100644 docs/aboutvpp/releasenotes/v23.02.rst diff --git a/docs/aboutvpp/releasenotes/index.rst b/docs/aboutvpp/releasenotes/index.rst index 4b164f73b79..1d599d5ecd2 100644 --- a/docs/aboutvpp/releasenotes/index.rst +++ b/docs/aboutvpp/releasenotes/index.rst @@ -6,6 +6,7 @@ Release notes .. toctree:: :maxdepth: 2 + v23.02 v22.10.1 v22.10 v22.06.1 diff --git a/docs/aboutvpp/releasenotes/v23.02.rst b/docs/aboutvpp/releasenotes/v23.02.rst new file mode 100644 index 00000000000..2e479ccc417 --- /dev/null +++ b/docs/aboutvpp/releasenotes/v23.02.rst @@ -0,0 +1,541 @@ +Release notes for VPP 23.02 +=========================== + +More than 243 commits since the previous release, including 118 fixes. + +Of particular importance, this release contains the fix for +`JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode `__ + +Features +-------- + +- Binary API Compiler for Python + + - Include comments in json (`5d2346801 `_) + +- Plugins + + - AVF Device driver + + - Support generic flow (`a6d16b713 `_) + + - CNat + + - Add sctp support (`f284c14c7 `_) + + - Crypto - ipsecmb + + - Bump ipsecmb library to v1.3 (`2a6f35f24 `_) + + - DPDK + + - Add Intel QAT 200xx series support (`a57549ad2 `_) + + - HTTP + + - Support client connect (`ee4172ef0 `_) + + - Unicast Reverse Path forwarding + + - Add mode for specific fib index lookup (`b3605eab5 `_) + +- VNET + + - Device Drivers + + - Add support for af-packet v2 (`8b90d89b0 `_) + + - IPSec + + - Introduce fast path ipv6 inbound matching (`06abf2352 `_) + - Remove redundant policy array in fast path spd (`14bf6a8fb `_) + - New api for sa ips and ports updates (`4117b24ac `_) + + - Segment Routing (IPv6 and MPLS) + + - SRv6 Path Tracing Midpoint behaviour (`39d6deca5 `_) + - Srv6 path tracing api (`b79d09bbf `_) + + - UDP + + - Add udp encap source port entropy support (`5c801b362 `_) + - Explicit udp output node (`8c1be054b `_) + - Support for disabling tx csum (`f8ee39ff7 `_) + +- VPP Comms Library + + - Add api to check if vcl disconnected from VPP (`6ff8e90ed `_) + +- VPP StrongSwan Daemon + + - Add plugin for VPP-swan (`4e88e041a `_) + - Add scripts for testing (`95875774b `_) + + +Known issues +------------ + +For the full list of issues please refer to fd.io `JIRA `_. + +Fixed issues +------------ + +For the full list of fixed issues please refer to: +- fd.io `JIRA `_ +- git `commit log `_ + + +API changes +----------- + +Description of results: + +- *Definition changed*: indicates that the API file was modified between releases. +- *Only in image*: indicates the API is new for this release. +- *Only in file*: indicates the API has been removed in this release. + +============================================================= ================== +Message Name Result +============================================================= ================== +bridge_domain_add_del_v2 only in image +bridge_domain_add_del_v2_reply only in image +ipsec_sad_entry_update only in image +ipsec_sad_entry_update_reply only in image +nat44_del_user only in file +nat44_del_user_reply only in file +nat44_ei_user_session_v2_details only in image +nat44_ei_user_session_v2_dump only in image +nat44_user_session_v3_details only in image +nat44_user_session_v3_dump only in image +nat_get_addr_and_port_alloc_alg only in file +nat_get_addr_and_port_alloc_alg_reply only in file +nat_ha_flush only in file +nat_ha_flush_reply only in file +nat_ha_get_failover only in file +nat_ha_get_failover_reply only in file +nat_ha_get_listener only in file +nat_ha_get_listener_reply only in file +nat_ha_resync only in file +nat_ha_resync_completed_event only in file +nat_ha_resync_reply only in file +nat_ha_set_failover only in file +nat_ha_set_failover_reply only in file +nat_ha_set_listener only in file +nat_ha_set_listener_reply only in file +nat_set_addr_and_port_alloc_alg only in file +nat_set_addr_and_port_alloc_alg_reply only in file +sr_localsids_with_packet_stats_details only in image +sr_localsids_with_packet_stats_dump only in image +sr_pt_iface_add only in image +sr_pt_iface_add_reply only in image +sr_pt_iface_del only in image +sr_pt_iface_del_reply only in image +sr_pt_iface_details only in image +sr_pt_iface_dump only in image +urpf_update_v2 only in image +urpf_update_v2_reply only in image +============================================================= ================== + +Found 37 api message signature differences + + +Newly deprecated API messages +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +These messages are still there in the API, but can and probably +will disappear in the next release. + +- bridge_domain_add_del +- bridge_domain_add_del_reply +- create_vhost_user_if +- create_vhost_user_if_reply +- ipsec_spd_entry_add_del_reply +- modify_vhost_user_if +- modify_vhost_user_if_reply + +In-progress API messages +~~~~~~~~~~~~~~~~~~~~~~~~ + +These messages are provided for testing and experimentation only. +They are *not* subject to any compatibility process, +and therefore can arbitrarily change or disappear at *any* moment. +Also they may have less than satisfactory testing, making +them unsuitable for other use than the technology preview. +If you are intending to use these messages in production projects, +please collaborate with the feature maintainer on their productization. + +- abf_itf_attach_add_del +- abf_itf_attach_add_del_reply +- abf_itf_attach_details +- abf_itf_attach_dump +- abf_plugin_get_version +- abf_plugin_get_version_reply +- abf_policy_add_del +- abf_policy_add_del_reply +- abf_policy_details +- abf_policy_dump +- acl_plugin_use_hash_lookup_get +- acl_plugin_use_hash_lookup_get_reply +- acl_plugin_use_hash_lookup_set +- acl_plugin_use_hash_lookup_set_reply +- adl_allowlist_enable_disable +- adl_allowlist_enable_disable_reply +- adl_interface_enable_disable +- adl_interface_enable_disable_reply +- cnat_get_snat_addresses +- cnat_get_snat_addresses_reply +- cnat_session_details +- cnat_session_dump +- cnat_session_purge +- cnat_session_purge_reply +- cnat_set_snat_addresses +- cnat_set_snat_addresses_reply +- cnat_set_snat_policy +- cnat_set_snat_policy_reply +- cnat_snat_policy_add_del_exclude_pfx +- cnat_snat_policy_add_del_exclude_pfx_reply +- cnat_snat_policy_add_del_if +- cnat_snat_policy_add_del_if_reply +- cnat_translation_del +- cnat_translation_del_reply +- cnat_translation_details +- cnat_translation_dump +- cnat_translation_update +- cnat_translation_update_reply +- crypto_sw_scheduler_set_worker +- crypto_sw_scheduler_set_worker_reply +- det44_get_timeouts_reply +- det44_interface_add_del_feature +- det44_interface_add_del_feature_reply +- det44_interface_details +- det44_interface_dump +- det44_plugin_enable_disable +- det44_plugin_enable_disable_reply +- det44_set_timeouts +- det44_set_timeouts_reply +- flow_add +- flow_add_reply +- flow_add_v2 +- flow_add_v2_reply +- flow_del +- flow_del_reply +- flow_disable +- flow_disable_reply +- flow_enable +- flow_enable_reply +- flowprobe_get_params +- flowprobe_get_params_reply +- flowprobe_interface_add_del +- flowprobe_interface_add_del_reply +- flowprobe_interface_details +- flowprobe_interface_dump +- flowprobe_set_params +- flowprobe_set_params_reply +- gbp_bridge_domain_add +- gbp_bridge_domain_add_reply +- gbp_bridge_domain_del +- gbp_bridge_domain_del_reply +- gbp_bridge_domain_details +- gbp_bridge_domain_dump +- gbp_bridge_domain_dump_reply +- gbp_contract_add_del +- gbp_contract_add_del_reply +- gbp_contract_details +- gbp_contract_dump +- gbp_endpoint_add +- gbp_endpoint_add_reply +- gbp_endpoint_del +- gbp_endpoint_del_reply +- gbp_endpoint_details +- gbp_endpoint_dump +- gbp_endpoint_group_add +- gbp_endpoint_group_add_reply +- gbp_endpoint_group_del +- gbp_endpoint_group_del_reply +- gbp_endpoint_group_details +- gbp_endpoint_group_dump +- gbp_ext_itf_add_del +- gbp_ext_itf_add_del_reply +- gbp_ext_itf_details +- gbp_ext_itf_dump +- gbp_recirc_add_del +- gbp_recirc_add_del_reply +- gbp_recirc_details +- gbp_recirc_dump +- gbp_route_domain_add +- gbp_route_domain_add_reply +- gbp_route_domain_del +- gbp_route_domain_del_reply +- gbp_route_domain_details +- gbp_route_domain_dump +- gbp_route_domain_dump_reply +- gbp_subnet_add_del +- gbp_subnet_add_del_reply +- gbp_subnet_details +- gbp_subnet_dump +- gbp_vxlan_tunnel_add +- gbp_vxlan_tunnel_add_reply +- gbp_vxlan_tunnel_del +- gbp_vxlan_tunnel_del_reply +- gbp_vxlan_tunnel_details +- gbp_vxlan_tunnel_dump +- ikev2_child_sa_details +- ikev2_child_sa_dump +- ikev2_initiate_del_child_sa +- ikev2_initiate_del_child_sa_reply +- ikev2_initiate_del_ike_sa +- ikev2_initiate_del_ike_sa_reply +- ikev2_initiate_rekey_child_sa +- ikev2_initiate_rekey_child_sa_reply +- ikev2_initiate_sa_init +- ikev2_initiate_sa_init_reply +- ikev2_nonce_get +- ikev2_nonce_get_reply +- ikev2_profile_add_del +- ikev2_profile_add_del_reply +- ikev2_profile_details +- ikev2_profile_disable_natt +- ikev2_profile_disable_natt_reply +- ikev2_profile_dump +- ikev2_profile_set_auth +- ikev2_profile_set_auth_reply +- ikev2_profile_set_id +- ikev2_profile_set_id_reply +- ikev2_profile_set_ipsec_udp_port +- ikev2_profile_set_ipsec_udp_port_reply +- ikev2_profile_set_liveness +- ikev2_profile_set_liveness_reply +- ikev2_profile_set_ts +- ikev2_profile_set_ts_reply +- ikev2_profile_set_udp_encap +- ikev2_profile_set_udp_encap_reply +- ikev2_sa_details +- ikev2_sa_dump +- ikev2_set_esp_transforms +- ikev2_set_esp_transforms_reply +- ikev2_set_ike_transforms +- ikev2_set_ike_transforms_reply +- ikev2_set_local_key +- ikev2_set_local_key_reply +- ikev2_set_responder +- ikev2_set_responder_hostname +- ikev2_set_responder_hostname_reply +- ikev2_set_responder_reply +- ikev2_set_sa_lifetime +- ikev2_set_sa_lifetime_reply +- ikev2_set_tunnel_interface +- ikev2_set_tunnel_interface_reply +- ikev2_traffic_selector_details +- ikev2_traffic_selector_dump +- ip_route_add_del_v2 +- ip_route_add_del_v2_reply +- ip_route_lookup_v2 +- ip_route_lookup_v2_reply +- ip_route_v2_details +- ip_route_v2_dump +- l2_emulation +- l2_emulation_reply +- lcp_default_ns_get_reply +- lcp_default_ns_set +- lcp_default_ns_set_reply +- lcp_itf_pair_add_del +- lcp_itf_pair_add_del_reply +- lcp_itf_pair_add_del_v2 +- lcp_itf_pair_details +- mdata_enable_disable +- mdata_enable_disable_reply +- nat44_ei_add_del_address_range +- nat44_ei_add_del_address_range_reply +- nat44_ei_add_del_static_mapping +- nat44_ei_add_del_static_mapping_reply +- nat44_ei_address_details +- nat44_ei_address_dump +- nat44_ei_del_session +- nat44_ei_del_session_reply +- nat44_ei_del_user +- nat44_ei_del_user_reply +- nat44_ei_forwarding_enable_disable +- nat44_ei_forwarding_enable_disable_reply +- nat44_ei_ha_flush +- nat44_ei_ha_flush_reply +- nat44_ei_ha_resync +- nat44_ei_ha_resync_completed_event +- nat44_ei_ha_resync_reply +- nat44_ei_ha_set_failover +- nat44_ei_ha_set_failover_reply +- nat44_ei_ha_set_listener +- nat44_ei_ha_set_listener_reply +- nat44_ei_interface_add_del_feature +- nat44_ei_interface_add_del_feature_reply +- nat44_ei_interface_details +- nat44_ei_interface_dump +- nat44_ei_ipfix_enable_disable +- nat44_ei_ipfix_enable_disable_reply +- nat44_ei_plugin_enable_disable +- nat44_ei_plugin_enable_disable_reply +- nat44_ei_set_addr_and_port_alloc_alg +- nat44_ei_set_addr_and_port_alloc_alg_reply +- nat44_ei_set_fq_options +- nat44_ei_set_fq_options_reply +- nat44_ei_set_mss_clamping +- nat44_ei_set_mss_clamping_reply +- nat44_ei_set_timeouts +- nat44_ei_set_timeouts_reply +- nat44_ei_set_workers +- nat44_ei_set_workers_reply +- nat44_ei_show_fq_options +- nat44_ei_show_fq_options_reply +- nat44_ei_show_running_config +- nat44_ei_show_running_config_reply +- nat44_ei_static_mapping_details +- nat44_ei_static_mapping_dump +- nat44_ei_user_details +- nat44_ei_user_dump +- nat44_ei_user_session_details +- nat44_ei_user_session_dump +- nat44_ei_user_session_v2_details +- nat44_ei_user_session_v2_dump +- nat44_ei_worker_details +- nat44_ei_worker_dump +- nat64_plugin_enable_disable +- nat64_plugin_enable_disable_reply +- oddbuf_enable_disable +- oddbuf_enable_disable_reply +- pg_interface_enable_disable_coalesce +- pg_interface_enable_disable_coalesce_reply +- pnat_binding_add +- pnat_binding_add_reply +- pnat_binding_add_v2 +- pnat_binding_add_v2_reply +- pnat_binding_attach +- pnat_binding_attach_reply +- pnat_binding_del +- pnat_binding_del_reply +- pnat_binding_detach +- pnat_binding_detach_reply +- pnat_bindings_details +- pnat_bindings_get +- pnat_bindings_get_reply +- pnat_interfaces_details +- pnat_interfaces_get +- pnat_interfaces_get_reply +- sample_macswap_enable_disable +- sample_macswap_enable_disable_reply +- sr_localsids_with_packet_stats_details +- sr_localsids_with_packet_stats_dump +- sr_policies_with_sl_index_details +- sr_policies_with_sl_index_dump +- sw_interface_set_vxlan_gbp_bypass +- sw_interface_set_vxlan_gbp_bypass_reply +- test_addresses +- test_addresses2 +- test_addresses2_reply +- test_addresses3 +- test_addresses3_reply +- test_addresses_reply +- test_empty +- test_empty_reply +- test_enum +- test_enum_reply +- test_interface +- test_interface_reply +- test_prefix +- test_prefix_reply +- test_string +- test_string2 +- test_string2_reply +- test_string_reply +- test_vla +- test_vla2 +- test_vla2_reply +- test_vla3 +- test_vla3_reply +- test_vla4 +- test_vla4_reply +- test_vla5 +- test_vla5_reply +- test_vla_reply +- trace_capture_packets +- trace_capture_packets_reply +- trace_clear_capture +- trace_clear_capture_reply +- trace_details +- trace_dump +- trace_dump_reply +- trace_set_filters +- trace_set_filters_reply +- vxlan_gbp_tunnel_add_del +- vxlan_gbp_tunnel_add_del_reply +- vxlan_gbp_tunnel_details +- vxlan_gbp_tunnel_dump +- want_wireguard_peer_events +- want_wireguard_peer_events_reply +- wg_set_async_mode +- wg_set_async_mode_reply +- wireguard_interface_create +- wireguard_interface_create_reply +- wireguard_interface_delete +- wireguard_interface_delete_reply +- wireguard_interface_details +- wireguard_interface_dump +- wireguard_peer_add +- wireguard_peer_add_reply +- wireguard_peer_event +- wireguard_peer_remove +- wireguard_peer_remove_reply +- wireguard_peers_details +- wireguard_peers_dump + +Patches that changed API definitions +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +``src/plugins/af_packet/af_packet.api`` + +* `bca76580b `_ af_packet: move to plugin + +``src/plugins/vhost/vhost_user.api`` + +* `7eba44d1e `_ vhost: convert vhost device driver to a plugin + +``src/plugins/nat/nat44-ed/nat44_ed.api`` + +* `a923ce591 `_ nat: cleanup of deprecated features +* `91246bc6a `_ nat: report time between current vpp time and last_heard + +``src/plugins/nat/nat44-ei/nat44_ei.api`` + +* `91246bc6a `_ nat: report time between current vpp time and last_heard + +``src/plugins/urpf/urpf.api`` + +* `b3605eab5 `_ urpf: add mode for specific fib index lookup + +``src/vnet/udp/udp.api`` + +* `5c801b362 `_ udp: add udp encap source port entropy support + +``src/vnet/ip/ip.api`` + +* `d92524687 `_ vnet: fix ip4 version and IHL check + +``src/vnet/ipsec/ipsec.api`` + +* `4117b24ac `_ ipsec: new api for sa ips and ports updates +* `520cde406 `_ ipsec: use correct reply message + +``src/vnet/srv6/sr_pt.api`` + +* `b79d09bbf `_ sr: srv6 path tracing api + +``src/vnet/srv6/sr.api`` + +* `9503eb59c `_ sr: new messages created to return packet statistics in sr localsid details + +``src/vnet/l2/l2.api`` + +* `0f8f4351b `_ l2: Add bridge_domain_add_del_v2 to l2 api + +``src/vnet/bfd/bfd.api`` + +* `415b6a7c7 `_ bfd: fix bfd udp error enum incompatibility -- cgit 1.2.3-korg