Release notes for VPP 23.02 =========================== More than 243 commits since the previous release, including 118 fixes. Of particular importance, this release contains the fix for `JIRA VPP-2307: CVE-2022-46397 FD.io VPP (Vector Packet Processor) IPSec generates a predictable IV in AES-CBC mode `__ Features -------- - Binary API Compiler for Python - Include comments in json (`5d2346801 `_) - Plugins - AVF Device driver - Support generic flow (`a6d16b713 `_) - CNat - Add sctp support (`f284c14c7 `_) - Crypto - ipsecmb - Bump ipsecmb library to v1.3 (`2a6f35f24 `_) - DPDK - Add Intel QAT 200xx series support (`a57549ad2 `_) - HTTP - Support client connect (`ee4172ef0 `_) - Unicast Reverse Path forwarding - Add mode for specific fib index lookup (`b3605eab5 `_) - VNET - Device Drivers - Add support for af-packet v2 (`8b90d89b0 `_) - IPSec - Introduce fast path ipv6 inbound matching (`06abf2352 `_) - Remove redundant policy array in fast path spd (`14bf6a8fb `_) - New api for sa ips and ports updates (`4117b24ac `_) - Segment Routing (IPv6 and MPLS) - SRv6 Path Tracing Midpoint behaviour (`39d6deca5 `_) - Srv6 path tracing api (`b79d09bbf `_) - UDP - Add udp encap source port entropy support (`5c801b362 `_) - Explicit udp output node (`8c1be054b `_) - Support for disabling tx csum (`f8ee39ff7 `_) - VPP Comms Library - Add api to check if vcl disconnected from VPP (`6ff8e90ed `_) - VPP StrongSwan Daemon - Add plugin for VPP-swan (`4e88e041a `_) - Add scripts for testing (`95875774b `_) Known issues ------------ For the full list of issues please refer to fd.io `JIRA `_. Fixed issues ------------ For the full list of fixed issues please refer to: - fd.io `JIRA `_ - git `commit log `_ API changes ----------- Description of results: - *Definition changed*: indicates that the API file was modified between releases. - *Only in image*: indicates the API is new for this release. - *Only in file*: indicates the API has been removed in this release. ============================================================= ================== Message Name Result ============================================================= ================== bridge_domain_add_del_v2 only in image bridge_domain_add_del_v2_reply only in image ipsec_sad_entry_update only in image ipsec_sad_entry_update_reply only in image nat44_del_user only in file nat44_del_user_reply only in file nat44_ei_user_session_v2_details only in image nat44_ei_user_session_v2_dump only in image nat44_user_session_v3_details only in image nat44_user_session_v3_dump only in image nat_get_addr_and_port_alloc_alg only in file nat_get_addr_and_port_alloc_alg_reply only in file nat_ha_flush only in file nat_ha_flush_reply only in file nat_ha_get_failover only in file nat_ha_get_failover_reply only in file nat_ha_get_listener only in file nat_ha_get_listener_reply only in file nat_ha_resync only in file nat_ha_resync_completed_event only in file nat_ha_resync_reply only in file nat_ha_set_failover only in file nat_ha_set_failover_reply only in file nat_ha_set_listener only in file nat_ha_set_listener_reply only in file nat_set_addr_and_port_alloc_alg only in file nat_set_addr_and_port_alloc_alg_reply only in file sr_localsids_with_packet_stats_details only in image sr_localsids_with_packet_stats_dump only in image sr_pt_iface_add only in image sr_pt_iface_add_reply only in image sr_pt_iface_del only in image sr_pt_iface_del_reply only in image sr_pt_iface_details only in image sr_pt_iface_dump only in image urpf_update_v2 only in image urpf_update_v2_reply only in image ============================================================= ================== Found 37 api message signature differences Newly deprecated API messages ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These messages are still there in the API, but can and probably will disappear in the next release. - bridge_domain_add_del - bridge_domain_add_del_reply - create_vhost_user_if - create_vhost_user_if_reply - ipsec_spd_entry_add_del_reply - modify_vhost_user_if - modify_vhost_user_if_reply In-progress API messages ~~~~~~~~~~~~~~~~~~~~~~~~ These messages are provided for testing and experimentation only. They are *not* subject to any compatibility process, and therefore can arbitrarily change or disappear at *any* moment. Also they may have less than satisfactory testing, making them unsuitable for other use than the technology preview. If you are intending to use these messages in production projects, please collaborate with the feature maintainer on their productization. - abf_itf_attach_add_del - abf_itf_attach_add_del_reply - abf_itf_attach_details - abf_itf_attach_dump - abf_plugin_get_version - abf_plugin_get_version_reply - abf_policy_add_del - abf_policy_add_del_reply - abf_policy_details - abf_policy_dump - acl_plugin_use_hash_lookup_get - acl_plugin_use_hash_lookup_get_reply - acl_plugin_use_hash_lookup_set - acl_plugin_use_hash_lookup_set_reply - adl_allowlist_enable_disable - adl_allowlist_enable_disable_reply - adl_interface_enable_disable - adl_interface_enable_disable_reply - cnat_get_snat_addresses - cnat_get_snat_addresses_reply - cnat_session_details - cnat_session_dump - cnat_session_purge - cnat_session_purge_reply - cnat_set_snat_addresses - cnat_set_snat_addresses_reply - cnat_set_snat_policy - cnat_set_snat_policy_reply - cnat_snat_policy_add_del_exclude_pfx - cnat_snat_policy_add_del_exclude_pfx_reply - cnat_snat_policy_add_del_if - cnat_snat_policy_add_del_if_reply - cnat_translation_del - cnat_translation_del_reply - cnat_translation_details - cnat_translation_dump - cnat_translation_update - cnat_translation_update_reply - crypto_sw_scheduler_set_worker - crypto_sw_scheduler_set_worker_reply - det44_get_timeouts_reply - det44_interface_add_del_feature - det44_interface_add_del_feature_reply - det44_interface_details - det44_interface_dump - det44_plugin_enable_disable - det44_plugin_enable_disable_reply - det44_set_timeouts - det44_set_timeouts_reply - flow_add - flow_add_reply - flow_add_v2 - flow_add_v2_reply - flow_del - flow_del_reply - flow_disable - flow_disable_reply - flow_enable - flow_enable_reply - flowprobe_get_params - flowprobe_get_params_reply - flowprobe_interface_add_del - flowprobe_interface_add_del_reply - flowprobe_interface_details - flowprobe_interface_dump - flowprobe_set_params - flowprobe_set_params_reply - gbp_bridge_domain_add - gbp_bridge_domain_add_reply - gbp_bridge_domain_del - gbp_bridge_domain_del_reply - gbp_bridge_domain_details - gbp_bridge_domain_dump - gbp_bridge_domain_dump_reply - gbp_contract_add_del - gbp_contract_add_del_reply - gbp_contract_details - gbp_contract_dump - gbp_endpoint_add - gbp_endpoint_add_reply - gbp_endpoint_del - gbp_endpoint_del_reply - gbp_endpoint_details - gbp_endpoint_dump - gbp_endpoint_group_add - gbp_endpoint_group_add_reply - gbp_endpoint_group_del - gbp_endpoint_group_del_reply - gbp_endpoint_group_details - gbp_endpoint_group_dump - gbp_ext_itf_add_del - gbp_ext_itf_add_del_reply - gbp_ext_itf_details - gbp_ext_itf_dump - gbp_recirc_add_del - gbp_recirc_add_del_reply - gbp_recirc_details - gbp_recirc_dump - gbp_route_domain_add - gbp_route_domain_add_reply - gbp_route_domain_del - gbp_route_domain_del_reply - gbp_route_domain_details - gbp_route_domain_dump - gbp_route_domain_dump_reply - gbp_subnet_add_del - gbp_subnet_add_del_reply - gbp_subnet_details - gbp_subnet_dump - gbp_vxlan_tunnel_add - gbp_vxlan_tunnel_add_reply - gbp_vxlan_tunnel_del - gbp_vxlan_tunnel_del_reply - gbp_vxlan_tunnel_details - gbp_vxlan_tunnel_dump - ikev2_child_sa_details - ikev2_child_sa_dump - ikev2_initiate_del_child_sa - ikev2_initiate_del_child_sa_reply - ikev2_initiate_del_ike_sa - ikev2_initiate_del_ike_sa_reply - ikev2_initiate_rekey_child_sa - ikev2_initiate_rekey_child_sa_reply - ikev2_initiate_sa_init - ikev2_initiate_sa_init_reply - ikev2_nonce_get - ikev2_nonce_get_reply - ikev2_profile_add_del - ikev2_profile_add_del_reply - ikev2_profile_details - ikev2_profile_disable_natt - ikev2_profile_disable_natt_reply - ikev2_profile_dump - ikev2_profile_set_auth - ikev2_profile_set_auth_reply - ikev2_profile_set_id - ikev2_profile_set_id_reply - ikev2_profile_set_ipsec_udp_port - ikev2_profile_set_ipsec_udp_port_reply - ikev2_profile_set_liveness - ikev2_profile_set_liveness_reply - ikev2_profile_set_ts - ikev2_profile_set_ts_reply - ikev2_profile_set_udp_encap - ikev2_profile_set_udp_encap_reply - ikev2_sa_details - ikev2_sa_dump - ikev2_set_esp_transforms - ikev2_set_esp_transforms_reply - ikev2_set_ike_transforms - ikev2_set_ike_transforms_reply - ikev2_set_local_key - ikev2_set_local_key_reply - ikev2_set_responder - ikev2_set_responder_hostname - ikev2_set_responder_hostname_reply - ikev2_set_responder_reply - ikev2_set_sa_lifetime - ikev2_set_sa_lifetime_reply - ikev2_set_tunnel_interface - ikev2_set_tunnel_interface_reply - ikev2_traffic_selector_details - ikev2_traffic_selector_dump - ip_route_add_del_v2 - ip_route_add_del_v2_reply - ip_route_lookup_v2 - ip_route_lookup_v2_reply - ip_route_v2_details - ip_route_v2_dump - l2_emulation - l2_emulation_reply - lcp_default_ns_get_reply - lcp_default_ns_set - lcp_default_ns_set_reply - lcp_itf_pair_add_del - lcp_itf_pair_add_del_reply - lcp_itf_pair_add_del_v2 - lcp_itf_pair_details - mdata_enable_disable - mdata_enable_disable_reply - nat44_ei_add_del_address_range - nat44_ei_add_del_address_range_reply - nat44_ei_add_del_static_mapping - nat44_ei_add_del_static_mapping_reply - nat44_ei_address_details - nat44_ei_address_dump - nat44_ei_del_session - nat44_ei_del_session_reply - nat44_ei_del_user - nat44_ei_del_user_reply - nat44_ei_forwarding_enable_disable - nat44_ei_forwarding_enable_disable_reply - nat44_ei_ha_flush - nat44_ei_ha_flush_reply - nat44_ei_ha_resync - nat44_ei_ha_resync_completed_event - nat44_ei_ha_resync_reply - nat44_ei_ha_set_failover - nat44_ei_ha_set_failover_reply - nat44_ei_ha_set_listener - nat44_ei_ha_set_listener_reply - nat44_ei_interface_add_del_feature - nat44_ei_interface_add_del_feature_reply - nat44_ei_interface_details - nat44_ei_interface_dump - nat44_ei_ipfix_enable_disable - nat44_ei_ipfix_enable_disable_reply - nat44_ei_plugin_enable_disable - nat44_ei_plugin_enable_disable_reply - nat44_ei_set_addr_and_port_alloc_alg - nat44_ei_set_addr_and_port_alloc_alg_reply - nat44_ei_set_fq_options - nat44_ei_set_fq_options_reply - nat44_ei_set_mss_clamping - nat44_ei_set_mss_clamping_reply - nat44_ei_set_timeouts - nat44_ei_set_timeouts_reply - nat44_ei_set_workers - nat44_ei_set_workers_reply - nat44_ei_show_fq_options - nat44_ei_show_fq_options_reply - nat44_ei_show_running_config - nat44_ei_show_running_config_reply - nat44_ei_static_mapping_details - nat44_ei_static_mapping_dump - nat44_ei_user_details - nat44_ei_user_dump - nat44_ei_user_session_details - nat44_ei_user_session_dump - nat44_ei_user_session_v2_details - nat44_ei_user_session_v2_dump - nat44_ei_worker_details - nat44_ei_worker_dump - nat64_plugin_enable_disable - nat64_plugin_enable_disable_reply - oddbuf_enable_disable - oddbuf_enable_disable_reply - pg_interface_enable_disable_coalesce - pg_interface_enable_disable_coalesce_reply - pnat_binding_add - pnat_binding_add_reply - pnat_binding_add_v2 - pnat_binding_add_v2_reply - pnat_binding_attach - pnat_binding_attach_reply - pnat_binding_del - pnat_binding_del_reply - pnat_binding_detach - pnat_binding_detach_reply - pnat_bindings_details - pnat_bindings_get - pnat_bindings_get_reply - pnat_interfaces_details - pnat_interfaces_get - pnat_interfaces_get_reply - sample_macswap_enable_disable - sample_macswap_enable_disable_reply - sr_localsids_with_packet_stats_details - sr_localsids_with_packet_stats_dump - sr_policies_with_sl_index_details - sr_policies_with_sl_index_dump - sw_interface_set_vxlan_gbp_bypass - sw_interface_set_vxlan_gbp_bypass_reply - test_addresses - test_addresses2 - test_addresses2_reply - test_addresses3 - test_addresses3_reply - test_addresses_reply - test_empty - test_empty_reply - test_enum - test_enum_reply - test_interface - test_interface_reply - test_prefix - test_prefix_reply - test_string - test_string2 - test_string2_reply - test_string_reply - test_vla - test_vla2 - test_vla2_reply - test_vla3 - test_vla3_reply - test_vla4 - test_vla4_reply - test_vla5 - test_vla5_reply - test_vla_reply - trace_capture_packets - trace_capture_packets_reply - trace_clear_capture - trace_clear_capture_reply - trace_details - trace_dump - trace_dump_reply - trace_set_filters - trace_set_filters_reply - vxlan_gbp_tunnel_add_del - vxlan_gbp_tunnel_add_del_reply - vxlan_gbp_tunnel_details - vxlan_gbp_tunnel_dump - want_wireguard_peer_events - want_wireguard_peer_events_reply - wg_set_async_mode - wg_set_async_mode_reply - wireguard_interface_create - wireguard_interface_create_reply - wireguard_interface_delete - wireguard_interface_delete_reply - wireguard_interface_details - wireguard_interface_dump - wireguard_peer_add - wireguard_peer_add_reply - wireguard_peer_event - wireguard_peer_remove - wireguard_peer_remove_reply - wireguard_peers_details - wireguard_peers_dump Patches that changed API definitions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``src/plugins/af_packet/af_packet.api`` * `bca76580b `_ af_packet: move to plugin ``src/plugins/vhost/vhost_user.api`` * `7eba44d1e `_ vhost: convert vhost device driver to a plugin ``src/plugins/nat/nat44-ed/nat44_ed.api`` * `a923ce591 `_ nat: cleanup of deprecated features * `91246bc6a `_ nat: report time between current vpp time and last_heard ``src/plugins/nat/nat44-ei/nat44_ei.api`` * `91246bc6a `_ nat: report time between current vpp time and last_heard ``src/plugins/urpf/urpf.api`` * `b3605eab5 `_ urpf: add mode for specific fib index lookup ``src/vnet/udp/udp.api`` * `5c801b362 `_ udp: add udp encap source port entropy support ``src/vnet/ip/ip.api`` * `d92524687 `_ vnet: fix ip4 version and IHL check ``src/vnet/ipsec/ipsec.api`` * `4117b24ac `_ ipsec: new api for sa ips and ports updates * `520cde406 `_ ipsec: use correct reply message ``src/vnet/srv6/sr_pt.api`` * `b79d09bbf `_ sr: srv6 path tracing api ``src/vnet/srv6/sr.api`` * `9503eb59c `_ sr: new messages created to return packet statistics in sr localsid details ``src/vnet/l2/l2.api`` * `0f8f4351b `_ l2: Add bridge_domain_add_del_v2 to l2 api ``src/vnet/bfd/bfd.api`` * `415b6a7c7 `_ bfd: fix bfd udp error enum incompatibility