Changes in version 2.1 Polar Bear¹⁾:

1. SORM-light capabilities are extended:
   1. traffic recording by protocols' list and/or ip/cidr;
   2. http protocol metadata are recorded.
2. Policing improvements: prioritization of the inbound traffic is fixed and HTB and TBF disciplines were added.
3. Integration with Radius server.
4. Dynamic IP subscribers support.
5. Built-in repository (UDR) to store subscribers' information is added.
6. Caching of youtube, vk, rutube and software upgrades is extended.
7. Detection in asymmetric traffic mode is improved.
8. Protection against DoS and DDoS attacks.

1. SSL certificates support in "white" and "black" lists. This replaces IP for HTTPS protocol
   

WEB site's address becomes variable by wide usage of content delivery networks (CDN) and systems of geographical reservation and balancing based on DNS site's address. IP address may depend on time, coordinates of a subscriber, DNS server in use and other factors. In case of CDN the list of IP addresses may include hundreds or thousands of addresses, and other sites can be accessible through them.
This causes problems for Captive Portal. It requires an access by HTTPS to banks' sites or social networks - in case IP address is used to identify a site.
We offer the following solution.
The HTTPS site access is granted not by its IP but by its SSL certificate name. This certificate is made by trusted companies. The name on it can be checked by browser in page "properties". You use this name in "white" or "black" lists - and DPI checks the certificate and grants or rejects an access based on it.

1. Support of subscribers having several IPs
   The operator provides a channel of the fixed width and a set of IPs to a subscriber (typically a company). The latest can use these resources as he likes.
   You can reserve any number of IP addresses for any subscriber. And these IPs may be arbitrary, not a block..
2. Two new kinds of netflow
   1. netflow for billing: it is used for billing. Is generated for subscribers with plans that require this information. Is aggregated by subscribers and traffic classes. Traffic classes allow to count protocols or their groups separately in billing. Aggregation and selectivity by subscribers dramatically reduce an amount of data transferred and processed for billing purposes.
   2. complete and detailed netflow for studies SORM tasks
      Netflow export from DPI allows to reduce the load to other, typically more expensive, equipment.
3. Protocol signatures are updated. The quality and percentage of traffic detection is improved.

Do not update Linux kernel to the latest version kernel-2.6.32-431.29.2. This kernel is not binary compatible with Kernel ABI. The network driver can not be loaded after this update. In case you made this update - please configure grab loader to load the previous version while solving the problem²⁾.

1. Bug fix: policing configuration changes for subscribers having several IPs did not work.
2. Netflow shaping was added to avoid losses on weak collectors.

Do not update Linux kernel to the latest version kernel-2.6.32-431.29.2 or above. This kernel is not binary compatible with Kernel ABI. The network driver can not be loaded after this update. In case you made this update - please configure grab loader to load the previous version while solving the problem³⁾.

1. Bug fix: a mistake in subscriber's policing initialization may lead to a crash and restart of the main process.

Do not update Linux kernel to the latest version kernel-2.6.32-431.29.2 or above. This kernel is not binary compatible with Kernel ABI. The network driver can not be loaded after this update. In case you made this update - please configure grab loader to load the previous version while solving the problem⁴⁾.

1. The bug in flow end time while forming full netflow was fixed.
2. Configuration parameters active and inactive timeout were added to help forming full netflow.
3. The information on stand-alone ASN systems was updated.

To check the currently installed version:

yum info fastdpi

Do not update Linux kernel to the latest version kernel-2.6.32-431.29.2 or above. This kernel is not binary compatible with Kernel ABI. The network driver can not be loaded after this update. In case you made this update - please configure grab loader to load the previous version while solving the problem⁵⁾.

1. Added DSCP/TOS for for directions (by ASN)
2. DSCP/TOS 'pass' parameter for bypass transit traffic
3. Cloud blacklist service for Byelorussia
4. Filtering PPTP/GRE/L2TP in out-of-line mode
5. Torrent control by HASH value (for CACHE-server)
6. Improved detection for ciphered torrents
7. Internal ASN databse renewed

To check the currently installed version:

yum info fastdpi

Do not update Linux kernel to the latest version kernel-2.6.32-431.29.2 or above. This kernel is not binary compatible with Kernel ABI. The network driver can not be loaded after this update. In case you made this update - please configure grab loader to load the previous version while solving the problem ⁶⁾.