diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 2301c70c..f4db89f5 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -14,24 +14,11 @@ jobs:
       - name: Run clang-format style check
         uses: jidicula/clang-format-action@v4.11.0
         with:
-          clang-format-version: '10'
+          clang-format-version: '18'
           exclude-regex: .*\.proto
 
-
-  build-image-builder:
-    needs: formatting-check
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the yanetplatform/builder
-        run: |
-          cd image
-          # todo
-
-
   build-unittest:
-    needs: build-image-builder
+    needs: formatting-check
     runs-on: ubuntu-latest
     container:
       image: yanetplatform/builder-lite
@@ -51,8 +38,8 @@ jobs:
           retention-days: 1
 
   build-autotest:
-    needs: build-image-builder
-    runs-on: builder
+    needs: formatting-check
+    runs-on: ubuntu-latest
     container:
       image: yanetplatform/builder-lite
     steps:
@@ -72,7 +59,7 @@ jobs:
           retention-days: 1
 
   build:
-    needs: build-image-builder
+    needs: formatting-check
     runs-on: ubuntu-latest
     container:
       image: yanetplatform/builder-lite
@@ -87,7 +74,7 @@ jobs:
 
   build-ubuntu1804:
     name: build (Ubuntu 18.04)
-    needs: build-image-builder
+    needs: formatting-check
     runs-on: ubuntu-latest
     container:
       image: yanetplatform/builder_ubuntu18.04-lite
@@ -117,7 +104,7 @@ jobs:
   autotest-001_one_port:
     name: 001_one_port
     needs: build-autotest
-    runs-on: autotest
+    runs-on: ubuntu-latest
     container:
       image: yanetplatform/builder-lite
     steps:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 90407dd6..6abc23de 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,6 +18,15 @@ jobs:
         uses: actions/checkout@v4
         with:
           submodules: recursive
+      - name: version
+        run: |
+          export YANET_VERSION=${{github.ref_name}}
+          export YANET_VERSION=${YANET_VERSION}
+          export YANET_VERSION_MAJOR=${YANET_VERSION%.*}
+          export YANET_VERSION_MINOR=${YANET_VERSION#*.}
+          export YANET_VERSION_REVISION=${{github.run_number}}
+          export YANET_VERSION_HASH=${{github.sha}}
+          export YANET_VERSION_CUSTOM=stable
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
diff --git a/README.md b/README.md
index 932559c1..97d99004 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,7 @@ docker pull yanetplatform/builder
 Add alias for run commands on docker:
 ```
 alias yanet-builder="docker run --rm -it -v /run/yanet:/run/yanet -v \$PWD:/project yanetplatform/builder"
+(for Mac: alias yanet-builder="docker run --platform linux/amd64 --rm -it -v /run/yanet:/run/yanet -v \$PWD:/project yanetplatform/builder")
 ```
 
 Once setup `build_autotest` directory:
@@ -59,6 +60,31 @@ For more information about the autotests run:
 ```
 yanet-builder ./autotest/yanet-autotest-run.py -h
 ```
+
+## Running Unit Tests
+
+To run the unit tests for the project, follow these steps:
+
+Setup the build directory for unittest targeting:
+```sh
+meson setup -Dtarget=unittest build_unittest
+```
+Next, compile the project within the setup build directory:
+
+```sh
+meson compile -C build_unittest
+```
+
+After compilation, run all the unit tests with:
+
+```sh
+meson test -C build_unittest
+```
+- To view more detailed output, you can run the tests with -v flag:
+
+```sh
+meson test -C build_unittest -v
+```
 ## Dependencies
 - [DPDK](https://github.com/DPDK/dpdk)
 - [JSON](https://github.com/nlohmann/json)
diff --git a/autotest/autotest.cpp b/autotest/autotest.cpp
index 1930d955..5a3cef86 100644
--- a/autotest/autotest.cpp
+++ b/autotest/autotest.cpp
@@ -1,6 +1,6 @@
 #include <arpa/inet.h>
+#include <cstring>
 #include <pcap.h>
-#include <string.h>
 #include <sys/shm.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -11,14 +11,17 @@
 
 #include <experimental/filesystem>
 #include <fstream>
-#include <iostream>
 #include <thread>
+#include <utility>
 
 #include <gmock/gmock.h>
 
 #include "autotest.h"
 #include "common.h"
 
+#include "common/sdpclient.h"
+#include "common/utils.h"
+
 #define MAX_PACK_LEN 16384
 #define SOCK_DEV_PREFIX "sock_dev:"
 
@@ -56,15 +59,11 @@ tAutotest::tAutotest() :
 	::testing::GTEST_FLAG(throw_on_failure) = true;
 }
 
-tAutotest::~tAutotest()
-{
-}
-
 eResult tAutotest::init(const std::string& binaryPath,
                         bool dumpPackets,
                         const std::vector<std::string>& configFilePaths)
 {
-	(void)binaryPath;
+	YANET_GCC_BUG_UNUSED(binaryPath);
 	this->dumpPackets = dumpPackets;
 	this->configFilePaths = configFilePaths;
 
@@ -78,6 +77,11 @@ eResult tAutotest::init(const std::string& binaryPath,
 		return ret;
 	}
 
+	if (auto ret = common::sdp::SdpClient::ReadSharedMemoryData(sdp_data, true); ret != eResult::success)
+	{
+		return ret;
+	}
+
 	return eResult::success;
 }
 
@@ -121,9 +125,9 @@ eResult tAutotest::initSharedMemory()
 	dataPlaneSharedMemory = dataPlane.get_shm_info();
 
 	std::map<key_t, void*> shm_by_key;
-	key_t ipcKey;
-	int shmid;
-	void* shmaddr;
+	key_t ipcKey = 0;
+	int shmid = 0;
+	void* shmaddr = nullptr;
 
 	for (const auto& shmInfo : dataPlaneSharedMemory)
 	{
@@ -136,10 +140,10 @@ eResult tAutotest::initSharedMemory()
 			return eResult::errorInitSharedMemory;
 		}
 
-		shmaddr = shmat(shmid, NULL, 0);
+		shmaddr = shmat(shmid, nullptr, 0);
 		if (shmaddr == (void*)-1)
 		{
-			YANET_LOG_ERROR("shmat(%d, NULL, 0) = %d\n", shmid, errno);
+			YANET_LOG_ERROR("shmat(%d, nullptr, 0) = %d\n", shmid, errno);
 			return eResult::errorInitSharedMemory;
 		}
 
@@ -163,7 +167,7 @@ eResult tAutotest::initSharedMemory()
 
 	for (const auto& shmInfo : dataPlaneSharedMemory)
 	{
-		std::string tag = std::get<1>(shmInfo);
+		std::string name = std::get<0>(shmInfo);
 		unsigned int unitSize = std::get<2>(shmInfo);
 		unsigned int unitsNumber = std::get<3>(shmInfo);
 		key_t ipcKey = std::get<6>(shmInfo);
@@ -171,7 +175,7 @@ eResult tAutotest::initSharedMemory()
 
 		void* shm = shm_by_key[ipcKey];
 		auto memaddr = (void*)((intptr_t)shm + offset);
-		dumpRings[tag] = common::bufferring(memaddr, unitSize, unitsNumber);
+		dumpRings[name] = common::bufferring(memaddr, unitSize, unitsNumber);
 	}
 
 	return eResult::success;
@@ -235,8 +239,8 @@ void tAutotest::sendThread(std::string interfaceName,
 		throw "";
 	}
 
-	pcap_pkthdr* header;
-	const u_char* data;
+	pcap_pkthdr* header = nullptr;
+	const u_char* data = nullptr;
 	static u_char zeros[MAX_PACK_LEN];
 
 	auto iface = pcaps[interfaceName];
@@ -406,10 +410,10 @@ class TextDumper
 class PcapDumper
 {
 public:
-	PcapDumper(const std::string& path, int capsize = MAX_PACK_LEN) :
-	        tmpFilePath(path)
+	PcapDumper(std::string path, int capsize = MAX_PACK_LEN) :
+	        tmpFilePath(std::move(path)), pcap(pcap_open_dead(DLT_EN10MB, capsize))
 	{
-		pcap = pcap_open_dead(DLT_EN10MB, capsize);
+
 		if (!pcap)
 		{
 			YANET_LOG_ERROR("error: pcap_open_dead()\n");
@@ -436,7 +440,7 @@ class PcapDumper
 		pcap_dump((u_char*)dumper, header, data);
 	}
 
-	std::string path() const
+	[[nodiscard]] std::string path() const
 	{
 		return tmpFilePath;
 	}
@@ -474,7 +478,7 @@ class pcap_expectation
 {
 public:
 	pcap_expectation(std::string filename) :
-	        filename(filename), has_packet(true), packetsCount(0), buffer(MAX_PACK_LEN, 0)
+	        filename(filename), buffer(MAX_PACK_LEN, 0)
 	{
 		char pcap_errbuf[PCAP_ERRBUF_SIZE];
 		pcap = pcap_open_offline(filename.c_str(), pcap_errbuf);
@@ -504,8 +508,8 @@ class pcap_expectation
 		{
 			return;
 		}
-		pcap_pkthdr* h = 0;
-		const u_char* data = 0;
+		pcap_pkthdr* h = nullptr;
+		const u_char* data = nullptr;
 		if (pcap_next_ex(pcap, &h, &data) >= 0)
 		{
 			memcpy(&header, h, sizeof(struct pcap_pkthdr));
@@ -524,7 +528,7 @@ class pcap_expectation
 		}
 	}
 
-	bool has_unmatched_packets() const
+	[[nodiscard]] bool has_unmatched_packets() const
 	{
 		return has_packet;
 	}
@@ -536,22 +540,22 @@ class pcap_expectation
 		       !memcmp(buffer.data(), packet, packetSize);
 	}
 
-	std::string location() const
+	[[nodiscard]] std::string location() const
 	{
 		return filename + ":" + std::to_string(packetsCount);
 	}
 
-	int expected_len() const
+	[[nodiscard]] int expected_len() const
 	{
 		return header.len;
 	}
 
-	const u_char* begin() const
+	[[nodiscard]] const u_char* begin() const
 	{
 		return buffer.data();
 	}
 
-	const u_char* end() const
+	[[nodiscard]] const u_char* end() const
 	{
 		return buffer.data() + header.len;
 	}
@@ -566,9 +570,9 @@ class pcap_expectation
 
 private:
 	std::string filename;
-	bool has_packet;
+	bool has_packet{true};
 	struct pcap_pkthdr header;
-	uint64_t packetsCount;
+	uint64_t packetsCount{};
 	pcap_t* pcap;
 	std::vector<u_char> buffer;
 };
@@ -715,7 +719,7 @@ void tAutotest::recvThread(std::string interfaceName,
 
 			auto packetSize = tmp_pcap_packetHeader.len;
 			YANET_LOG_DEBUG("unexpected %u\n", packetSize);
-			dumper.dump(NULL, NULL, buffer, buffer + packetSize);
+			dumper.dump(nullptr, nullptr, buffer, buffer + packetSize);
 		}
 
 		success = false;
@@ -738,21 +742,6 @@ void tAutotest::recvThread(std::string interfaceName,
 	unlink(pcapDumper.path().data());
 }
 
-std::vector<std::string> split(const std::string& string,
-                               char delimiter = ' ')
-{
-	std::vector<std::string> result;
-
-	std::stringstream stream(string);
-	std::string item;
-	while (std::getline(stream, item, delimiter))
-	{
-		result.emplace_back(item);
-	}
-
-	return result;
-}
-
 bool tAutotest::step_ipv4Update(const YAML::Node& yamlStep)
 {
 	if (yamlStep.IsScalar())
@@ -868,10 +857,10 @@ bool tAutotest::step_checkCounters(const YAML::Node& yamlStep)
 	auto fwList = controlPlane.getFwList(common::icp::getFwList::requestType::static_rules_original);
 	for (auto& [ruleno, rules] : fwList)
 	{
-		(void)ruleno;
+		YANET_GCC_BUG_UNUSED(ruleno);
 		for (auto& [id, counter, text] : rules)
 		{
-			(void)text;
+			YANET_GCC_BUG_UNUSED(text);
 			counters[id] = counter;
 		}
 	}
@@ -890,7 +879,7 @@ bool tAutotest::step_sendPackets(const YAML::Node& yamlStep,
 
 	for (const auto& yamlPort : yamlStep)
 	{
-		std::string interfaceName = yamlPort["port"].as<std::string>();
+		auto interfaceName = yamlPort["port"].as<std::string>();
 
 		if (yamlPort["send"])
 		{
@@ -1193,9 +1182,9 @@ bool tAutotest::step_rib_clear(const YAML::Node& yaml)
 
 		if (yaml_attribute["peer"].IsDefined() && yaml_attribute["vrf"].IsDefined() && yaml_attribute["priority"].IsDefined())
 		{
-			std::string peer = yaml_attribute["peer"].as<std::string>();
-			std::string vrf = yaml_attribute["vrf"].as<std::string>();
-			uint32_t priority = yaml_attribute["priority"].as<uint32_t>();
+			auto peer = yaml_attribute["peer"].as<std::string>();
+			auto vrf = yaml_attribute["vrf"].as<std::string>();
+			auto priority = yaml_attribute["priority"].as<uint32_t>();
 
 			std::tuple<std::string, uint32_t> vrf_priority_tup(std::move(vrf), std::move(priority));
 			std::tuple<ip_address_t, std::tuple<std::string, uint32_t>> peer_vrf_priority_tup(std::move(peer), std::move(vrf_priority_tup));
@@ -1354,7 +1343,12 @@ void tAutotest::mainThread()
 			{
 				bool result = true;
 
-				if (yamlStep["ipv4Update"])
+				if (yamlStep["subtest"])
+				{
+					auto test_name = yamlStep["subtest"].as<std::string>();
+					YANET_LOG_PRINT(ANSI_COLOR_BLUE "Running subtest: '%s'\n" ANSI_COLOR_RESET, test_name.c_str());
+				}
+				else if (yamlStep["ipv4Update"])
 				{
 					YANET_LOG_DEBUG("step: ipv4Update\n");
 
@@ -1527,7 +1521,7 @@ void tAutotest::convert_ipv4Update(const std::string& string)
 
 	convert_ipv4Remove(prefix);
 
-	for (const auto& nexthop : split(nexthops))
+	for (const auto& nexthop : utils::split(nexthops, ' '))
 	{
 		common::icp::rib_update::insert request = {"autotest", "default", YANET_RIB_PRIORITY_DEFAULT, {}};
 		std::get<3>(request)[attribute_default]["ipv4"][nexthop].emplace_back(prefix,
@@ -1564,7 +1558,7 @@ void tAutotest::convert_ipv4LabelledUpdate(const std::string& string)
 
 	convert_ipv4LabelledRemove(prefix);
 
-	for (const auto& nexthop_label : split(nexthops))
+	for (const auto& nexthop_label : utils::split(nexthops, ' '))
 	{
 		std::string nexthop = nexthop_label.substr(0, nexthop_label.find(":"));
 		std::string label = nexthop_label.substr(nexthop_label.find(":") + 1);
@@ -1608,7 +1602,7 @@ void tAutotest::convert_ipv6Update(const std::string& string)
 	std::string prefix = string.substr(0, string.find(" -> "));
 	std::string nexthops = string.substr(string.find(" -> ") + 4);
 
-	for (const auto& nexthop : split(nexthops))
+	for (const auto& nexthop : utils::split(nexthops, ' '))
 	{
 		common::icp::rib_update::insert request = {"autotest", "default", YANET_RIB_PRIORITY_DEFAULT, {}};
 		std::get<3>(request)[attribute_default]["ipv6"][nexthop].emplace_back(prefix,
@@ -1625,7 +1619,7 @@ void tAutotest::convert_ipv6LabelledUpdate(const std::string& string)
 	std::string prefix = string.substr(0, string.find(" -> "));
 	std::string nexthops = string.substr(string.find(" -> ") + 4);
 
-	for (const auto& nexthop_label : split(nexthops))
+	for (const auto& nexthop_label : utils::split(nexthops, ' '))
 	{
 		std::string nexthop = nexthop_label.substr(0, nexthop_label.find("|"));
 		std::string label = nexthop_label.substr(nexthop_label.find("|") + 1);
@@ -1741,7 +1735,7 @@ bool tAutotest::step_memorize_counter_value(const YAML::Node& yamlStep)
 
 	uint32_t coreId = std::stoi(yamlStep.as<std::string>().substr(delim_pos + 1));
 
-	const auto response = dataPlane.get_counter_by_name({counter_name, coreId});
+	const auto response = common::sdp::SdpClient::GetCounterByName(sdp_data, counter_name, coreId);
 
 	if (response.empty())
 	{
@@ -1800,7 +1794,7 @@ bool tAutotest::step_diff_with_kept_counter_value(const YAML::Node& yamlStep)
 		return false;
 	}
 
-	const auto response = dataPlane.get_counter_by_name({counter_name, coreId});
+	const auto response = common::sdp::SdpClient::GetCounterByName(sdp_data, counter_name, coreId);
 
 	if (response.empty())
 	{
@@ -1854,7 +1848,7 @@ std::string exec(const char* cmd)
 
 	try
 	{
-		while (fgets(buffer, sizeof buffer, pipe) != NULL)
+		while (fgets(buffer, sizeof buffer, pipe) != nullptr)
 		{
 			result += buffer;
 		}
@@ -1906,7 +1900,7 @@ common::bufferring::item_t* read_shm_packet(common::bufferring* buffer, uint64_t
 	{
 		return nullptr;
 	}
-	common::bufferring::item_t* item = (common::bufferring::item_t*)((uintptr_t)buffer->ring->memory + (position * buffer->unit_size));
+	auto* item = (common::bufferring::item_t*)((uintptr_t)buffer->ring->memory + (position * buffer->unit_size));
 	return item;
 }
 
@@ -1916,11 +1910,11 @@ bool tAutotest::step_dumpPackets(const YAML::Node& yamlStep,
 	TextDumper dumper;
 	for (const auto& yamlDump : yamlStep)
 	{
-		std::string tag = yamlDump["ringTag"].as<std::string>();
+		auto tag = yamlDump["ringTag"].as<std::string>();
 		std::string expectFilePath = path + "/" + yamlDump["expect"].as<std::string>();
 		bool success = true;
 
-		common::bufferring* ring;
+		common::bufferring* ring = nullptr;
 		{ /// searching memory ring by tag
 			auto it = dumpRings.find(tag);
 			if (it == dumpRings.end())
@@ -1931,7 +1925,7 @@ bool tAutotest::step_dumpPackets(const YAML::Node& yamlStep,
 			ring = &it->second;
 		}
 
-		pcap_t* pcap;
+		pcap_t* pcap = nullptr;
 		{ /// open pcap file with expected data
 			char pcap_errbuf[PCAP_ERRBUF_SIZE];
 			pcap = pcap_open_offline(expectFilePath.data(), pcap_errbuf);
@@ -1943,8 +1937,8 @@ bool tAutotest::step_dumpPackets(const YAML::Node& yamlStep,
 		}
 
 		struct pcap_pkthdr header;
-		const u_char* pcap_packet;
-		common::bufferring::item_t* shm_packet;
+		const u_char* pcap_packet = nullptr;
+		common::bufferring::item_t* shm_packet = nullptr;
 		uint64_t position = 0;
 
 		/// read packets from pcap and compare them with packets from memory ring
@@ -1988,7 +1982,7 @@ bool tAutotest::step_dumpPackets(const YAML::Node& yamlStep,
 			if (dumpPackets)
 			{
 				YANET_LOG_DEBUG("dump [%s]: unexpected %u\n", tag.data(), shm_packet->header.size);
-				dumper.dump(NULL, NULL, shm_packet->memory, shm_packet->memory + header.len);
+				dumper.dump(nullptr, nullptr, shm_packet->memory, shm_packet->memory + header.len);
 			}
 		}
 
@@ -2013,4 +2007,4 @@ void tAutotest::fflushSharedMemory()
 	memset(memaddr, 0, size);
 }
 
-} // namespace autotest
\ No newline at end of file
+} // namespace autotest
diff --git a/autotest/autotest.h b/autotest/autotest.h
index edd2c840..1725a16c 100644
--- a/autotest/autotest.h
+++ b/autotest/autotest.h
@@ -11,6 +11,7 @@
 #include "common/icontrolplane.h"
 #include "common/idataplane.h"
 #include "common/result.h"
+#include "common/sdpcommon.h"
 
 namespace nAutotest
 {
@@ -35,7 +36,7 @@ class tAutotest
 {
 public:
 	tAutotest();
-	~tAutotest();
+	~tAutotest() = default;
 
 	eResult init(const std::string& binaryPath,
 	             bool dumpPackets,
@@ -96,6 +97,7 @@ class tAutotest
 
 	interface::dataPlane dataPlane;
 	interface::controlPlane controlPlane;
+	common::sdp::DataPlaneInSharedMemory sdp_data;
 
 	common::idp::getConfig::response dataPlaneConfig;
 	common::idp::get_shm_info::response dataPlaneSharedMemory;
diff --git a/autotest/main.cpp b/autotest/main.cpp
index eedeade2..f007132d 100644
--- a/autotest/main.cpp
+++ b/autotest/main.cpp
@@ -1,6 +1,4 @@
-#include <signal.h>
-
-#include <iostream>
+#include <csignal>
 
 #include "common/result.h"
 
@@ -45,7 +43,7 @@ int main(int argc,
 	/** @todo
 	if (signal(SIGINT, handleSignal) == SIG_ERR)
 	{
-		return 3;
+	        return 3;
 	}
 	*/
 
diff --git a/autotest/units/001_one_port/036_firewall_keepstate/autotest.yaml b/autotest/units/001_one_port/036_firewall_keepstate/autotest.yaml
index f79a3246..79c2772d 100644
--- a/autotest/units/001_one_port/036_firewall_keepstate/autotest.yaml
+++ b/autotest/units/001_one_port/036_firewall_keepstate/autotest.yaml
@@ -1,6 +1,21 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
diff --git a/autotest/units/001_one_port/036_firewall_keepstate/controlplane_keepstate.conf b/autotest/units/001_one_port/036_firewall_keepstate/controlplane_keepstate.conf
new file mode 100644
index 00000000..98d3dfec
--- /dev/null
+++ b/autotest/units/001_one_port/036_firewall_keepstate/controlplane_keepstate.conf
@@ -0,0 +1,42 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/036_firewall_keepstate/firewall.txt b/autotest/units/001_one_port/036_firewall_keepstate/firewall.txt
index 38585f7c..dd8d6708 100644
--- a/autotest/units/001_one_port/036_firewall_keepstate/firewall.txt
+++ b/autotest/units/001_one_port/036_firewall_keepstate/firewall.txt
@@ -2,6 +2,7 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow udp from 11.0.0.0/24 to any 53 keep-state
-add allow udp from any to 2a03:6b8:ff1c:2030::/60 53 keep-state
+add allow udp from 11.0.0.0/24 to any 53 record-state
+add allow udp from any to 2a03:6b8:ff1c:2030::/60 53 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/036_firewall_keepstate/firewall_keepstate.txt b/autotest/units/001_one_port/036_firewall_keepstate/firewall_keepstate.txt
new file mode 100644
index 00000000..38585f7c
--- /dev/null
+++ b/autotest/units/001_one_port/036_firewall_keepstate/firewall_keepstate.txt
@@ -0,0 +1,7 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow udp from 11.0.0.0/24 to any 53 keep-state
+add allow udp from any to 2a03:6b8:ff1c:2030::/60 53 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/037_firewall_keepstate_with_sync/autotest.yaml b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/autotest.yaml
index d035a819..4796b30e 100644
--- a/autotest/units/001_one_port/037_firewall_keepstate_with_sync/autotest.yaml
+++ b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/autotest.yaml
@@ -1,6 +1,40 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 004-send.pcap
+    expect: 004-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 005-send.pcap
+    expect: 005-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 006-send.pcap
+    expect: 006-expect.pcap
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
diff --git a/autotest/units/001_one_port/037_firewall_keepstate_with_sync/controlplane_keepstate.conf b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/controlplane_keepstate.conf
new file mode 100644
index 00000000..9e4cc575
--- /dev/null
+++ b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/controlplane_keepstate.conf
@@ -0,0 +1,64 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.2000": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "2000",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "synchronization": {
+        "ipv6SourceAddress": "fe80::f1",
+        "multicastIpv6Address": "ff02::1",
+        "multicastDestinationPort": 11995,
+        "logicalPorts": [
+            "lp0.2000"
+        ],
+        "ingressNextModule": "vrf0"
+      },
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        },
+        "kni0.2000": {
+          "ipAddresses": ["ff02::2000"],
+          "neighborIPv6Address": "fe80::2000",
+          "neighborMacAddress": "00:00:00:33:33:33",
+          "nextModule": "lp0.2000"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall.txt b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall.txt
index aabcef63..ffaa4284 100644
--- a/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall.txt
+++ b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall.txt
@@ -2,6 +2,7 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow udp from 10.0.0.0/24 to any 53 keep-state
-add allow udp from any to 2121:bbb8:ff1c:2030::/60 53 keep-state
+add allow udp from 10.0.0.0/24 to any 53 record-state
+add allow udp from any to 2121:bbb8:ff1c:2030::/60 53 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall_keepstate.txt b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall_keepstate.txt
new file mode 100644
index 00000000..aabcef63
--- /dev/null
+++ b/autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall_keepstate.txt
@@ -0,0 +1,7 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow udp from 10.0.0.0/24 to any 53 keep-state
+add allow udp from any to 2121:bbb8:ff1c:2030::/60 53 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/autotest.yaml b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/autotest.yaml
index 03cef021..811d356b 100644
--- a/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/autotest.yaml
+++ b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/autotest.yaml
@@ -1,6 +1,46 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 004-send.pcap
+    expect: 004-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 005-send.pcap
+    expect: 005-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 006-send.pcap
+    expect: 006-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 007-send.pcap
+    expect: 007-expect.pcap
+- cli: "fw list states | grep 'allow tcp from 2a22:6b8:ff1c:2030::1 12345 to 1111:2222::1 777' | grep 'flags SAF:SAF'"
+- cli: "fw list states | grep 'allow tcp from 1.1.1.10 54321 to 12.0.0.10 10000' | grep 'flags S:S'"
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
diff --git a/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/controlplane_keepstate.conf b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/controlplane_keepstate.conf
new file mode 100644
index 00000000..9e4cc575
--- /dev/null
+++ b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/controlplane_keepstate.conf
@@ -0,0 +1,64 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.2000": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "2000",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "synchronization": {
+        "ipv6SourceAddress": "fe80::f1",
+        "multicastIpv6Address": "ff02::1",
+        "multicastDestinationPort": 11995,
+        "logicalPorts": [
+            "lp0.2000"
+        ],
+        "ingressNextModule": "vrf0"
+      },
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        },
+        "kni0.2000": {
+          "ipAddresses": ["ff02::2000"],
+          "neighborIPv6Address": "fe80::2000",
+          "neighborMacAddress": "00:00:00:33:33:33",
+          "nextModule": "lp0.2000"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall.txt b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall.txt
index f23b28e8..084006e1 100644
--- a/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall.txt
+++ b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall.txt
@@ -2,6 +2,7 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow tcp from 12.0.0.0/24 to any 12345 keep-state
-add allow tcp from any to 2a22:6b8:ff1c:2030::/60 12345 keep-state
+add allow tcp from 12.0.0.0/24 to any 12345 record-state
+add allow tcp from any to 2a22:6b8:ff1c:2030::/60 12345 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall_keepstate.txt b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall_keepstate.txt
new file mode 100644
index 00000000..f23b28e8
--- /dev/null
+++ b/autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall_keepstate.txt
@@ -0,0 +1,7 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow tcp from 12.0.0.0/24 to any 12345 keep-state
+add allow tcp from any to 2a22:6b8:ff1c:2030::/60 12345 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/autotest.yaml b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/autotest.yaml
index 14d809f0..a053c054 100644
--- a/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/autotest.yaml
+++ b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/autotest.yaml
@@ -1,6 +1,44 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 004-send.pcap
+    expect: 004-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 005-send.pcap
+    expect: 005-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 006-send.pcap
+    expect: 006-expect.pcap
+- sendPackets:
+    - port: kni0
+      send: 007-send.pcap
+      expect: 007-expect.pcap
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
diff --git a/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/controlplane_keepstate.conf b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/controlplane_keepstate.conf
new file mode 100644
index 00000000..9e4cc575
--- /dev/null
+++ b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/controlplane_keepstate.conf
@@ -0,0 +1,64 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.2000": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "2000",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "synchronization": {
+        "ipv6SourceAddress": "fe80::f1",
+        "multicastIpv6Address": "ff02::1",
+        "multicastDestinationPort": 11995,
+        "logicalPorts": [
+            "lp0.2000"
+        ],
+        "ingressNextModule": "vrf0"
+      },
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        },
+        "kni0.2000": {
+          "ipAddresses": ["ff02::2000"],
+          "neighborIPv6Address": "fe80::2000",
+          "neighborMacAddress": "00:00:00:33:33:33",
+          "nextModule": "lp0.2000"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall.txt b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall.txt
index 7ba1b01a..c68ee906 100644
--- a/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall.txt
+++ b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall.txt
@@ -2,7 +2,8 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow ip from 13.0.0.0/24 to any keep-state
-add allow ip from any to 2332:898:ff1c:2030::/64 keep-state
-add allow tcp from 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: to 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: 10053 keep-state
+add allow ip from 13.0.0.0/24 to any record-state
+add allow ip from any to 2332:898:ff1c:2030::/64 record-state
+add allow tcp from 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: to 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: 10053 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall_keepstate.txt b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall_keepstate.txt
new file mode 100644
index 00000000..7ba1b01a
--- /dev/null
+++ b/autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall_keepstate.txt
@@ -0,0 +1,8 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow ip from 13.0.0.0/24 to any keep-state
+add allow ip from any to 2332:898:ff1c:2030::/64 keep-state
+add allow tcp from 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: to 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: 10053 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/autotest.yaml b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/autotest.yaml
index 5bb93d47..d2263f5e 100644
--- a/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/autotest.yaml
+++ b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/autotest.yaml
@@ -1,6 +1,8 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
@@ -10,3 +12,18 @@ steps:
   - port: kni0
     send: 002-send.pcap
     expect: 002-expect.pcap
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- clearFWState: 1
diff --git a/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/controlplane_keepstate.conf b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/controlplane_keepstate.conf
new file mode 100644
index 00000000..9e4cc575
--- /dev/null
+++ b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/controlplane_keepstate.conf
@@ -0,0 +1,64 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.2000": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "2000",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "synchronization": {
+        "ipv6SourceAddress": "fe80::f1",
+        "multicastIpv6Address": "ff02::1",
+        "multicastDestinationPort": 11995,
+        "logicalPorts": [
+            "lp0.2000"
+        ],
+        "ingressNextModule": "vrf0"
+      },
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        },
+        "kni0.2000": {
+          "ipAddresses": ["ff02::2000"],
+          "neighborIPv6Address": "fe80::2000",
+          "neighborMacAddress": "00:00:00:33:33:33",
+          "nextModule": "lp0.2000"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall.txt b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall.txt
index b26438d7..75176e15 100644
--- a/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall.txt
+++ b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall.txt
@@ -1,3 +1,4 @@
 :BEGIN
+add check-state
 add deny ip from any to any
 
diff --git a/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall_keepstate.txt b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall_keepstate.txt
new file mode 100644
index 00000000..8c1fb879
--- /dev/null
+++ b/autotest/units/001_one_port/041_firewall_keepstate_with_sync_multi_state_in_single_packet/firewall_keepstate.txt
@@ -0,0 +1,3 @@
+:BEGIN
+add deny ip from any to any keep-state
+
diff --git a/autotest/units/001_one_port/045_firewall_out/firewall.txt b/autotest/units/001_one_port/045_firewall_out/firewall.txt
index 39d1f64b..2f4949f6 100644
--- a/autotest/units/001_one_port/045_firewall_out/firewall.txt
+++ b/autotest/units/001_one_port/045_firewall_out/firewall.txt
@@ -38,7 +38,7 @@ add deny ip from any to any
 :SKP2
 add allow tcp from f805@2222:898:c00::/40 to { 2222:898:bf00:400::1 } 443
 
-add allow tcp from f805@2222:898:c00::/40 to { 2222:898:bf00:400::2 } 443 keep-state
+add allow tcp from f805@2222:898:c00::/40 to { 2222:898:bf00:400::2 } 443 record-state
 
 add allow ip from any to any frag
 add deny tcp from any to any tcpflags rst
diff --git a/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml b/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml
index d7eafc9a..43d17796 100644
--- a/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml
+++ b/autotest/units/001_one_port/050_firewall_state_resend/autotest.yaml
@@ -1,6 +1,70 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- sleep: 10
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 004-send.pcap
+    expect: 004-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 005-send.pcap
+    expect: 005-expect.pcap
+- sleep: 9
+- sendPackets:
+  - port: kni0
+    send: 006-send.pcap
+    expect: 006-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 007-send.pcap
+    expect: 007-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 008-send.pcap
+    expect: 008-expect.pcap
+- sleep: 10
+- sendPackets:
+  - port: kni0
+    send: 009-send.pcap
+    expect: 009-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 010-send.pcap
+    expect: 010-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 011-send.pcap
+    expect: 011-expect.pcap
+- sleep: 9
+- sendPackets:
+  - port: kni0
+    send: 012-send.pcap
+    expect: 012-expect.pcap
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
diff --git a/autotest/units/001_one_port/050_firewall_state_resend/controlplane_keepstate.conf b/autotest/units/001_one_port/050_firewall_state_resend/controlplane_keepstate.conf
new file mode 100644
index 00000000..9e4cc575
--- /dev/null
+++ b/autotest/units/001_one_port/050_firewall_state_resend/controlplane_keepstate.conf
@@ -0,0 +1,64 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.2000": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "2000",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "synchronization": {
+        "ipv6SourceAddress": "fe80::f1",
+        "multicastIpv6Address": "ff02::1",
+        "multicastDestinationPort": 11995,
+        "logicalPorts": [
+            "lp0.2000"
+        ],
+        "ingressNextModule": "vrf0"
+      },
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        },
+        "kni0.2000": {
+          "ipAddresses": ["ff02::2000"],
+          "neighborIPv6Address": "fe80::2000",
+          "neighborMacAddress": "00:00:00:33:33:33",
+          "nextModule": "lp0.2000"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt b/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt
index 9554503a..1959f6e5 100644
--- a/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt
+++ b/autotest/units/001_one_port/050_firewall_state_resend/firewall.txt
@@ -2,6 +2,7 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow udp from 10.0.0.0/24 to any 53 keep-state
-add allow udp from any to 2020:ddd:ff1c:2030::/60 53 keep-state
+add allow udp from 10.0.0.0/24 to any 53 record-state
+add allow udp from any to 2020:ddd:ff1c:2030::/60 53 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/050_firewall_state_resend/firewall_keepstate.txt b/autotest/units/001_one_port/050_firewall_state_resend/firewall_keepstate.txt
new file mode 100644
index 00000000..9554503a
--- /dev/null
+++ b/autotest/units/001_one_port/050_firewall_state_resend/firewall_keepstate.txt
@@ -0,0 +1,7 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow udp from 10.0.0.0/24 to any 53 keep-state
+add allow udp from any to 2020:ddd:ff1c:2030::/60 53 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/autotest.yaml b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/autotest.yaml
index 9f1cc3e0..2b09840a 100644
--- a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/autotest.yaml
+++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/autotest.yaml
@@ -1,6 +1,47 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+- clearFWState: 1
+- sendPackets:
+  - port: kni0
+    send: 004-send.pcap
+    expect: 004-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 005-send.pcap
+    expect: 005-expect.pcap
+- sleep: 1
+- sendPackets:
+  - port: kni0
+    send: 006-send.pcap
+    expect: 006-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 007-send.pcap
+    expect:
+    - 007-expect-tcp.pcap
+    - 007-expect-tech.pcap
+- cli: "fw list states | grep 'allow tcp from 2220:ddd:ff1c:2030::1 12345 to 1111:2222::1 777' | grep 'flags SAF:SAF'"
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/controlplane_keepstate.conf b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/controlplane_keepstate.conf
new file mode 100644
index 00000000..33910b06
--- /dev/null
+++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/controlplane_keepstate.conf
@@ -0,0 +1,67 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.2000": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "2000",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "synchronization": {
+        "ipv6SourceAddress": "fe80::f1",
+        "multicastIpv6Address": "ff02::1",
+        "unicastIpv6SourceAddress": "3333::4444",
+        "unicastIpv6Address": "2222::1111",
+        "multicastDestinationPort": 11995,
+        "unicastDestinationPort": 21995,
+        "logicalPorts": [
+            "lp0.2000"
+        ],
+        "ingressNextModule": "vrf0"
+      },
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        },
+        "kni0.2000": {
+          "ipAddresses": ["ff02::2000"],
+          "neighborIPv6Address": "fe80::2000",
+          "neighborMacAddress": "00:00:00:33:33:33",
+          "nextModule": "lp0.2000"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt
index 539109ae..dc5cdb30 100644
--- a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt
+++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt
@@ -2,6 +2,7 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow tcp from 12.0.0.0/24 to any 12345 keep-state
-add allow tcp from any to 2220:ddd:ff1c:2030::/60 12345 keep-state
+add allow tcp from 12.0.0.0/24 to any 12345 record-state
+add allow tcp from any to 2220:ddd:ff1c:2030::/60 12345 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall_keepstate.txt b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall_keepstate.txt
new file mode 100644
index 00000000..539109ae
--- /dev/null
+++ b/autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall_keepstate.txt
@@ -0,0 +1,7 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow tcp from 12.0.0.0/24 to any 12345 keep-state
+add allow tcp from any to 2220:ddd:ff1c:2030::/60 12345 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/052_firewall_samples/autotest.yaml b/autotest/units/001_one_port/052_firewall_samples/autotest.yaml
index 1abe1fd5..a383fb56 100644
--- a/autotest/units/001_one_port/052_firewall_samples/autotest.yaml
+++ b/autotest/units/001_one_port/052_firewall_samples/autotest.yaml
@@ -1,6 +1,32 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
 - ipv6Update: "::/0 -> fe80::1"
+
+- subtest: with check-state and record-state
+- sleep: 1
+- cli: "samples show"
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+- cli: "samples dump | diff - TESTDIR/samples.json"
+- clearFWState: 1
+
+- reload: controlplane_keepstate.conf
+
+- subtest: with just keep-state
 - sleep: 1
 - cli: "samples show"
 - sendPackets:
diff --git a/autotest/units/001_one_port/052_firewall_samples/controlplane_keepstate.conf b/autotest/units/001_one_port/052_firewall_samples/controlplane_keepstate.conf
new file mode 100644
index 00000000..ca255bcc
--- /dev/null
+++ b/autotest/units/001_one_port/052_firewall_samples/controlplane_keepstate.conf
@@ -0,0 +1,43 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall_keepstate.txt",
+      "nextModules": [
+        "vrf0"
+      ],
+      "storeSamples": true
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/052_firewall_samples/firewall.txt b/autotest/units/001_one_port/052_firewall_samples/firewall.txt
index d9986a09..8659e613 100644
--- a/autotest/units/001_one_port/052_firewall_samples/firewall.txt
+++ b/autotest/units/001_one_port/052_firewall_samples/firewall.txt
@@ -2,6 +2,7 @@
 add skipto :IN ip from any to any in
 
 :IN
-add allow tcp from 11.0.0.0/24 to any 53 keep-state
-add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 keep-state
+add allow tcp from 11.0.0.0/24 to any 53 record-state
+add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 record-state
+add check-state
 add deny ip from any to any
diff --git a/autotest/units/001_one_port/052_firewall_samples/firewall_keepstate.txt b/autotest/units/001_one_port/052_firewall_samples/firewall_keepstate.txt
new file mode 100644
index 00000000..d9986a09
--- /dev/null
+++ b/autotest/units/001_one_port/052_firewall_samples/firewall_keepstate.txt
@@ -0,0 +1,7 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add allow tcp from 11.0.0.0/24 to any 53 keep-state
+add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 keep-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml b/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml
index 41862999..f1b4ae9d 100644
--- a/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml
+++ b/autotest/units/001_one_port/059_firewall_tablearg/autotest.yaml
@@ -1,7 +1,8 @@
 steps:
 - ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
-- clearFWState:
+- clearFWState: 1
 - sendPackets:
   - port: kni0
     send: 001-send.pcap
     expect: 001-expect.pcap
+- clearFWState: 1
diff --git a/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt b/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt
index e8c2346d..66f4d26d 100644
--- a/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt
+++ b/autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt
@@ -35,5 +35,5 @@ add deny log logamount 500 all from any to any
 :TUN64_SKP5
 add deny tcp from any to any setup
 add allow udp from any src-port 53 to any dst-port 1025-65535
-add allow ip from any to any keep-state in
+add allow ip from any to any record-state in
 add deny log logamount 500 all from any to any
diff --git a/autotest/units/001_one_port/067_dump_after_term/autotest.yaml b/autotest/units/001_one_port/067_dump_after_term/autotest.yaml
index e6eb3fca..5a50389d 100644
--- a/autotest/units/001_one_port/067_dump_after_term/autotest.yaml
+++ b/autotest/units/001_one_port/067_dump_after_term/autotest.yaml
@@ -6,5 +6,5 @@ steps:
     send: 001-send.pcap
     expect: 001-expect.pcap
 - dumpPackets:
-  - ringTag: ring1
+  - ringTag: shm_2_0
     expect: 001-expect-dump-ring1.pcap
diff --git a/autotest/units/001_one_port/067_dump_default/autotest.yaml b/autotest/units/001_one_port/067_dump_default/autotest.yaml
index e6eb3fca..5a50389d 100644
--- a/autotest/units/001_one_port/067_dump_default/autotest.yaml
+++ b/autotest/units/001_one_port/067_dump_default/autotest.yaml
@@ -6,5 +6,5 @@ steps:
     send: 001-send.pcap
     expect: 001-expect.pcap
 - dumpPackets:
-  - ringTag: ring1
+  - ringTag: shm_2_0
     expect: 001-expect-dump-ring1.pcap
diff --git a/autotest/units/001_one_port/067_dump_with_deny/autotest.yaml b/autotest/units/001_one_port/067_dump_with_deny/autotest.yaml
index e6eb3fca..5a50389d 100644
--- a/autotest/units/001_one_port/067_dump_with_deny/autotest.yaml
+++ b/autotest/units/001_one_port/067_dump_with_deny/autotest.yaml
@@ -6,5 +6,5 @@ steps:
     send: 001-send.pcap
     expect: 001-expect.pcap
 - dumpPackets:
-  - ringTag: ring1
+  - ringTag: shm_2_0
     expect: 001-expect-dump-ring1.pcap
diff --git a/autotest/units/001_one_port/067_intersecting_dump_rules/autotest.yaml b/autotest/units/001_one_port/067_intersecting_dump_rules/autotest.yaml
index 0cdfb29e..d9204293 100644
--- a/autotest/units/001_one_port/067_intersecting_dump_rules/autotest.yaml
+++ b/autotest/units/001_one_port/067_intersecting_dump_rules/autotest.yaml
@@ -6,7 +6,7 @@ steps:
     send: 001-send.pcap
     expect: 001-expect.pcap
 - dumpPackets:
-  - ringTag: ring1
+  - ringTag: shm_2_0
     expect: 001-expect-dump-ring1.pcap
-  - ringTag: ring2
+  - ringTag: shm_2_1
     expect: 001-expect-dump-ring2.pcap
diff --git a/autotest/units/001_one_port/075_counters_route/autotest.yaml b/autotest/units/001_one_port/075_counters_route/autotest.yaml
new file mode 100644
index 00000000..f9f81f55
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_route/autotest.yaml
@@ -0,0 +1,89 @@
+steps:
+
+# default (see neighbor in controlplane.conf)
+- cli: |
+    rib static insert default 0.0.0.0/0 200.0.2.1
+
+#################################################################################################################
+# 1 prepare rib
+#################################################################################################################
+- rib_insert:
+    attribute:
+      protocol: autotest
+    tables:
+    - table_name: ipv4 mpls-vpn
+      peer: 10.10.10.1
+      med: 0
+      large_communities:
+      - 13238:1:1
+      prefixes:
+      - nexthop: 200.0.3.1
+        prefix: 1.0.0.0/24
+        path_information: 200.0.2.1:10001
+        labels:
+        - 1100
+    - table_name: ipv4 mpls-vpn
+      peer: 10.10.10.2
+      med: 0
+      large_communities:
+      - 13238:1:1
+      prefixes:
+      - nexthop: 200.0.4.1
+        prefix: 2.0.0.0/24
+        path_information: 200.0.3.1:10002
+        labels:
+        - 1100
+    - table_name: ipv4 mpls-vpn
+      peer: 10.10.10.2
+      med: 0
+      large_communities:
+      - 13238:1:1
+      prefixes:
+      - nexthop: 200.0.5.1
+        prefix: 3.0.0.0/24
+        path_information: 200.0.3.1:10003
+        labels:
+        - 1100
+
+- cli_check: |
+    rib
+    vrf      priority  protocol  peer        table_name     prefixes  paths  eor
+    -------  --------  --------  ----------  -------------  --------  -----  -----
+    default  10000     autotest  10.10.10.1  ipv4 mpls-vpn  1         1      false
+    default  10000     autotest  10.10.10.2  ipv4 mpls-vpn  2         2      false
+    default  10000     static    ::                         2         2      true
+
+- cli_check: |
+    rib prefixes
+    vrf      priority  prefix      protocol  peer        table_name     path_information  nexthop    labels  local_preference  aspath  origin      med  communities  large_communities
+    -------  --------  ----------  --------  ----------  -------------  ----------------  ---------  ------  ----------------  ------  ----------  ---  -----------  -----------------
+    default  10000     0.0.0.0/0   static    ::                         200.0.2.1         200.0.2.1          0                                     0    n/s          n/s
+    default  10000     1.0.0.0/24  autotest  10.10.10.1  ipv4 mpls-vpn  200.0.2.1:10001   200.0.3.1  1100    0                         incomplete  0    n/s          13238:1:1
+    default  10000     2.0.0.0/24  autotest  10.10.10.2  ipv4 mpls-vpn  200.0.3.1:10002   200.0.4.1  1100    0                         incomplete  0    n/s          13238:1:1
+    default  10000     3.0.0.0/24  autotest  10.10.10.2  ipv4 mpls-vpn  200.0.3.1:10003   200.0.5.1  1100    0                         incomplete  0    n/s          13238:1:1
+    default  10000     fe80::/64   static    ::                                           ::                 0                                     0    n/s          n/s
+
+- cli_check: |
+    route tunnel get route0 1.0.0.0/24
+    ingress_physical_ports  nexthop    label  egress_interface  peer  weight (%)
+    ----------------------  ---------  -----  ----------------  ----  ----------
+    kni0                    200.0.3.1  1100   kni0.200                100.00
+
+#################################################################################################################
+# 2 send packets and check route counters
+#################################################################################################################
+
+- sendPackets:
+    - port: kni0
+      send: send.pcap
+      expect: expect.pcap
+
+- cli:
+  - route counters
+
+- cli:
+  - telegraf route
+
+# cleanup
+- cli: |
+    rib static remove default 0.0.0.0/0 200.0.2.1
diff --git a/autotest/units/001_one_port/075_counters_route/controlplane.conf b/autotest/units/001_one_port/075_counters_route/controlplane.conf
new file mode 100644
index 00000000..2808ddc2
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_route/controlplane.conf
@@ -0,0 +1,64 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "route0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "route0"
+    },
+    "lp0.300": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "300",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "route0"
+    },
+    "lp0.400": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "400",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "route0"
+    },
+    "route0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.2.0/24",
+          "neighborIPv4Address": "200.0.2.1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.200"
+        },
+        "kni0.300": {
+          "ipv4Prefix": "200.0.2.0/24",
+          "neighborIPv4Address": "200.0.3.1",
+          "neighborMacAddress": "00:00:00:11:11:22",
+          "nextModule": "lp0.300"
+        },
+        "kni0.400": {
+          "ipv4Prefix": "200.0.3.0/24",
+          "neighborIPv4Address": "200.0.4.1",
+          "neighborMacAddress": "00:00:00:11:11:33",
+          "nextModule": "lp0.400"
+        },
+        "kni0.500": {
+          "ipv4Prefix": "200.0.3.0/24",
+          "neighborIPv4Address": "200.0.5.1",
+          "neighborMacAddress": "00:00:00:11:11:55",
+          "nextModule": "lp0.400"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/075_counters_route/expect.pcap b/autotest/units/001_one_port/075_counters_route/expect.pcap
new file mode 100644
index 00000000..65c6e28e
Binary files /dev/null and b/autotest/units/001_one_port/075_counters_route/expect.pcap differ
diff --git a/autotest/units/001_one_port/075_counters_route/gen.py b/autotest/units/001_one_port/075_counters_route/gen.py
new file mode 100644
index 00000000..15288f2f
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_route/gen.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from scapy.all import *
+from scapy.contrib.mpls import MPLS
+
+
+def write_pcap(filename, *packetsList):
+	if len(packetsList) == 0:
+		PcapWriter(filename)._write_header(Ether())
+		return
+
+	PcapWriter(filename)
+
+	for packets in packetsList:
+		if type(packets) == list:
+			for packet in packets:
+				packet.time = 0
+				wrpcap(filename, [p for p in packet], append=True)
+		else:
+			packets.time = 0
+			wrpcap(filename, [p for p in packets], append=True)
+
+load_contrib("mpls")
+
+write_pcap("send.pcap",
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.1", src="111.222.111.222", ttl=64)/TCP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.2", src="111.222.111.222", ttl=64)/TCP(),
+	       Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="1.0.0.3", src="111.222.111.222", ttl=64)/TCP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="2.0.0.4", src="111.222.111.222", ttl=64)/TCP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="2.0.0.5", src="111.222.111.222", ttl=64)/TCP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="3.0.0.6", src="111.222.111.222", ttl=64)/TCP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11")/Dot1Q(vlan=100)/IP(dst="4.0.0.7", src="111.222.111.222", ttl=64)/TCP())
+
+write_pcap("expect.pcap",
+           Ether(dst="00:00:00:11:11:22", src="00:11:22:33:44:55")/Dot1Q(vlan=300)/MPLS(label=1100, ttl=0xff)/IP(dst="1.0.0.1", src="111.222.111.222", ttl=63)/TCP(),
+           Ether(dst="00:00:00:11:11:22", src="00:11:22:33:44:55")/Dot1Q(vlan=300)/MPLS(label=1100, ttl=0xff)/IP(dst="1.0.0.2", src="111.222.111.222", ttl=63)/TCP(),
+           Ether(dst="00:00:00:11:11:22", src="00:11:22:33:44:55")/Dot1Q(vlan=300)/MPLS(label=1100, ttl=0xff)/IP(dst="1.0.0.3", src="111.222.111.222", ttl=63)/TCP(),
+           Ether(dst="00:00:00:11:11:33", src="00:11:22:33:44:55")/Dot1Q(vlan=400)/MPLS(label=1100, ttl=0xff)/IP(dst="2.0.0.4", src="111.222.111.222", ttl=63)/TCP(),
+           Ether(dst="00:00:00:11:11:33", src="00:11:22:33:44:55")/Dot1Q(vlan=400)/MPLS(label=1100, ttl=0xff)/IP(dst="2.0.0.5", src="111.222.111.222", ttl=63)/TCP(),
+           Ether(dst="00:00:00:11:11:55", src="00:11:22:33:44:55")/Dot1Q(vlan=400)/MPLS(label=1100, ttl=0xff)/IP(dst="3.0.0.6", src="111.222.111.222", ttl=63)/TCP(),
+           Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="4.0.0.7", src="111.222.111.222", ttl=63)/TCP())
diff --git a/autotest/units/001_one_port/075_counters_route/send.pcap b/autotest/units/001_one_port/075_counters_route/send.pcap
new file mode 100644
index 00000000..9aa4bf0f
Binary files /dev/null and b/autotest/units/001_one_port/075_counters_route/send.pcap differ
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/001-expect.pcap b/autotest/units/001_one_port/075_counters_route_tunnel/001-expect.pcap
new file mode 100644
index 00000000..dbc9c061
Binary files /dev/null and b/autotest/units/001_one_port/075_counters_route_tunnel/001-expect.pcap differ
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/001-send.pcap b/autotest/units/001_one_port/075_counters_route_tunnel/001-send.pcap
new file mode 100644
index 00000000..83750c84
Binary files /dev/null and b/autotest/units/001_one_port/075_counters_route_tunnel/001-send.pcap differ
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/002-expect.pcap b/autotest/units/001_one_port/075_counters_route_tunnel/002-expect.pcap
new file mode 100644
index 00000000..909e6e61
Binary files /dev/null and b/autotest/units/001_one_port/075_counters_route_tunnel/002-expect.pcap differ
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/002-send.pcap b/autotest/units/001_one_port/075_counters_route_tunnel/002-send.pcap
new file mode 100644
index 00000000..85f10e3f
Binary files /dev/null and b/autotest/units/001_one_port/075_counters_route_tunnel/002-send.pcap differ
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/autotest.yaml b/autotest/units/001_one_port/075_counters_route_tunnel/autotest.yaml
new file mode 100644
index 00000000..db8f93ac
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_route_tunnel/autotest.yaml
@@ -0,0 +1,133 @@
+steps:
+- rib_insert:
+    attribute:
+      protocol: autotest
+    tables:
+    - table_name: ipv4 mpls-vpn
+      peer: 0.0.0.0
+      med: 0
+      large_communities:
+      - 13238:1:1
+      prefixes:
+      - nexthop: 88.88.88.1
+        prefix: 1.0.0.0/24
+        path_information: 88.88.88.1:10001
+        labels:
+        - 1100
+      - nexthop: 88.88.88.2
+        prefix: 1.0.0.0/24
+        path_information: 88.88.88.2:10001
+        labels:
+        - 1200
+    - table_name: ipv4 mpls-vpn
+      large_communities:
+      - 13238:1:1
+      prefixes:
+      - nexthop: 88.88.88.1
+        prefix: 1.0.0.254/32
+        path_information: 88.88.88.1:11000
+        labels:
+        - 1100
+      - nexthop: 88.88.88.2
+        prefix: 1.0.0.254/32
+        path_information: 88.88.88.2:11001
+        labels:
+        - 1200
+    - table_name: ipv6 mpls-vpn
+      large_communities:
+      - 13238:1:1
+      prefixes:
+      - nexthop: 8888::1
+        prefix: 7e57::/64
+        path_information: 88.88.88.1:10001
+        labels:
+        - 1100
+      - nexthop: 8888::2
+        prefix: 7e57::/64
+        path_information: 88.88.88.2:10001
+        labels:
+        - 1200
+      - nexthop: 8888::1
+        prefix: 7e57::fffe/128
+        path_information: 88.88.88.1:9999
+        labels:
+        - 1100
+      - nexthop: 8888::2
+        prefix: 7e57::fffe/128
+        path_information: 88.88.88.2:15000
+        labels:
+        - 1200
+    - table_name: ipv4 mpls-vpn
+      peer: 0.0.0.0
+      med: 0
+      large_communities:
+      - 13238:1:0
+      prefixes:
+      - nexthop: 88.88.88.1
+        prefix: 1.0.0.253/32
+        path_information: 88.88.88.1:10001
+        labels:
+        - 1100
+      - nexthop: 88.88.88.2
+        prefix: 1.0.0.253/32
+        path_information: 88.88.88.2:10001
+        labels:
+        - 1200
+    - table_name: ipv4 mpls-vpn
+      peer: 0.0.0.0
+      med: 0
+      prefixes:
+      - nexthop: 88.88.88.1
+        prefix: 1.0.0.252/32
+        path_information: 88.88.88.1:10001
+        labels:
+        - 1100
+      - nexthop: 88.88.88.2
+        prefix: 1.0.0.252/32
+        path_information: 88.88.88.2:10001
+        labels:
+        - 1200
+    - table_name: ipv6 mpls-vpn
+      large_communities:
+      - 13238:1:0
+      prefixes:
+      - nexthop: 8888::1
+        prefix: 7e57::fffd/128
+        path_information: 88.88.88.1:10001
+        labels:
+        - 1100
+      - nexthop: 8888::2
+        prefix: 7e57::fffd/128
+        path_information: 88.88.88.2:10001
+        labels:
+        - 1200
+    - table_name: ipv6 mpls-vpn
+      prefixes:
+      - nexthop: 8888::1
+        prefix: 7e57::fffc/128
+        path_information: 88.88.88.1:10001
+        labels:
+        - 1100
+      - nexthop: 8888::2
+        prefix: 7e57::fffc/128
+        path_information: 88.88.88.2:10001
+        labels:
+        - 1200
+- ipv4Update:
+  - "0.0.0.0/0 -> 100.0.0.1 200.0.0.1"
+- ipv6Update:
+  - "::/0 -> c0de::100:1 c0de::200:1"
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+
+- cli:
+  - route tunnel counters
+
+- cli:
+  - telegraf route tunnel
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/controlplane.conf b/autotest/units/001_one_port/075_counters_route_tunnel/controlplane.conf
new file mode 100644
index 00000000..224078a3
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_route_tunnel/controlplane.conf
@@ -0,0 +1,69 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "nextModules": [
+        "decap0",
+        "decap1"
+      ]
+    },
+    "decap0": {
+      "type": "decap",
+      "ipv6DestinationPrefixes": [
+        "2222::aaaa/128"
+      ],
+      "nextModule": "route0"
+    },
+    "decap1": {
+      "type": "decap",
+      "ipv6DestinationPrefixes": [
+        "2222::cccc/128"
+      ],
+      "ipv6_enabled": true,
+      "nextModule": "route0:tunnel"
+    },
+    "route0": {
+      "type": "route",
+      "ipv4SourceAddress": "10.50.0.1",
+      "ipv6SourceAddress": "2222:1111:0:1234:5678:0101:ca11:ca11",
+      "udpDestinationPort": 6635,
+      "interfaces": {
+        "kni0.100": {
+          "neighborIPv4Address": "100.0.0.1",
+          "neighborIPv6Address": "c0de::100:1",
+          "neighborMacAddress": "00:00:00:00:00:01",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborIPv6Address": "c0de::200:1",
+          "neighborMacAddress": "00:00:00:00:00:02",
+          "nextModule": "lp0.200"
+        }
+      },
+      "localPrefixes": [
+        "1.0.0.255/32",
+        "7e57::ffff/128"
+      ],
+      "peers": {
+        "1": "A",
+        "2": "B",
+        "3": "C"
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/075_counters_route_tunnel/gen.py b/autotest/units/001_one_port/075_counters_route_tunnel/gen.py
new file mode 100755
index 00000000..0629de99
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_route_tunnel/gen.py
@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from scapy.all import *
+from scapy.contrib.mpls import MPLS
+
+
+def write_pcap(filename, *packetsList):
+	if len(packetsList) == 0:
+		PcapWriter(filename)._write_header(Ether())
+		return
+
+	PcapWriter(filename)
+
+	for packets in packetsList:
+		if type(packets) == list:
+			for packet in packets:
+				packet.time = 0
+				wrpcap(filename, [p for p in packet], append=True)
+		else:
+			packets.time = 0
+			wrpcap(filename, [p for p in packets], append=True)
+
+
+write_pcap("001-send.pcap",
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::2", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::3", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::4", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::5", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::6", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::7", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::8", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::9", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::10", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::11", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::12", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::13", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::14", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::15", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::16", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP())
+
+write_pcap("001-expect.pcap",
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP())
+
+write_pcap("002-send.pcap",
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=1)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=2)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=3)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=4)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=5)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=6)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=7)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=8)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=9)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=10)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=11)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=12)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=13)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=14)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=15)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP(),
+           Ether(dst="00:11:22:33:44:55", src="00:00:00:00:00:01")/Dot1Q(vlan=100)/IPv6(dst="2222::cccc", src="::1", fl=16)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=64)/ICMP())
+
+write_pcap("002-expect.pcap",
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x00d4 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x89ed | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x2355 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x9b9f | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x3127 | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0xb81e | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x12a6 | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0xc98a | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x6332 | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0xea0b | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.2", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x40b3 | 0xc000, chksum=0)/MPLS(label=1200, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0xf879 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x52c1 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0xdbf8 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:01", src="00:11:22:33:44:55")/Dot1Q(vlan=100)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x7140 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP(),
+           Ether(dst="00:00:00:00:00:02", src="00:11:22:33:44:55")/Dot1Q(vlan=200)/IP(dst="88.88.88.1", src="10.50.0.1", ttl=64)/UDP(dport=6635, sport=0x1b51 | 0xc000, chksum=0)/MPLS(label=1100, ttl=255)/IP(dst="1.0.0.1", src="0.0.0.0", ttl=63)/ICMP())
+
+
diff --git a/autotest/units/001_one_port/075_counters_shared_memory/autotest.yaml b/autotest/units/001_one_port/075_counters_shared_memory/autotest.yaml
new file mode 100644
index 00000000..ff96e5f0
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_shared_memory/autotest.yaml
@@ -0,0 +1,5 @@
+steps:
+- cli: "telegraf counters"
+- cli: "telegraf bus"
+- cli: "bus errors"
+- cli: "bus requests"
diff --git a/autotest/units/001_one_port/075_counters_shared_memory/controlplane.conf b/autotest/units/001_one_port/075_counters_shared_memory/controlplane.conf
new file mode 100644
index 00000000..a49ff792
--- /dev/null
+++ b/autotest/units/001_one_port/075_counters_shared_memory/controlplane.conf
@@ -0,0 +1,32 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "vrf0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "vrf0"
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.200"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/077_state_timeout/001-expect.pcap b/autotest/units/001_one_port/077_state_timeout/001-expect.pcap
new file mode 100644
index 00000000..fddb8179
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout/001-expect.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout/001-send.pcap b/autotest/units/001_one_port/077_state_timeout/001-send.pcap
new file mode 100644
index 00000000..6bd24cbe
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout/001-send.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout/autotest.yaml b/autotest/units/001_one_port/077_state_timeout/autotest.yaml
new file mode 100644
index 00000000..3f62be71
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout/autotest.yaml
@@ -0,0 +1,36 @@
+steps:
+- ipv4Update: "0.0.0.0/0 -> 10.0.0.2"
+
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+
+- cli: fw list states | grep -q "allow tcp from 10.0.0.1 80 to 10.0.0.2 12345"
+
+- sleep: 6  # Wait for state to expire
+
+- cli_check: |
+    fw list states
+    id  ruleno  label  rule
+    --  ------  -----  ----
+
+- clearFWState: 1
+
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+
+- cli: fw list states | grep -q "allow tcp from 10.0.0.1 80 to 10.0.0.2 12345"
+
+- sleep: 3  # Wait but state should still be present
+
+- cli: fw list states | grep -q "allow tcp from 10.0.0.1 80 to 10.0.0.2 12345"
+
+- sleep: 3  # Wait for state to expire
+
+- cli_check: |
+    fw list states
+    id  ruleno  label  rule
+    --  ------  -----  ----
diff --git a/autotest/units/001_one_port/077_state_timeout/controlplane.conf b/autotest/units/001_one_port/077_state_timeout/controlplane.conf
new file mode 100644
index 00000000..7cbab619
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout/controlplane.conf
@@ -0,0 +1,26 @@
+{
+  "modules": {
+    "lp0": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall.txt",
+      "nextModules": ["vrf0"]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0": {
+          "ipv4Prefix": "10.0.0.1/24",
+          "neighborIPv4Address": "10.0.0.2",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/077_state_timeout/firewall.txt b/autotest/units/001_one_port/077_state_timeout/firewall.txt
new file mode 100644
index 00000000..a719ec80
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout/firewall.txt
@@ -0,0 +1,9 @@
+:BEGIN
+add state-timeout 1 ip from any to any
+add state-timeout 2 ip from any to any
+add state-timeout 3 ip from any to any
+add state-timeout 4 ip from any to any
+add state-timeout 5 ip from any to any
+# only the last occurence matters
+add allow ip from any to any keep-state
+
diff --git a/autotest/units/001_one_port/077_state_timeout/gen.py b/autotest/units/001_one_port/077_state_timeout/gen.py
new file mode 100644
index 00000000..1c886159
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout/gen.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import List
+
+from scapy.layers.inet import IP, TCP
+from scapy.layers.l2 import Ether
+from scapy.packet import Packet
+from scapy.utils import PcapWriter
+
+def write_pcap(path: str, packets: List[Packet]) -> None:
+    with PcapWriter(path, sync=True) as fh:
+        for p in packets:
+            fh.write(p)
+
+def ipv4_send(src: str, dst: str) -> Packet:
+    return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / IP(src=src, dst=dst, ttl=64)
+
+def ipv4_recv(src: str, dst: str) -> Packet:
+    return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / IP(src=src, dst=dst, ttl=63)
+
+# Send packet from 10.0.0.2 to 10.0.0.1
+write_pcap("001-send.pcap", [
+    ipv4_send("10.0.0.2", "10.0.0.1") / TCP(sport=12345, dport=80, flags="S"),
+])
+
+# Expect the packet forwarded
+write_pcap("001-expect.pcap", [
+    ipv4_recv("10.0.0.2", "10.0.0.1") / TCP(sport=12345, dport=80, flags="S"),
+])
diff --git a/autotest/units/001_one_port/077_state_timeout_different_groups/001-expect.pcap b/autotest/units/001_one_port/077_state_timeout_different_groups/001-expect.pcap
new file mode 100644
index 00000000..0eeb4fa9
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_different_groups/001-expect.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_different_groups/001-send.pcap b/autotest/units/001_one_port/077_state_timeout_different_groups/001-send.pcap
new file mode 100644
index 00000000..6f39337a
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_different_groups/001-send.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_different_groups/autotest.yaml b/autotest/units/001_one_port/077_state_timeout_different_groups/autotest.yaml
new file mode 100644
index 00000000..5a6d588b
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_different_groups/autotest.yaml
@@ -0,0 +1,38 @@
+steps:
+- ipv4Update: "0.0.0.0/0 -> 10.0.0.2"
+
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+
+- cli_check: |
+    fw list states
+    id        ruleno    label  rule
+    --------  --------  -----  ------------------------------------------------------------------------------------------------
+    16777215  16777215         allow tcp from 10.0.0.1 80 to 192.168.1.10 12345 [own, last seen: 2s ago flags S:][packets: 0/0]
+    16777216  16777215         allow tcp from 10.0.0.1 80 to 192.168.2.20 12346 [own, last seen: 2s ago flags S:][packets: 0/0]
+
+- sleep: 3  # Wait, states should still be present
+
+- cli_check: |
+    fw list states
+    id        ruleno    label  rule
+    --------  --------  -----  ------------------------------------------------------------------------------------------------
+    16777215  16777215         allow tcp from 10.0.0.1 80 to 192.168.1.10 12345 [own, last seen: 5s ago flags S:][packets: 0/0]
+    16777216  16777215         allow tcp from 10.0.0.1 80 to 192.168.2.20 12346 [own, last seen: 5s ago flags S:][packets: 0/0]
+
+- sleep: 3  # Wait for first state to expire (total sleep 6s)
+
+- cli_check: |
+    fw list states
+    id        ruleno    label  rule
+    --------  --------  -----  ------------------------------------------------------------------------------------------------
+    16777215  16777215         allow tcp from 10.0.0.1 80 to 192.168.2.20 12346 [own, last seen: 8s ago flags S:][packets: 0/0]
+
+- sleep: 3  # Wait for second state to expire (total sleep 9s)
+
+- cli_check: |
+    fw list states
+    id  ruleno  label  rule
+    --  ------  -----  ----
diff --git a/autotest/units/001_one_port/077_state_timeout_different_groups/controlplane.conf b/autotest/units/001_one_port/077_state_timeout_different_groups/controlplane.conf
new file mode 100644
index 00000000..7cbab619
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_different_groups/controlplane.conf
@@ -0,0 +1,26 @@
+{
+  "modules": {
+    "lp0": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall.txt",
+      "nextModules": ["vrf0"]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0": {
+          "ipv4Prefix": "10.0.0.1/24",
+          "neighborIPv4Address": "10.0.0.2",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/077_state_timeout_different_groups/firewall.txt b/autotest/units/001_one_port/077_state_timeout_different_groups/firewall.txt
new file mode 100644
index 00000000..673febc8
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_different_groups/firewall.txt
@@ -0,0 +1,4 @@
+:BEGIN
+add state-timeout 5 ip from 192.168.1.0/24 to any
+add state-timeout 10 ip from 192.168.2.0/24 to any
+add allow ip from any to any keep-state
diff --git a/autotest/units/001_one_port/077_state_timeout_different_groups/gen.py b/autotest/units/001_one_port/077_state_timeout_different_groups/gen.py
new file mode 100644
index 00000000..9b7bc692
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_different_groups/gen.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import List
+
+from scapy.layers.inet import IP, TCP
+from scapy.layers.l2 import Ether
+from scapy.packet import Packet
+from scapy.utils import PcapWriter
+
+def write_pcap(path: str, packets: List[Packet]) -> None:
+    with PcapWriter(path, sync=True) as fh:
+        for p in packets:
+            fh.write(p)
+
+def ipv4_send(src: str, dst: str, ttl: int = 64) -> Packet:
+    return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / IP(src=src, dst=dst, ttl=ttl)
+
+def ipv4_recv(src: str, dst: str, ttl: int = 63) -> Packet:
+    return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / IP(src=src, dst=dst, ttl=ttl)
+
+# Send packets from two different subnets
+write_pcap("001-send.pcap", [
+    ipv4_send("192.168.1.10", "10.0.0.1") / TCP(sport=12345, dport=80, flags="S"),
+    ipv4_send("192.168.2.20", "10.0.0.1") / TCP(sport=12346, dport=80, flags="S"),
+])
+
+# Expect the same packets forwarded
+write_pcap("001-expect.pcap", [
+    ipv4_recv("192.168.1.10", "10.0.0.1") / TCP(sport=12345, dport=80, flags="S"),
+    ipv4_recv("192.168.2.20", "10.0.0.1") / TCP(sport=12346, dport=80, flags="S"),
+])
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/001-expect-dump-ring1.pcap b/autotest/units/001_one_port/077_state_timeout_with_dump/001-expect-dump-ring1.pcap
new file mode 100644
index 00000000..c0cc6615
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_with_dump/001-expect-dump-ring1.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/001-expect.pcap b/autotest/units/001_one_port/077_state_timeout_with_dump/001-expect.pcap
new file mode 100644
index 00000000..535358ac
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_with_dump/001-expect.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/001-send.pcap b/autotest/units/001_one_port/077_state_timeout_with_dump/001-send.pcap
new file mode 100644
index 00000000..4ea57dfb
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_with_dump/001-send.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/002-expect-dump-ring1.pcap b/autotest/units/001_one_port/077_state_timeout_with_dump/002-expect-dump-ring1.pcap
new file mode 100644
index 00000000..8c9d89d8
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_with_dump/002-expect-dump-ring1.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/002-expect.pcap b/autotest/units/001_one_port/077_state_timeout_with_dump/002-expect.pcap
new file mode 100644
index 00000000..bcd52bf0
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_with_dump/002-expect.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/002-send.pcap b/autotest/units/001_one_port/077_state_timeout_with_dump/002-send.pcap
new file mode 100644
index 00000000..bc24465e
Binary files /dev/null and b/autotest/units/001_one_port/077_state_timeout_with_dump/002-send.pcap differ
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/autotest.yaml b/autotest/units/001_one_port/077_state_timeout_with_dump/autotest.yaml
new file mode 100644
index 00000000..0f7310a8
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_with_dump/autotest.yaml
@@ -0,0 +1,47 @@
+steps:
+- ipv4Update: "0.0.0.0/0 -> 10.0.0.2"
+
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+
+- dumpPackets:
+  - ringTag: shm_2_0
+    expect: 001-expect-dump-ring1.pcap
+
+- cli: fw list states | grep -q "allow udp from 10.0.0.1 53 to 10.0.0.10 1024"
+
+- sleep: 3  # Wait, state should still be present
+
+- cli: fw list states | grep -q "allow udp from 10.0.0.1 53 to 10.0.0.10 1024"
+
+- sleep: 3  # Wait for state to expire (total sleep 6s)
+
+- cli_check: |
+    fw list states
+    id  ruleno  label  rule
+    --  ------  -----  ----
+
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+
+- dumpPackets:
+  - ringTag: shm_2_0
+    expect: 002-expect-dump-ring1.pcap
+
+- cli: fw list states | grep -q "allow udp from 10.0.0.1 53 to 10.0.0.10 1024"
+
+- sleep: 3  # Wait, state should still be present
+
+- cli: fw list states | grep -q "allow udp from 10.0.0.1 53 to 10.0.0.10 1024"
+
+- sleep: 3  # Wait for state to expire (total sleep 6s)
+
+- cli_check: |
+    fw list states
+    id  ruleno  label  rule
+    --  ------  -----  ----
+
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/controlplane.conf b/autotest/units/001_one_port/077_state_timeout_with_dump/controlplane.conf
new file mode 100644
index 00000000..7cbab619
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_with_dump/controlplane.conf
@@ -0,0 +1,26 @@
+{
+  "modules": {
+    "lp0": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall.txt",
+      "nextModules": ["vrf0"]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0": {
+          "ipv4Prefix": "10.0.0.1/24",
+          "neighborIPv4Address": "10.0.0.2",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/firewall.txt b/autotest/units/001_one_port/077_state_timeout_with_dump/firewall.txt
new file mode 100644
index 00000000..1bec0169
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_with_dump/firewall.txt
@@ -0,0 +1,6 @@
+:BEGIN
+add state-timeout 5 ip from any to any
+add check-state
+add dump ring1 ip from any to any
+add allow udp from 10.0.0.0/24 to any 53 record-state
+add deny ip from any to any
diff --git a/autotest/units/001_one_port/077_state_timeout_with_dump/gen.py b/autotest/units/001_one_port/077_state_timeout_with_dump/gen.py
new file mode 100644
index 00000000..83ce705a
--- /dev/null
+++ b/autotest/units/001_one_port/077_state_timeout_with_dump/gen.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import List
+
+from scapy.layers.inet import IP, UDP
+from scapy.layers.l2 import Ether
+from scapy.packet import Packet
+from scapy.utils import PcapWriter
+
+def write_pcap(path: str, packets: List[Packet]) -> None:
+    with PcapWriter(path, sync=True) as fh:
+        for p in packets:
+            fh.write(p)
+
+def ipv4_send(src: str, dst: str, ttl: int = 64) -> Packet:
+    return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / IP(src=src, dst=dst, ttl=ttl)
+
+def ipv4_recv(src: str, dst: str, ttl: int = 63) -> Packet:
+    return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / IP(src=src, dst=dst, ttl=ttl)
+
+# Initial packet to create state
+write_pcap("001-send.pcap", [
+    ipv4_send("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53),
+])
+
+# Expect the packet to be forwarded
+write_pcap("001-expect.pcap", [
+    ipv4_recv("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53),
+])
+
+# Expected dump (initial packet)
+write_pcap("001-expect-dump-ring1.pcap", [
+    ipv4_send("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53),
+])
+
+# Packet after state expiration
+write_pcap("002-send.pcap", [
+    ipv4_send("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53),
+])
+
+# Expect the packet to be forwarded
+write_pcap("002-expect.pcap", [
+    ipv4_recv("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53),
+])
+
+# Expected dump after state expiration
+write_pcap("002-expect-dump-ring1.pcap", [
+    ipv4_send("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53), #result of a first dump (the ring is the same)
+    ipv4_send("10.0.0.10", "10.0.0.1") / UDP(sport=1024, dport=53),
+])
diff --git a/autotest/units/001_one_port/078_hitcount_one/001-expect.pcap b/autotest/units/001_one_port/078_hitcount_one/001-expect.pcap
new file mode 100644
index 00000000..8c851b70
Binary files /dev/null and b/autotest/units/001_one_port/078_hitcount_one/001-expect.pcap differ
diff --git a/autotest/units/001_one_port/078_hitcount_one/001-send.pcap b/autotest/units/001_one_port/078_hitcount_one/001-send.pcap
new file mode 100644
index 00000000..9bb180df
Binary files /dev/null and b/autotest/units/001_one_port/078_hitcount_one/001-send.pcap differ
diff --git a/autotest/units/001_one_port/078_hitcount_one/002-expect.pcap b/autotest/units/001_one_port/078_hitcount_one/002-expect.pcap
new file mode 100644
index 00000000..d2b8041f
Binary files /dev/null and b/autotest/units/001_one_port/078_hitcount_one/002-expect.pcap differ
diff --git a/autotest/units/001_one_port/078_hitcount_one/002-send.pcap b/autotest/units/001_one_port/078_hitcount_one/002-send.pcap
new file mode 100644
index 00000000..c20089e4
Binary files /dev/null and b/autotest/units/001_one_port/078_hitcount_one/002-send.pcap differ
diff --git a/autotest/units/001_one_port/078_hitcount_one/003-expect.pcap b/autotest/units/001_one_port/078_hitcount_one/003-expect.pcap
new file mode 100644
index 00000000..2a5d13a2
Binary files /dev/null and b/autotest/units/001_one_port/078_hitcount_one/003-expect.pcap differ
diff --git a/autotest/units/001_one_port/078_hitcount_one/003-send.pcap b/autotest/units/001_one_port/078_hitcount_one/003-send.pcap
new file mode 100644
index 00000000..be00839c
Binary files /dev/null and b/autotest/units/001_one_port/078_hitcount_one/003-send.pcap differ
diff --git a/autotest/units/001_one_port/078_hitcount_one/autotest.yaml b/autotest/units/001_one_port/078_hitcount_one/autotest.yaml
new file mode 100644
index 00000000..f99a66e8
--- /dev/null
+++ b/autotest/units/001_one_port/078_hitcount_one/autotest.yaml
@@ -0,0 +1,45 @@
+steps:
+- ipv4Update: "0.0.0.0/0 -> 10.0.0.2"
+
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+
+  # Check hitcount dump. The single packet matches "c1".
+  # Packet size calculation:
+  #   - Ethernet Header: 14 bytes
+  #   - IPv4 Header: 20 bytes
+  #   - TCP Header: 20 bytes
+  #   - Payload: 50 bytes
+  #   Total: 14 + 20 + 20 + 50 = 104 bytes
+- cli_check: |
+    hitcount dump acl
+    [
+      c1: 1, 104
+    ]
+
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+
+  # Check hitcount dump. Two packets now match "c1".
+  # Byte count increments by 104 (packet size) for each additional packet.
+- cli_check: |
+    hitcount dump acl
+    [
+      c1: 2, 208
+    ]
+
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+
+  # Check hitcount dump. Three packets now match "c1".
+- cli_check: |
+    hitcount dump acl
+    [
+      c1: 3, 312
+    ]
diff --git a/autotest/units/001_one_port/078_hitcount_one/controlplane.conf b/autotest/units/001_one_port/078_hitcount_one/controlplane.conf
new file mode 100644
index 00000000..891769de
--- /dev/null
+++ b/autotest/units/001_one_port/078_hitcount_one/controlplane.conf
@@ -0,0 +1,27 @@
+{
+  "modules": {
+    "lp0": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall.txt",
+      "nextModules": ["vrf0"]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0": {
+          "ipv4Prefix": "10.0.0.1/24",
+          "neighborIPv4Address": "10.0.0.2",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0"
+        }
+      }
+    }
+  }
+}
+
diff --git a/autotest/units/001_one_port/078_hitcount_one/firewall.txt b/autotest/units/001_one_port/078_hitcount_one/firewall.txt
new file mode 100644
index 00000000..43638574
--- /dev/null
+++ b/autotest/units/001_one_port/078_hitcount_one/firewall.txt
@@ -0,0 +1,3 @@
+:BEGIN
+add hitcount c1 ip from 10.0.0.2 to 10.0.0.1
+add allow ip from any to any keep-state
diff --git a/autotest/units/001_one_port/078_hitcount_one/gen.py b/autotest/units/001_one_port/078_hitcount_one/gen.py
new file mode 100644
index 00000000..0342e1c8
--- /dev/null
+++ b/autotest/units/001_one_port/078_hitcount_one/gen.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import List
+from scapy.layers.inet import IP, TCP
+from scapy.layers.l2 import Ether
+from scapy.packet import Packet
+from scapy.utils import PcapWriter
+
+def write_pcap(path: str, packets: List[Packet]) -> None:
+    with PcapWriter(path, sync=True) as fh:
+        for p in packets:
+            fh.write(p)
+
+def ipv4_send(src: str, dst: str, size: int) -> Packet:
+    payload = b"A" * size
+    return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / IP(src=src, dst=dst, ttl=64) / TCP(sport=12345, dport=80, flags="S") / payload
+
+def ipv4_recv(src: str, dst: str, size: int) -> Packet:
+    payload = b"A" * size
+    return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / IP(src=src, dst=dst, ttl=63) / TCP(sport=12345, dport=80, flags="S") / payload
+
+# Send packet from 10.0.0.2 to 10.0.0.1
+write_pcap("001-send.pcap", [ipv4_send("10.0.0.2", "10.0.0.1", 50)])
+write_pcap("001-expect.pcap", [ipv4_recv("10.0.0.2", "10.0.0.1", 50)])
+
+# Send packet from 10.0.0.2 to 10.0.0.1
+write_pcap("002-send.pcap", [ipv4_send("10.0.0.2", "10.0.0.1", 50)])
+write_pcap("002-expect.pcap", [ipv4_recv("10.0.0.2", "10.0.0.1", 50)])
+
+# Send packet from 10.0.0.2 to 10.0.0.1
+write_pcap("003-send.pcap", [ipv4_send("10.0.0.2", "10.0.0.1", 50)])
+write_pcap("003-expect.pcap", [ipv4_recv("10.0.0.2", "10.0.0.1", 50)])
+
diff --git a/autotest/units/001_one_port/079_hitcount_many/001-expect.pcap b/autotest/units/001_one_port/079_hitcount_many/001-expect.pcap
new file mode 100644
index 00000000..db887352
Binary files /dev/null and b/autotest/units/001_one_port/079_hitcount_many/001-expect.pcap differ
diff --git a/autotest/units/001_one_port/079_hitcount_many/001-send.pcap b/autotest/units/001_one_port/079_hitcount_many/001-send.pcap
new file mode 100644
index 00000000..7eefc865
Binary files /dev/null and b/autotest/units/001_one_port/079_hitcount_many/001-send.pcap differ
diff --git a/autotest/units/001_one_port/079_hitcount_many/002-expect.pcap b/autotest/units/001_one_port/079_hitcount_many/002-expect.pcap
new file mode 100644
index 00000000..75dd7ae5
Binary files /dev/null and b/autotest/units/001_one_port/079_hitcount_many/002-expect.pcap differ
diff --git a/autotest/units/001_one_port/079_hitcount_many/002-send.pcap b/autotest/units/001_one_port/079_hitcount_many/002-send.pcap
new file mode 100644
index 00000000..c6bf88d7
Binary files /dev/null and b/autotest/units/001_one_port/079_hitcount_many/002-send.pcap differ
diff --git a/autotest/units/001_one_port/079_hitcount_many/003-expect.pcap b/autotest/units/001_one_port/079_hitcount_many/003-expect.pcap
new file mode 100644
index 00000000..a3243045
Binary files /dev/null and b/autotest/units/001_one_port/079_hitcount_many/003-expect.pcap differ
diff --git a/autotest/units/001_one_port/079_hitcount_many/003-send.pcap b/autotest/units/001_one_port/079_hitcount_many/003-send.pcap
new file mode 100644
index 00000000..42cbbced
Binary files /dev/null and b/autotest/units/001_one_port/079_hitcount_many/003-send.pcap differ
diff --git a/autotest/units/001_one_port/079_hitcount_many/autotest.yaml b/autotest/units/001_one_port/079_hitcount_many/autotest.yaml
new file mode 100644
index 00000000..e569beb0
--- /dev/null
+++ b/autotest/units/001_one_port/079_hitcount_many/autotest.yaml
@@ -0,0 +1,22 @@
+steps:
+- ipv4Update: "0.0.0.0/0 -> 200.0.0.1"
+- ipv6Update: "::/0 -> fe80::1"
+
+- sleep: 1
+
+- sendPackets:
+  - port: kni0
+    send: 001-send.pcap
+    expect: 001-expect.pcap
+
+- sendPackets:
+  - port: kni0
+    send: 002-send.pcap
+    expect: 002-expect.pcap
+
+- sendPackets:
+  - port: kni0
+    send: 003-send.pcap
+    expect: 003-expect.pcap
+
+- cli: "hitcount dump acl | diff - TESTDIR/hitcount_expected.txt"
diff --git a/autotest/units/001_one_port/079_hitcount_many/controlplane.conf b/autotest/units/001_one_port/079_hitcount_many/controlplane.conf
new file mode 100644
index 00000000..3c0da4fd
--- /dev/null
+++ b/autotest/units/001_one_port/079_hitcount_many/controlplane.conf
@@ -0,0 +1,42 @@
+{
+  "modules": {
+    "lp0.100": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "100",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "lp0.200": {
+      "type": "logicalPort",
+      "physicalPort": "kni0",
+      "vlanId": "200",
+      "macAddress": "00:11:22:33:44:55",
+      "nextModule": "acl0"
+    },
+    "acl0": {
+      "type": "acl",
+      "firewall": "firewall.txt",
+      "nextModules": [
+        "vrf0"
+      ]
+    },
+    "vrf0": {
+      "type": "route",
+      "interfaces": {
+        "kni0.100": {
+          "ipv6Prefix": "fe80::2/64",
+          "neighborIPv6Address": "fe80::1",
+          "neighborMacAddress": "00:00:00:11:11:11",
+          "nextModule": "lp0.100"
+        },
+        "kni0.200": {
+          "ipv4Prefix": "200.0.0.2/24",
+          "neighborIPv4Address": "200.0.0.1",
+          "neighborMacAddress": "00:00:00:22:22:22",
+          "nextModule": "lp0.200"
+        }
+      }
+    }
+  }
+}
diff --git a/autotest/units/001_one_port/079_hitcount_many/firewall.txt b/autotest/units/001_one_port/079_hitcount_many/firewall.txt
new file mode 100644
index 00000000..3575c17c
--- /dev/null
+++ b/autotest/units/001_one_port/079_hitcount_many/firewall.txt
@@ -0,0 +1,16 @@
+:BEGIN
+add skipto :IN ip from any to any in
+
+:IN
+add hitcount allow_tcp_from_11_0_0_0_24_to_any_53 tcp from 11.0.0.0/24 to any 53
+add allow tcp from 11.0.0.0/24 to any 53 record-state
+
+add hitcount allow_tcp_from_any_to_2111_aaa_ff1c_2030_60_53 tcp from any to 2111:aaa:ff1c:2030::/60 53
+add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 record-state
+
+add hitcount check_state_ip_from_any_to_any ip from any to any
+add check-state
+
+add hitcount deny_ip_from_any_to_any ip from any to any
+add deny ip from any to any
+
diff --git a/autotest/units/001_one_port/079_hitcount_many/gen.py b/autotest/units/001_one_port/079_hitcount_many/gen.py
new file mode 100644
index 00000000..e09e88d2
--- /dev/null
+++ b/autotest/units/001_one_port/079_hitcount_many/gen.py
@@ -0,0 +1,79 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+from typing import List, Optional
+
+from scapy.layers.inet import TCP, UDP, IP
+from scapy.layers.inet6 import IPv6
+from scapy.layers.l2 import Ether, Dot1Q
+from scapy.packet import Packet
+from scapy.utils import PcapWriter
+
+
+def write_pcap(path: str, packets: List[Packet], linktype: Optional[int] = None) -> None:
+    with PcapWriter(path, sync=True, linktype=linktype) as fh:
+        for p in packets:
+            fh.write(p)
+
+
+def ipv4_send(src: str, dst: str, proto: Packet, payload_size: int) -> Packet:
+    payload = b"A" * payload_size
+    return Ether(dst="00:11:22:33:44:55", src="00:00:00:11:11:11") / \
+           Dot1Q(vlan=100) / \
+           IP(src=src, dst=dst, ttl=64) / \
+           proto / \
+           payload
+
+
+def ipv4_recv(src: str, dst: str, proto: Packet, payload_size: int) -> Packet:
+    payload = b"A" * payload_size
+    return Ether(dst="00:00:00:22:22:22", src="00:11:22:33:44:55") / \
+           Dot1Q(vlan=200) / \
+           IP(src=src, dst=dst, ttl=63) / \
+           proto / \
+           payload
+
+
+def ipv6_send(src: str, dst: str, proto: Packet, payload_size: int) -> Packet:
+    payload = b"B" * payload_size
+    return Ether(dst="00:11:22:33:44:55", src="00:00:00:22:22:22") / \
+           Dot1Q(vlan=200) / \
+           IPv6(src=src, dst=dst, hlim=64, fl=0) / \
+           proto / \
+           payload
+
+
+def ipv6_recv(src: str, dst: str, proto: Packet, payload_size: int) -> Packet:
+    payload = b"B" * payload_size
+    return Ether(dst="00:00:00:11:11:11", src="00:11:22:33:44:55") / \
+           Dot1Q(vlan=100) / \
+           IPv6(src=src, dst=dst, hlim=63, fl=0) / \
+           proto / \
+           payload
+
+write_pcap("001-send.pcap", [
+    ipv4_send("11.0.0.1", "1.1.1.1", TCP(sport=1024, dport=53, flags="S"), payload_size=50),
+    ipv4_send("1.1.1.1", "11.0.0.1", TCP(sport=53, dport=1024, flags="S"), payload_size=30),
+])
+
+write_pcap("001-expect.pcap", [
+    ipv4_recv("11.0.0.1", "1.1.1.1", TCP(sport=1024, dport=53, flags="S"), payload_size=50),
+    ipv4_recv("1.1.1.1", "11.0.0.1", TCP(sport=53, dport=1024, flags="S"), payload_size=30),
+])
+
+write_pcap("002-send.pcap", [
+    ipv6_send("1111:2222::1", "2111:aaa:ff1c:2030::1", TCP(sport=1024, dport=53, flags="S"), payload_size=60),
+    ipv6_send("2111:aaa:ff1c:2030::1", "1111:2222::1", TCP(sport=53, dport=1024, flags="S"), payload_size=40),
+])
+
+write_pcap("002-expect.pcap", [
+    ipv6_recv("1111:2222::1", "2111:aaa:ff1c:2030::1", TCP(sport=1024, dport=53, flags="S"), payload_size=60),
+    ipv6_recv("2111:aaa:ff1c:2030::1", "1111:2222::1", TCP(sport=53, dport=1024, flags="S"), payload_size=40),
+])
+
+write_pcap("003-send.pcap", [
+    ipv4_send("2.2.2.2", "3.3.3.3", UDP(sport=1024, dport=80), payload_size=70),
+])
+
+write_pcap("003-expect.pcap", [])
+
+
diff --git a/autotest/units/001_one_port/079_hitcount_many/hitcount_expected.txt b/autotest/units/001_one_port/079_hitcount_many/hitcount_expected.txt
new file mode 100644
index 00000000..b808d3fa
--- /dev/null
+++ b/autotest/units/001_one_port/079_hitcount_many/hitcount_expected.txt
@@ -0,0 +1,6 @@
+[
+  allow_tcp_from_11_0_0_0_24_to_any_53: 1, 108
+  check_state_ip_from_any_to_any: 3, 322
+  allow_tcp_from_any_to_2111_aaa_ff1c_2030_60_53: 1, 138
+  deny_ip_from_any_to_any: 1, 116
+]
diff --git a/autotest/yanet-autotest-run.py b/autotest/yanet-autotest-run.py
index 492c16a8..19ce51b5 100755
--- a/autotest/yanet-autotest-run.py
+++ b/autotest/yanet-autotest-run.py
@@ -86,6 +86,7 @@ def start(self, dataplane_conf_path, units):
         os.makedirs("/run/yanet", exist_ok=True)
 
         self.run_dataplane(dataplane_conf_path)
+        time.sleep(5)
         self.run_controlplane()
         self.run_autotest(units)
 
diff --git a/build.sh b/build.sh
index c2b352b6..214072c3 100755
--- a/build.sh
+++ b/build.sh
@@ -1,56 +1,80 @@
 #!/bin/bash
 
 output="packages"
-release="22.04"
-version="64.0.0"
+ubuntu_release="22.04"
+yanet_version="64.0.0"
 
 usage() {
-    echo "Usage: $0 [ -o ARTIFACTS_DIR ] [ -r RELEASE ] [ -v VERSION ] -t package|image"
+    cat <<EOF
+Usage:
+    $0 [ -o ARTIFACTS_DIR ] [ -u UBUNTU_RELEASE ] [ -y YANET_VERSION ] -t package|image"
+
+Package build:
+    $0 -o packages -u 18.04 -y 64.0.0 -t package
+
+    $ ls packages
+    yanet_64.0-0_amd64.buildinfo  yanet_64.0-0.tar.gz		   yanet-controlplane-dbgsym_64.0-0_amd64.ddeb	yanet-dataplane-systemd_64.0-0_amd64.deb
+    yanet_64.0-0_amd64.changes    yanet-cli_64.0-0_amd64.deb	   yanet-controlplane-systemd_64.0-0_amd64.deb	yanet-dev_64.0-0_amd64.deb
+    yanet_64.0-0_amd64.deb	      yanet-cli-dbgsym_64.0-0_amd64.ddeb   yanet-dataplane_64.0-0_amd64.deb		yanet-dev-dbgsym_64.0-0_amd64.ddeb
+    yanet_64.0-0.dsc	      yanet-controlplane_64.0-0_amd64.deb  yanet-dataplane-dbgsym_64.0-0_amd64.ddeb	yanet-utils_64.0-0_amd64.deb
+builded artifacts will be stored into "packages" directory.
+
+Image build:
+    $0 -u 22.04 -y 64.0.0 -t image
+
+    $ docker images | grep ^yanet
+    yanet                              64.0.0    c2650e2b4a21   18 seconds ago   203MB
+image contains "yanet-dataplane", "yanet-controlplane" and "yanet-cli" binary executable files in directory /usr/bin.
+
+EOF
 }
 
-while getopts ":ho:r:t:v:" option; do
+while getopts ":ho:t:u:y:" option; do
     case "${option}" in
     h)
         usage
         exit 0
         ;;
     o) output=${OPTARG} ;;
-    r) release=${OPTARG} ;;
     t) type=${OPTARG} ;;
-    v) version=${OPTARG} ;;
+    u) ubuntu_release=${OPTARG} ;;
+    y) yanet_version=${OPTARG} ;;
     esac
 done
 
-subversions=(${version//./ })
+yanet_subversions=(${yanet_version//./ })
 
-if [ "${type}" = "package" ]; then
+case "${type}" in
+package)
     git submodule update --init --recursive
 
-    docker build -t yanet-deb-package:${version} \
-        --build-arg RELEASE=${release} \
-        --build-arg YANET_VERSION_MAJOR=${subversions[0]} \
-        --build-arg YANET_VERSION_MINOR=${subversions[1]} \
-        --build-arg YANET_VERSION_REVISION=${subversions[2]} \
-        --build-arg YANET_VERSION_CUSTOM=${release} \
+    docker build -t yanet-deb-package:${yanet_version} \
+        --build-arg RELEASE=${ubuntu_release} \
+        --build-arg YANET_VERSION_MAJOR=${yanet_subversions[0]} \
+        --build-arg YANET_VERSION_MINOR=${yanet_subversions[1]} \
+        --build-arg YANET_VERSION_REVISION=${yanet_subversions[2]} \
+        --build-arg YANET_VERSION_CUSTOM=${ubuntu_release} \
         --network host \
         -f build/Dockerfile.debian-package .
 
     mkdir -p ${output}
     docker run --rm --tty --volume $(realpath -- ${output}):/build \
-        yanet-deb-package:${version} sh -c 'find /opt -type f -maxdepth 1 -exec cp {} /build/ \;'
-
-elif [ "${type}" = "image" ]; then
+        yanet-deb-package:${yanet_version} sh -c 'find /opt -type f -maxdepth 1 -exec cp {} /build/ \;'
+    ;;
+image)
     git submodule update --init --recursive
 
-    docker build -t yanet:${version} \
-        --build-arg RELEASE=${release} \
-        --build-arg YANET_VERSION_MAJOR=${subversions[0]} \
-        --build-arg YANET_VERSION_MINOR=${subversions[1]} \
-        --build-arg YANET_VERSION_REVISION=${subversions[2]} \
-        --build-arg YANET_VERSION_CUSTOM=${release} \
+    docker build -t yanet:${yanet_version} \
+        --build-arg RELEASE=${ubuntu_release} \
+        --build-arg YANET_VERSION_MAJOR=${yanet_subversions[0]} \
+        --build-arg YANET_VERSION_MINOR=${yanet_subversions[1]} \
+        --build-arg YANET_VERSION_REVISION=${yanet_subversions[2]} \
+        --build-arg YANET_VERSION_CUSTOM=${ubuntu_release} \
         --network host \
         -f build/Dockerfile.image .
-else
+    ;;
+*)
     usage
     exit 1
-fi
+    ;;
+esac
diff --git a/cli/acl.h b/cli/acl.h
index 719b098d..5f143e0f 100644
--- a/cli/acl.h
+++ b/cli/acl.h
@@ -1,8 +1,9 @@
 #pragma once
 
+#include "cli/helper.h"
 #include "common/icontrolplane.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
 namespace acl
 {
@@ -25,7 +26,7 @@ void unwind(const std::string& in_module,
             std::optional<std::string> transport_source,
             std::optional<std::string> transport_destination,
             std::optional<std::string> transport_flags,
-            std::optional<std::string> keepstate)
+            std::optional<std::string> recordstate)
 {
 	std::optional<std::string> module = in_module;
 
@@ -38,7 +39,7 @@ void unwind(const std::string& in_module,
 	optional_helper(transport_source);
 	optional_helper(transport_destination);
 	optional_helper(transport_flags);
-	optional_helper(keepstate);
+	optional_helper(recordstate);
 
 	interface::controlPlane controlplane;
 	auto response = controlplane.acl_unwind({module,
@@ -50,41 +51,23 @@ void unwind(const std::string& in_module,
 	                                         transport_source,
 	                                         transport_destination,
 	                                         transport_flags,
-	                                         keepstate});
-
-	table_t table({.optional_null = "any"});
-	table.insert("module",
-	             "direction",
-	             "network_source",
-	             "network_destination",
-	             "fragment",
-	             "protocol",
-	             "transport_source",
-	             "transport_destination",
-	             "transport_flags",
-	             "keepstate",
-	             "next_module",
-	             "ids",
-	             "log");
-
-	for (const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, keepstate, next_module, ids, log] : response)
-	{
-		table.insert(module,
-		             direction,
-		             network_source,
-		             network_destination,
-		             fragment,
-		             protocol,
-		             transport_source,
-		             transport_destination,
-		             transport_flags,
-		             keepstate,
-		             next_module,
-		             ids,
-		             log);
-	}
-
-	table.print();
+	                                         recordstate});
+
+	FillAndPrintTable({"module",
+	                   "direction",
+	                   "network_source",
+	                   "network_destination",
+	                   "fragment",
+	                   "protocol",
+	                   "transport_source",
+	                   "transport_destination",
+	                   "transport_flags",
+	                   "recordstate",
+	                   "next_module",
+	                   "ids",
+	                   "log"},
+	                  response,
+	                  {.optional_null = "any"});
 }
 
 void lookup(std::optional<std::string> module,
@@ -113,19 +96,7 @@ void lookup(std::optional<std::string> module,
 	                                         transport_source,
 	                                         transport_destination});
 
-	table_t table;
-	table.insert("ruleno",
-	             "label",
-	             "rule");
-
-	for (const auto& [ruleno, label, rule] : response)
-	{
-		table.insert(ruleno,
-		             label,
-		             rule);
-	}
-
-	table.print();
+	FillAndPrintTable({"ruleno", "label", "rule"}, response);
 }
 
 }
diff --git a/cli/balancer.h b/cli/balancer.h
index 5ca6b260..5d7acd71 100644
--- a/cli/balancer.h
+++ b/cli/balancer.h
@@ -1,12 +1,12 @@
 #pragma once
 
+#include "cli/helper.h"
 #include "common/icontrolplane.h"
-#include "common/icp_proto.h"
 #include "common/idataplane.h"
 #include "common/iproto_controlplane.h"
 #include "common/type.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
 namespace balancer
 {
@@ -16,25 +16,13 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.balancer_summary();
 
-	table_t table;
-	table.insert("module",
-	             "services",
-	             "reals_enabled",
-	             "reals",
-	             "connections",
-	             "next_module");
-
-	for (const auto& [module, services, reals_enabled, reals, connections, next_module] : response)
-	{
-		table.insert(module,
-		             services,
-		             reals_enabled,
-		             reals,
-		             connections,
-		             next_module);
-	}
-
-	table.print();
+	FillAndPrintTable({"module",
+	                   "services",
+	                   "reals_enabled",
+	                   "reals",
+	                   "connections",
+	                   "next_module"},
+	                  response);
 }
 
 void service(std::string module_string,
@@ -67,16 +55,16 @@ void service(std::string module_string,
 	interface::dataPlane dataplane;
 	auto balancer_service_connections = dataplane.balancer_service_connections();
 
-	table_t table;
-	table.insert("module",
-	             "virtual_ip",
-	             "proto",
-	             "virtual_port",
-	             "scheduler",
-	             "connections",
-	             "packets",
-	             "bytes",
-	             "version");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "virtual_ip",
+	                 "proto",
+	                 "virtual_port",
+	                 "scheduler",
+	                 "connections",
+	                 "packets",
+	                 "bytes",
+	                 "version");
 
 	for (const auto& [module, services] : response)
 	{
@@ -86,7 +74,7 @@ void service(std::string module_string,
 		{
 			const auto& [virtual_ip, proto, virtual_port] = service_key;
 			const auto& [scheduler, version, nap_connections, packets, bytes] = service_value;
-			(void)nap_connections; ///< @todo: DELETE
+			YANET_GCC_BUG_UNUSED(nap_connections); ///< @todo: DELETE
 
 			auto proto_string = controlplane::balancer::from_proto(proto);
 
@@ -98,7 +86,7 @@ void service(std::string module_string,
 			uint32_t connections = 0;
 			for (auto& [socket_id, service_connections] : balancer_service_connections)
 			{
-				(void)socket_id;
+				YANET_GCC_BUG_UNUSED(socket_id);
 
 				const auto& socket_connections = service_connections[key].value;
 				if (socket_connections > connections)
@@ -107,19 +95,19 @@ void service(std::string module_string,
 				}
 			}
 
-			table.insert(module_name,
-			             virtual_ip,
-			             proto_string,
-			             virtual_port,
-			             scheduler,
-			             connections,
-			             packets,
-			             bytes,
-			             version);
+			table.insert_row(module_name,
+			                 virtual_ip,
+			                 proto_string,
+			                 virtual_port,
+			                 scheduler,
+			                 connections,
+			                 packets,
+			                 bytes,
+			                 version);
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void setip(common::icp_proto::IPAddr* pAddr, const common::ip_address_t& value)
@@ -202,20 +190,20 @@ void real_find(std::string module_string,
 	interface::dataPlane dataplane;
 	auto balancer_real_connections = dataplane.balancer_real_connections();
 
-	table_t table;
-	table.insert("module",
-	             "virtual_ip",
-	             "proto",
-	             "virtual_port",
-	             "scheduler",
-	             "real_ip",
-	             "real_port",
-	             "enabled",
-	             "weight",
-	             "connections",
-	             "packets",
-	             "bytes",
-	             "version");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "virtual_ip",
+	                 "proto",
+	                 "virtual_port",
+	                 "scheduler",
+	                 "real_ip",
+	                 "real_port",
+	                 "enabled",
+	                 "weight",
+	                 "connections",
+	                 "packets",
+	                 "bytes",
+	                 "version");
 
 	for (const auto& balancer : response.balancers())
 	{
@@ -239,7 +227,7 @@ void real_find(std::string module_string,
 				uint32_t connections = 0;
 				for (auto& [socket_id, real_connections] : balancer_real_connections)
 				{
-					(void)socket_id;
+					YANET_GCC_BUG_UNUSED(socket_id);
 
 					const auto& socket_connections = real_connections[key].value;
 					if (socket_connections > connections)
@@ -248,24 +236,24 @@ void real_find(std::string module_string,
 					}
 				}
 
-				table.insert(balancer.module(),
-				             virtual_ip,
-				             proto_string,
-				             service.key().port_opt_case() == common::icp_proto::BalancerRealFindResponse_ServiceKey::PortOptCase::kPort ? std::make_optional(service.key().port()) : std::nullopt,
-				             service.scheduler(),
-				             real_ip,
-				             real.port_opt_case() == common::icp_proto::BalancerRealFindResponse_Real::PortOptCase::kPort ? std::make_optional(real.port()) : std::nullopt,
-				             real.enabled(),
-				             real.weight(),
-				             connections,
-				             real.packets(),
-				             real.bytes(),
-				             service.version_opt_case() == common::icp_proto::BalancerRealFindResponse_Service::VersionOptCase::kVersion ? std::make_optional(service.version()) : std::nullopt);
+				table.insert_row(balancer.module(),
+				                 virtual_ip,
+				                 proto_string,
+				                 service.key().port_opt_case() == common::icp_proto::BalancerRealFindResponse_ServiceKey::PortOptCase::kPort ? std::make_optional(service.key().port()) : std::nullopt,
+				                 service.scheduler(),
+				                 real_ip,
+				                 real.port_opt_case() == common::icp_proto::BalancerRealFindResponse_Real::PortOptCase::kPort ? std::make_optional(real.port()) : std::nullopt,
+				                 real.enabled(),
+				                 real.weight(),
+				                 connections,
+				                 real.packets(),
+				                 real.bytes(),
+				                 service.version_opt_case() == common::icp_proto::BalancerRealFindResponse_Service::VersionOptCase::kVersion ? std::make_optional(service.version()) : std::nullopt);
 			}
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 void state(std::string module,
@@ -321,7 +309,7 @@ void state(std::string module,
 	/// @todo: OPT
 	for (const auto& [socket_id, services_real_connections] : response)
 	{
-		(void)socket_id;
+		YANET_GCC_BUG_UNUSED(socket_id);
 
 		for (const auto& [services_real, connections] : services_real_connections)
 		{
@@ -331,7 +319,7 @@ void state(std::string module,
 
 			for (const auto& [client_ip, client_port, timestamp_create, timestamp_last_packet, timestamp_gc] : connections)
 			{
-				(void)timestamp_gc;
+				YANET_GCC_BUG_UNUSED(timestamp_gc);
 
 				auto it = map.find({client_ip, client_port});
 				if (it != map.end())
@@ -351,17 +339,17 @@ void state(std::string module,
 		}
 	}
 
-	table_t table;
-	table.insert("module",
-	             "virtual_ip",
-	             "proto",
-	             "virtual_port",
-	             "real_ip",
-	             "real_port",
-	             "client_ip",
-	             "client_port",
-	             "created",
-	             "last_seen");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "virtual_ip",
+	                 "proto",
+	                 "virtual_port",
+	                 "real_ip",
+	                 "real_port",
+	                 "client_ip",
+	                 "client_port",
+	                 "created",
+	                 "last_seen");
 
 	uint32_t current_time = time(nullptr);
 
@@ -388,22 +376,22 @@ void state(std::string module,
 					const auto& [client_ip, client_port] = key;
 					const auto& [timestamp_create, timestamp_last_packet] = value;
 
-					table.insert(module,
-					             virtual_ip,
-					             proto_string,
-					             virtual_port,
-					             real_ip,
-					             real_port,
-					             client_ip,
-					             client_port,
-					             (uint32_t)current_time - timestamp_create,
-					             (uint16_t)current_time - timestamp_last_packet);
+					table.insert_row(module,
+					                 virtual_ip,
+					                 proto_string,
+					                 virtual_port,
+					                 real_ip,
+					                 real_port,
+					                 client_ip,
+					                 client_port,
+					                 (uint32_t)current_time - timestamp_create,
+					                 (uint16_t)current_time - timestamp_last_packet);
 				}
 			}
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 namespace real
@@ -490,17 +478,7 @@ void announce()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.balancer_announce();
 
-	table_t table;
-	table.insert("module",
-	             "announces");
-
-	for (const auto& [module, announces] : response)
-	{
-		table.insert(module,
-		             announces);
-	}
-
-	table.print();
+	FillAndPrintTable({"module", "announces"}, response);
 }
 
 }
diff --git a/cli/bus.h b/cli/bus.h
new file mode 100644
index 00000000..807c54ac
--- /dev/null
+++ b/cli/bus.h
@@ -0,0 +1,155 @@
+#pragma once
+
+#include "helper.h"
+#include "influxdb_format.h"
+#include "table_printer.h"
+
+namespace bus
+{
+
+using bus_request_info = std::tuple<std::string, uint64_t, uint64_t>;
+
+inline std::vector<bus_request_info> get_bus_requests(common::sdp::DataPlaneInSharedMemory& sdp_data)
+{
+	auto [requests, errors, durations] = sdp_data.BuffersBus();
+	YANET_GCC_BUG_UNUSED(errors);
+
+	std::map<common::idp::requestType, std::string> names = {
+	        {common::idp::requestType::updateGlobalBase, "updateGlobalBase"},
+	        {common::idp::requestType::updateGlobalBaseBalancer, "updateGlobalBaseBalancer"},
+	        {common::idp::requestType::getGlobalBase, "getGlobalBase"},
+	        {common::idp::requestType::getWorkerStats, "getWorkerStats"},
+	        {common::idp::requestType::getSlowWorkerStats, "getSlowWorkerStats"},
+	        {common::idp::requestType::get_worker_gc_stats, "get_worker_gc_stats"},
+	        {common::idp::requestType::get_dregress_counters, "get_dregress_counters"},
+	        {common::idp::requestType::get_ports_stats, "get_ports_stats"},
+	        {common::idp::requestType::get_ports_stats_extended, "get_ports_stats_extended"},
+	        {common::idp::requestType::getControlPlanePortStats, "getControlPlanePortStats"},
+	        {common::idp::requestType::getPortStatsEx, "getPortStatsEx"},
+	        {common::idp::requestType::getFragmentationStats, "getFragmentationStats"},
+	        {common::idp::requestType::getFWState, "getFWState"},
+	        {common::idp::requestType::getFWStateStats, "getFWStateStats"},
+	        {common::idp::requestType::clearFWState, "clearFWState"},
+	        {common::idp::requestType::getConfig, "getConfig"},
+	        {common::idp::requestType::getErrors, "getErrors"},
+	        {common::idp::requestType::getReport, "getReport"},
+	        {common::idp::requestType::lpm4LookupAddress, "lpm4LookupAddress"},
+	        {common::idp::requestType::lpm6LookupAddress, "lpm6LookupAddress"},
+	        {common::idp::requestType::nat64stateful_state, "nat64stateful_state"},
+	        {common::idp::requestType::balancer_connection, "balancer_connection"},
+	        {common::idp::requestType::balancer_service_connections, "balancer_service_connections"},
+	        {common::idp::requestType::balancer_real_connections, "balancer_real_connections"},
+	        {common::idp::requestType::limits, "limits"},
+	        {common::idp::requestType::samples, "samples"},
+	        {common::idp::requestType::hitcount_dump, "hitcount_dump"},
+	        {common::idp::requestType::debug_latch_update, "debug_latch_update"},
+	        {common::idp::requestType::unrdup_vip_to_balancers, "unrdup_vip_to_balancers"},
+	        {common::idp::requestType::update_vip_vport_proto, "update_vip_vport_proto"},
+	        {common::idp::requestType::version, "version"},
+	        {common::idp::requestType::get_shm_info, "get_shm_info"},
+	        {common::idp::requestType::get_shm_tsc_info, "get_shm_tsc_info"},
+	        {common::idp::requestType::set_shm_tsc_state, "set_shm_tsc_state"},
+	        {common::idp::requestType::dump_physical_port, "dump_physical_port"},
+	        {common::idp::requestType::balancer_state_clear, "balancer_state_clear"},
+	        {common::idp::requestType::neighbor_show, "neighbor_show"},
+	        {common::idp::requestType::neighbor_insert, "neighbor_insert"},
+	        {common::idp::requestType::neighbor_remove, "neighbor_remove"},
+	        {common::idp::requestType::neighbor_clear, "neighbor_clear"},
+	        {common::idp::requestType::neighbor_flush, "neighbor_flush"},
+	        {common::idp::requestType::neighbor_update_interfaces, "neighbor_update_interfaces"},
+	        {common::idp::requestType::neighbor_stats, "neighbor_stats"},
+	        {common::idp::requestType::memory_manager_update, "memory_manager_update"},
+	        {common::idp::requestType::memory_manager_stats, "memory_manager_stats"}};
+
+	std::vector<bus_request_info> result;
+	for (uint32_t index = 0; index < (uint32_t)common::idp::requestType::size; ++index)
+	{
+		if ((requests[index] != 0) || (durations[index] != 0))
+		{
+			const auto& iter = names.find(static_cast<common::idp::requestType>(index));
+			result.emplace_back((iter != names.end() ? iter->second : "unknown"), requests[index], durations[index]);
+		}
+	}
+
+	return result;
+}
+
+inline void bus_requests()
+{
+	common::sdp::DataPlaneInSharedMemory sdp_data;
+	OpenSharedMemoryDataplaneBuffers(sdp_data, false);
+	auto requests = get_bus_requests(sdp_data);
+
+	TablePrinter table;
+	table.insert_row("request", "count", "duration_ms");
+	for (const auto& [request, count, duration] : requests)
+	{
+		if ((count != 0) || (duration != 0))
+		{
+			table.insert_row(request, count, duration);
+		}
+	}
+
+	table.Print();
+}
+
+inline std::vector<std::pair<std::string, uint64_t>> get_bus_errors(const common::sdp::DataPlaneInSharedMemory& sdp_data)
+{
+	auto [requests, errors, durations] = sdp_data.BuffersBus();
+	YANET_GCC_BUG_UNUSED(requests);
+	YANET_GCC_BUG_UNUSED(durations);
+
+	std::map<common::idp::errorType, std::string> names = {
+	        {common::idp::errorType::busRead, "busRead"},
+	        {common::idp::errorType::busWrite, "busWrite"},
+	        {common::idp::errorType::busParse, "busParse"},
+	};
+
+	std::vector<std::pair<std::string, uint64_t>> result;
+	for (uint32_t index = 0; index < (uint32_t)common::idp::errorType::size; ++index)
+	{
+		const auto& iter = names.find(static_cast<common::idp::errorType>(index));
+		result.emplace_back((iter != names.end() ? iter->second : "unknown"), errors[index]);
+	}
+
+	return result;
+}
+
+inline void bus_errors()
+{
+	common::sdp::DataPlaneInSharedMemory sdp_data;
+	OpenSharedMemoryDataplaneBuffers(sdp_data, false);
+	auto errors = get_bus_errors(sdp_data);
+
+	FillAndPrintTable({"error", "count"}, errors);
+}
+
+inline void bus_telegraf()
+{
+	common::sdp::DataPlaneInSharedMemory sdp_data;
+	OpenSharedMemoryDataplaneBuffers(sdp_data, false);
+
+	auto errors = get_bus_errors(sdp_data);
+	std::vector<influxdb_format::value_t> infl_errors;
+	for (const auto& [error, count] : errors)
+	{
+		infl_errors.emplace_back(error.data(), count);
+	}
+	influxdb_format::print("bus_errors", {}, infl_errors);
+
+	auto requests = get_bus_requests(sdp_data);
+	if (!requests.empty())
+	{
+		std::vector<influxdb_format::value_t> infl_counts;
+		std::vector<influxdb_format::value_t> infl_durations;
+		for (const auto& [request, count, duration] : requests)
+		{
+			infl_counts.emplace_back(request.data(), count);
+			infl_durations.emplace_back(request.data(), duration);
+		}
+		influxdb_format::print("bus_counts", {}, infl_counts);
+		influxdb_format::print("bus_durations", {}, infl_durations);
+	}
+}
+
+} // namespace bus
diff --git a/cli/config.cpp b/cli/config.cpp
index 8d03d107..6e9aa403 100644
--- a/cli/config.cpp
+++ b/cli/config.cpp
@@ -139,16 +139,16 @@ bool allowPrefix(nlohmann::json& prefixes,
 			}
 
 			// check whether current announces includes announceRaw
-			for (auto announceIt = announces->begin(); announceIt != announces->end(); ++announceIt)
+			for (auto& announceIt : *announces)
 			{
 				// sanity check that announce has string type
-				if (!announceIt->is_string())
+				if (!announceIt.is_string())
 				{
 					throw std::string{"invalid type of prefix item announce. Should be string"};
 				}
 
 				// announce already presented within the prefix
-				if (announceIt->get_ref<const std::string&>() == announceRaw)
+				if (announceIt.get_ref<const std::string&>() == announceRaw)
 				{
 					return false;
 				}
@@ -366,7 +366,7 @@ void allow(const std::string& module,
 	checkModuleType(decap, "decap");
 
 	const auto& [prefixes, inserted] = decap.emplace("ipv6DestinationPrefixes", nlohmann::json::array_t{});
-	(void)inserted;
+	YANET_GCC_BUG_UNUSED(inserted);
 
 	if (allowPrefix(*prefixes, prefixRaw, announceRaw))
 	{
@@ -436,7 +436,7 @@ static void allowAny(const std::string& module,
 	checkModuleType(nat64, "nat64stateless");
 
 	const auto& [prefixes, inserted] = nat64.emplace("nat64_prefixes", nlohmann::json::array_t{});
-	(void)inserted;
+	YANET_GCC_BUG_UNUSED(inserted);
 
 	if (allowPrefix(*prefixes, prefixRaw, announceRaw))
 	{
diff --git a/cli/convert.h b/cli/convert.h
index 0c5795bb..a10fc6f1 100644
--- a/cli/convert.h
+++ b/cli/convert.h
@@ -2,6 +2,7 @@
 
 #include "common/icontrolplane.h"
 #include "helper.h"
+#include "table_printer.h"
 
 namespace convert
 {
@@ -11,16 +12,7 @@ inline void logical_module()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.convert("logical_module");
 
-	table_t table;
-	table.insert("id",
-	             "name");
-
-	for (const auto& [id, name] : response)
-	{
-		table.insert(id, name);
-	}
-
-	table.print();
+	FillAndPrintTable({"id", "name"}, response);
 }
 
 } /* namespace convert */
diff --git a/cli/converter.h b/cli/converter.h
index 29043b32..b1db93eb 100644
--- a/cli/converter.h
+++ b/cli/converter.h
@@ -1,12 +1,13 @@
 #pragma once
 
-#include <optional>
 #include <set>
 #include <sstream>
 #include <string>
 #include <variant>
 #include <vector>
 
+#include "common/traits.h"
+
 namespace converter
 {
 
@@ -18,128 +19,73 @@ struct config_t
 	std::string set_empty = "n/s";
 };
 
-template<typename arg_T>
-std::string to_string(const std::optional<arg_T>& value, const config_t config = {});
-template<typename... args_T>
-std::string to_string(const std::variant<args_T...>& value, const config_t config = {});
-template<typename arg_T>
-std::string to_string(const std::vector<arg_T>& vector, const config_t config = {});
-template<typename arg_T>
-std::string to_string(const std::set<arg_T>& set, const config_t config = {});
-std::string to_string(const bool& value, const config_t config = {});
-std::string to_string(const std::string& string, const config_t config = {});
-template<typename arg_T>
-std::string to_string(const arg_T& value, const config_t config = {});
-
-template<typename arg_T>
-std::string to_string(const std::optional<arg_T>& value,
-                      const config_t config)
+template<typename T>
+std::string to_string(const T& value, const config_t& config = {})
 {
-	if (value)
+	if constexpr (std::is_same_v<T, std::string>)
 	{
-		return to_string(*value, config);
+		return value.empty() ? config.string_empty : value;
 	}
-	else
+	else if constexpr (std::is_same_v<T, std::string_view>)
 	{
-		return config.optional_null;
+		return value.empty() ? config.string_empty : std::string(value);
 	}
-};
-
-template<typename... args_T>
-std::string to_string(const std::variant<args_T...>& value,
-                      const config_t config)
-{
-	return std::visit([&config](const auto& value) -> std::string { return to_string(value, config); }, value);
-};
-
-template<typename arg_T>
-std::string to_string(const std::vector<arg_T>& vector,
-                      const config_t config)
-{
-	if (vector.empty())
+	else if constexpr (std::is_constructible_v<std::string, T>)
 	{
-		return config.vector_empty;
+		return value;
 	}
-
-	bool first = true;
-	std::ostringstream result;
-	for (const auto& item : vector)
+	else if constexpr (std::is_same_v<T, bool>)
 	{
-		if (!first)
-		{
-			result << ","; ///< @todo: config
-		}
-
-		result << to_string(item, config);
-		first = false;
+		return value ? "true" : "false";
 	}
-	return result.str();
-}
-
-template<typename arg_T>
-std::string to_string(const std::set<arg_T>& set,
-                      const config_t config)
-{
-	if (set.empty())
+	else if constexpr (std::is_arithmetic_v<T>)
 	{
-		return config.set_empty;
+		return std::to_string(value);
 	}
-
-	bool first = true;
-	std::ostringstream result;
-	for (const auto& item : set)
+	else if constexpr (traits::is_variant_v<T>)
 	{
-		if (!first)
-		{
-			result << ","; ///< @todo: config
-		}
-
-		result << to_string(item, config);
-		first = false;
+		return std::visit([&config](const auto& val) { return to_string(val, config); }, value);
 	}
-	return result.str();
-}
-
-std::string to_string(const bool& value,
-                      const config_t config)
-{
-	(void)config;
-	if (value)
+	else if constexpr (traits::is_optional_v<T>)
 	{
-		return "true";
+		return value ? to_string(*value, config) : config.optional_null;
 	}
-	else
+	else if constexpr (traits::is_container_v<T>)
 	{
-		return "false";
-	}
-};
+		if (value.empty())
+		{
+			if constexpr (traits::is_vector_v<T>)
+			{
+				return config.vector_empty;
+			}
+			else if constexpr (traits::is_set_v<T>)
+			{
+				return config.set_empty;
+			}
+			else
+			{
+				static_assert(traits::always_false_v<T>,
+				              "Container does not have default empty representation in struct config_t");
+			}
+		}
 
-std::string to_string(const std::string& string,
-                      const config_t config)
-{
-	if (string.empty())
-	{
-		return config.string_empty;
-	}
-	else
-	{
-		return string;
-	}
-};
+		std::ostringstream oss;
+		auto it = std::begin(value);
+		oss << to_string(*it, config);
+		++it;
 
-template<typename arg_T>
-std::string to_string(const arg_T& value,
-                      const config_t config)
-{
-	(void)config;
-	if constexpr (std::is_constructible_v<std::string, decltype(value)>)
-	{
-		return value;
+		for (; it != std::end(value); ++it)
+		{
+			oss << ',' << to_string(*it, config);
+		}
+
+		return oss.str();
 	}
 	else
 	{
-		return std::to_string(value);
+		static_assert(std::is_constructible_v<std::string, T>,
+		              "Type is not convertible to std::string and no overload of to_string is provided");
 	}
-};
-
 }
+
+} // namespace converter
diff --git a/cli/develop.h b/cli/develop.h
index 88c4e0b7..b9c3ca67 100644
--- a/cli/develop.h
+++ b/cli/develop.h
@@ -1,5 +1,6 @@
 #pragma once
 
+#include <array>
 #include <chrono>
 #include <cstdint>
 #include <string>
@@ -7,197 +8,184 @@
 #include <thread>
 #include <vector>
 
-#include "common/icontrolplane.h"
 #include "common/idataplane.h"
+#include "common/sdpclient.h"
+#include "common/shared_memory.h"
 #include "common/tsc_deltas.h"
+#include "common/tuple.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
-namespace develop
+namespace develop::dataplane
 {
 
-namespace dataplane
+static void printValue(const common::idp::value& value)
 {
+	const auto& [type, interface] = value;
+	std::ostringstream oss;
+	using common::globalBase::eNexthopType;
 
-static inline void printValue(const common::idp::value& value)
-{
-	const auto& type = std::get<0>(value);
-	if (type == common::globalBase::eNexthopType::drop)
-	{
-		printf("  drop\n");
-	}
-	else if (type == common::globalBase::eNexthopType::interface)
+	switch (type)
 	{
-		for (const auto& iter : std::get<1>(value))
-		{
-			if (std::get<0>(std::get<1>(iter)) != common::unlabelled)
+		case eNexthopType::drop:
+			oss << "  drop\n";
+			break;
+		case eNexthopType::interface:
+			for (const auto& [interfaceId, transport, service] : interface)
 			{
-				if (std::get<0>(std::get<2>(iter)) != common::unlabelled)
+				const auto& [transport_label, transport_exp] = transport;
+				const auto& [service_label, service_exp] = service;
+
+				if (transport_label != common::unlabelled)
 				{
-					printf("  interfaceId: %u,\ttransport: [label: %u, exp: %u],\tservice: [label: %u, exp: %u]\n",
-					       std::get<0>(iter),
-					       std::get<0>(std::get<1>(iter)),
-					       std::get<1>(std::get<1>(iter)),
-					       std::get<0>(std::get<2>(iter)),
-					       std::get<1>(std::get<2>(iter)));
+					if (service_label != common::unlabelled)
+					{
+						oss << "  interfaceId: " << interfaceId
+						    << ",\ttransport: [label: " << transport_label
+						    << ", exp: " << transport_exp
+						    << "],\tservice: [label: " << service_label
+						    << ", exp: " << service_exp << "]\n";
+					}
+					else
+					{
+						oss << "  interfaceId: " << interfaceId
+						    << ",\ttransport: [label: " << transport_label
+						    << ", exp: " << transport_exp << "]\n";
+					}
 				}
 				else
 				{
-					printf("  interfaceId: %u,\ttransport: [label: %u, exp: %u]\n",
-					       std::get<0>(iter),
-					       std::get<0>(std::get<1>(iter)),
-					       std::get<1>(std::get<1>(iter)));
+					oss << "  interfaceId: " << interfaceId << "\n";
 				}
 			}
-			else
-			{
-				printf("  interfaceId: %u\n",
-				       std::get<0>(iter));
-			}
-		}
-	}
-	else if (type == common::globalBase::eNexthopType::controlPlane)
-	{
-		printf("  controlPlane\n");
-	}
-	else
-	{
-		printf("  error\n");
+			break;
+		case eNexthopType::controlPlane:
+			oss << "  controlPlane\n";
+			break;
+		default:
+			oss << "  error\n";
 	}
+
+	std::cout << oss.str();
 }
 
-void lpm4LookupAddress(const common::ipv4_address_t& address)
+template<typename T>
+static void lpmLookupAddress(const T& address)
 {
 	interface::dataPlane dataPlane;
-	const auto response = dataPlane.lpm4LookupAddress(address);
-	for (const auto& iter : response)
-	{
-		const auto& socketId = iter.first;
-		const auto& found = std::get<0>(iter.second);
-		const auto& valueId = std::get<1>(iter.second);
-		const auto& value = std::get<2>(iter.second);
 
-		printf("[socketId: %u] %s -> ", socketId, common::ipv4_address_t(address).toString().data());
-		if (found)
+	const auto& response = [&]() {
+		if constexpr (std::is_same_v<T, common::ipv4_address_t>)
 		{
-			printf("valueId: %u\n", valueId);
-			printValue(value);
+			return dataPlane.lpm4LookupAddress(address);
+		}
+		else if constexpr (std::is_same_v<T, common::ipv6_address_t>)
+		{
+			return dataPlane.lpm6LookupAddress(address);
 		}
 		else
 		{
-			printf("not found\n");
+			static_assert(traits::always_false_v<T>,
+			              "lpmLookupAddress cannot be used with types other than ipv4/6_address");
 		}
-	}
-}
+	}();
 
-void lpm6LookupAddress(const common::ipv6_address_t& ipv6Address)
-{
-	interface::dataPlane dataPlane;
-	const auto response = dataPlane.lpm6LookupAddress(ipv6Address);
-	for (const auto& iter : response)
+	for (const auto& [socketId, entry] : response)
 	{
-		const auto& socketId = iter.first;
-		const auto& found = std::get<0>(iter.second);
-		const auto& valueId = std::get<1>(iter.second);
-		const auto& value = std::get<2>(iter.second);
+		const auto& [found, valueId, value] = entry;
+		std::cout << "[socketId: " << socketId << "] " << address.toString() << " -> ";
 
-		printf("[socketId: %u] %s -> ", socketId, common::ipv6_address_t(ipv6Address).toString().data());
 		if (found)
 		{
-			printf("valueId: %u\n", valueId);
+			std::cout << "valueId: " << valueId << '\n';
 			printValue(value);
 		}
 		else
 		{
-			printf("not found\n");
+			std::cout << "not found\n";
 		}
 	}
 }
 
-void getErrors()
+inline void lpm4LookupAddress(const common::ipv4_address_t& address)
+{
+	lpmLookupAddress(address);
+}
+
+inline void lpm6LookupAddress(const common::ipv6_address_t& address)
+{
+	lpmLookupAddress(address);
+}
+
+inline void getErrors()
 {
 	interface::dataPlane dataPlane;
-	const auto response = dataPlane.getErrors();
 
-	printf("errors:\n");
-	for (const auto& iter : response)
+	std::cout << "errors:\n";
+	for (const auto& [name, counter] : dataPlane.getErrors())
 	{
-		printf("  (%lu) %s\n",
-		       iter.second.value,
-		       iter.first.data());
+		std::cout << "  (" << counter.value << ") " << name << '\n';
 	}
 }
 
-void getReport()
+inline void getReport()
 {
 	interface::dataPlane dataPlane;
-	const auto response = dataPlane.getReport();
-	printf("%s\n", response.data());
+	std::cout << dataPlane.getReport() << '\n';
 }
 
-void counter(const uint32_t& counter_id,
-             const std::optional<uint32_t>& range_size)
+inline void counter(uint32_t counter_id, const std::optional<uint32_t>& range_size)
 {
-	interface::dataPlane dataplane;
+	std::vector<tCounterId> counter_ids{counter_id};
 
-	std::vector<tCounterId> counter_ids = {counter_id};
-	if (range_size && (*range_size) > 0)
+	if (range_size.has_value() && range_size.value() > 0)
 	{
-		for (uint32_t offset = 0;
-		     offset < (*range_size) - 1;
-		     offset++)
+		for (uint32_t offset = 0; offset < range_size.value() - 1; offset++)
 		{
 			counter_ids.emplace_back(counter_id + offset + 1);
 		}
 	}
 
-	const auto response = dataplane.getCounters(counter_ids);
+	const auto& response = common::sdp::SdpClient::GetCounters(counter_ids);
 
-	table_t table;
-	table.insert("counter_id",
-	             "value");
+	TablePrinter table;
+	table.insert("counter_id", "value");
 
-	for (uint32_t i = 0;
-	     i < counter_ids.size();
-	     i++)
+	for (uint32_t i = 0; i < counter_ids.size(); i++)
 	{
-		table.insert(counter_ids[i],
-		             response[i]);
+		table.insert_row(counter_ids[i], response[i]);
 	}
 
-	table.print();
+	table.Print();
 }
 
 using namespace ::dataplane::perf;
-class tsc_monitoring_t
+struct tsc_monitoring_t
 {
-public:
 	void connect_shm()
 	{
 		interface::dataPlane dataplane;
-		const auto response = dataplane.get_shm_tsc_info();
+		const auto& response = dataplane.get_shm_tsc_info();
 		std::map<key_t, void*> ipc_cache;
 
 		for (const auto& [core, socket, ipc_key, offset] : response)
 		{
-			(void)socket;
+			YANET_GCC_BUG_UNUSED(socket);
 			if (ipc_cache.find(ipc_key) == ipc_cache.end())
 			{
-				auto shmid = shmget(ipc_key, 0, 0);
-				if (shmid == -1)
-				{
-					throw std::string("shmget(") + std::to_string(ipc_key) + ", 0, 0) = " + std::strerror(errno);
-				}
-				auto shmaddr = shmat(shmid, NULL, SHM_RDONLY);
-				if (shmaddr == (void*)-1)
+				auto&& [shmaddr, size] = common::ipc::SharedMemory::OpenBufferKey(ipc_key, false);
+				YANET_GCC_BUG_UNUSED(size);
+
+				if (shmaddr == nullptr)
 				{
-					throw std::string("shmat(") + std::to_string(ipc_key) + ", NULL, 0) = " + std::strerror(errno);
+					throw std::system_error(errno, std::generic_category(), "Opening an existing buffer in shared memory failed");
 				}
 
 				ipc_cache[ipc_key] = shmaddr;
 			}
 
-			auto counter_addr = (tsc_deltas*)((intptr_t)ipc_cache[ipc_key] + offset);
+			auto counter_addr = reinterpret_cast<tsc_deltas*>(
+			        reinterpret_cast<intptr_t>(ipc_cache[ipc_key]) + offset);
 			worker_counters.emplace_back(core, counter_addr, tsc_deltas{}, overflow_store{});
 		}
 	}
@@ -205,9 +193,13 @@ class tsc_monitoring_t
 	void monitor()
 	{
 		connect_shm();
-		for (auto iter = 0;; iter++)
+		const int header_interval = 4;
+
+		for (int iter = 0;; ++iter)
 		{
-			if (iter % 4 == 0)
+			bool render_header = (iter % header_interval == 0);
+
+			if (render_header)
 			{
 				insert_header();
 			}
@@ -215,10 +207,11 @@ class tsc_monitoring_t
 			for (auto& [core_id, counter, previous_value, overflow_store] : worker_counters)
 			{
 				const auto& counter_copy = *counter;
-				for (auto bin = 0; bin < YANET_TSC_BINS_N; bin++)
+				for (int bin = 0; bin < YANET_TSC_BINS_N; ++bin)
 				{
 					overflow_store.handle_overflow(counter_copy, previous_value, bin);
-					if (iter % 4 == 0)
+
+					if (render_header)
 					{
 						insert_bin(counter_copy, overflow_store, bin, core_id);
 					}
@@ -227,145 +220,157 @@ class tsc_monitoring_t
 				previous_value = counter_copy;
 			}
 
-			if (iter % 4 == 0)
+			if (render_header)
 			{
-				table.render();
+				table.Render();
 			}
+
 			std::this_thread::sleep_for(std::chrono::milliseconds(250));
 		}
 	}
 
-protected:
-	struct overflow_store;
-
-	void insert_header()
+private:
+	struct overflow_store
 	{
-		table.insert("core_id",
-		             "iter_num",
-		             "logicalPort_ingress",
-		             "acl_ingress4",
-		             "acl_ingress6",
-		             "tun64_ipv4",
-		             "tun64_ipv6",
-		             "route4",
-		             "route6",
-		             "decap",
-		             "nat64stateful_lan",
-		             "nat64stateful_wan",
-		             "nat64stateless_egress",
-		             "nat64stateless_ingress",
-		             "nat46clat_lan",
-		             "nat46clat_wan",
-		             "balancer",
-		             "balancer_icmp_reply",
-		             "balancer_icmp_forward",
-		             "route_tunnel4",
-		             "route_tunnel6",
-		             "acl_egress4",
-		             "acl_egress6",
-		             "logicalPort_egress",
-		             "controlPlane");
-	}
+		template<typename T>
+		static auto make_tuple(T& obj)
+		{
+			return std::tie(obj.logicalPort_ingress_handle,
+			                obj.acl_ingress_handle4,
+			                obj.acl_ingress_handle6,
+			                obj.tun64_ipv4_handle,
+			                obj.tun64_ipv6_handle,
+			                obj.route_handle4,
+			                obj.route_handle6,
+			                obj.decap_handle,
+			                obj.nat64stateful_lan_handle,
+			                obj.nat64stateful_wan_handle,
+			                obj.nat64stateless_egress_handle,
+			                obj.nat64stateless_ingress_handle,
+			                obj.nat46clat_lan_handle,
+			                obj.nat46clat_wan_handle,
+			                obj.balancer_handle,
+			                obj.balancer_icmp_reply_handle,
+			                obj.balancer_icmp_forward_handle,
+			                obj.route_tunnel_handle4,
+			                obj.route_tunnel_handle6,
+			                obj.acl_egress_handle4,
+			                obj.acl_egress_handle6,
+			                obj.logicalPort_egress_handle,
+			                obj.controlPlane_handle);
+		}
 
-	void insert_bin(const tsc_deltas& cnt, const overflow_store& of_store, int bin, uint32_t core_id)
-	{
-		table.insert(bin == 0 ? std::to_string(core_id) : std::string{},
-		             bin == 0 ? std::to_string(cnt.iter_num) : std::string{},
-		             of_store.logicalPort_ingress_handle[bin] + cnt.logicalPort_ingress_handle[bin],
-		             of_store.acl_ingress_handle4[bin] + cnt.acl_ingress_handle4[bin],
-		             of_store.acl_ingress_handle6[bin] + cnt.acl_ingress_handle6[bin],
-		             of_store.tun64_ipv4_handle[bin] + cnt.tun64_ipv4_handle[bin],
-		             of_store.tun64_ipv6_handle[bin] + cnt.tun64_ipv6_handle[bin],
-		             of_store.route_handle4[bin] + cnt.route_handle4[bin],
-		             of_store.route_handle6[bin] + cnt.route_handle6[bin],
-
-		             of_store.decap_handle[bin] + cnt.decap_handle[bin],
-		             of_store.nat64stateful_lan_handle[bin] + cnt.nat64stateful_lan_handle[bin],
-		             of_store.nat64stateful_wan_handle[bin] + cnt.nat64stateful_wan_handle[bin],
-		             of_store.nat64stateless_egress_handle[bin] + cnt.nat64stateless_egress_handle[bin],
-		             of_store.nat64stateless_ingress_handle[bin] + cnt.nat64stateless_ingress_handle[bin],
-		             of_store.nat46clat_lan_handle[bin] + cnt.nat46clat_lan_handle[bin],
-		             of_store.nat46clat_wan_handle[bin] + cnt.nat46clat_wan_handle[bin],
-		             of_store.balancer_handle[bin] + cnt.balancer_handle[bin],
-
-		             of_store.balancer_icmp_reply_handle[bin] + cnt.balancer_icmp_reply_handle[bin],
-		             of_store.balancer_icmp_forward_handle[bin] + cnt.balancer_icmp_forward_handle[bin],
-		             of_store.route_tunnel_handle4[bin] + cnt.route_tunnel_handle4[bin],
-		             of_store.route_tunnel_handle6[bin] + cnt.route_tunnel_handle6[bin],
-		             of_store.acl_egress_handle4[bin] + cnt.acl_egress_handle4[bin],
-		             of_store.acl_egress_handle6[bin] + cnt.acl_egress_handle6[bin],
-		             of_store.logicalPort_egress_handle[bin] + cnt.logicalPort_egress_handle[bin],
-		             of_store.controlPlane_handle[bin] + cnt.controlPlane_handle[bin]);
-	}
+		using CountersArray = std::array<uint64_t, YANET_TSC_BINS_N>;
+
+		CountersArray logicalPort_ingress_handle{};
+		CountersArray acl_ingress_handle4{};
+		CountersArray acl_ingress_handle6{};
+		CountersArray tun64_ipv4_handle{};
+		CountersArray tun64_ipv6_handle{};
+		CountersArray route_handle4{};
+		CountersArray route_handle6{};
+
+		CountersArray decap_handle{};
+		CountersArray nat64stateful_lan_handle{};
+		CountersArray nat64stateful_wan_handle{};
+		CountersArray nat64stateless_egress_handle{};
+		CountersArray nat64stateless_ingress_handle{};
+		CountersArray nat46clat_lan_handle{};
+		CountersArray nat46clat_wan_handle{};
+		CountersArray balancer_handle{};
+
+		CountersArray balancer_icmp_reply_handle{};
+		CountersArray balancer_icmp_forward_handle{};
+		CountersArray route_tunnel_handle4{};
+		CountersArray route_tunnel_handle6{};
+		CountersArray acl_egress_handle4{};
+		CountersArray acl_egress_handle6{};
+		CountersArray logicalPort_egress_handle{};
+		CountersArray controlPlane_handle{};
+
+		auto as_tuple()
+		{
+			return make_tuple(*this);
+		}
 
-	struct overflow_store
-	{
-		uint64_t logicalPort_ingress_handle[YANET_TSC_BINS_N];
-		uint64_t acl_ingress_handle4[YANET_TSC_BINS_N];
-		uint64_t acl_ingress_handle6[YANET_TSC_BINS_N];
-		uint64_t tun64_ipv4_handle[YANET_TSC_BINS_N];
-		uint64_t tun64_ipv6_handle[YANET_TSC_BINS_N];
-		uint64_t route_handle4[YANET_TSC_BINS_N];
-		uint64_t route_handle6[YANET_TSC_BINS_N];
-
-		uint64_t decap_handle[YANET_TSC_BINS_N];
-		uint64_t nat64stateful_lan_handle[YANET_TSC_BINS_N];
-		uint64_t nat64stateful_wan_handle[YANET_TSC_BINS_N];
-		uint64_t nat64stateless_egress_handle[YANET_TSC_BINS_N];
-		uint64_t nat64stateless_ingress_handle[YANET_TSC_BINS_N];
-		uint64_t nat46clat_lan_handle[YANET_TSC_BINS_N];
-		uint64_t nat46clat_wan_handle[YANET_TSC_BINS_N];
-		uint64_t balancer_handle[YANET_TSC_BINS_N];
-
-		uint64_t balancer_icmp_reply_handle[YANET_TSC_BINS_N];
-		uint64_t balancer_icmp_forward_handle[YANET_TSC_BINS_N];
-		uint64_t route_tunnel_handle4[YANET_TSC_BINS_N];
-		uint64_t route_tunnel_handle6[YANET_TSC_BINS_N];
-		uint64_t acl_egress_handle4[YANET_TSC_BINS_N];
-		uint64_t acl_egress_handle6[YANET_TSC_BINS_N];
-		uint64_t logicalPort_egress_handle[YANET_TSC_BINS_N];
-		uint64_t controlPlane_handle[YANET_TSC_BINS_N];
+		[[nodiscard]] auto as_tuple() const
+		{
+			return make_tuple(*this);
+		}
 
 		void handle_overflow(const tsc_deltas& cnt, const tsc_deltas& prev, int bin)
 		{
-			logicalPort_ingress_handle[bin] += (prev.logicalPort_ingress_handle[bin] > cnt.logicalPort_ingress_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			acl_ingress_handle4[bin] += (prev.acl_ingress_handle4[bin] > cnt.acl_ingress_handle4[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			acl_ingress_handle6[bin] += (prev.acl_ingress_handle6[bin] > cnt.acl_ingress_handle6[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			tun64_ipv4_handle[bin] += (prev.tun64_ipv4_handle[bin] > cnt.tun64_ipv4_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			tun64_ipv6_handle[bin] += (prev.tun64_ipv6_handle[bin] > cnt.tun64_ipv6_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			route_handle4[bin] += (prev.route_handle4[bin] > cnt.route_handle4[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			route_handle6[bin] += (prev.route_handle6[bin] > cnt.route_handle6[bin]) << sizeof(uint16_t) * CHAR_BIT;
-
-			decap_handle[bin] += (prev.decap_handle[bin] > cnt.decap_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			nat64stateful_lan_handle[bin] += (prev.nat64stateful_lan_handle[bin] > cnt.nat64stateful_lan_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			nat64stateful_wan_handle[bin] += (prev.nat64stateful_wan_handle[bin] > cnt.nat64stateful_wan_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			nat64stateless_egress_handle[bin] += (prev.nat64stateless_egress_handle[bin] > cnt.nat64stateless_egress_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			nat64stateless_ingress_handle[bin] += (prev.nat64stateless_ingress_handle[bin] > cnt.nat64stateless_ingress_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			nat46clat_lan_handle[bin] += (prev.nat46clat_lan_handle[bin] > cnt.nat46clat_lan_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			nat46clat_wan_handle[bin] += (prev.nat46clat_wan_handle[bin] > cnt.nat46clat_wan_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			balancer_handle[bin] += (prev.balancer_handle[bin] > cnt.balancer_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-
-			balancer_icmp_reply_handle[bin] += (prev.balancer_icmp_reply_handle[bin] > cnt.balancer_icmp_reply_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			balancer_icmp_forward_handle[bin] += (prev.balancer_icmp_forward_handle[bin] > cnt.balancer_icmp_forward_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			route_tunnel_handle4[bin] += (prev.route_tunnel_handle4[bin] > cnt.route_tunnel_handle4[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			route_tunnel_handle6[bin] += (prev.route_tunnel_handle6[bin] > cnt.route_tunnel_handle6[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			acl_egress_handle4[bin] += (prev.acl_egress_handle4[bin] > cnt.acl_egress_handle4[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			acl_egress_handle6[bin] += (prev.acl_egress_handle6[bin] > cnt.acl_egress_handle6[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			logicalPort_egress_handle[bin] += (prev.logicalPort_egress_handle[bin] > cnt.logicalPort_egress_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
-			controlPlane_handle[bin] += (prev.controlPlane_handle[bin] > cnt.controlPlane_handle[bin]) << sizeof(uint16_t) * CHAR_BIT;
+			auto this_tuple = as_tuple();
+			auto cnt_tuple = cnt.as_tuple();
+			auto prev_tuple = prev.as_tuple();
+
+			auto op = [&](auto& this_member, const auto& cnt_member, const auto& prev_member) {
+				this_member[bin] += (prev_member[bin] > cnt_member[bin]) << (sizeof(uint16_t) * CHAR_BIT);
+			};
+
+			utils::zip_apply(op, this_tuple, cnt_tuple, prev_tuple);
 		}
 	};
 
 	std::vector<std::tuple<uint32_t, tsc_deltas*, tsc_deltas, overflow_store>> worker_counters;
-	table_t table;
+	TablePrinter table;
+
+	void insert_header()
+	{
+		table.insert_row("core_id",
+		                 "iter_num",
+		                 "logicalPort_ingress",
+		                 "acl_ingress4",
+		                 "acl_ingress6",
+		                 "tun64_ipv4",
+		                 "tun64_ipv6",
+		                 "route4",
+		                 "route6",
+		                 "decap",
+		                 "nat64stateful_lan",
+		                 "nat64stateful_wan",
+		                 "nat64stateless_egress",
+		                 "nat64stateless_ingress",
+		                 "nat46clat_lan",
+		                 "nat46clat_wan",
+		                 "balancer",
+		                 "balancer_icmp_reply",
+		                 "balancer_icmp_forward",
+		                 "route_tunnel4",
+		                 "route_tunnel6",
+		                 "acl_egress4",
+		                 "acl_egress6",
+		                 "logicalPort_egress",
+		                 "controlPlane");
+	}
+
+	void insert_bin(const tsc_deltas& cnt, const overflow_store& of_store, int bin, uint32_t core_id)
+	{
+		constexpr std::size_t tuple_size = std::tuple_size_v<decltype(cnt.as_tuple())>;
+		// The total size of the row will be 2 fixed elements (core_id and iter_num) plus tuple_size
+		std::array<std::string, 2 + tuple_size> row;
+
+		row[0] = (bin == 0) ? std::to_string(core_id) : std::string{};
+		row[1] = (bin == 0) ? std::to_string(cnt.iter_num) : std::string{};
+
+		auto cnt_tuple = cnt.as_tuple();
+		auto of_store_tuple = of_store.as_tuple();
+
+		std::size_t index = 2; // Start after core_id and iter_num
+		auto op = [&](const auto& of_store_member, const auto& cnt_member) mutable {
+			row[index++] = std::to_string(of_store_member[bin] + cnt_member[bin]);
+		};
+
+		utils::zip_apply(op, of_store_tuple, cnt_tuple);
+
+		table.insert_row(row.begin(), row.end());
+	}
 };
 
-void tsc_monitoring()
+inline void tsc_monitoring()
 {
 	tsc_monitoring_t monitoring{};
 	monitoring.monitor();
 }
 
 }
-
-}
diff --git a/cli/dregress.h b/cli/dregress.h
index e97b659b..2aa2727e 100644
--- a/cli/dregress.h
+++ b/cli/dregress.h
@@ -2,7 +2,7 @@
 
 #include "common/icontrolplane.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
 namespace dregress
 {
@@ -12,29 +12,29 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.dregress_config();
 
-	table_t table;
-	table.insert("module",
-	             "ipv6_sources",
-	             "ipv6_destination",
-	             "ipv4_address",
-	             "ipv6_address",
-	             "udp_destination_port",
-	             "only_longest",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "ipv6_sources",
+	                 "ipv6_destination",
+	                 "ipv4_address",
+	                 "ipv6_address",
+	                 "udp_destination_port",
+	                 "only_longest",
+	                 "next_module");
 
 	for (const auto& [module_name, dregress] : response)
 	{
-		table.insert(module_name,
-		             dregress.ipv6SourcePrefixes,
-		             dregress.ipv6DestinationPrefix,
-		             dregress.ipv4SourceAddress,
-		             dregress.ipv6SourceAddress,
-		             dregress.udpDestinationPort,
-		             dregress.onlyLongest,
-		             dregress.nextModule);
+		table.insert_row(module_name,
+		                 dregress.ipv6SourcePrefixes,
+		                 dregress.ipv6DestinationPrefix,
+		                 dregress.ipv4SourceAddress,
+		                 dregress.ipv6SourceAddress,
+		                 dregress.udpDestinationPort,
+		                 dregress.onlyLongest,
+		                 dregress.nextModule);
 	}
 
-	table.print();
+	table.Print();
 }
 
 void announce()
@@ -42,17 +42,17 @@ void announce()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.dregress_config();
 
-	table_t table;
+	TablePrinter table;
 	table.insert("module",
 	             "announces");
 
 	for (const auto& [module_name, dregress] : response)
 	{
-		table.insert(module_name,
-		             dregress.announces);
+		table.insert_row(module_name,
+		                 dregress.announces);
 	}
 
-	table.print();
+	table.Print();
 }
 
 /** @todo
diff --git a/cli/helper.h b/cli/helper.h
index 66890a57..7e9ba0db 100644
--- a/cli/helper.h
+++ b/cli/helper.h
@@ -1,468 +1,114 @@
 #pragma once
 
-#include <array>
 #include <cstdio>
-#include <iomanip>
-#include <map>
-#include <sstream>
 #include <string>
 #include <tuple>
 #include <type_traits>
 #include <vector>
 
-#include <nlohmann/json.hpp>
-
-#include "converter.h"
+#include "common/sdpclient.h"
+#include "common/traits.h"
+#include "table_printer.h"
 
-template<typename type>
-static std::string to_percent(const type current, const type maximum)
-{
-	double percent = 0.0;
-	if (maximum)
-	{
-		percent = (double)current / (double)maximum;
-		percent *= (double)100;
-	}
+#if __cpp_lib_charconv >= 201606L && !defined(__GNUC__) || __GNUC__ >= 8
+#define USE_FROM_CHARS
+#endif
 
-	std::stringstream stream;
-	stream << std::fixed << std::setprecision(2) << percent;
-	return stream.str();
-}
+#if defined(USE_FROM_CHARS)
+#include <charconv>
+#else
+#include <sstream>
+#endif
 
-std::vector<std::string> split(const char* string,
-                               const char delimiter)
+template<typename T>
+static void fill(T& value, const std::string& str)
 {
-	std::vector<std::string> result;
-	std::stringstream ss(string);
-
-	std::string part;
-	while (std::getline(ss, part, delimiter))
+	if constexpr (std::is_same_v<T, bool>)
 	{
-		result.emplace_back(part);
+		if (str == "true")
+			value = true;
+		else if (str == "false")
+			value = false;
+		else
+			throw std::invalid_argument("Invalid boolean value");
 	}
-
-	return result;
-}
-
-void fillValue(std::optional<uint8_t>& value, const std::string& string)
-{
-	if (string == "any")
+	else if constexpr (std::is_integral_v<T> || std::is_floating_point_v<T>)
 	{
-		value = std::nullopt;
+#ifdef USE_FROM_CHARS
+		auto [ptr, ec] = std::from_chars(str.data(), str.data() + str.size(), value);
+		if (ec != std::errc{})
+			throw std::invalid_argument("Invalid numeric value: '" + str + "'");
+#else
+		std::istringstream iss(str);
+		if (!(iss >> value) || !iss.eof())
+			throw std::invalid_argument("Invalid numeric value: '" + str + "'");
+#endif
 	}
-	else if (string != "")
+	else if constexpr (traits::is_optional_v<T>)
 	{
-		value = std::stoull(string, nullptr, 0);
-		;
+		if (str == "any" || str.empty())
+		{
+			value.reset();
+		}
+		else
+		{
+			typename T::value_type temp;
+			fill(temp, str);
+			value = std::move(temp);
+		}
 	}
 	else
 	{
-		value = std::nullopt;
+		value = str;
 	}
 }
 
-void fillValue(std::optional<uint16_t>& value, const std::string& string)
+// Fill a tuple with values from a vector of strings
+template<typename Tuple, std::size_t... Is>
+static void fillTupleImpl(Tuple& tuple, const std::vector<std::string>& args, std::index_sequence<Is...>)
 {
-	if (string == "any")
-	{
-		value = std::nullopt;
-	}
-	else if (string != "")
-	{
-		value = std::stoull(string, nullptr, 0);
-		;
-	}
-	else
-	{
-		value = std::nullopt;
-	}
+	(..., fill(std::get<Is>(tuple), Is < args.size() ? args[Is] : std::string{}));
 }
 
-void fillValue(std::optional<uint32_t>& value, const std::string& string)
+template<typename... Args>
+static void fillTuple(std::tuple<Args...>& tuple, const std::vector<std::string>& args)
 {
-	if (string == "any")
-	{
-		value = std::nullopt;
-	}
-	else if (string != "")
-	{
-		value = std::stoull(string, nullptr, 0);
-		;
-	}
-	else
-	{
-		value = std::nullopt;
-	}
+	fillTupleImpl(tuple, args, std::index_sequence_for<Args...>{});
 }
 
-template<typename TArg>
-void fillValue(std::optional<TArg>& value, const std::string& string)
+// Call function using string arguments
+template<typename F>
+inline void Call(F&& func, const std::vector<std::string>& string_args)
 {
-	if (string == "any")
-	{
-		value = std::nullopt;
-	}
-	else if (string != "")
-	{
-		value = string;
-	}
-	else
-	{
-		value = std::nullopt;
-	}
-}
+	using ArgsTuple = typename traits::function<F>::args;
+	constexpr auto arity = std::tuple_size_v<ArgsTuple>;
 
-void fillValue(bool& value, const std::string& string)
-{
-	if (string == "false" || string == "true")
-	{
-		value = string == "true";
-	}
-	else
+	if (string_args.size() > arity)
 	{
-		throw std::string("invalid argument, must be true or false");
+		throw std::invalid_argument("Invalid arguments count: '" + std::to_string(string_args.size()) +
+		                            "', expected at most: '" + std::to_string(arity) + "'");
 	}
-}
-
-void fillValue(uint8_t& value, const std::string& string)
-{
-	value = std::stoull(string, nullptr, 0);
-}
-
-void fillValue(uint16_t& value, const std::string& string)
-{
-	value = std::stoull(string, nullptr, 0);
-}
-
-void fillValue(uint32_t& value, const std::string& string)
-{
-	value = std::stoull(string, nullptr, 0);
-}
 
-template<typename TArg>
-void fillValue(TArg& value, const std::string& string)
-{
-	value = string;
+	utils::decay_tuple<ArgsTuple> args_tuple;
+	fillTuple(args_tuple, string_args);
+	std::apply(std::forward<F>(func), args_tuple);
 }
 
-template<typename TArg>
-void fillValue(std::optional<TArg>& value)
+inline void OpenSharedMemoryDataplaneBuffers(common::sdp::DataPlaneInSharedMemory& sdp_data, bool open_workers_data)
 {
-	value = std::nullopt;
-}
-
-template<typename TArg>
-void fillValue(TArg& value)
-{
-	(void)value;
-	throw std::string("invalid arguments count");
-}
-
-template<size_t TIndex,
-         size_t TSize,
-         typename TTuple>
-void fillTuple(TTuple& tuple, const std::vector<std::string>& stringArgs)
-{
-	if constexpr (TIndex < TSize)
+	if (common::sdp::SdpClient::ReadSharedMemoryData(sdp_data, open_workers_data) != eResult::success)
 	{
-		if (TIndex < stringArgs.size())
-		{
-			fillValue(std::get<TIndex>(tuple), stringArgs[TIndex]);
-		}
-		else
-		{
-			fillValue(std::get<TIndex>(tuple));
-		}
-
-		fillTuple<TIndex + 1, TSize>(tuple, stringArgs);
+		YANET_LOG_ERROR("Error openning shared memory dataplane buffers\n");
+		std::exit(1);
 	}
 }
 
-template<typename... TArgs>
-void call(void (*func)(TArgs... args),
-          const std::vector<std::string>& stringArgs)
+template<typename Container>
+inline void FillAndPrintTable(const std::initializer_list<std::string_view>& headers, const Container& data, const converter::config_t config = {})
 {
-	if (stringArgs.size() > sizeof...(TArgs))
-	{
-		throw std::string("invalid arguments count: '") + std::to_string(stringArgs.size()) + "', need: '" + std::to_string(sizeof...(TArgs)) + "'";
-	}
-	std::tuple<std::decay_t<TArgs>...> tuple;
-	fillTuple<0, sizeof...(TArgs)>(tuple, stringArgs);
-	std::apply(func, tuple);
-}
+	TablePrinter table(config);
 
-template<size_t TIndex,
-         size_t TSize,
-         typename TDiffTuple,
-         typename TTuple>
-void getDiffTuple(TDiffTuple& diff,
-                  const TTuple& curr,
-                  const TTuple& prev)
-{
-	if constexpr (TIndex < TSize)
-	{
-		std::get<TIndex>(diff) = std::get<TIndex>(curr) - std::get<TIndex>(prev);
-		getDiffTuple<TIndex + 1, TSize>(diff, curr, prev);
-	}
+	table.insert_row(headers.begin(), headers.end());
+	table.insert(data.begin(), data.end());
+	table.Print();
 }
-
-template<typename TFirst,
-         typename... TSecondArgs>
-std::map<TFirst, std::array<int64_t, sizeof...(TSecondArgs)>> getDiff(const std::map<TFirst, std::tuple<TSecondArgs...>>& curr,
-                                                                      const std::map<TFirst, std::tuple<TSecondArgs...>>& prev)
-{
-	std::map<TFirst, std::array<int64_t, sizeof...(TSecondArgs)>> result;
-
-	for (const auto& iter : curr)
-	{
-		if (prev.find(iter.first) != prev.end())
-		{
-			std::array<int64_t, sizeof...(TSecondArgs)> diff;
-			getDiffTuple<0, sizeof...(TSecondArgs)>(diff, iter.second, prev.find(iter.first)->second);
-			result[iter.first] = diff;
-		}
-	}
-
-	return result;
-}
-
-class table_t
-{
-public:
-	table_t(const converter::config_t config = {}) :
-	        config(config)
-	{
-	}
-
-	template<typename... args_T>
-	void insert(const args_T&... args)
-	{
-		std::vector<std::string> row = {converter::to_string(args, config)...};
-
-		if (row.size() > columnLengths.size())
-		{
-			columnLengths.resize(row.size(), 0);
-		}
-
-		for (uint32_t string_i = 0;
-		     string_i < row.size();
-		     string_i++)
-		{
-			if (columnLengths[string_i] < row[string_i].size())
-			{
-				columnLengths[string_i] = row[string_i].size();
-			}
-		}
-
-		table.emplace_back(row);
-	}
-
-	void print_json()
-	{
-		std::vector<std::string> format_keys;
-		std::map<unsigned int, unsigned int> format_keys_i;
-		if (const char* format_keys_pointer = std::getenv("YANET_FORMAT_KEYS"))
-		{
-			format_keys = split(format_keys_pointer, ',');
-		}
-
-		std::vector<std::string> keys;
-
-		bool header = true;
-		nlohmann::json json_root;
-		for (auto& row : table)
-		{
-			if (header)
-			{
-				for (uint32_t string_i = 0;
-				     string_i < row.size();
-				     string_i++)
-				{
-					for (uint32_t format_i = 0;
-					     format_i < format_keys.size();
-					     format_i++)
-					{
-						if (row[string_i] == format_keys[format_i])
-						{
-							format_keys_i[string_i] = format_i;
-						}
-					}
-				}
-
-				keys = row;
-				header = false;
-				continue;
-			}
-
-			std::vector<std::string> tree;
-			tree.resize(format_keys.size());
-
-			nlohmann::json json_row;
-			for (uint32_t string_i = 0;
-			     string_i < row.size();
-			     string_i++)
-			{
-				if (format_keys_i.count(string_i))
-				{
-					tree[format_keys_i[string_i]] = row[string_i];
-				}
-				else
-				{
-					json_row[keys[string_i]] = row[string_i];
-				}
-			}
-
-			auto* json_current = &json_root;
-			for (const auto& key : tree)
-			{
-				json_current = &((*json_current)[key]);
-			}
-			(*json_current).emplace_back(json_row);
-		}
-
-		printf("%s\n", json_root.dump(2).data());
-	}
-
-	void print_default()
-	{
-		if (table.size() == 0 ||
-		    columnLengths.size() == 0)
-		{
-			return;
-		}
-
-		std::vector<std::string> user_selected_col_names;
-		bool print_selected_cols_only = false;
-		if (const char* columns_pointer = std::getenv("YANET_FORMAT_COLUMNS"))
-		{
-			user_selected_col_names = split(columns_pointer, ',');
-			print_selected_cols_only = true;
-		}
-
-		/* header row contains table's column names */
-		auto& header_row = table[0];
-
-		/* If the user listed only specific columns of the table to be printed in specific order,
-		   need to build a relation between index of column in user-provided order and its index in the table (only if it does exist in the table):
-		   This relation: columns_order[col_idx_in_user_selection] = col_idx_in_table
-
-		   Otherwise, when no custom columns' selection and/or order is provided by the user,
-		   print all columns of the table in the table's order:
-		   columns_order[col_idx_in_table] = col_idx_in_table */
-		std::vector<uint32_t> columns_order;
-		if (print_selected_cols_only)
-		{
-			uint32_t col_idx_in_user_selection = 0;
-			while (columns_order.size() < user_selected_col_names.size())
-			{
-				bool selected_col_name_found = false;
-				for (uint32_t col_idx_in_table = 0; col_idx_in_table < header_row.size(); ++col_idx_in_table)
-				{
-					if (user_selected_col_names[col_idx_in_user_selection] == header_row[col_idx_in_table])
-					{
-						// col_idx_in_user_selection must be equal to columns_order.size() prior to insertion (check?)
-						columns_order.push_back(col_idx_in_table);
-						selected_col_name_found = true;
-						++col_idx_in_user_selection;
-						break;
-					}
-				}
-
-				if (!selected_col_name_found)
-				{
-					// evidently, user provided such a column name, which does not exist in the table, cannot print it
-					// shifting tail of user_selected_col_names to the left by erasing non-existent user-provided column name
-					user_selected_col_names.erase(user_selected_col_names.begin() + col_idx_in_user_selection);
-				}
-			}
-		}
-		else
-		{
-			columns_order.resize(header_row.size());
-			std::iota(columns_order.begin(), columns_order.end(), 0);
-		}
-
-		if (columns_order.size() == 0)
-		{
-			/* column names provided by user do not match any column names of the table,
-			   or the table does not have any columns at all (what?!) */
-			return;
-		}
-
-		bool header = true;
-		for (auto& row : table)
-		{
-			printf("%-*s",
-			       columnLengths[columns_order[0]],
-			       row[columns_order[0]].data());
-
-			for (uint32_t string_i = 1;
-			     string_i < columns_order.size();
-			     string_i++)
-			{
-				if (string_i != columns_order.size() - 1)
-				{
-					printf("  %-*s",
-					       columnLengths[columns_order[string_i]],
-					       row[columns_order[string_i]].data());
-				}
-				else
-				{
-					// Do not explode the last column with padding whitespace bytes.
-					printf("  %s",
-					       row[columns_order[string_i]].data());
-				}
-			}
-
-			printf("\n");
-
-			if (header)
-			{
-				printf("%s", std::string(columnLengths[columns_order[0]], '-').data());
-
-				for (uint32_t string_i = 1;
-				     string_i < columns_order.size();
-				     string_i++)
-				{
-					printf("  %s", std::string(columnLengths[columns_order[string_i]], '-').data());
-				}
-
-				printf("\n");
-
-				header = false;
-			}
-		}
-	}
-
-	void print()
-	{
-		std::string format;
-		if (const char* format_pointer = std::getenv("YANET_FORMAT"))
-		{
-			format = format_pointer;
-		}
-
-		if (format == "json")
-		{
-			print_json();
-		}
-		else
-		{
-			print_default();
-		}
-	}
-
-	void render()
-	{
-		printf("\033[H\033[2J");
-		fflush(stdout);
-
-		print_default();
-		table.clear();
-	}
-
-protected:
-	converter::config_t config;
-	std::vector<std::vector<std::string>> table;
-	std::vector<uint32_t> columnLengths;
-};
diff --git a/cli/influxdb_format.h b/cli/influxdb_format.h
index ff95b706..544fec6b 100644
--- a/cli/influxdb_format.h
+++ b/cli/influxdb_format.h
@@ -88,11 +88,9 @@ std::string to_string(const char* key,
 class base_t
 {
 public:
-	virtual ~base_t()
-	{
-	}
+	virtual ~base_t() = default;
 
-	const std::string& to_string() const
+	[[nodiscard]] const std::string& to_string() const
 	{
 		return string;
 	}
@@ -183,7 +181,7 @@ void print_histogram(const char* name,
                      const index_T start,
                      const index_T end)
 {
-	for (unsigned int i = (unsigned int)start;
+	for (auto i = (unsigned int)start;
 	     i <= (unsigned int)end;
 	     i++)
 	{
diff --git a/cli/latch.h b/cli/latch.h
index 1302378c..841ed303 100644
--- a/cli/latch.h
+++ b/cli/latch.h
@@ -1,7 +1,10 @@
 #pragma once
 
+#include "common/idataplane.h"
+#include "common/idp.h"
 #include <cstdint>
 #include <cstring>
+#include <string>
 
 namespace latch
 {
diff --git a/cli/limit.h b/cli/limit.h
index 13f60db7..437c9976 100644
--- a/cli/limit.h
+++ b/cli/limit.h
@@ -1,10 +1,9 @@
 #pragma once
 
-#include <iomanip>
-
 #include "common/icontrolplane.h"
 
-#include "helper.h"
+#include "common/utils.h"
+#include "table_printer.h"
 
 namespace limit
 {
@@ -14,34 +13,14 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.limit_summary();
 
-	table_t table;
-	table.insert("name",
-	             "socket_id",
-	             "current",
-	             "maximum",
-	             "percent");
+	TablePrinter table;
 
 	for (const auto& [name, socket_id, current, maximum] : response)
 	{
-		double percent = 0.0;
-		if (maximum)
-		{
-			percent = (double)current / (double)maximum;
-			percent *= (double)100;
-		}
-
-		std::stringstream stream;
-		stream << std::fixed << std::setprecision(2) << percent;
-		std::string percent_string = stream.str();
-
-		table.insert(name,
-		             socket_id,
-		             current,
-		             maximum,
-		             percent_string);
+		table.insert_row(name, socket_id, current, maximum, utils::to_percent(current, maximum));
 	}
 
-	table.print();
+	table.Print();
 }
 
 }
diff --git a/cli/main.cpp b/cli/main.cpp
index 414c2f1d..4d20e965 100644
--- a/cli/main.cpp
+++ b/cli/main.cpp
@@ -5,6 +5,7 @@
 
 #include "acl.h"
 #include "balancer.h"
+#include "bus.h"
 #include "config.h"
 #include "convert.h"
 #include "develop.h"
@@ -35,113 +36,126 @@ void help()
 std::vector<std::tuple<std::string,
                        std::string,
                        std::function<void(const std::vector<std::string>&)>>>
-        commands = {{"help", "", [](const auto& args) { call(help, args); }},
+        commands = {{"help", "", [](const auto& args) { Call(help, args); }},
                     {},
-                    {"physicalPort", "", [](const auto& args) { call(show::physicalPort, args); }},
-                    {"logicalPort", "", [](const auto& args) { call(show::logicalPort, args); }},
-                    {"acl unwind", "[module] <direction{any|in|out}> <network_source> <network_destination> <fragment{any|frag}> <protocol> <transport_source> <transport_destination> <transport_flags> <keepstate{any|true|false}>", [](const auto& args) { call(acl::unwind, args); }},
-                    {"acl lookup", "<module> <any|in|out> <network_source> <network_destination> <protocol> <transport_source> <transport_destination>", [](const auto& args) { call(acl::lookup, args); }},
-                    {"decap", "", [](const auto& args) { call(show::decap::summary, args); }},
-                    {"decap announce", "", [](const auto& args) { call(show::decap::announce, args); }},
-                    {"decap prefix allow", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { call(config::decap::allow, args); }},
-                    {"decap prefix disallow", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { call(config::decap::disallow, args); }},
-                    {"decap prefix remove", "[module] [ipv6_prefix]", [](const auto& args) { call(config::decap::remove, args); }},
-                    {"tun64", "[module]", [](const auto& args) { call(show::tun64::summary, args); }},
-                    {"tun64 announce", "[module]", [](const auto& args) { call(show::tun64::announce, args); }},
-                    {"tun64 mappings list", "[module]", [](const auto& args) { call(show::tun64::mappings, args); }},
-                    {"nat64stateful", "", [](const auto& args) { call(nat64stateful::summary, args); }},
-                    {"nat64stateful state", "<module>", [](const auto& args) { call(nat64stateful::state, args); }},
-                    {"nat64stateful announce", "", [](const auto& args) { call(nat64stateful::announce, args); }},
-                    {"nat64stateless", "", [](const auto& args) { call(show::nat64stateless::summary, args); }},
-                    {"nat64stateless translation", "", [](const auto& args) { call(show::nat64stateless::translation, args); }},
-                    {"nat64stateless announce", "", [](const auto& args) { call(show::nat64stateless::announce, args); }},
-                    {"nat64stateless prefix allow4", "[module] [ipv4_prefix] [ipv4_prefix]", [](const auto& args) { call(config::nat64stateless::allow4, args); }},
-                    {"nat64stateless prefix disallow4", "[module] [ipv4_prefix] [ipv4_prefix]", [](const auto& args) { call(config::nat64stateless::disallow4, args); }},
-                    {"nat64stateless prefix remove4", "[module] [ipv4_prefix]", [](const auto& args) { call(config::nat64stateless::remove4, args); }},
-                    {"nat64stateless prefix allow6", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { call(config::nat64stateless::allow6, args); }},
-                    {"nat64stateless prefix disallow6", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { call(config::nat64stateless::disallow6, args); }},
-                    {"nat64stateless prefix remove6", "[module] [ipv6_prefix]", [](const auto& args) { call(config::nat64stateless::remove6, args); }},
-                    {"nat46clat", "", [](const auto& args) { call(nat46clat::summary, args); }},
-                    {"nat46clat announce", "", [](const auto& args) { call(nat46clat::announce, args); }},
-                    {"balancer", "", [](const auto& args) { call(balancer::summary, args); }},
-                    {"balancer service", "[module] <virtual_ip> <proto> <virtual_port>", [](const auto& args) { call(balancer::service, args); }},
-                    {"balancer real", "[module] <virtual_ip> <proto> <virtual_port> <real_ip> <real_port>", [](const auto& args) { call(balancer::real_find, args); }},
-                    {"balancer state", "[module] <virtual_ip> <proto> <virtual_port> <real_ip> <real_port>", [](const auto& args) { call(balancer::state, args); }},
-                    {"balancer real enable", "[module] [virtual_ip] [proto] [virtual_port] [real_ip] [real_port] <real_weight>", [](const auto& args) { call(balancer::real::enable, args); }},
-                    {"balancer real disable", "[module] [virtual_ip] [proto] [virtual_port] [real_ip] [real_port]", [](const auto& args) { call(balancer::real::disable, args); }},
-                    {"balancer real flush", "", [](const auto& args) { call(balancer::real::flush, args); }},
-                    {"balancer announce", "", [](const auto& args) { call(balancer::announce, args); }},
-                    {"route", "", [](const auto& args) { call(route::summary, args); }},
-                    {"route interface", "", [](const auto& args) { call(route::interface, args); }},
-                    {"route lookup", "[module] [ip_address]", [](const auto& args) { call(route::lookup, args); }},
-                    {"route get", "[module] [ip_prefix]", [](const auto& args) { call(route::get, args); }},
-                    {"route tunnel lookup", "[module] [ip_address]", [](const auto& args) { call(route::tunnel::lookup, args); }},
-                    {"route tunnel get", "[module] [ip_prefix]", [](const auto& args) { call(route::tunnel::get, args); }},
-                    {"neighbor show", "", [](const auto& args) { call(neighbor::show, args); }},
-                    {"neighbor insert", "[route_name] [interface_name] [ip_address] [mac_address]", [](const auto& args) { call(neighbor::insert, args); }},
-                    {"neighbor remove", "[route_name] [interface_name] [ip_address]", [](const auto& args) { call(neighbor::remove, args); }},
-                    {"neighbor flush", "", [](const auto& args) { call(neighbor::flush, args); }},
-                    {"rib", "", [](const auto& args) { call(rib::summary, args); }},
-                    {"rib prefixes", "", [](const auto& args) { call(rib::prefixes, args); }},
-                    {"rib lookup", "[vrf] [ip_address]", [](const auto& args) { call(rib::lookup, args); }},
-                    {"rib get", "[vrf] [ip_prefix]", [](const auto& args) { call(rib::get, args); }},
-                    {"rib static insert", "[vrf] [ip_prefix] [nexthop] <label> <peer_id> <origin_as> <weight>", [](const auto& args) { call(rib::insert, args); }},
-                    {"rib static remove", "[vrf] [ip_prefix] [nexthop] <label> <peer_id>", [](const auto& args) { call(rib::remove, args); }},
-                    {"dregress", "", [](const auto& args) { call(dregress::summary, args); }},
-                    {"dregress announce", "", [](const auto& args) { call(dregress::announce, args); }},
-                    {"limit", "", [](const auto& args) { call(limit::summary, args); }},
-                    {"values", "", [](const auto& args) { call(show::values, args); }},
-                    {"durations", "", [](const auto& args) { call(show::durations, args); }},
-                    {"memory show", "", [](const auto& args) { call(memory_manager::show, args); }},
-                    {"memory group", "", [](const auto& args) { call(memory_manager::group, args); }},
-                    {"dump", "[in|out|drop] [interface_name] [enable|disable]", [](const auto& args) { call(show::physical_port_dump, args); }},
+                    {"physicalPort", "", [](const auto& args) { Call(show::physicalPort, args); }},
+                    {"logicalPort", "", [](const auto& args) { Call(show::logicalPort, args); }},
+                    {"acl unwind", "[module] <direction{any|in|out}> <network_source> <network_destination> <fragment{any|frag}> <protocol> <transport_source> <transport_destination> <transport_flags> <recordstate{any|true|false}>", [](const auto& args) { Call(acl::unwind, args); }},
+                    {"acl lookup", "<module> <any|in|out> <network_source> <network_destination> <protocol> <transport_source> <transport_destination>", [](const auto& args) { Call(acl::lookup, args); }},
+                    {"decap", "", [](const auto& args) { Call(show::decap::summary, args); }},
+                    {"decap announce", "", [](const auto& args) { Call(show::decap::announce, args); }},
+                    {"decap prefix allow", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { Call(config::decap::allow, args); }},
+                    {"decap prefix disallow", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { Call(config::decap::disallow, args); }},
+                    {"decap prefix remove", "[module] [ipv6_prefix]", [](const auto& args) { Call(config::decap::remove, args); }},
+                    {"tun64", "[module]", [](const auto& args) { Call(show::tun64::summary, args); }},
+                    {"tun64 announce", "[module]", [](const auto& args) { Call(show::tun64::announce, args); }},
+                    {"tun64 mappings list", "[module]", [](const auto& args) { Call(show::tun64::mappings, args); }},
+                    {"nat64stateful", "", [](const auto& args) { Call(nat64stateful::summary, args); }},
+                    {"nat64stateful state", "<module>", [](const auto& args) { Call(nat64stateful::state, args); }},
+                    {"nat64stateful announce", "", [](const auto& args) { Call(nat64stateful::announce, args); }},
+                    {"nat64stateless", "", [](const auto& args) { Call(show::nat64stateless::summary, args); }},
+                    {"nat64stateless translation", "", [](const auto& args) { Call(show::nat64stateless::translation, args); }},
+                    {"nat64stateless announce", "", [](const auto& args) { Call(show::nat64stateless::announce, args); }},
+                    {"nat64stateless prefix allow4", "[module] [ipv4_prefix] [ipv4_prefix]", [](const auto& args) { Call(config::nat64stateless::allow4, args); }},
+                    {"nat64stateless prefix disallow4", "[module] [ipv4_prefix] [ipv4_prefix]", [](const auto& args) { Call(config::nat64stateless::disallow4, args); }},
+                    {"nat64stateless prefix remove4", "[module] [ipv4_prefix]", [](const auto& args) { Call(config::nat64stateless::remove4, args); }},
+                    {"nat64stateless prefix allow6", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { Call(config::nat64stateless::allow6, args); }},
+                    {"nat64stateless prefix disallow6", "[module] [ipv6_prefix] [ipv6_prefix]", [](const auto& args) { Call(config::nat64stateless::disallow6, args); }},
+                    {"nat64stateless prefix remove6", "[module] [ipv6_prefix]", [](const auto& args) { Call(config::nat64stateless::remove6, args); }},
+                    {"nat46clat", "", [](const auto& args) { Call(nat46clat::summary, args); }},
+                    {"nat46clat announce", "", [](const auto& args) { Call(nat46clat::announce, args); }},
+                    {"balancer", "", [](const auto& args) { Call(balancer::summary, args); }},
+                    {"balancer service", "[module] <virtual_ip> <proto> <virtual_port>", [](const auto& args) { Call(balancer::service, args); }},
+                    {"balancer real", "[module] <virtual_ip> <proto> <virtual_port> <real_ip> <real_port>", [](const auto& args) { Call(balancer::real_find, args); }},
+                    {"balancer state", "[module] <virtual_ip> <proto> <virtual_port> <real_ip> <real_port>", [](const auto& args) { Call(balancer::state, args); }},
+                    {"balancer real enable", "[module] [virtual_ip] [proto] [virtual_port] [real_ip] [real_port] <real_weight>", [](const auto& args) { Call(balancer::real::enable, args); }},
+                    {"balancer real disable", "[module] [virtual_ip] [proto] [virtual_port] [real_ip] [real_port]", [](const auto& args) { Call(balancer::real::disable, args); }},
+                    {"balancer real flush", "", [](const auto& args) { Call(balancer::real::flush, args); }},
+                    {"balancer announce", "", [](const auto& args) { Call(balancer::announce, args); }},
+                    {"route", "", [](const auto& args) { Call(route::summary, args); }},
+                    {"route interface", "", [](const auto& args) { Call(route::interface, args); }},
+                    {"route lookup", "[module] [ip_address]", [](const auto& args) { Call(route::lookup, args); }},
+                    {"route get", "[module] [ip_prefix]", [](const auto& args) { Call(route::get, args); }},
+                    {"route tunnel lookup", "[module] [ip_address]", [](const auto& args) { Call(route::tunnel::lookup, args); }},
+                    {"route tunnel get", "[module] [ip_prefix]", [](const auto& args) { Call(route::tunnel::get, args); }},
+                    {"route counters", "", [](const auto& args) { Call(route::counters, args); }},
+                    {"route tunnel counters", "", [](const auto& args) { Call(route::tunnel::counters, args); }},
+                    {"neighbor show", "", [](const auto& args) { Call(neighbor::show, args); }},
+                    {"neighbor insert", "[route_name] [interface_name] [ip_address] [mac_address]", [](const auto& args) { Call(neighbor::insert, args); }},
+                    {"neighbor remove", "[route_name] [interface_name] [ip_address]", [](const auto& args) { Call(neighbor::remove, args); }},
+                    {"neighbor flush", "", [](const auto& args) { Call(neighbor::flush, args); }},
+                    {"rib", "", [](const auto& args) { Call(rib::summary, args); }},
+                    {"rib prefixes", "", [](const auto& args) { Call(rib::prefixes, args); }},
+                    {"rib lookup", "[vrf] [ip_address]", [](const auto& args) { Call(rib::lookup, args); }},
+                    {"rib get", "[vrf] [ip_prefix]", [](const auto& args) { Call(rib::get, args); }},
+                    {"rib static insert", "[vrf] [ip_prefix] [nexthop] <label> <peer_id> <origin_as> <weight>", [](const auto& args) { Call(rib::insert, args); }},
+                    {"rib static remove", "[vrf] [ip_prefix] [nexthop] <label> <peer_id>", [](const auto& args) { Call(rib::remove, args); }},
+                    {"dregress", "", [](const auto& args) { Call(dregress::summary, args); }},
+                    {"dregress announce", "", [](const auto& args) { Call(dregress::announce, args); }},
+                    {"limit", "", [](const auto& args) { Call(limit::summary, args); }},
+                    {"values", "", [](const auto& args) { Call(show::values, args); }},
+                    {"durations", "", [](const auto& args) { Call(show::durations, args); }},
+                    {"memory show", "", [](const auto& args) { Call(memory_manager::show, args); }},
+                    {"memory group", "", [](const auto& args) { Call(memory_manager::group, args); }},
+                    {"dump", "[in|out|drop] [interface_name] [enable|disable]", [](const auto& args) { Call(show::physical_port_dump, args); }},
                     {},
-                    {"show errors", "", [](const auto& args) { call(show::errors, args); }},
+                    {"show errors", "", [](const auto& args) { Call(show::errors, args); }},
                     {},
-                    {"fw show", "<original|generated|state|all|dispatcher>", [](const auto& args) { call(show::fw, args); }},
-                    {"fw list", "<original|generated|state|all|dispatcher>", [](const auto& args) { call(show::fwlist, args); }},
+                    {"fw show", "<original|generated|state|all|dispatcher>", [](const auto& args) { Call(show::fw, args); }},
+                    {"fw list", "<original|generated|state|all|dispatcher>", [](const auto& args) { Call(show::fwlist, args); }},
                     {},
-                    {"show shm info", "", [](const auto& args) { call(show::shm_info, args); }},
+                    {"show shm info", "", [](const auto& args) { Call(show::shm_info, args); }},
                     {},
-                    {"tsc show shm info", "", [](const auto& args) { call(show::shm_tsc_info, args); }},
-                    {"tsc set state", "[true|false]", [](const auto& args) { call(show::shm_tsc_set_state, args); }},
-                    {"tsc set base", "[handle] [value]", [](const auto& args) { call(show::shm_tsc_set_base_value, args); }},
+                    {"tsc show shm info", "", [](const auto& args) { Call(show::shm_tsc_info, args); }},
+                    {"tsc set state", "[true|false]", [](const auto& args) { Call(show::shm_tsc_set_state, args); }},
+                    {"tsc set base", "[handle] [value]", [](const auto& args) { Call(show::shm_tsc_set_base_value, args); }},
                     {},
-                    {"samples show", "", [](const auto& args) { call(show::samples, args); }},
-                    {"samples dump", "", [](const auto& args) { call(show::samples_dump, args); }},
+                    {"samples show", "", [](const auto& args) { Call(show::samples, args); }},
+                    {"samples dump", "", [](const auto& args) { Call(show::samples_dump, args); }},
                     {},
-                    {"dontdoit podumoi dataplane lpm4LookupAddress", "[ipv4_address]", [](const auto& args) { call(develop::dataplane::lpm4LookupAddress, args); }},
-                    {"dontdoit podumoi dataplane lpm6LookupAddress", "[ipv6_address]", [](const auto& args) { call(develop::dataplane::lpm6LookupAddress, args); }},
-                    {"dontdoit podumoi dataplane error", "", [](const auto& args) { call(develop::dataplane::getErrors, args); }},
-                    {"dontdoit podumoi dataplane report", "", [](const auto& args) { call(develop::dataplane::getReport, args); }},
-                    {"dontdoit podumoi dataplane counter", "[counter_id] <range_size>", [](const auto& args) { call(develop::dataplane::counter, args); }},
-                    {"dontdoit podumoi controlplane rib save", "", [](const auto& args) { call(rib::save, args); }},
-                    {"dontdoit podumoi controlplane rib load", "", [](const auto& args) { call(rib::load, args); }},
-                    {"dontdoit podumoi controlplane rib clear", "[protocol] <peer> <vrf> <priority>", [](const auto& args) { call(rib::clear, args); }},
-                    {"dontdoit podumoi tsc monitoring", "", [](const auto& args) { call(develop::dataplane::tsc_monitoring, args); }},
+                    {"dontdoit podumoi dataplane lpm4LookupAddress", "[ipv4_address]", [](const auto& args) { Call(develop::dataplane::lpm4LookupAddress, args); }},
+                    {"dontdoit podumoi dataplane lpm6LookupAddress", "[ipv6_address]", [](const auto& args) { Call(develop::dataplane::lpm6LookupAddress, args); }},
+                    {"dontdoit podumoi dataplane error", "", [](const auto& args) { Call(develop::dataplane::getErrors, args); }},
+                    {"dontdoit podumoi dataplane report", "", [](const auto& args) { Call(develop::dataplane::getReport, args); }},
+                    {"dontdoit podumoi dataplane counter", "[counter_id] <range_size>", [](const auto& args) { Call(develop::dataplane::counter, args); }},
+                    {"dontdoit podumoi controlplane rib save", "", [](const auto& args) { Call(rib::save, args); }},
+                    {"dontdoit podumoi controlplane rib load", "", [](const auto& args) { Call(rib::load, args); }},
+                    {"dontdoit podumoi controlplane rib clear", "[protocol] <peer> <vrf> <priority>", [](const auto& args) { Call(rib::clear, args); }},
+                    {"dontdoit podumoi tsc monitoring", "", [](const auto& args) { Call(develop::dataplane::tsc_monitoring, args); }},
                     {},
-                    {"telegraf unsafe", "", [](const auto& args) { call(telegraf::unsafe, args); }},
-                    {"telegraf ports", "", [](const auto& args) { call(telegraf::ports_stats, args); }},
-                    {"telegraf dregress", "", [](const auto& args) { call(telegraf::dregress, args); }},
-                    {"telegraf peer", "", [](const auto& args) { call(telegraf::dregress_traffic, args); }},
-                    {"telegraf balancer service", "", [](const auto& args) { call(telegraf::balancer::service, args); }},
-                    {"telegraf other", "", [](const auto& args) { call(telegraf::other, args); }},
-                    {"telegraf tun64", "", [](const auto& args) { call(telegraf::mappings, args); }},
+                    {"hitcount dump", "<acl|>", [](const auto& args) { Call(show::hitcount_dump, args); }},
                     {},
-                    {"reload", "", [](const auto& args) { call(config::reload, args); }},
-                    {"version", "", [](const auto& args) { call(show::version, args); }},
-                    {"latch update dataplane", "<latch name> <state>", [](const auto& args) { call(latch::dataplane_update, args); }},
-                    {"counter", "[counter_name] <core_id>", [](const auto& args) { call(show::counter_by_name, args); }},
-                    {"latch update dataplane", "<latch name> <state>", [](const auto& args) { call(latch::dataplane_update, args); }},
+                    {"telegraf unsafe", "", [](const auto& args) { Call(telegraf::unsafe, args); }},
+                    {"telegraf ports", "", [](const auto& args) { Call(telegraf::ports_stats, args); }},
+                    {"telegraf dregress", "", [](const auto& args) { Call(telegraf::dregress, args); }},
+                    {"telegraf peer", "", [](const auto& args) { Call(telegraf::dregress_traffic, args); }},
+                    {"telegraf balancer service", "", [](const auto& args) { Call(telegraf::balancer::service, args); }},
+                    {"telegraf other", "", [](const auto& args) { Call(telegraf::other, args); }},
+                    {"telegraf tun64", "", [](const auto& args) { Call(telegraf::mappings, args); }},
+                    {"telegraf counters", "", [](const auto& args) { Call(telegraf::main_counters, args); }},
+                    {"telegraf bus", "", [](const auto& args) { Call(bus::bus_telegraf, args); }},
+                    {"telegraf route", "", [](const auto& args) { Call(telegraf::route, args); }},
+                    {"telegraf route tunnel", "", [](const auto& args) { Call(telegraf::route_tunnel, args); }},
                     {},
-                    {"convert logical_module", "", [](const auto& args) { call(convert::logical_module, args); }}};
+                    {"reload", "", [](const auto& args) { Call(config::reload, args); }},
+                    {"version", "", [](const auto& args) { Call(show::version, args); }},
+                    {"latch update dataplane", "<latch name> <state>", [](const auto& args) { Call(latch::dataplane_update, args); }},
+                    {"counter", "[counter_name] <core_id>", [](const auto& args) { Call(show::counter_by_name, args); }},
+                    {"counters stat", "", [](const auto& args) { Call(show::counters_stat, args); }},
+
+                    {"bus requests", "", [](const auto& args) { Call(bus::bus_requests, args); }},
+                    {"bus errors", "", [](const auto& args) { Call(bus::bus_errors, args); }},
+
+                    {"latch update dataplane", "<latch name> <state>", [](const auto& args) { Call(latch::dataplane_update, args); }},
+                    {},
+                    {"convert logical_module", "", [](const auto& args) { Call(convert::logical_module, args); }}};
 
 void printUsage()
 {
 	printf("usage:\n");
 	for (const auto& [command, args, function] : commands)
 	{
-		(void)function;
+		YANET_GCC_BUG_UNUSED(function);
 
 		if (command.empty())
 		{
diff --git a/cli/memory_manager.h b/cli/memory_manager.h
index 95d4a677..f92606e5 100644
--- a/cli/memory_manager.h
+++ b/cli/memory_manager.h
@@ -1,7 +1,7 @@
 #pragma once
 
 #include "common/idataplane.h"
-#include "helper.h"
+#include "table_printer.h"
 
 namespace memory_manager
 {
@@ -12,28 +12,22 @@ void show()
 
 	const auto response = dataplane.memory_manager_stats();
 	const auto& [response_memory_group, response_objects] = response;
-	(void)response_memory_group;
+	YANET_GCC_BUG_UNUSED(response_memory_group);
 
-	table_t table;
-	table.insert("name",
-	             "socket_id",
-	             "current");
+	TablePrinter table;
+	table.insert_row("name", "socket_id", "current");
 
 	uint64_t total = 0;
 	for (const auto& [name, socket_id, current] : response_objects)
 	{
 		total += current;
 
-		table.insert(name,
-		             socket_id,
-		             current);
+		table.insert_row(name, socket_id, current);
 	}
 
-	table.insert("total",
-	             "n/s",
-	             total);
+	table.insert_row("total", "n/s", total);
 
-	table.print();
+	table.Print();
 }
 
 void group()
@@ -43,11 +37,8 @@ void group()
 	const auto response = dataplane.memory_manager_stats();
 	const auto& [response_memory_group, response_objects] = response;
 
-	table_t table;
-	table.insert("group",
-	             "current",
-	             "maximum",
-	             "percent");
+	TablePrinter table;
+	table.insert_row("group", "current", "maximum", "percent");
 
 	std::map<std::string, ///< object_name
 	         common::uint64> ///< current
@@ -55,10 +46,9 @@ void group()
 
 	for (const auto& [name, socket_id, current] : response_objects)
 	{
-		(void)socket_id;
+		YANET_GCC_BUG_UNUSED(socket_id);
 
-		currents[name] = std::max(currents[name].value,
-		                          current);
+		currents[name] = std::max(currents[name].value, current);
 	}
 
 	response_memory_group.for_each([&](const auto& memory_group,
@@ -79,16 +69,12 @@ void group()
 		if (memory_group.limit)
 		{
 			maximum = memory_group.limit;
-			percent = to_percent(group_total, memory_group.limit);
+			percent = utils::to_percent(group_total, memory_group.limit);
 		}
 
-		table.insert(memory_group.name,
-		             group_total,
-		             maximum,
-		             percent);
+		table.insert_row(memory_group.name, group_total, maximum, percent);
 	});
 
-	table.print();
+	table.Print();
 }
-
 }
diff --git a/cli/nat46clat.h b/cli/nat46clat.h
index f9012005..c62f218c 100644
--- a/cli/nat46clat.h
+++ b/cli/nat46clat.h
@@ -1,8 +1,9 @@
 #pragma once
 
+#include "cli/helper.h"
 #include "common/icontrolplane.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
 namespace nat46clat
 {
@@ -12,21 +13,21 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.nat46clat_config();
 
-	table_t table;
-	table.insert("module",
-	             "ipv6_source",
-	             "ipv6_destination",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "ipv6_source",
+	                 "ipv6_destination",
+	                 "next_module");
 
 	for (const auto& [module_name, nat46clat] : response)
 	{
-		table.insert(module_name,
-		             nat46clat.ipv6_source,
-		             nat46clat.ipv6_destination,
-		             nat46clat.next_module);
+		table.insert_row(module_name,
+		                 nat46clat.ipv6_source,
+		                 nat46clat.ipv6_destination,
+		                 nat46clat.next_module);
 	}
 
-	table.print();
+	table.Print();
 }
 
 void announce()
@@ -34,17 +35,7 @@ void announce()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.nat46clat_announce();
 
-	table_t table;
-	table.insert("module",
-	             "announces");
-
-	for (const auto& [module_name, prefix] : response)
-	{
-		table.insert(module_name,
-		             prefix);
-	}
-
-	table.print();
+	FillAndPrintTable({"module", "announces"}, response);
 }
 
 }
diff --git a/cli/nat64stateful.h b/cli/nat64stateful.h
index 88e98e4a..ffe1412e 100644
--- a/cli/nat64stateful.h
+++ b/cli/nat64stateful.h
@@ -1,9 +1,10 @@
 #pragma once
 
+#include "cli/helper.h"
 #include "common/icontrolplane.h"
 #include "common/idataplane.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
 namespace nat64stateful
 {
@@ -13,10 +14,10 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.nat64stateful_config();
 
-	table_t table;
-	table.insert("module",
-	             "ipv4_pool_size",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "ipv4_pool_size",
+	                 "next_module");
 
 	for (const auto& [name, nat64stateful] : response)
 	{
@@ -26,12 +27,12 @@ void summary()
 			ipv4_pool_size += (1u << (32 - ipv4_prefix.mask()));
 		}
 
-		table.insert(name,
-		             ipv4_pool_size,
-		             nat64stateful.next_module);
+		table.insert_row(name,
+		                 ipv4_pool_size,
+		                 nat64stateful.next_module);
 	}
 
-	table.print();
+	table.Print();
 }
 
 void announce()
@@ -39,17 +40,7 @@ void announce()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.nat64stateful_announce();
 
-	table_t table;
-	table.insert("module",
-	             "announces");
-
-	for (const auto& [module, announces] : response)
-	{
-		table.insert(module,
-		             announces);
-	}
-
-	table.print();
+	FillAndPrintTable({"module", "announces"}, response);
 }
 
 /// @todo: move
@@ -152,19 +143,19 @@ void state(std::optional<std::string> module)
 	interface::dataPlane dataplane;
 	const auto response = dataplane.nat64stateful_state({module_id});
 
-	table_t table;
-	table.insert("module",
-	             "ipv6_source",
-	             "ipv4_source",
-	             "ipv4_destination",
-	             "proto",
-	             "origin_port_source",
-	             "port_source",
-	             "port_destination",
-	             "lan_flags",
-	             "wan_flags",
-	             "lan_last_seen",
-	             "wan_last_seen");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "ipv6_source",
+	                 "ipv4_source",
+	                 "ipv4_destination",
+	                 "proto",
+	                 "origin_port_source",
+	                 "port_source",
+	                 "port_destination",
+	                 "lan_flags",
+	                 "wan_flags",
+	                 "lan_last_seen",
+	                 "wan_last_seen");
 
 	for (const auto& [nat64stateful_id,
 	                  proto,
@@ -185,21 +176,21 @@ void state(std::optional<std::string> module)
 			it = modules.emplace_hint(it, nat64stateful_id, "unknown");
 		}
 
-		table.insert(it->second,
-		             ipv6_source,
-		             ipv4_source,
-		             ipv6_destination.get_mapped_ipv4_address().toString().data(),
-		             proto_to_string(proto).data(),
-		             port_source,
-		             wan_port_source,
-		             port_destination,
-		             tcp_flags_to_string(lan_flags),
-		             tcp_flags_to_string(wan_flags),
-		             lan_last_seen,
-		             wan_last_seen);
+		table.insert_row(it->second,
+		                 ipv6_source,
+		                 ipv4_source,
+		                 ipv6_destination.get_mapped_ipv4_address().toString().data(),
+		                 proto_to_string(proto).data(),
+		                 port_source,
+		                 wan_port_source,
+		                 port_destination,
+		                 tcp_flags_to_string(lan_flags),
+		                 tcp_flags_to_string(wan_flags),
+		                 lan_last_seen,
+		                 wan_last_seen);
 	}
 
-	table.print();
+	table.Print();
 }
 
 }
diff --git a/cli/neighbor.h b/cli/neighbor.h
index 2a961cbe..a68803de 100644
--- a/cli/neighbor.h
+++ b/cli/neighbor.h
@@ -1,9 +1,8 @@
 #pragma once
 
+#include "cli/helper.h"
 #include "common/idataplane.h"
 
-#include "helper.h"
-
 namespace neighbor
 {
 
@@ -12,27 +11,13 @@ void show()
 	interface::dataPlane dataplane;
 	const auto response = dataplane.neighbor_show();
 
-	table_t table({.optional_null = "static"});
-	table.insert("route_name",
-	             "interface_name",
-	             "ip_address",
-	             "mac_address",
-	             "last_update");
-
-	for (const auto& [route_name,
-	                  interface_name,
-	                  ip_address,
-	                  mac_address,
-	                  last_update] : response)
-	{
-		table.insert(route_name,
-		             interface_name,
-		             ip_address,
-		             mac_address,
-		             last_update);
-	}
-
-	table.print();
+	FillAndPrintTable({"route_name",
+	                   "interface_name",
+	                   "ip_address",
+	                   "mac_address",
+	                   "last_update"},
+	                  response,
+	                  {.optional_null = "static"});
 }
 
 void insert(const std::string& route_name,
diff --git a/cli/rib.h b/cli/rib.h
index aeb8880c..0b83b248 100644
--- a/cli/rib.h
+++ b/cli/rib.h
@@ -4,7 +4,7 @@
 
 #include "common/icontrolplane.h"
 
-#include "helper.h"
+#include "table_printer.h"
 
 namespace rib
 {
@@ -14,32 +14,32 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.rib_summary();
 
-	table_t table;
-	table.insert("vrf",
-	             "priority",
-	             "protocol",
-	             "peer",
-	             "table_name",
-	             "prefixes",
-	             "paths",
-	             "eor");
+	TablePrinter table;
+	table.insert_row("vrf",
+	                 "priority",
+	                 "protocol",
+	                 "peer",
+	                 "table_name",
+	                 "prefixes",
+	                 "paths",
+	                 "eor");
 
 	for (const auto& [key, value] : response)
 	{
 		const auto& [vrf, priority, protocol, peer, table_name] = key;
 		const auto& [prefixes, paths, eor] = value;
 
-		table.insert(vrf,
-		             priority,
-		             protocol,
-		             peer,
-		             table_name,
-		             prefixes,
-		             paths,
-		             (bool)eor);
+		table.insert_row(vrf,
+		                 priority,
+		                 protocol,
+		                 peer,
+		                 table_name,
+		                 prefixes,
+		                 paths,
+		                 (bool)eor);
 	}
 
-	table.print();
+	table.Print();
 }
 
 void prefixes()
@@ -47,22 +47,22 @@ void prefixes()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.rib_prefixes();
 
-	table_t table;
-	table.insert("vrf",
-	             "priority",
-	             "prefix",
-	             "protocol",
-	             "peer",
-	             "table_name",
-	             "path_information",
-	             "nexthop",
-	             "labels",
-	             "local_preference",
-	             "aspath",
-	             "origin",
-	             "med",
-	             "communities",
-	             "large_communities");
+	TablePrinter table;
+	table.insert_row("vrf",
+	                 "priority",
+	                 "prefix",
+	                 "protocol",
+	                 "peer",
+	                 "table_name",
+	                 "path_information",
+	                 "nexthop",
+	                 "labels",
+	                 "local_preference",
+	                 "aspath",
+	                 "origin",
+	                 "med",
+	                 "communities",
+	                 "large_communities");
 
 	for (const auto& [vrf_priority, prefix_nexthops] : response)
 	{
@@ -75,26 +75,26 @@ void prefixes()
 				const auto& [protocol, peer, table_name, path_information] = nexthop_key;
 				const auto& [nexthop, labels, origin, med, aspath, communities, large_communities, local_preference] = nexthop_value;
 
-				table.insert(vrf,
-				             priority,
-				             prefix,
-				             protocol,
-				             peer,
-				             table_name,
-				             path_information,
-				             nexthop,
-				             labels,
-				             local_preference,
-				             aspath,
-				             origin,
-				             med,
-				             communities,
-				             large_communities);
+				table.insert_row(vrf,
+				                 priority,
+				                 prefix,
+				                 protocol,
+				                 peer,
+				                 table_name,
+				                 path_information,
+				                 nexthop,
+				                 labels,
+				                 local_preference,
+				                 aspath,
+				                 origin,
+				                 med,
+				                 communities,
+				                 large_communities);
 			}
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 void lookup(const std::string& vrf,
@@ -103,22 +103,22 @@ void lookup(const std::string& vrf,
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.rib_lookup({vrf, address});
 
-	table_t table;
-	table.insert("vrf",
-	             "priority",
-	             "prefix",
-	             "protocol",
-	             "peer",
-	             "table_name",
-	             "path_information",
-	             "nexthop",
-	             "labels",
-	             "local_preference",
-	             "aspath",
-	             "origin",
-	             "med",
-	             "communities",
-	             "large_communities");
+	TablePrinter table;
+	table.insert_row("vrf",
+	                 "priority",
+	                 "prefix",
+	                 "protocol",
+	                 "peer",
+	                 "table_name",
+	                 "path_information",
+	                 "nexthop",
+	                 "labels",
+	                 "local_preference",
+	                 "aspath",
+	                 "origin",
+	                 "med",
+	                 "communities",
+	                 "large_communities");
 
 	for (const auto& [vrf_priority, prefix_nexthops] : response)
 	{
@@ -131,26 +131,26 @@ void lookup(const std::string& vrf,
 				const auto& [protocol, peer, table_name, path_information] = nexthop_key;
 				const auto& [nexthop, labels, origin, med, aspath, communities, large_communities, local_preference] = nexthop_value;
 
-				table.insert(vrf,
-				             priority,
-				             prefix,
-				             protocol,
-				             peer,
-				             table_name,
-				             path_information,
-				             nexthop,
-				             labels,
-				             local_preference,
-				             aspath,
-				             origin,
-				             med,
-				             communities,
-				             large_communities);
+				table.insert_row(vrf,
+				                 priority,
+				                 prefix,
+				                 protocol,
+				                 peer,
+				                 table_name,
+				                 path_information,
+				                 nexthop,
+				                 labels,
+				                 local_preference,
+				                 aspath,
+				                 origin,
+				                 med,
+				                 communities,
+				                 large_communities);
 			}
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 void get(const std::string& vrf,
@@ -159,21 +159,21 @@ void get(const std::string& vrf,
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.rib_get({vrf, prefix});
 
-	table_t table;
-	table.insert("vrf",
-	             "priority",
-	             "protocol",
-	             "peer",
-	             "table_name",
-	             "path_information",
-	             "nexthop",
-	             "labels",
-	             "local_preference",
-	             "aspath",
-	             "origin",
-	             "med",
-	             "communities",
-	             "large_communities");
+	TablePrinter table;
+	table.insert_row("vrf",
+	                 "priority",
+	                 "protocol",
+	                 "peer",
+	                 "table_name",
+	                 "path_information",
+	                 "nexthop",
+	                 "labels",
+	                 "local_preference",
+	                 "aspath",
+	                 "origin",
+	                 "med",
+	                 "communities",
+	                 "large_communities");
 
 	for (const auto& [vrf_priority, prefix_nexthops] : response)
 	{
@@ -185,48 +185,33 @@ void get(const std::string& vrf,
 			{
 				const auto& [protocol, peer, table_name, path_information] = nexthop_key;
 				const auto& [nexthop, labels, origin, med, aspath, communities, large_communities, local_preference] = nexthop_value;
-				(void)prefix;
-
-				table.insert(vrf,
-				             priority,
-				             protocol,
-				             peer,
-				             table_name,
-				             path_information,
-				             nexthop,
-				             labels,
-				             local_preference,
-				             aspath,
-				             origin,
-				             med,
-				             communities,
-				             large_communities);
+				YANET_GCC_BUG_UNUSED(prefix);
+
+				table.insert_row(vrf,
+				                 priority,
+				                 protocol,
+				                 peer,
+				                 table_name,
+				                 path_information,
+				                 nexthop,
+				                 labels,
+				                 local_preference,
+				                 aspath,
+				                 origin,
+				                 med,
+				                 communities,
+				                 large_communities);
 			}
 		}
 	}
 
-	table.print();
-}
-
-std::vector<std::string> split(const std::string& string,
-                               char delimiter = ' ')
-{
-	std::vector<std::string> result;
-
-	std::stringstream stream(string);
-	std::string item;
-	while (std::getline(stream, item, delimiter))
-	{
-		result.emplace_back(item);
-	}
-
-	return result;
+	table.Print();
 }
 
 void convert(const std::string& string,
              std::tuple<std::string, common::ip_address_t, std::vector<uint32_t>>& result)
 {
-	auto nexthop_label_string = split(string, '+');
+	auto nexthop_label_string = utils::split(string, '+');
 
 	if (nexthop_label_string.size() == 1)
 	{
diff --git a/cli/route.h b/cli/route.h
index 513f8e8e..034ffc0b 100644
--- a/cli/route.h
+++ b/cli/route.h
@@ -1,10 +1,10 @@
 #pragma once
 
-#include <iomanip>
-
+#include "cli/helper.h"
 #include "common/icontrolplane.h"
 
-#include "helper.h"
+#include "common/utils.h"
+#include "table_printer.h"
 
 namespace route
 {
@@ -14,17 +14,7 @@ void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.route_summary();
 
-	table_t table;
-	table.insert("module",
-	             "vrf");
-
-	for (const auto& [route_name, vrf] : response)
-	{
-		table.insert(route_name,
-		             vrf);
-	}
-
-	table.print();
+	FillAndPrintTable({"module", "vrf"}, response);
 }
 
 void interface()
@@ -32,32 +22,32 @@ void interface()
 	interface::controlPlane controlplane;
 	const auto response = controlplane.route_interface();
 
-	table_t table;
-	table.insert("module",
-	             "interface",
-	             "address",
-	             "neighbor_v4",
-	             "neighbor_v6",
-	             "neighbor_mac_address_v4",
-	             "neighbor_mac_address_v6",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "interface",
+	                 "address",
+	                 "neighbor_v4",
+	                 "neighbor_v6",
+	                 "neighbor_mac_address_v4",
+	                 "neighbor_mac_address_v6",
+	                 "next_module");
 
 	for (const auto& [key, value] : response)
 	{
 		const auto& [route_name, interface_name] = key;
 		const auto& [address, neighbor_v4, neighbor_v6, neighbor_mac_address_v4, neighbor_mac_address_v6, next_module] = value;
 
-		table.insert(route_name,
-		             interface_name,
-		             address,
-		             neighbor_v4,
-		             neighbor_v6,
-		             neighbor_mac_address_v4,
-		             neighbor_mac_address_v6,
-		             next_module == "controlPlane" ? std::string("linux") : next_module);
+		table.insert_row(route_name,
+		                 interface_name,
+		                 address,
+		                 neighbor_v4,
+		                 neighbor_v6,
+		                 neighbor_mac_address_v4,
+		                 neighbor_mac_address_v6,
+		                 next_module == "controlPlane" ? std::string("linux") : next_module);
 	}
 
-	table.print();
+	table.Print();
 }
 
 void lookup(const std::string& route_name,
@@ -66,25 +56,25 @@ void lookup(const std::string& route_name,
 	interface::controlPlane controlplane;
 	auto response = controlplane.route_lookup({route_name, address});
 
-	table_t table;
-	table.insert("ingress_physical_ports",
-	             "prefix",
-	             "nexthop",
-	             "egress_interface",
-	             "labels");
+	TablePrinter table;
+	table.insert_row("ingress_physical_ports",
+	                 "prefix",
+	                 "nexthop",
+	                 "egress_interface",
+	                 "labels");
 
 	for (const auto& item : response)
 	{
 		const auto& [ingress_physical_ports, prefix, nexthop, egress_interface, labels] = item;
 
-		table.insert(ingress_physical_ports,
-		             prefix,
-		             nexthop.is_default() ? std::string("") : nexthop.toString(),
-		             egress_interface,
-		             labels);
+		table.insert_row(ingress_physical_ports,
+		                 prefix,
+		                 nexthop.is_default() ? std::string("") : nexthop.toString(),
+		                 egress_interface,
+		                 labels);
 	}
 
-	table.print();
+	table.Print();
 }
 
 void get(const std::string& route_name,
@@ -93,24 +83,32 @@ void get(const std::string& route_name,
 	interface::controlPlane controlplane;
 	auto response = controlplane.route_get({route_name, prefix});
 
-	table_t table;
-	table.insert("ingress_physical_ports",
-	             "nexthop",
-	             "egress_interface",
-	             "labels");
+	TablePrinter table;
+	table.insert_row("ingress_physical_ports",
+	                 "nexthop",
+	                 "egress_interface",
+	                 "labels");
 
 	for (const auto& item : response)
 	{
 		const auto& [ingress_physical_ports, prefix, nexthop, egress_interface, labels] = item;
-		(void)prefix;
+		YANET_GCC_BUG_UNUSED(prefix);
 
-		table.insert(ingress_physical_ports,
-		             nexthop.is_default() ? std::string("") : nexthop.toString(),
-		             egress_interface,
-		             labels);
+		table.insert_row(ingress_physical_ports,
+		                 nexthop.is_default() ? std::string("") : nexthop.toString(),
+		                 egress_interface,
+		                 labels);
 	}
 
-	table.print();
+	table.Print();
+}
+
+void counters()
+{
+	interface::controlPlane controlplane;
+	auto response = controlplane.route_counters();
+
+	FillAndPrintTable({"link", "nexthop", "prefix", "counts", "size"}, response);
 }
 
 namespace tunnel
@@ -122,35 +120,29 @@ void lookup(const std::string& route_name,
 	interface::controlPlane controlplane;
 	auto response = controlplane.route_tunnel_lookup({route_name, address});
 
-	table_t table;
-	table.insert("ingress_physical_ports",
-	             "prefix",
-	             "nexthop",
-	             "label",
-	             "egress_interface",
-	             "peer",
-	             "weight (%)");
+	TablePrinter table;
+	table.insert_row("ingress_physical_ports",
+	                 "prefix",
+	                 "nexthop",
+	                 "label",
+	                 "egress_interface",
+	                 "peer",
+	                 "weight (%)");
 
 	for (const auto& item : response)
 	{
 		const auto& [ingress_physical_ports, prefix, nexthop, label, egress_interface, peer, weight_percent] = item;
 
-		double percent = (double)100.0 * weight_percent;
-
-		std::stringstream stream;
-		stream << std::fixed << std::setprecision(2) << percent;
-		std::string percent_string = stream.str();
-
-		table.insert(ingress_physical_ports,
-		             prefix,
-		             nexthop.is_default() ? std::string("") : nexthop.toString(),
-		             label,
-		             egress_interface,
-		             peer,
-		             percent_string);
+		table.insert_row(ingress_physical_ports,
+		                 prefix,
+		                 nexthop.is_default() ? std::string("") : nexthop.toString(),
+		                 label,
+		                 egress_interface,
+		                 peer,
+		                 utils::to_percent(weight_percent));
 	}
 
-	table.print();
+	table.Print();
 }
 
 void get(const std::string& route_name,
@@ -159,36 +151,37 @@ void get(const std::string& route_name,
 	interface::controlPlane controlplane;
 	auto response = controlplane.route_tunnel_get({route_name, prefix});
 
-	table_t table;
-	table.insert("ingress_physical_ports",
-	             "nexthop",
-	             "label",
-	             "egress_interface",
-	             "peer",
-	             "weight (%)");
+	TablePrinter table;
+	table.insert_row("ingress_physical_ports",
+	                 "nexthop",
+	                 "label",
+	                 "egress_interface",
+	                 "peer",
+	                 "weight (%)");
 
 	for (const auto& item : response)
 	{
 		const auto& [ingress_physical_ports, prefix, nexthop, label, egress_interface, peer, weight_percent] = item;
-		(void)prefix;
-
-		double percent = (double)100.0 * weight_percent;
-
-		std::stringstream stream;
-		stream << std::fixed << std::setprecision(2) << percent;
-		std::string percent_string = stream.str();
-
-		table.insert(ingress_physical_ports,
-		             nexthop.is_default() ? std::string("") : nexthop.toString(),
-		             label,
-		             egress_interface,
-		             peer,
-		             percent_string);
+		YANET_GCC_BUG_UNUSED(prefix);
+
+		table.insert_row(ingress_physical_ports,
+		                 nexthop.is_default() ? std::string("") : nexthop.toString(),
+		                 label,
+		                 egress_interface,
+		                 peer,
+		                 utils::to_percent(weight_percent));
 	}
 
-	table.print();
+	table.Print();
 }
 
+void counters()
+{
+	interface::controlPlane controlplane;
+	auto response = controlplane.route_tunnel_counters();
+
+	FillAndPrintTable({"link", "nexthop", "counts", "size"}, response);
+}
 }
 
 }
diff --git a/cli/show.h b/cli/show.h
index 57b4b00f..2a4325ef 100644
--- a/cli/show.h
+++ b/cli/show.h
@@ -6,10 +6,12 @@
 
 #include "common/icontrolplane.h"
 #include "common/idataplane.h"
+#include "common/sdpclient.h"
 #include "common/tsc_deltas.h"
 #include "common/version.h"
 
 #include "helper.h"
+#include "table_printer.h"
 
 namespace show
 {
@@ -19,35 +21,35 @@ inline void physicalPort()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getPhysicalPorts();
 
-	table_t table;
-	table.insert("moduleName",
-	             "link",
-	             "speed",
-	             "rx_packets",
-	             "rx_bytes",
-	             "rx_errors",
-	             "rx_drops",
-	             "tx_packets",
-	             "tx_bytes",
-	             "tx_errors",
-	             "tx_drops");
+	TablePrinter table;
+	table.insert_row("moduleName",
+	                 "link",
+	                 "speed",
+	                 "rx_packets",
+	                 "rx_bytes",
+	                 "rx_errors",
+	                 "rx_drops",
+	                 "tx_packets",
+	                 "tx_bytes",
+	                 "tx_errors",
+	                 "tx_drops");
 
 	for (const auto& [physicalPortName, physicalPort] : response)
 	{
-		table.insert(physicalPortName,
-		             std::get<8>(physicalPort) ? "up" : "down",
-		             std::to_string(std::get<9>(physicalPort) / 1000) + "G",
-		             std::get<0>(physicalPort),
-		             std::get<1>(physicalPort),
-		             std::get<2>(physicalPort),
-		             std::get<3>(physicalPort),
-		             std::get<4>(physicalPort),
-		             std::get<5>(physicalPort),
-		             std::get<6>(physicalPort),
-		             std::get<7>(physicalPort));
+		table.insert_row(physicalPortName,
+		                 std::get<8>(physicalPort) ? "up" : "down",
+		                 std::to_string(std::get<9>(physicalPort) / 1000) + "G",
+		                 std::get<0>(physicalPort),
+		                 std::get<1>(physicalPort),
+		                 std::get<2>(physicalPort),
+		                 std::get<3>(physicalPort),
+		                 std::get<4>(physicalPort),
+		                 std::get<5>(physicalPort),
+		                 std::get<6>(physicalPort),
+		                 std::get<7>(physicalPort));
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void physical_port_dump(const std::string& direction,
@@ -74,23 +76,23 @@ inline void logicalPort()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getLogicalPorts();
 
-	table_t table;
-	table.insert("moduleName",
-	             "physicalPortName",
-	             "vlanId",
-	             "macAddress",
-	             "promiscuousMode");
+	TablePrinter table;
+	table.insert_row("moduleName",
+	                 "physicalPortName",
+	                 "vlanId",
+	                 "macAddress",
+	                 "promiscuousMode");
 
 	for (const auto& [logicalPortName, logicalPort] : response)
 	{
-		table.insert(logicalPortName,
-		             std::get<0>(logicalPort),
-		             std::get<1>(logicalPort),
-		             std::get<2>(logicalPort),
-		             std::get<3>(logicalPort) ? "true" : "false");
+		table.insert_row(logicalPortName,
+		                 std::get<0>(logicalPort),
+		                 std::get<1>(logicalPort),
+		                 std::get<2>(logicalPort),
+		                 std::get<3>(logicalPort) ? "true" : "false");
 	}
 
-	table.print();
+	table.Print();
 }
 
 static inline std::string convertToString(const common::defender::status& status)
@@ -141,12 +143,12 @@ inline void summary(std::optional<std::string> module)
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.tun64_tunnels();
 
-	table_t table;
-	table.insert("module",
-	             "source_address",
-	             "prefixes",
-	             "randomization",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "source_address",
+	                 "prefixes",
+	                 "randomization",
+	                 "next_module");
 
 	for (const auto& [tunnelName, tunnel] : response)
 	{
@@ -158,14 +160,14 @@ inline void summary(std::optional<std::string> module)
 
 		const auto& [ipv6Src, pfxCnt, rndFlag, nxtModule] = tunnel;
 
-		table.insert(tunnelName,
-		             ipv6Src,
-		             pfxCnt,
-		             rndFlag ? "true" : "false",
-		             nxtModule);
+		table.insert_row(tunnelName,
+		                 ipv6Src,
+		                 pfxCnt,
+		                 rndFlag ? "true" : "false",
+		                 nxtModule);
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void announce(std::optional<std::string> module)
@@ -173,10 +175,10 @@ inline void announce(std::optional<std::string> module)
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.tun64_prefixes();
 
-	table_t table;
-	table.insert("module",
-	             "prefix",
-	             "announces");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "prefix",
+	                 "announces");
 
 	for (const auto& [tunnelName, prefixes] : response)
 	{
@@ -188,11 +190,11 @@ inline void announce(std::optional<std::string> module)
 
 		for (const auto& prefix : prefixes)
 		{
-			table.insert(tunnelName, prefix, prefix);
+			table.insert_row(tunnelName, prefix, prefix);
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void mappings(std::optional<std::string> module)
@@ -200,11 +202,11 @@ inline void mappings(std::optional<std::string> module)
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.tun64_mappings();
 
-	table_t table;
-	table.insert("module",
-	             "ipv4Address",
-	             "ipv6Address",
-	             "location");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "ipv4Address",
+	                 "ipv6Address",
+	                 "location");
 
 	for (const auto& v : response)
 	{
@@ -216,13 +218,13 @@ inline void mappings(std::optional<std::string> module)
 			continue;
 		}
 
-		table.insert(tunnelName,
-		             ipv4Address,
-		             ipv6Address,
-		             location);
+		table.insert_row(tunnelName,
+		                 ipv4Address,
+		                 ipv6Address,
+		                 location);
 	}
 
-	table.print();
+	table.Print();
 }
 } /* namespace tun64 */
 
@@ -234,11 +236,11 @@ inline void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getDecaps();
 
-	table_t table;
-	table.insert("module",
-	             "prefixes",
-	             "DSCP",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "prefixes",
+	                 "DSCP",
+	                 "next_module");
 
 	for (const auto& [decapName, decap] : response)
 	{
@@ -260,13 +262,13 @@ inline void summary()
 			dscpString = "n/s";
 		}
 
-		table.insert(decapName,
-		             std::get<0>(decap),
-		             dscpString,
-		             std::get<2>(decap));
+		table.insert_row(decapName,
+		                 std::get<0>(decap),
+		                 dscpString,
+		                 std::get<2>(decap));
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void announce()
@@ -274,22 +276,22 @@ inline void announce()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getDecapPrefixes();
 
-	table_t table;
-	table.insert("module",
-	             "prefix",
-	             "announces");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "prefix",
+	                 "announces");
 
 	for (const auto& [moduleName, prefixes] : response)
 	{
 		for (const auto& prefix : prefixes)
 		{
-			table.insert(moduleName,
-			             prefix.prefix,
-			             prefix.announces);
+			table.insert_row(moduleName,
+			                 prefix.prefix,
+			                 prefix.announces);
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 }
@@ -302,25 +304,25 @@ inline void summary()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getNat64statelesses();
 
-	table_t table;
-	table.insert("module",
-	             "translations",
-	             "WKP",
-	             "SRC",
-	             "prefixes",
-	             "next_module");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "translations",
+	                 "WKP",
+	                 "SRC",
+	                 "prefixes",
+	                 "next_module");
 
 	for (const auto& [nat64statelessName, nat64stateless] : response)
 	{
-		table.insert(nat64statelessName,
-		             std::get<0>(nat64stateless),
-		             std::get<1>(nat64stateless),
-		             std::get<2>(nat64stateless),
-		             std::get<3>(nat64stateless),
-		             std::get<4>(nat64stateless));
+		table.insert_row(nat64statelessName,
+		                 std::get<0>(nat64stateless),
+		                 std::get<1>(nat64stateless),
+		                 std::get<2>(nat64stateless),
+		                 std::get<3>(nat64stateless),
+		                 std::get<4>(nat64stateless));
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void translation()
@@ -328,13 +330,13 @@ inline void translation()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getNat64statelessTranslations();
 
-	table_t table;
-	table.insert("moduleName",
-	             "ipv6Address",
-	             "ipv6DestinationAddress",
-	             "fromRange",
-	             "ipv4Address",
-	             "toRange");
+	TablePrinter table;
+	table.insert_row("moduleName",
+	                 "ipv6Address",
+	                 "ipv6DestinationAddress",
+	                 "fromRange",
+	                 "ipv4Address",
+	                 "toRange");
 
 	for (const auto& [key, value] : response)
 	{
@@ -345,15 +347,15 @@ inline void translation()
 		const auto& ipv4Address = std::get<0>(value);
 		const auto& egressPorts = std::get<1>(value);
 
-		table.insert(moduleName,
-		             ipv6Address,
-		             ipv6DestinationAddress,
-		             ingressPorts,
-		             ipv4Address,
-		             egressPorts);
+		table.insert_row(moduleName,
+		                 ipv6Address,
+		                 ipv6DestinationAddress,
+		                 ingressPorts,
+		                 ipv4Address,
+		                 egressPorts);
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void announce()
@@ -361,10 +363,10 @@ inline void announce()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getNat64statelessPrefixes();
 
-	table_t table;
-	table.insert("module",
-	             "prefix",
-	             "announces");
+	TablePrinter table;
+	table.insert_row("module",
+	                 "prefix",
+	                 "announces");
 
 	for (const auto& [moduleName, prefixes] : response)
 	{
@@ -372,15 +374,15 @@ inline void announce()
 		{
 			std::visit(
 			        [&, &moduleName = moduleName](auto&& value) {
-				        table.insert(moduleName,
-				                     value.prefix,
-				                     value.announces);
+				        table.insert_row(moduleName,
+				                         value.prefix,
+				                         value.announces);
 			        },
 			        (const common::ip_prefix_with_announces_t::variant_t&)prefix);
 		}
 	}
 
-	table.print();
+	table.Print();
 }
 
 }
@@ -508,21 +510,21 @@ static void list_fw_rules(unsigned int mask, bool list)
 	common::icp::getFwLabels::response labels;
 	interface::controlPlane controlPlane;
 
-	table_t table;
+	TablePrinter table;
 	if (list)
 	{
-		table.insert("id",
-		             "ruleno",
-		             "label",
-		             "rule");
+		table.insert_row("id",
+		                 "ruleno",
+		                 "label",
+		                 "rule");
 	}
 	else
 	{
-		table.insert("id",
-		             "ruleno",
-		             "label",
-		             "counter",
-		             "rule");
+		table.insert_row("id",
+		                 "ruleno",
+		                 "label",
+		                 "counter",
+		                 "rule");
 	}
 
 	if (need_labels & mask)
@@ -577,17 +579,17 @@ static void list_fw_rules(unsigned int mask, bool list)
 			{
 				if (list)
 				{
-					(void)counter;
-					table.insert(id, ruleno, label, text);
+					YANET_GCC_BUG_UNUSED(counter);
+					table.insert_row(id, ruleno, label, text);
 				}
 				else
 				{
-					table.insert(id, ruleno, label, counter, text);
+					table.insert_row(id, ruleno, label, counter, text);
 				}
 			}
 		}
 	}
-	table.print();
+	table.Print();
 }
 
 inline void fw(std::optional<std::string> str)
@@ -624,18 +626,10 @@ inline void fwlist(std::optional<std::string> str)
 
 inline void errors()
 {
-	table_t table;
-	table.insert("name", "counter");
-
 	interface::dataPlane dataPlane;
 	const auto response = dataPlane.getErrors();
 
-	for (const auto& [name, counter] : response)
-	{
-		table.insert(name, counter);
-	}
-
-	table.print();
+	FillAndPrintTable({"name", "counter"}, response);
 }
 
 inline void samples()
@@ -643,14 +637,14 @@ inline void samples()
 	interface::controlPlane controlPlane;
 	const auto response = controlPlane.getSamples();
 
-	table_t table;
-	table.insert("in_iface",
-	             "out_iface",
-	             "proto",
-	             "src_addr",
-	             "src_port",
-	             "dst_addr",
-	             "dst_port");
+	TablePrinter table;
+	table.insert_row("in_iface",
+	                 "out_iface",
+	                 "proto",
+	                 "src_addr",
+	                 "src_port",
+	                 "dst_addr",
+	                 "dst_port");
 
 	// Cache the protocols we are interested in to prevent enormous number of reading of "/etc/protocols".
 	std::unordered_map<std::uint8_t, std::string> proto_cache;
@@ -670,10 +664,10 @@ inline void samples()
 		}
 		const auto& protoName = it->second;
 
-		table.insert(in_iface, out_iface, protoName, src_addr, src_port, dst_addr, dst_port);
+		table.insert_row(in_iface, out_iface, protoName, src_addr, src_port, dst_addr, dst_port);
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void samples_dump()
@@ -692,36 +686,63 @@ inline void samples_dump()
 		}
 		first = false;
 		std::cout << "\n"
-		          << "{\"in_iface\":\"" << in_iface << "\","
-		          << "\"out_iface\":\"" << out_iface << "\","
+		          << R"({"in_iface":")" << in_iface << "\","
+		          << R"("out_iface":")" << out_iface << "\","
 		          << "\"proto\":" << (int)proto << ","
-		          << "\"src_addr\":\"" << src_addr.toString() << "\","
+		          << R"("src_addr":")" << src_addr.toString() << "\","
 		          << "\"src_port\":" << src_port << ","
-		          << "\"dst_addr\":\"" << dst_addr.toString() << "\","
+		          << R"("dst_addr":")" << dst_addr.toString() << "\","
 		          << "\"dst_port\":" << dst_port << "}";
 	}
 
 	std::cout << "]\n";
 }
 
+inline void hitcount_dump(const std::string& source)
+{
+	if (source != "acl")
+	{
+		YANET_THROW("Error: Need to specify source. Right now, only 'acl' is supported.\n");
+	}
+
+	interface::dataPlane dataplane;
+	const auto& response = dataplane.hitcount_dump();
+
+	std::cout << "[\n";
+
+	bool first = true;
+	for (const auto& [id, data] : response)
+	{
+		if (!first)
+		{
+			std::cout << "\n";
+		}
+		first = false;
+
+		std::cout << "  " << id << ": " << data.count << ", " << data.bytes;
+	}
+
+	std::cout << "\n]\n";
+}
+
 inline void values()
 {
 	interface::controlPlane controlplane;
 	const auto controlplane_values = controlplane.controlplane_values();
 
-	table_t table;
-	table.insert("application",
-	             "name",
-	             "value");
+	TablePrinter table;
+	table.insert_row("application",
+	                 "name",
+	                 "value");
 
 	for (const auto& [name, value] : controlplane_values)
 	{
-		table.insert("controlplane",
-		             name,
-		             value);
+		table.insert_row("controlplane",
+		                 name,
+		                 value);
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void durations()
@@ -729,29 +750,29 @@ inline void durations()
 	interface::controlPlane controlplane;
 	const auto controlplane_durations = controlplane.controlplane_durations();
 
-	table_t table;
-	table.insert("application",
-	             "name",
-	             "duration");
+	TablePrinter table;
+	table.insert_row("application",
+	                 "name",
+	                 "duration");
 
 	for (const auto& [name, value] : controlplane_durations)
 	{
-		table.insert("controlplane",
-		             name,
-		             value);
+		table.insert_row("controlplane",
+		                 name,
+		                 value);
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void version()
 {
-	table_t table;
-	table.insert("application",
-	             "version",
-	             "revision",
-	             "hash",
-	             "custom");
+	TablePrinter table;
+	table.insert_row("application",
+	                 "version",
+	                 "revision",
+	                 "hash",
+	                 "custom");
 
 	/// dataplane
 	try
@@ -759,11 +780,11 @@ inline void version()
 		interface::dataPlane dataplane;
 		const auto [major, minor, revision, hash, custom] = dataplane.version();
 
-		table.insert("dataplane",
-		             version_to_string(major, minor),
-		             version_revision_to_string(revision),
-		             version_hash_to_string(hash),
-		             version_custom_to_string(custom));
+		table.insert_row("dataplane",
+		                 version_to_string(major, minor),
+		                 version_revision_to_string(revision),
+		                 version_hash_to_string(hash),
+		                 version_custom_to_string(custom));
 	}
 	catch (...)
 	{
@@ -775,11 +796,11 @@ inline void version()
 		interface::controlPlane controlplane;
 		const auto [major, minor, revision, hash, custom] = controlplane.version();
 
-		table.insert("controlplane",
-		             version_to_string(major, minor),
-		             version_revision_to_string(revision),
-		             version_hash_to_string(hash),
-		             version_custom_to_string(custom));
+		table.insert_row("controlplane",
+		                 version_to_string(major, minor),
+		                 version_revision_to_string(revision),
+		                 version_hash_to_string(hash),
+		                 version_custom_to_string(custom));
 	}
 	catch (...)
 	{
@@ -787,22 +808,20 @@ inline void version()
 
 	/// cli
 	{
-		table.insert("cli",
-		             version_to_string(),
-		             version_revision_to_string(),
-		             version_hash_to_string(),
-		             version_custom_to_string());
+		table.insert_row("cli",
+		                 version_to_string(),
+		                 version_revision_to_string(),
+		                 version_hash_to_string(),
+		                 version_custom_to_string());
 	}
 
-	table.print();
+	table.Print();
 }
 
 inline void counter_by_name(std::string counter_name,
                             const std::optional<tCoreId>& core_id)
 {
-	interface::dataPlane dataplane;
-
-	const auto response = dataplane.get_counter_by_name({counter_name, core_id});
+	const auto response = common::sdp::SdpClient::GetCounterByName(counter_name, core_id);
 
 	if (response.empty())
 	{
@@ -816,16 +835,7 @@ inline void counter_by_name(std::string counter_name,
 		}
 	}
 
-	table_t table;
-	table.insert("core_id",
-	             "counter_value");
-
-	for (const auto& [core_id, counter_value] : response)
-	{
-		table.insert(core_id, counter_value);
-	}
-
-	table.print();
+	FillAndPrintTable({"core_id", "counter_value"}, response);
 }
 
 inline void shm_info()
@@ -833,22 +843,15 @@ inline void shm_info()
 	interface::dataPlane dataplane;
 	const auto response = dataplane.get_shm_info();
 
-	table_t table;
-	table.insert("ring name",
-	             "dump tag",
-	             "dump size",
-	             "dump count",
-	             "core id",
-	             "socket id",
-	             "ipc key",
-	             "offset");
-
-	for (const auto& [name, tag, size, count, core, socket, ipc_key, offset] : response)
-	{
-		table.insert(name, tag, size, count, core, socket, ipc_key, offset);
-	}
-
-	table.print();
+	FillAndPrintTable({"ring name",
+	                   "dump tag",
+	                   "dump size",
+	                   "dump count",
+	                   "core id",
+	                   "socket id",
+	                   "ipc key",
+	                   "offset"},
+	                  response);
 }
 
 void shm_tsc_info()
@@ -856,18 +859,7 @@ void shm_tsc_info()
 	interface::dataPlane dataplane;
 	const auto response = dataplane.get_shm_tsc_info();
 
-	table_t table;
-	table.insert("core id",
-	             "socket id",
-	             "ipc key",
-	             "offset");
-
-	for (const auto& [core, socket, ipc_key, offset] : response)
-	{
-		table.insert(core, socket, ipc_key, offset);
-	}
-
-	table.print();
+	FillAndPrintTable({"core id", "socket id", "ipc key", "offset"}, response);
 }
 
 void shm_tsc_set_state(bool state)
@@ -924,4 +916,19 @@ void shm_tsc_set_base_value(std::string counter_name, uint32_t value)
 	}
 }
 
+void counters_stat()
+{
+	interface::controlPlane controlplane;
+	auto [common_info, sizes_info] = controlplane.counters_stat();
+	auto [free_blocks, free_cells, errors_external, errors_internal] = common_info;
+	printf("Counters usage info\n");
+	printf("Free blocks: %d, counters: %d\n", free_blocks, free_cells);
+	printf("Errors external: %ld, internal: %ld\n", errors_external, errors_internal);
+
+	for (auto [size, used_blocks, busy_blocks, used_segments] : sizes_info)
+	{
+		printf("size: %d, used blocks: %d, busy blocks: %d, used segments: %d\n", size, used_blocks, busy_blocks, used_segments);
+	}
+}
+
 }
diff --git a/cli/table_printer.h b/cli/table_printer.h
new file mode 100644
index 00000000..9ef8d01f
--- /dev/null
+++ b/cli/table_printer.h
@@ -0,0 +1,316 @@
+#pragma once
+
+#include <iostream>
+#include <nlohmann/json.hpp>
+#include <string>
+
+#include "common/utils.h"
+#include "converter.h"
+
+class TablePrinter
+{
+public:
+	TablePrinter(const converter::config_t config = {}) :
+	        config_(config) {}
+
+	// Insert arbitrary number of values as one row
+	template<typename... Args>
+	void insert_row(Args&&... args)
+	{
+		insert_row({converter::to_string(std::forward<Args>(args), config_)...});
+	}
+
+	// Insert tuple as one row
+	template<typename... Args>
+	void insert_row(const std::tuple<Args...>& tuple)
+	{
+		std::vector<std::string> row;
+
+		std::apply([&row, this](const Args&... args) {
+			(row.push_back(converter::to_string(args, config_)), ...);
+		},
+		           tuple);
+
+		insert_row(std::move(row));
+	}
+
+	// Insert pair as one row
+	template<typename First, typename Second>
+	void insert_row(const std::pair<First, Second>& pair)
+	{
+		std::vector<std::string> row;
+		row.push_back(converter::to_string(pair.first, config_));
+		row.push_back(converter::to_string(pair.second, config_));
+
+		insert_row(std::move(row));
+	}
+
+	// Insert values from a container as one row
+	template<typename Iterator, typename = typename std::iterator_traits<Iterator>::iterator_category>
+	void insert_row(Iterator begin, Iterator end)
+	{
+		std::vector<std::string> row;
+		for (auto it = begin; it != end; ++it)
+		{
+			row.push_back(converter::to_string(*it, config_));
+		}
+		insert_row(std::move(row));
+	}
+
+	/**
+	 * Insert values from a container as many rows
+	 *
+	 * Useful when we have a container of containers like the "responce"
+	 * object obtained from controlplane
+	 */
+	template<typename Iterator, typename = typename std::iterator_traits<Iterator>::iterator_category>
+	void insert(Iterator begin, Iterator end)
+	{
+		for (auto it = begin; it != end; ++it)
+		{
+			insert_row(*it);
+		}
+	}
+
+	void Print()
+	{
+		std::string format;
+		if (const char* format_pointer = std::getenv("YANET_FORMAT"))
+		{
+			format = format_pointer;
+		}
+
+		(format == "json") ? print_json() : print_default();
+	}
+
+	void Render()
+	{
+		std::cout << "\033[H\033[2J" << std::flush;
+
+		print_default();
+		table_.clear();
+	}
+
+private:
+	void insert_row(std::vector<std::string>&& row)
+	{
+		if (row.size() > column_lengths_.size())
+		{
+			column_lengths_.resize(row.size(), 0);
+		}
+
+		for (uint32_t i = 0; i < row.size(); ++i)
+		{
+			if (column_lengths_[i] < row[i].size())
+			{
+				column_lengths_[i] = row[i].size();
+			}
+		}
+
+		table_.push_back(std::move(row));
+	}
+
+	void print_default()
+	{
+		if (table_.empty() || column_lengths_.empty())
+		{
+			return;
+		}
+
+		std::vector<std::string> user_selected_col_names;
+		if (const char* columns_pointer = std::getenv("YANET_FORMAT_COLUMNS"))
+		{
+			user_selected_col_names = utils::split(columns_pointer, ',');
+		}
+
+		bool print_selected_cols_only = !user_selected_col_names.empty();
+
+		// The header row contains the table's column names
+		const auto& header_row = table_.front();
+
+		/*
+		 * If the user has specified certain columns to be printed in a specific order,
+		 * we need to map each column's index from the user-provided list to its corresponding
+		 * index in the table.
+		 * If no specific column selection or order is provided by the user,
+		 * print all columns in the default table order:
+		 */
+		std::unordered_map<std::string, size_t> header_indices;
+		for (size_t idx = 0; idx < header_row.size(); ++idx)
+		{
+			header_indices[header_row[idx]] = idx;
+		}
+
+		std::vector<size_t> columns_order;
+		if (print_selected_cols_only)
+		{
+			for (const auto& col_name : user_selected_col_names)
+			{
+				auto it = header_indices.find(col_name);
+				if (it != header_indices.end())
+				{
+					columns_order.push_back(it->second);
+				}
+				else
+				{
+					std::cerr << "The column name '" << col_name
+					          << "' in YANET_FORMAT_COLUMNS does not match any "
+					          << "available column name. Skipping it." << std::endl;
+					std::cerr << "Available column names are: ";
+					for (auto it = header_row.begin(); it != header_row.end(); ++it)
+					{
+						std::cerr << *it;
+						if (std::next(it) != header_row.end())
+						{
+							std::cerr << ", ";
+						}
+					}
+					std::cerr << std::endl;
+				}
+			}
+		}
+		else
+		{
+			columns_order.resize(header_row.size());
+			std::iota(columns_order.begin(), columns_order.end(), 0);
+		}
+
+		if (columns_order.empty())
+		{
+			return;
+		}
+
+		print_row(header_row, columns_order, true);
+
+		for (size_t row_idx = 1; row_idx < table_.size(); ++row_idx)
+		{
+			const auto& row = table_[row_idx];
+			print_row(row, columns_order, false);
+		}
+	}
+
+	void print_json()
+	{
+		if (table_.empty())
+		{
+			return;
+		}
+
+		std::vector<std::string> format_keys;
+		if (const char* format_keys_pointer = std::getenv("YANET_FORMAT_KEYS"))
+		{
+			format_keys = utils::split(format_keys_pointer, ',');
+		}
+
+		// The header row contains the table's column names
+		const auto& header_row = table_.front();
+
+		// Build a mapping from column indices to format_keys indices
+		std::unordered_map<size_t, size_t> format_keys_i;
+		if (!format_keys.empty())
+		{
+			for (size_t idx = 0; idx < header_row.size(); ++idx)
+			{
+				auto it = std::find(format_keys.begin(), format_keys.end(), header_row[idx]);
+				if (it != format_keys.end())
+				{
+					size_t format_idx = std::distance(format_keys.begin(), it);
+					format_keys_i[idx] = format_idx;
+				}
+			}
+		}
+
+		nlohmann::json json_root;
+
+		// Process each data row
+		for (size_t row_idx = 1; row_idx < table_.size(); ++row_idx)
+		{
+			const auto& row = table_[row_idx];
+
+			std::vector<std::string> tree(format_keys.size());
+
+			nlohmann::json json_row;
+			for (size_t idx = 0; idx < row.size(); ++idx)
+			{
+				auto it = format_keys_i.find(idx);
+				if (it != format_keys_i.end())
+				{
+					// This column is part of the nested keys
+					size_t tree_idx = it->second;
+					tree[tree_idx] = row[idx];
+				}
+				else if (idx < header_row.size())
+				{
+					// Regular key-value pair in the row
+					json_row[header_row[idx]] = row[idx];
+				}
+			}
+
+			nlohmann::json* json_current = &json_root;
+			for (const auto& key : tree)
+			{
+				json_current = &((*json_current)[key]);
+			}
+
+			json_current->push_back(json_row);
+		}
+
+		std::cout << json_root.dump(2) << std::endl;
+	}
+
+	void print_row(const std::vector<std::string>& row,
+	               const std::vector<size_t>& columns_order,
+	               bool is_header)
+	{
+		for (size_t i = 0; i < columns_order.size(); ++i)
+		{
+			size_t col_idx = columns_order[i];
+			auto col_width = static_cast<int>(column_lengths_[col_idx]);
+			const auto& cell = row[col_idx];
+
+			if (i == 0)
+			{
+				std::cout << std::left << std::setw(col_width) << cell;
+			}
+			else
+			{
+				std::cout << "  "; // Add separation between columns
+				if (i != columns_order.size() - 1)
+				{
+					// For all but the last column, use setw
+					std::cout << std::left << std::setw(col_width) << cell;
+				}
+				else
+				{
+					// Do not pad the last column
+					std::cout << cell;
+				}
+			}
+		}
+		std::cout << '\n';
+
+		if (is_header)
+		{
+			// Print a separator line after the header
+			for (size_t i = 0; i < columns_order.size(); ++i)
+			{
+				size_t col_idx = columns_order[i];
+				auto col_width = column_lengths_[col_idx];
+
+				if (i == 0)
+				{
+					std::cout << std::string(col_width, '-');
+				}
+				else
+				{
+					std::cout << "  " << std::string(col_width, '-');
+				}
+			}
+			std::cout << '\n';
+		}
+	}
+
+	converter::config_t config_;
+	std::vector<std::vector<std::string>> table_;
+	std::vector<size_t> column_lengths_;
+};
diff --git a/cli/telegraf.h b/cli/telegraf.h
index 401d45ae..577d5f0a 100644
--- a/cli/telegraf.h
+++ b/cli/telegraf.h
@@ -3,6 +3,7 @@
 #include "common/counters.h"
 #include "common/icontrolplane.h"
 #include "common/idataplane.h"
+#include "common/sdpclient.h"
 
 #include "helper.h"
 #include "influxdb_format.h"
@@ -26,8 +27,8 @@ void ports_stats()
 {
 	interface::dataPlane dataplane;
 	const auto [ports_cfg, cores_cfg, values] = dataplane.getConfig();
-	(void)cores_cfg;
-	(void)values;
+	YANET_GCC_BUG_UNUSED(cores_cfg);
+	YANET_GCC_BUG_UNUSED(values);
 
 	const std::vector<std::tuple<const char*, common::idp::port_stats_t>> ports_stats_per_type{
 	        {"port", dataplane.get_ports_stats()},
@@ -39,9 +40,9 @@ void ports_stats()
 		for (const auto& [port_id, stats] : ports_stats)
 		{
 			const auto& [interface_name, socket_id, eth_addr, pci] = ports_cfg.at(port_id);
-			(void)socket_id;
-			(void)eth_addr;
-			(void)pci;
+			YANET_GCC_BUG_UNUSED(socket_id);
+			YANET_GCC_BUG_UNUSED(eth_addr);
+			YANET_GCC_BUG_UNUSED(pci);
 			const auto& [rx_packets, rx_bytes, rx_errors, rx_drops, tx_packets, tx_bytes, tx_errors, tx_drops] = stats;
 
 			printf("%s,physicalPortName=%s "
@@ -100,7 +101,7 @@ void unsafe()
 	const auto [responseWorkers, responseWorkerGCs, responseSlowWorkerHashtableGC, responseFragmentation, responseFWState, responseTun64, response_nat64stateful, responseControlplane] = controlplane.telegraf_unsafe();
 	const auto& [responseSlowWorker, hashtable_gc] = responseSlowWorkerHashtableGC;
 
-	const auto static_counters = dataplane.getCounters(vector_range(0, (tCounterId)common::globalBase::static_counter_type::size));
+	const auto static_counters = common::sdp::SdpClient::GetCounters(vector_range(0, (tCounterId)common::globalBase::static_counter_type::size));
 	const auto neighbor_stats = dataplane.neighbor_stats();
 	const auto memory_stats = dataplane.memory_manager_stats();
 	const auto& [memory_groups, memory_objects] = memory_stats;
@@ -187,11 +188,10 @@ void unsafe()
 		{
 			printf("worker,coreId=%u,physicalPortName=%s "
 			       "physicalPort_egress_drops=%luu,"
-			       "controlPlane_drops=%luu\n",
+			       "controlPlane_drops=0\n", // @todo: DELETE
 			       coreId,
 			       physicalPortName.data(),
-			       stats.physicalPort_egress_drops,
-			       stats.controlPlane_drops);
+			       stats.physicalPort_egress_drops);
 		}
 	}
 
@@ -453,7 +453,7 @@ void dregress()
 	std::map<common::community_t, std::string> communities;
 	for (const auto& [community, peer_link_orig] : communities_orig)
 	{
-		(void)peer_link_orig;
+		YANET_GCC_BUG_UNUSED(peer_link_orig);
 
 		uint32_t link_id = 0;
 
@@ -588,7 +588,7 @@ void other()
 	const auto& [flagFirst, workers, ports] = controlPlane.telegraf_other();
 	const auto rib_summary = controlPlane.rib_summary();
 	const auto limit_summary = controlPlane.limit_summary();
-	(void)flagFirst;
+	YANET_GCC_BUG_UNUSED(flagFirst);
 
 	for (const auto& workerIter : workers)
 	{
@@ -667,7 +667,7 @@ void service()
 
 		for (const auto& [virtual_ip, proto, virtual_port, nap_connections, packets, bytes, real_disabled_packets, real_disabled_bytes] : services)
 		{
-			(void)nap_connections;
+			YANET_GCC_BUG_UNUSED(nap_connections);
 
 			common::idp::balancer_service_connections::service_key_t key = {module_id,
 			                                                                virtual_ip,
@@ -677,7 +677,7 @@ void service()
 			uint32_t connections = 0;
 			for (auto& [socket_id, service_connections] : balancer_service_connections)
 			{
-				(void)socket_id;
+				YANET_GCC_BUG_UNUSED(socket_id);
 
 				const auto& socket_connections = service_connections[key].value;
 				if (socket_connections > connections)
@@ -702,4 +702,55 @@ void service()
 
 }
 
+void main_counters()
+{
+	common::sdp::DataPlaneInSharedMemory sdp_data;
+	OpenSharedMemoryDataplaneBuffers(sdp_data, true);
+
+	for (const auto& [coreId, worker_info] : sdp_data.workers)
+	{
+		std::vector<influxdb_format::value_t> values;
+		auto* buffer = common::sdp::ShiftBuffer<uint64_t*>(worker_info.buffer,
+		                                                   sdp_data.metadata_worker.start_counters);
+		for (const auto& [name, index] : sdp_data.metadata_worker.counter_positions)
+		{
+			values.emplace_back(name.data(), buffer[index]);
+		}
+		influxdb_format::print("worker", {{"coreId", coreId}}, values);
+	}
+
+	for (const auto& [coreId, worker_info] : sdp_data.workers_gc)
+	{
+		std::vector<influxdb_format::value_t> values;
+		auto* buffer = common::sdp::ShiftBuffer<uint64_t*>(worker_info.buffer,
+		                                                   sdp_data.metadata_worker.start_counters);
+		for (const auto& [name, index] : sdp_data.metadata_worker_gc.counter_positions)
+		{
+			values.emplace_back(name.data(), buffer[index]);
+		}
+		influxdb_format::print("worker_gc", {{"coreId", coreId}}, values);
+	}
+}
+
+void route()
+{
+	interface::controlPlane controlplane;
+	auto response = controlplane.route_counters();
+
+	for (const auto& [link, nexthop, prefix, counts, size] : response)
+	{
+		influxdb_format::print("route_counters", {{"link", link}, {"nexthop", nexthop}, {"prefix", prefix}}, {{"counts", counts}, {"size", size}});
+	}
+}
+
+void route_tunnel()
+{
+	interface::controlPlane controlplane;
+	auto response = controlplane.route_tunnel_counters();
+
+	for (const auto& [link, nexthop, counts, size] : response)
+	{
+		influxdb_format::print("route_tunnel_counters", {{"link", link}, {"nexthop", nexthop}}, {{"counts", counts}, {"size", size}});
+	}
+}
 }
diff --git a/cli/unittest/call.cpp b/cli/unittest/call.cpp
new file mode 100644
index 00000000..f16cc5cb
--- /dev/null
+++ b/cli/unittest/call.cpp
@@ -0,0 +1,155 @@
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+
+#include "cli/helper.h"
+
+namespace
+{
+
+class CallableClass
+{
+public:
+	void operator()(int a, std::optional<double> b, const std::string& c) const
+	{
+		EXPECT_EQ(a, 70);
+		if (b.has_value())
+		{
+			EXPECT_DOUBLE_EQ(b.value(), 45.67);
+		}
+		EXPECT_EQ(c, "test");
+	}
+};
+
+void CheckIntegerAndString(int a, const std::string& str)
+{
+	EXPECT_EQ(a, 42);
+	EXPECT_EQ(str, "hello");
+}
+
+void CheckOptionalIntegerAndStringPresent(int a, std::optional<int> b, const std::string& str)
+{
+	EXPECT_EQ(a, 42);
+	EXPECT_TRUE(b.has_value());
+	EXPECT_EQ(b.value(), 100);
+	EXPECT_EQ(str, "world");
+}
+
+void CheckOptionalIntegerMissing(int a, std::optional<int> b, const std::string& str)
+{
+	EXPECT_EQ(a, 42);
+	EXPECT_FALSE(b.has_value());
+	EXPECT_EQ(str, "world");
+}
+
+void CheckBooleanTrueAndOptionalString(bool flag, std::optional<std::string> text)
+{
+	EXPECT_TRUE(flag);
+	EXPECT_TRUE(text.has_value());
+	EXPECT_EQ(text.value(), "some_text");
+}
+
+void CheckBooleanFalseAndMissingOptionalString(bool flag, std::optional<std::string> text)
+{
+	EXPECT_FALSE(flag);
+	EXPECT_FALSE(text.has_value());
+}
+
+void CheckCallableClassWithOptional(int a, std::optional<double> b, const std::string& c)
+{
+	EXPECT_EQ(a, 70);
+	EXPECT_TRUE(b.has_value());
+	EXPECT_DOUBLE_EQ(b.value(), 45.67);
+	EXPECT_EQ(c, "test");
+}
+
+void CheckCallableClassWithMissingOptional(int a, std::optional<double> b, const std::string& c)
+{
+	EXPECT_EQ(a, 70);
+	EXPECT_FALSE(b.has_value());
+	EXPECT_EQ(c, "test");
+}
+
+TEST(CallFunctionTests, IntegerAndString)
+{
+	std::vector<std::string> args = {"42", "hello"};
+	EXPECT_NO_THROW(Call(CheckIntegerAndString, args));
+}
+
+TEST(CallFunctionTests, OptionalIntegerPresent)
+{
+	std::vector<std::string> args = {"42", "100", "world"};
+	EXPECT_NO_THROW(Call(CheckOptionalIntegerAndStringPresent, args));
+}
+
+TEST(CallFunctionTests, OptionalIntegerMissing)
+{
+	std::vector<std::string> args = {"42", "", "world"};
+	EXPECT_NO_THROW(Call(CheckOptionalIntegerMissing, args));
+}
+
+TEST(CallFunctionTests, BooleanTrueAndOptionalStringPresent)
+{
+	std::vector<std::string> args = {"true", "some_text"};
+	EXPECT_NO_THROW(Call(CheckBooleanTrueAndOptionalString, args));
+}
+
+TEST(CallFunctionTests, BooleanFalseAndMissingOptionalString)
+{
+	std::vector<std::string> args = {"false", ""};
+	EXPECT_NO_THROW(Call(CheckBooleanFalseAndMissingOptionalString, args));
+}
+
+TEST(CallFunctionTests, CallableClassWithOptional)
+{
+	std::vector<std::string> args = {"70", "45.67", "test"};
+	EXPECT_NO_THROW(Call(CheckCallableClassWithOptional, args));
+}
+
+TEST(CallFunctionTests, CallableClassWithMissingOptional)
+{
+	std::vector<std::string> args = {"70", "", "test"};
+	EXPECT_NO_THROW(Call(CheckCallableClassWithMissingOptional, args));
+}
+
+TEST(CallFunctionTests, LambdaFunction_WithValidArguments)
+{
+	auto lambda = [](int x, std::optional<std::string> opt, bool flag) {
+		EXPECT_EQ(x, 50);
+		if (opt.has_value())
+		{
+			EXPECT_EQ(opt.value(), "optional_text");
+		}
+		EXPECT_TRUE(flag);
+	};
+
+	std::vector<std::string> args = {"50", "optional_text", "true"};
+	EXPECT_NO_THROW(Call(lambda, args));
+}
+
+TEST(CallFunctionTests, LambdaFunction_WithMissingOptional)
+{
+	auto lambda = [](int x, std::optional<std::string> opt, bool flag) {
+		EXPECT_EQ(x, 50);
+		EXPECT_FALSE(opt.has_value());
+		EXPECT_FALSE(flag);
+	};
+
+	std::vector<std::string> args = {"50", "", "false"};
+	EXPECT_NO_THROW(Call(lambda, args));
+}
+
+TEST(CallFunctionTests, CallableClass_WithValidArguments)
+{
+	CallableClass callable_object;
+	std::vector<std::string> args = {"70", "45.67", "test"};
+	EXPECT_NO_THROW(Call(callable_object, args));
+}
+
+TEST(CallFunctionTests, CallableClass_WithMissingOptional)
+{
+	CallableClass callable_object;
+	std::vector<std::string> args = {"70", "", "test"};
+	EXPECT_NO_THROW(Call(callable_object, args));
+}
+
+}
diff --git a/cli/unittest/meson.build b/cli/unittest/meson.build
new file mode 100644
index 00000000..49fd06d1
--- /dev/null
+++ b/cli/unittest/meson.build
@@ -0,0 +1,24 @@
+dependencies = []
+dependencies += libyanet_protobuf_dep
+dependencies += libjson.get_variable('nlohmann_json_dep')
+dependencies += dependency('threads')
+dependencies += dependency('gtest')
+dependencies += dependency('gtest_main')
+
+cli_sources = files()
+
+sources = files('unittest.cpp',
+                'call.cpp',
+                )
+
+unittest = executable('yanet-cli-unittest',
+                      [cli_sources, sources],
+                      include_directories: yanet_rootdir,
+                      dependencies: dependencies,
+                      cpp_args: cpp_args_append,
+                      override_options: 'b_lto=false')
+
+test('cli',
+     unittest,
+     protocol: 'gtest',
+     timeout: 300)
diff --git a/cli/unittest/unittest.cpp b/cli/unittest/unittest.cpp
new file mode 100644
index 00000000..40f635f4
--- /dev/null
+++ b/cli/unittest/unittest.cpp
@@ -0,0 +1,3 @@
+#include "common/define.h"
+
+inline common::log::LogPriority common::log::logPriority = common::log::TLOG_DEBUG;
diff --git a/common/acl.h b/common/acl.h
index a4d4d852..f753e2ff 100644
--- a/common/acl.h
+++ b/common/acl.h
@@ -1,6 +1,5 @@
 #pragma once
 
-#include "stream.h"
 #include "type.h"
 
 namespace common::acl
@@ -9,70 +8,56 @@ namespace common::acl
 class tree_value_t
 {
 public:
-	tree_value_t() :
-	        id(0)
-	{
-	}
+	tree_value_t() = default;
 
 	constexpr bool operator<(const tree_value_t& second) const
 	{
 		return id < second.id;
 	}
 
-	inline bool is_empty() const
+	[[nodiscard]] bool is_empty() const
 	{
 		return !id;
 	}
 
-	inline uint32_t get_group_id() const
+	[[nodiscard]] uint32_t get_group_id() const
 	{
 		return id;
 	}
 
-	inline void set_group_id(const uint32_t group_id)
+	void set_group_id(const uint32_t group_id)
 	{
 		id = group_id;
 	}
 
-	inline bool is_chunk_id() const
+	[[nodiscard]] bool is_chunk_id() const
 	{
 		return id & 0x80000000u;
 	}
 
-	inline uint32_t get_chunk_id() const
+	[[nodiscard]] uint32_t get_chunk_id() const
 	{
 		return id ^ 0x80000000u;
 	}
 
-	inline void set_chunk_id(const uint32_t chunk_id)
+	void set_chunk_id(const uint32_t chunk_id)
 	{
 		id = chunk_id ^ 0x80000000u;
 	}
 
 protected:
-	uint32_t id; ///< stored group_id or chunk_id
+	uint32_t id{}; ///< stored group_id or chunk_id
 };
 
 template<unsigned int bits = 8>
 class tree_chunk_t
 {
 public:
-	tree_chunk_t() :
-	        is_multirefs(0)
-	{
-	}
-
-	inline void pop(common::stream_in_t& stream)
-	{
-		stream.pop(values);
-	}
+	tree_chunk_t() = default;
 
-	inline void push(common::stream_out_t& stream) const
-	{
-		stream.push(values);
-	}
+	SERIALIZABLE(values);
 
-	uint8_t is_multirefs;
+	uint8_t is_multirefs{};
 	tree_value_t values[1u << bits];
 };
 
@@ -104,54 +89,6 @@ struct transport_key_t
 	tAclGroupId network_flags : 8;
 };
 
-// class action_t is used to store all non-terminating rule data that
-// shouldn't be stored in common::globalBase::tFlow
-class action_t
-{
-public:
-	action_t() :
-	        dump_id(0),
-	        dump_tag("")
-	{}
-
-	action_t(std::string dump_tag) :
-	        dump_id(0),
-	        dump_tag(dump_tag)
-	{}
-
-	inline bool operator==(const action_t& o) const
-	{
-		return std::tie(dump_id, dump_tag) ==
-		       std::tie(o.dump_id, o.dump_tag);
-	}
-
-	inline bool operator!=(const action_t& o) const
-	{
-		return !operator==(o);
-	}
-
-	constexpr bool operator<(const action_t& o) const
-	{
-		return std::tie(dump_id, dump_tag) <
-		       std::tie(o.dump_id, o.dump_tag);
-	}
-
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(dump_id);
-		stream.pop(dump_tag);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(dump_id);
-		stream.push(dump_tag);
-	}
-
-	uint64_t dump_id;
-	std::string dump_tag;
-};
-
 struct total_key_t
 {
 	constexpr bool operator<(const total_key_t& second) const
@@ -164,34 +101,6 @@ struct total_key_t
 	tAclGroupId transport_id;
 };
 
-struct value_t
-{
-	value_t()
-	{
-		memset(dump_ids, 0, sizeof(dump_ids));
-	}
-
-	constexpr bool operator<(const value_t& second) const
-	{
-		return flow < second.flow;
-	}
-
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(flow);
-		stream.pop(dump_ids);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(flow);
-		stream.push(dump_ids);
-	}
-
-	common::globalBase::tFlow flow;
-	uint32_t dump_ids[YANET_CONFIG_DUMP_ID_SIZE];
-};
-
 template<typename type_t>
 class range_t
 {
@@ -218,25 +127,17 @@ class range_t
 	}
 
 public:
-	inline type_t from() const
+	type_t from() const
 	{
 		return std::get<0>(from_to);
 	}
 
-	inline type_t to() const
+	type_t to() const
 	{
 		return std::get<1>(from_to);
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(from_to);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(from_to);
-	}
+	SERIALIZABLE(from_to);
 
 public:
 	std::tuple<type_t, type_t> from_to;
@@ -252,15 +153,7 @@ class ranges_t
 	}
 
 public:
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(vector);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(vector);
-	}
+	SERIALIZABLE(vector);
 
 	void insert_any()
 	{
diff --git a/common/actions.h b/common/actions.h
new file mode 100644
index 00000000..e2d5389b
--- /dev/null
+++ b/common/actions.h
@@ -0,0 +1,706 @@
+#pragma once
+
+#include "common/traits.h"
+#include "common/type.h"
+#include "common/variant_trait_map.h"
+
+namespace common
+{
+
+namespace acl
+{
+class dump_t
+{
+public:
+	dump_t() :
+	        dump_id(0),
+	        dump_tag("")
+	{}
+
+	dump_t(std::string dump_tag) :
+	        dump_id(0),
+	        dump_tag(std::move(dump_tag))
+	{}
+
+	bool operator==(const dump_t& o) const
+	{
+		return std::tie(dump_id, dump_tag) ==
+		       std::tie(o.dump_id, o.dump_tag);
+	}
+
+	bool operator!=(const dump_t& o) const
+	{
+		return !operator==(o);
+	}
+
+	constexpr bool operator<(const dump_t& o) const
+	{
+		return std::tie(dump_id, dump_tag) <
+		       std::tie(o.dump_id, o.dump_tag);
+	}
+
+	SERIALIZABLE(dump_id, dump_tag);
+
+	uint64_t dump_id;
+	std::string dump_tag;
+};
+
+struct check_state_t
+{
+	// Unique identifier for hash calculation
+	static constexpr int64_t HASH_IDENTIFIER = 12345;
+
+	bool operator==([[maybe_unused]] const check_state_t& o) const
+	{
+		return true; // TODO: why do we need this operator?
+	}
+
+	constexpr bool operator<([[maybe_unused]] const check_state_t& o) const
+	{
+		return true; // TODO: why do we need this operator?
+	}
+};
+
+struct state_timeout_t
+{
+	state_timeout_t() :
+	        timeout(0)
+	{}
+
+	state_timeout_t(uint32_t timeout) :
+	        timeout(timeout)
+	{}
+
+	bool operator==(const state_timeout_t& o) const
+	{
+		return timeout == o.timeout;
+	}
+
+	bool operator!=(const state_timeout_t& o) const
+	{
+		return !operator==(o);
+	}
+
+	constexpr bool operator<(const state_timeout_t& o) const
+	{
+		return timeout < o.timeout;
+	}
+
+	SERIALIZABLE(timeout);
+
+	uint32_t timeout;
+};
+
+struct hit_count_t
+{
+	hit_count_t() :
+	        id("") {}
+
+	hit_count_t(std::string id) :
+	        id(std::move(id)) {}
+
+	bool operator==(const hit_count_t& o) const
+	{
+		return id == o.id;
+	}
+
+	bool operator!=(const hit_count_t& o) const
+	{
+		return !operator==(o);
+	}
+
+	constexpr bool operator<(const hit_count_t& o) const
+	{
+		return std::tie(id) < std::tie(o.id);
+	}
+
+	void pop(stream_in_t& stream)
+	{
+		stream.pop(id);
+	}
+
+	void push(stream_out_t& stream) const
+	{
+		stream.push(id);
+	}
+
+	std::string id;
+};
+
+} // namespace acl
+
+// TODO: When rewriting the current ACL library into LibFilter, we could consider using inheritance.
+// All "action" classes should implement some operators and pop/push methods, so it's beneficial to enforce this
+// at the language level. However, if the same structures are used in the dataplane, it could impact performance
+// due to extra pointer dereferences in vtable, if compiler does not succeed in devirtualization.
+// Anyway, this is something to think about.
+
+/**
+ * @brief Represents an action that dumps packets to a specified ring.
+ */
+struct DumpAction final
+{
+	// Maximum count of DumpAction objects allowed.
+	static constexpr size_t MAX_COUNT = YANET_CONFIG_DUMP_ID_SIZE;
+	// The identifier for the dump ring.
+	uint64_t dump_id;
+
+	DumpAction(const acl::dump_t& dump_action) :
+	        dump_id(dump_action.dump_id){};
+
+	DumpAction() :
+	        dump_id(0){};
+
+	[[nodiscard]] bool terminating() const { return false; }
+
+	SERIALIZABLE(dump_id);
+
+	[[nodiscard]] std::string to_string() const
+	{
+		std::ostringstream oss;
+		oss << "DumpAction(dump_id=" << dump_id << ")";
+		return oss.str();
+	}
+};
+
+/**
+ * @brief Represents an action that processes a packet flow.
+ *
+ * Only one FlowAction is allowed in an Actions object.
+ */
+struct FlowAction final
+{
+	// Maximum count of FlowAction objects allowed.
+	static constexpr size_t MAX_COUNT = 1;
+	// The flow associated with this action.
+	globalBase::tFlow flow;
+	// Timeout for the state
+	std::optional<uint32_t> timeout;
+
+	FlowAction(const globalBase::tFlow& flow) :
+	        flow(flow){};
+
+	FlowAction(globalBase::tFlow&& flow) :
+	        flow(std::move(flow)) {}
+
+	FlowAction() :
+	        flow(globalBase::tFlow()) {}
+
+	[[nodiscard]] bool terminating() const { return true; }
+
+	SERIALIZABLE(flow, timeout);
+
+	[[nodiscard]] std::string to_string() const
+	{
+		std::ostringstream oss;
+		oss << "FlowAction(flow=" << flow.to_string() << ", timeout = "
+		    << (timeout.has_value() ? std::to_string(timeout.value()) : "not specified")
+		    << ")";
+		return oss.str();
+	}
+};
+
+/**
+ * @brief Represents an action that checks the dynamic firewall state.
+ *
+ * This class doesn't have any specific info to store,
+ * because check-state rule doesn't need anything.
+ */
+struct CheckStateAction final
+{
+	static constexpr size_t MAX_COUNT = 1;
+
+	CheckStateAction(const acl::check_state_t&){};
+	CheckStateAction() = default;
+
+	[[nodiscard]] bool terminating() const { return false; }
+
+	void pop(stream_in_t& stream)
+	{
+		stream.pop(reinterpret_cast<uint8_t(&)[sizeof(*this)]>(*this));
+	}
+
+	void push(stream_out_t& stream) const
+	{
+		stream.push(reinterpret_cast<const uint8_t(&)[sizeof(*this)]>(*this));
+	}
+
+	[[nodiscard]] std::string to_string() const
+	{
+		return "CheckStateAction()";
+	}
+};
+
+/**
+ * @brief Represents an action that sets timeout for the dynamic firewall rule.
+ */
+struct StateTimeoutAction final
+{
+	// Maximum count of StateTimeoutActions objects allowed.
+	// We have one here since only the last timeout matters.
+	static constexpr size_t MAX_COUNT = 1;
+	// Timeout in seconds
+	uint32_t timeout;
+
+	StateTimeoutAction(const acl::state_timeout_t& timeout_action) :
+	        timeout(timeout_action.timeout){};
+
+	StateTimeoutAction() :
+	        timeout(0){};
+
+	[[nodiscard]] bool terminating() const { return false; }
+
+	SERIALIZABLE(timeout);
+
+	[[nodiscard]] std::string to_string() const
+	{
+		std::ostringstream oss;
+		oss << "StateTimeoutAction(timeout=" << timeout << ")";
+		return oss.str();
+	}
+};
+
+/**
+ * @brief Represents an action that sets timeout for the dynamic firewall rule.
+ */
+struct HitCountAction final
+{
+	// Maximum count of HitCountActions objects allowed.
+	// TODO: Add an actual constant (these actions are a lot)
+	static constexpr size_t MAX_COUNT = 10000;
+	// Id of a rule
+	std::string id;
+
+	HitCountAction(const acl::hit_count_t& hitcount_action) :
+	        id(std::move(hitcount_action.id)){};
+
+	HitCountAction() :
+	        id(""){};
+
+	[[nodiscard]] bool terminating() const { return false; }
+
+	void pop(stream_in_t& stream)
+	{
+		stream.pop(id);
+	}
+
+	void push(stream_out_t& stream) const
+	{
+		stream.push(id);
+	}
+
+	[[nodiscard]] std::string to_string() const
+	{
+		std::ostringstream oss;
+		oss << "HitCountAction(id=" << id << ")";
+		return oss.str();
+	}
+};
+
+using RawAction = std::variant<FlowAction, DumpAction, CheckStateAction, StateTimeoutAction, HitCountAction>;
+
+/**
+ * @brief Represents a generic action.
+ */
+struct Action
+{
+	RawAction raw_action;
+
+	Action() :
+	        raw_action(FlowAction()) {}
+
+	template<typename T>
+	Action(T action) :
+	        raw_action(std::move(action)) {}
+
+	[[nodiscard]] std::string to_string() const
+	{
+		return std::visit([](auto&& action) { return action.to_string(); }, raw_action);
+	}
+
+	SERIALIZABLE(raw_action);
+};
+
+namespace acl
+{
+/**
+ * This struct is used for an intermediate representation of an object that
+ * describes a list of actions that needs to be performed on a packet that matched some group.
+ *
+ * Such objects are created in total_table_t::compile.
+ *
+ * This representation is intermediate cause the Actions objects that are we going to use in dataplane
+ * will have slightly different representation of the internal vector based on whether we have
+ * a "check-state" action or not. This way we can reduce a number of branching in the dataplane and
+ * also reduce the size of the object since we will use std::variant to hold either a "check-state"-object,
+ * or a regular one (see common::Actions definition below).
+ * Also, it manages the StateTimeoutActions to reduce number of actions in the dataplane by saving only the
+ * last timeout action.
+ */
+struct IntermediateActions
+{
+	template<typename T>
+	struct has_max_count_one
+	{
+		static constexpr bool value = (T::MAX_COUNT == 1);
+	};
+
+	/**
+	 * Trait to check if we should store the first occurrence
+	 *
+	 * Define first-matters actions here.
+	 */
+	template<typename T>
+	struct is_first_matters
+	{
+		static constexpr bool value = std::is_same_v<T, CheckStateAction>;
+	};
+
+	/**
+	 * Trait to check if we should store the last occurrence
+	 *
+	 * Define last-matters actions here.
+	 */
+	template<typename T>
+	struct is_last_matters
+	{
+		static constexpr bool value = std::is_same_v<T, StateTimeoutAction>;
+	};
+
+	std::vector<Action> path{};
+	std::array<size_t, std::variant_size_v<RawAction>> action_counts = {0};
+	// Using VariantTraitMap to store indices of actions with MAX_COUNT=1.
+	using OptionalIndexMap = utils::VariantTraitMap<RawAction, has_max_count_one, std::optional<std::ptrdiff_t>>;
+	OptionalIndexMap indices{};
+
+	IntermediateActions() = default;
+	IntermediateActions(const Action& action) { add(action); }
+
+	/**
+	 * @brief Adds an action to the current path while adhering to the following:
+	 *
+	 * Either:
+	 * - Only the first occurrence of an action is kept.
+	 * - Only the last occurrence of an action is kept (previous occurrences are removed).
+	 * - Actions are added as long as they don't exceed their defined `MAX_COUNT`.
+	 *
+	 * Adding a new action type is as simple as placing the action type in the corresponding group.
+	 */
+	void add(const Action& action)
+	{
+		size_t variant_index = action.raw_action.index();
+
+		// Extract the type info at the beginning.
+		std::visit([&](auto&& actual_action) {
+			using T = std::decay_t<decltype(actual_action)>;
+
+			if constexpr (has_max_count_one<T>::value)
+			{
+				handle_unique_action<T>(action, variant_index);
+			}
+			else if (action_counts[variant_index] < T::MAX_COUNT)
+			{
+				add_to_path(action, variant_index);
+			}
+		},
+		           action.raw_action);
+	}
+
+	/**
+	 * @brief Retrieves a pointer to a unique action of type T from the path.
+	 *
+	 * This method returns a pointer of type T if it exists in the path.
+	 * The action type T must have MAX_COUNT == 1.
+	 *
+	 * @tparam T The action type to retrieve.
+	 * @return Pointer to the action of type T.
+	 */
+	template<typename T>
+	T* get()
+	{
+		static_assert(has_max_count_one<T>::value, "Can get only unique actions from path");
+
+		return indices.get<T>().has_value() ? &get_action<T>() : nullptr;
+	}
+
+	/**
+	 * @brief Retrieves a const reference to a unique action of type T from the path.
+	 *
+	 * This method returns a const pointer to the action of type T
+	 * if it exists in the path. The action type T must have MAX_COUNT == 1.
+	 *
+	 * @tparam T The action type to retrieve.
+	 * @return A const pointer to the action of type T.
+	 */
+	template<typename T>
+	[[nodiscard]] const T* get() const
+	{
+		static_assert(has_max_count_one<T>::value, "Can get only unique actions from path");
+
+		return indices.get<T>().has_value() ? &get_action<T>() : nullptr;
+	}
+
+	/**
+	 * @brief Removes a unique action of type T from the path.
+	 *
+	 * This method removes the action of type T from the path if it exists.
+	 * The action type T must have MAX_COUNT == 1.
+	 *
+	 * @tparam T The action type to remove.
+	 */
+	template<typename T>
+	void remove()
+	{
+		static_assert(has_max_count_one<T>::value, "Can remove only unique actions from path");
+
+		if (auto& path_index = indices.get<T>())
+		{
+			remove_action_at(path_index.value());
+		}
+	}
+
+private:
+	// We're interested in storing only the first or last occurrence
+	template<typename T>
+	void handle_unique_action(const Action& action, size_t variant_index)
+	{
+		if constexpr (is_first_matters<T>::value)
+		{
+			handle_first_matters_action<T>(action, variant_index);
+		}
+		else if constexpr (is_last_matters<T>::value)
+		{
+			handle_last_matters_action<T>(action, variant_index);
+		}
+		else if constexpr (std::is_same_v<T, FlowAction>)
+		{
+			/*
+			 * FlowAction should only appear once in the `path`. If a second
+			 * FlowAction is added, this indicates an error in YANET's
+			 * `total_table_t::compile()`. Ideally, this should not happen,
+			 * but if it does, we log an error rather than crashing the application.
+			 * In that case, we will use the last occurrence of FlowAction and proceed.
+			 */
+			if (indices.get<T>().has_value())
+			{
+				YANET_LOG_ERROR("Multiple FlowAction instances detected in the "
+				                "path. Check total_table_t::compile(). Will use "
+				                "the last occurrence.\n");
+			}
+
+			handle_last_matters_action<T>(action, variant_index);
+		}
+		else
+		{
+			static_assert(traits::always_false_v<T>, "Not all unique actions with MAX_COUNT = 1 are properly categorized. "
+			                                         "Please add the missing actions to either `is_first_matters` or `is_last_matters` "
+			                                         "to ensure their index is tracked. Tracking the index of such actions could "
+			                                         "enhance dataplane performance if this information is utilized in "
+			                                         "`value_t::compile()`.");
+		}
+	}
+
+	// Only store the first occurrence.
+	template<typename T>
+	void handle_first_matters_action(const Action& action, size_t variant_index)
+	{
+		auto& path_index = indices.get<T>();
+
+		if (!path_index.has_value())
+		{
+			add_to_path(action, variant_index);
+			path_index = path.size() - 1;
+		}
+		// Ignore subsequent occurrences as we're only interested in the first.
+	}
+
+	// Only store the last occurrence.
+	template<typename T>
+	void handle_last_matters_action(const Action& action, size_t variant_index)
+	{
+		// Remove the previous occurrence
+		remove<T>();
+
+		// Add the new occurrence
+		auto& path_index = indices.get<T>();
+
+		add_to_path(action, variant_index);
+		path_index = path.size() - 1;
+	}
+
+	// Add the action to the path and increment its count.
+	void add_to_path(const Action& action, size_t variant_index)
+	{
+		path.push_back(action);
+		action_counts[variant_index]++;
+	}
+
+	// Retrieves reference to an action of type T. Action should exist.
+	template<typename T>
+	T& get_action()
+	{
+		size_t path_index = indices.get<T>().value();
+		return std::get<T>(path[path_index].raw_action);
+	}
+
+	// Remove action at index and adjust saved indices
+	void remove_action_at(std::ptrdiff_t path_index)
+	{
+		path.erase(path.begin() + path_index);
+		adjust_indices_after_removal(path_index);
+	}
+
+	// Loop through each type in FilteredTypes and adjust the corresponding index
+	void adjust_indices_after_removal(std::ptrdiff_t removed_index)
+	{
+		std::apply([&](auto&&... types) {
+			(adjust_index<std::decay_t<decltype(types)>>(removed_index), ...);
+		},
+		           OptionalIndexMap::Types{});
+	}
+
+	template<typename T>
+	void adjust_index(std::ptrdiff_t removed_index)
+	{
+		auto& path_index = indices.get<T>();
+		if (path_index && *path_index > removed_index)
+		{
+			*path_index -= 1;
+		}
+	}
+};
+
+} // namespace acl
+
+enum class ActionsPath
+{
+	Default,
+	WithCheckState
+};
+
+template<ActionsPath>
+class BaseActions;
+
+template<>
+class BaseActions<ActionsPath::Default>
+{
+protected:
+	std::vector<Action> path_{};
+
+public:
+	BaseActions() = default;
+
+	BaseActions(acl::IntermediateActions&& actions) :
+	        path_(std::move(actions.path))
+	{
+		if (path_.empty())
+		{
+			YANET_THROW("Path cannot be empty");
+		}
+		if (!std::holds_alternative<FlowAction>(default_path_last_raw_action()))
+		{
+			YANET_THROW("Last action in the default path must be a FlowAction");
+		}
+	}
+
+	[[nodiscard]] const std::vector<Action>& default_path() const
+	{
+		return path_;
+	}
+
+	[[nodiscard]] size_t default_path_size() const
+	{
+		return path_.size();
+	}
+
+	[[nodiscard]] const RawAction& default_path_raw_action(size_t idx) const
+	{
+		return path_[idx].raw_action;
+	}
+
+	[[nodiscard]] const RawAction& default_path_last_raw_action() const
+	{
+		return path_.back().raw_action;
+	}
+
+	[[nodiscard]] const common::globalBase::tFlow& get_flow() const
+	{
+		return std::get<FlowAction>(default_path_last_raw_action()).flow;
+	}
+
+	bool operator<(const BaseActions& second) const
+	{
+		return get_flow() < second.get_flow();
+	}
+
+	SERIALIZABLE(path_);
+};
+
+template<>
+class BaseActions<ActionsPath::WithCheckState> : public BaseActions<ActionsPath::Default>
+{
+private:
+	// TODO: This is a prefix of a path_, in C++-20 I would use std::span to avoid extra copying
+	std::vector<Action> check_state_path_{};
+
+public:
+	BaseActions() = default;
+
+	BaseActions(acl::IntermediateActions&& actions)
+	{
+		if (!actions.indices.get<common::CheckStateAction>().has_value())
+		{
+			YANET_THROW("Check-state index should be provided");
+		}
+
+		auto check_state_index = actions.indices.get<common::CheckStateAction>().value();
+
+		path_ = std::move(actions.path);
+
+		// check_state_path_ is the prefix up to the check-state action inclusively
+		check_state_path_.assign(path_.begin(), path_.begin() + check_state_index + 1);
+
+		// Remove the check-state action from the main path_
+		path_.erase(path_.begin() + check_state_index);
+	}
+
+	[[nodiscard]] const std::vector<Action>& check_state_path() const
+	{
+		return check_state_path_;
+	}
+
+	[[nodiscard]] size_t check_state_path_size() const
+	{
+		return check_state_path_.size();
+	}
+
+	[[nodiscard]] const RawAction& check_state_path_raw_action(size_t idx) const
+	{
+		return check_state_path_[idx].raw_action;
+	}
+
+	[[nodiscard]] const RawAction& check_state_path_last_raw_action() const
+	{
+		return check_state_path_.back().raw_action;
+	}
+
+	SERIALIZABLE(path_, check_state_path_);
+};
+
+/**
+ * The Actions type is defined as a std::variant to efficiently handle two possible states of action sequences:
+ * - BaseActions<WithCheckState>: This specialization is used when the action sequence contains a check-state action.
+ * - BaseActions<Default>: This specialization is used when the action sequence does not contain a check-state action.
+ *
+ * This approach allows us to avoid runtime branching to check for the presence of a check-state action, thereby
+ * enhancing performance. Instead, the decision is made once when constructing the Actions object.
+ *
+ * During packet processing in the dataplane, this enables a more efficient execution path, as the
+ * type of Actions being processed (with or without check-state) can be resolved at compile time using std::visit.
+ * We will still have one extra branch on packet cause we need to know whether it will require a check-state, but
+ * that will be only once. Once the result of a check-state is determined, we will choose correct path and execute it
+ * without any additional checks.
+ */
+using Actions = std::variant<BaseActions<ActionsPath::Default>, BaseActions<ActionsPath::WithCheckState>>;
+
+} // namespace common
diff --git a/common/balancer.h b/common/balancer.h
index 132f5c1d..ae308414 100644
--- a/common/balancer.h
+++ b/common/balancer.h
@@ -1,7 +1,6 @@
 #pragma once
 
-#include <inttypes.h>
-
+#include <cstdint>
 namespace balancer
 {
 
diff --git a/common/btree.h b/common/btree.h
index fcaff50a..e11c8e76 100644
--- a/common/btree.h
+++ b/common/btree.h
@@ -457,7 +457,7 @@ class btree<ip_address_t, value_T>
 		}
 	}
 
-	std::vector<ip_prefix_t> get_all_top() const
+	[[nodiscard]] std::vector<ip_prefix_t> get_all_top() const
 	{
 		std::vector<ip_prefix_t> result;
 
diff --git a/common/bufferring.h b/common/bufferring.h
index 6f54a2f5..a27d2b98 100644
--- a/common/bufferring.h
+++ b/common/bufferring.h
@@ -21,14 +21,11 @@ namespace common
 class bufferring
 {
 public:
-	bufferring()
-	{
-	}
+	bufferring() = default;
 	bufferring(void* memory, int unit_size, int units_number) :
 	        unit_size(unit_size),
-	        units_number(units_number)
+	        units_number(units_number), ring((ring_t*)memory)
 	{
-		ring = (ring_t*)memory;
 	}
 
 	struct ring_header_t
diff --git a/common/config.autotest.h b/common/config.autotest.h
index 7a270049..5e87c725 100644
--- a/common/config.autotest.h
+++ b/common/config.autotest.h
@@ -1,3 +1,2 @@
-#include "config.release.h"
 
 #define CONFIG_YADECAP_AUTOTEST
diff --git a/common/config.release.h b/common/config.release.h
index 73b7f667..9811ed3e 100644
--- a/common/config.release.h
+++ b/common/config.release.h
@@ -36,6 +36,8 @@
 #define YANET_CONFIG_ROUTE_TUNNEL_ECMP_SIZE (16)
 #define YANET_CONFIG_ACL_COUNTERS_SIZE (128 * 1024)
 #define YANET_CONFIG_NUMA_SIZE 2
+inline constexpr auto YANET_CONFIG_MAX_SLOW_WORKERS_PER_GC = 2;
+inline constexpr auto YANET_CONFIG_MAX_SAMPLED_WORKERS_PER_GC = 16;
 #define YANET_CONFIG_COUNTERS_SIZE (8 * 1024 * 1024)
 #define YANET_CONFIG_ROUTE_TUNNEL_WEIGHTS_SIZE (2 * 1024 * 1024)
 #define YANET_CONFIG_COUNTER_FALLBACK_SIZE (64)
diff --git a/common/controlplaneconfig.h b/common/controlplaneconfig.h
index d68a84f8..6458619f 100644
--- a/common/controlplaneconfig.h
+++ b/common/controlplaneconfig.h
@@ -3,8 +3,8 @@
 #include <nlohmann/json.hpp>
 
 #include "balancer.h"
+#include "define.h"
 #include "scheduler.h"
-#include "stream.h"
 #include "type.h"
 
 namespace controlplane
@@ -13,15 +13,7 @@ namespace controlplane
 class state_timeout
 {
 public:
-	state_timeout() :
-	        tcp_syn(YANET_CONFIG_STATE_TIMEOUT_DEFAULT),
-	        tcp_ack(YANET_CONFIG_STATE_TIMEOUT_DEFAULT),
-	        tcp_fin(YANET_CONFIG_STATE_TIMEOUT_DEFAULT),
-	        udp(YANET_CONFIG_STATE_TIMEOUT_DEFAULT),
-	        icmp(YANET_CONFIG_STATE_TIMEOUT_DEFAULT),
-	        other(YANET_CONFIG_STATE_TIMEOUT_DEFAULT)
-	{
-	}
+	state_timeout() = default;
 
 	operator std::tuple<uint16_t, uint16_t, uint16_t, uint16_t, uint16_t, uint16_t>() const
 	{
@@ -29,12 +21,12 @@ class state_timeout
 	}
 
 public:
-	uint16_t tcp_syn;
-	uint16_t tcp_ack;
-	uint16_t tcp_fin;
-	uint16_t udp;
-	uint16_t icmp;
-	uint16_t other;
+	uint16_t tcp_syn{YANET_CONFIG_STATE_TIMEOUT_DEFAULT};
+	uint16_t tcp_ack{YANET_CONFIG_STATE_TIMEOUT_DEFAULT};
+	uint16_t tcp_fin{YANET_CONFIG_STATE_TIMEOUT_DEFAULT};
+	uint16_t udp{YANET_CONFIG_STATE_TIMEOUT_DEFAULT};
+	uint16_t icmp{YANET_CONFIG_STATE_TIMEOUT_DEFAULT};
+	uint16_t other{YANET_CONFIG_STATE_TIMEOUT_DEFAULT};
 };
 
 [[maybe_unused]] static void from_json(const nlohmann::json& json,
@@ -90,42 +82,14 @@ namespace route
 class interface_t
 {
 public:
-	interface_t()
-	{
-	}
+	interface_t() = default;
 
 	/** @todo: tag:CP_MODULES
 	void load(const nlohmann::json& json);
 	nlohmann::json save() const;
 	*/
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(interfaceId);
-		stream.pop(ip_prefixes);
-		stream.pop(neighborIPv4Address);
-		stream.pop(neighborIPv6Address);
-		stream.pop(static_neighbor_mac_address_v4);
-		stream.pop(static_neighbor_mac_address_v6);
-		stream.pop(nextModule);
-		stream.pop(acl);
-		stream.pop(aclId);
-		stream.pop(flow);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(interfaceId);
-		stream.push(ip_prefixes);
-		stream.push(neighborIPv4Address);
-		stream.push(neighborIPv6Address);
-		stream.push(static_neighbor_mac_address_v4);
-		stream.push(static_neighbor_mac_address_v6);
-		stream.push(nextModule);
-		stream.push(acl);
-		stream.push(aclId);
-		stream.push(flow);
-	}
+	SERIALIZABLE(interfaceId, ip_prefixes, neighborIPv4Address, neighborIPv6Address, static_neighbor_mac_address_v4, static_neighbor_mac_address_v6, nextModule, acl, aclId, flow);
 
 public:
 	tInterfaceId interfaceId;
@@ -144,19 +108,7 @@ class interface_t
 class bird_import_t
 {
 public:
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(socket);
-		stream.pop(vrf);
-		stream.pop(flow);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(socket);
-		stream.push(vrf);
-		stream.push(flow);
-	}
+	SERIALIZABLE(socket, vrf);
 
 public:
 	inline static const std::string socketStr = "socket";
@@ -164,60 +116,25 @@ class bird_import_t
 
 	std::string socket;
 	std::string vrf;
-	common::globalBase::tFlow flow;
 };
 
 class config_t
 {
 public:
-	config_t() :
-	        vrf("default"),
-	        tunnel_enabled(false)
-	{
-	}
+	config_t() = default;
 
 	/** @todo: tag:CP_MODULES
 	void load(const nlohmann::json& json);
 	nlohmann::json save() const;
 	*/
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(routeId);
-		stream.pop(to_kernel_prefixes);
-		stream.pop(vrf);
-		stream.pop(tunnel_enabled);
-		stream.pop(ignore_tables);
-		stream.pop(ipv4_source_address);
-		stream.pop(ipv6_source_address);
-		stream.pop(udp_destination_port);
-		stream.pop(local_prefixes);
-		stream.pop(peers);
-		stream.pop(interfaces);
-		stream.pop(bird_imports);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(routeId);
-		stream.push(to_kernel_prefixes);
-		stream.push(vrf);
-		stream.push(tunnel_enabled);
-		stream.push(ignore_tables);
-		stream.push(ipv4_source_address);
-		stream.push(ipv6_source_address);
-		stream.push(udp_destination_port);
-		stream.push(local_prefixes);
-		stream.push(peers);
-		stream.push(interfaces);
-		stream.push(bird_imports);
-	}
+	SERIALIZABLE(routeId, to_kernel_prefixes, vrf, tunnel_enabled, ignore_tables, ipv4_source_address, ipv6_source_address, udp_destination_port, local_prefixes, peers, interfaces, bird_imports);
 
 public:
 	tRouteId routeId;
 	std::set<common::ip_prefix_t> to_kernel_prefixes;
-	std::string vrf;
-	bool tunnel_enabled;
+	std::string vrf{"default"};
+	bool tunnel_enabled{};
 	std::set<std::string> ignore_tables;
 	common::ipv4_address_t ipv4_source_address;
 	common::ipv6_address_t ipv6_source_address;
@@ -241,37 +158,7 @@ class config_t
 	nlohmann::json save() const;
 	*/
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(dregressId);
-		stream.pop(ipv6SourcePrefixes);
-		stream.pop(ipv6DestinationPrefix);
-		stream.pop(ipv4SourceAddress);
-		stream.pop(ipv6SourceAddress);
-		stream.pop(udpDestinationPort);
-		stream.pop(onlyLongest);
-		stream.pop(communities);
-		stream.pop(localPrefixes);
-		stream.pop(announces);
-		stream.pop(ourAs);
-		stream.pop(nextModule);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(dregressId);
-		stream.push(ipv6SourcePrefixes);
-		stream.push(ipv6DestinationPrefix);
-		stream.push(ipv4SourceAddress);
-		stream.push(ipv6SourceAddress);
-		stream.push(udpDestinationPort);
-		stream.push(onlyLongest);
-		stream.push(communities);
-		stream.push(localPrefixes);
-		stream.push(announces);
-		stream.push(ourAs);
-		stream.push(nextModule);
-	}
+	SERIALIZABLE(dregressId, ipv6SourcePrefixes, ipv6DestinationPrefix, ipv4SourceAddress, ipv6SourceAddress, udpDestinationPort, onlyLongest, communities, localPrefixes, announces, ourAs, nextModule);
 
 public:
 	dregress_id_t dregressId;
@@ -293,8 +180,7 @@ class config_t
 namespace balancer
 {
 
-YANET_UNUSED
-static uint8_t to_proto(const std::string& string)
+[[maybe_unused]] static uint8_t to_proto(const std::string& string)
 {
 	if (string == "tcp")
 	{
@@ -308,8 +194,7 @@ static uint8_t to_proto(const std::string& string)
 	return 0;
 }
 
-YANET_UNUSED
-constexpr const char* from_proto(const uint8_t& proto)
+[[maybe_unused]] constexpr const char* from_proto(const uint8_t& proto)
 {
 	switch (proto)
 	{
@@ -346,37 +231,14 @@ using service_t = std::tuple<balancer_service_id_t,
 class config_t
 {
 public:
-	config_t() :
-	        reals_count(0)
-	{
-	}
+	config_t() = default;
 
 	/** @todo: tag:CP_MODULES
 	void load(const nlohmann::json& json);
 	nlohmann::json save() const;
 	*/
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(balancer_id);
-		stream.pop(services);
-		stream.pop(source_ipv6);
-		stream.pop(source_ipv4);
-		stream.pop(vip_to_balancers);
-		stream.pop(default_wlc_power);
-		stream.pop(next_module);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(balancer_id);
-		stream.push(services);
-		stream.push(source_ipv6);
-		stream.push(source_ipv4);
-		stream.push(vip_to_balancers);
-		stream.push(default_wlc_power);
-		stream.push(next_module);
-	}
+	SERIALIZABLE(balancer_id, services, source_ipv6, source_ipv4, vip_to_balancers, default_wlc_power, next_module);
 
 public:
 	balancer_id_t balancer_id;
@@ -393,7 +255,7 @@ class config_t
 	std::string next_module;
 	common::globalBase::tFlow flow;
 
-	uint64_t reals_count;
+	uint64_t reals_count{};
 };
 
 }
@@ -404,50 +266,23 @@ namespace tun64
 class config_t
 {
 public:
-	config_t() :
-	        dscpMarkType(common::eDscpMarkType::never),
-	        dscp(0),
-	        srcRndEnabled(false)
-	{
-	}
+	config_t() = default;
 
 	/** @todo: tag:CP_MODULES
        void load(const nlohmann::json& json);
        nlohmann::json save() const;
        */
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(tun64Id);
-		stream.pop(dscpMarkType);
-		stream.pop(dscp);
-		stream.pop(ipv6SourceAddress);
-		stream.pop(srcRndEnabled);
-		stream.pop(prefixes);
-		stream.pop(mappings);
-		stream.pop(nextModule);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(tun64Id);
-		stream.push(dscpMarkType);
-		stream.push(dscp);
-		stream.push(ipv6SourceAddress);
-		stream.push(srcRndEnabled);
-		stream.push(prefixes);
-		stream.push(mappings);
-		stream.push(nextModule);
-	}
+	SERIALIZABLE(tun64Id, dscpMarkType, dscp, ipv6SourceAddress, srcRndEnabled, prefixes, mappings, nextModule);
 
 public:
 	tun64_id_t tun64Id;
 
-	common::eDscpMarkType dscpMarkType;
-	uint8_t dscp;
+	common::eDscpMarkType dscpMarkType{common::eDscpMarkType::never};
+	uint8_t dscp{};
 
 	common::ipv6_address_t ipv6SourceAddress;
-	bool srcRndEnabled; /// < IPv6 Source address randomization
+	bool srcRndEnabled{}; /// < IPv6 Source address randomization
 
 	std::set<common::ip_prefix_t> prefixes;
 	std::map<common::ipv4_address_t,
@@ -467,38 +302,14 @@ namespace nat64stateful
 class config_t
 {
 public:
-	config_t() :
-	        dscp_mark_type(common::eDscpMarkType::never),
-	        dscp(0)
-	{
-	}
-
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(nat64stateful_id);
-		stream.pop(dscp_mark_type);
-		stream.pop(dscp);
-		stream.pop(ipv6_prefixes);
-		stream.pop(ipv4_prefixes);
-		stream.pop(announces);
-		stream.pop(next_module);
-	}
+	config_t() = default;
 
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(nat64stateful_id);
-		stream.push(dscp_mark_type);
-		stream.push(dscp);
-		stream.push(ipv6_prefixes);
-		stream.push(ipv4_prefixes);
-		stream.push(announces);
-		stream.push(next_module);
-	}
+	SERIALIZABLE(nat64stateful_id, dscp_mark_type, dscp, ipv6_prefixes, ipv4_prefixes, announces, next_module);
 
 public:
 	nat64stateful_id_t nat64stateful_id;
-	common::eDscpMarkType dscp_mark_type;
-	uint8_t dscp;
+	common::eDscpMarkType dscp_mark_type{common::eDscpMarkType::never};
+	uint8_t dscp{};
 	std::vector<common::ipv6_prefix_t> ipv6_prefixes;
 	std::vector<common::ipv4_prefix_t> ipv4_prefixes;
 	std::set<common::ip_prefix_t> announces;
diff --git a/common/ctree.h b/common/ctree.h
index cccee863..61899b4e 100644
--- a/common/ctree.h
+++ b/common/ctree.h
@@ -10,9 +10,10 @@ namespace common
 
 template<std::size_t values_size_T,
          typename... counters_T>
-class ctree
+struct ctree
 {
-public:
+	using values_t = std::array<uint64_t, values_size_T>;
+
 	ctree()
 	{
 		if constexpr (sizeof...(counters_T) > 0)
@@ -24,6 +25,18 @@ class ctree
 			root_node = new node_base_t();
 		}
 	}
+	ctree(ctree&& other)
+	{
+		if (this != &other)
+		{
+			*this = std::move(other);
+		}
+	}
+	ctree& operator=(ctree&& other)
+	{
+		std::swap(root_node, other.root_node);
+		return *this;
+	}
 
 	~ctree()
 	{
@@ -32,9 +45,8 @@ class ctree
 
 	/// @todo: delete copy
 
-public:
 	void append(const counters_T&... counters,
-	            const std::array<uint64_t, values_size_T>& values)
+	            const values_t& values)
 	{
 		if constexpr (sizeof...(counters_T) > 0)
 		{
@@ -47,7 +59,7 @@ class ctree
 	}
 
 	void apply(const counters_T&... counters,
-	           const std::function<void(const std::tuple<std::optional<counters_T>...>, std::array<uint64_t, values_size_T>&)>& callback)
+	           const std::function<void(const std::tuple<std::optional<counters_T>...>, values_t&)>& callback)
 	{
 		std::tuple<std::optional<counters_T>...> keys;
 
@@ -84,7 +96,7 @@ class ctree
 	}
 
 	void print(const std::vector<std::string>& key_names,
-	           const std::function<void(const std::string& key, const std::array<uint64_t, values_size_T>&)>& callback) const
+	           const std::function<void(const std::string& key, const values_t&)>& callback) const
 	{
 		root_node->print("", 0, key_names, callback);
 	}
@@ -99,34 +111,31 @@ class ctree
 		root_node->push(stream);
 	}
 
-public:
-	class node_base_t
+	void merge(const ctree<values_size_T, counters_T...>& other)
 	{
-	public:
-		node_base_t()
-		{
-			for (auto& value : values)
-			{
-				value = 0;
-			}
-		}
-
-		virtual ~node_base_t()
-		{
-		}
+		root_node->merge(other.root_node);
+	}
 
-	public:
-		void append(const std::array<uint64_t, values_size_T>& values)
+	struct node_base_t
+	{
+		node_base_t() = default;
+		node_base_t(const node_base_t& other) :
+		        values{other.values} {}
+		node_base_t(const values_t& values) :
+		        values{values} {}
+		virtual ~node_base_t() = default;
+
+		void append(const values_t& values)
 		{
-			for (std::size_t i = 0;
-			     i < values_size_T;
-			     i++)
+			auto& a = this->values;
+			auto& b = values;
+			for (std::size_t i = 0, e = a.size(); i < e; ++i)
 			{
-				this->values[i] += values[i];
+				a[i] += b[i];
 			}
 		}
 
-		void apply(const std::function<void(const std::tuple<std::optional<counters_T>...>, std::array<uint64_t, values_size_T>&)>& callback,
+		void apply(const std::function<void(const std::tuple<std::optional<counters_T>...>, values_t&)>& callback,
 		           std::tuple<std::optional<counters_T>...>& keys)
 		{
 			callback(keys, this->values);
@@ -135,10 +144,10 @@ class ctree
 		virtual void print(const std::string& key,
 		                   const uint32_t& key_index,
 		                   const std::vector<std::string>& key_names,
-		                   const std::function<void(const std::string& key, const std::array<uint64_t, values_size_T>&)>& callback) const
+		                   const std::function<void(const std::string& key, const values_t&)>& callback) const
 		{
-			(void)key_index;
-			(void)key_names;
+			YANET_GCC_BUG_UNUSED(key_index);
+			YANET_GCC_BUG_UNUSED(key_names);
 
 			callback(key, values);
 		}
@@ -153,31 +162,50 @@ class ctree
 			stream.push(values);
 		}
 
-	public:
-		std::array<uint64_t, values_size_T> values;
+		virtual void merge(const node_base_t* other)
+		{
+			this->append(other->values);
+		}
+
+		values_t values;
 	};
 
 	template<typename next_counter_T,
 	         typename... next_counters_T>
-	class node_t : public node_base_t
+	struct node_t : public node_base_t
 	{
-	public:
+		node_t() = default;
+		node_t(const node_t& other) :
+		        node_base_t{other}, convert{other.convert}
+		{
+			for (const auto& [key, value] : other.next)
+			{
+				if constexpr (sizeof...(next_counters_T) != 0)
+				{
+					using child_t = node_t<next_counters_T...>;
+					next.emplace(key, new child_t{*static_cast<child_t*>(value)});
+				}
+				else
+				{
+					next.emplace(key, new node_base_t{*value});
+				}
+			}
+		}
 		~node_t() override
 		{
 			for (auto& [next_counter, next_node] : next)
 			{
-				(void)next_counter;
+				YANET_GCC_BUG_UNUSED(next_counter);
 				delete next_node;
 			}
 		}
 
-	public:
 		using node_base_t::append;
 		using node_base_t::apply;
 
 		void append(const next_counter_T& next_counter,
 		            const next_counters_T&... next_counters,
-		            const std::array<uint64_t, values_size_T>& values)
+		            const values_t& values)
 		{
 			node_base_t::append(values);
 
@@ -205,7 +233,7 @@ class ctree
 
 		void apply(const next_counter_T& next_counter,
 		           const next_counters_T&... next_counters,
-		           const std::function<void(const std::tuple<std::optional<counters_T>...>, std::array<uint64_t, values_size_T>&)>& callback,
+		           const std::function<void(const std::tuple<std::optional<counters_T>...>, values_t&)>& callback,
 		           std::tuple<std::optional<counters_T>...>& keys)
 		{
 			node_base_t::apply(callback, keys);
@@ -243,7 +271,7 @@ class ctree
 			{
 				for (const auto& [next_counter, next_node] : next)
 				{
-					(void)next_counter;
+					YANET_GCC_BUG_UNUSED(next_counter);
 					static_cast<node_t<next_counters_T...>*>(next_node)->convert_update(next_converts...);
 				}
 			}
@@ -252,7 +280,7 @@ class ctree
 		void print(const std::string& key,
 		           const uint32_t& key_index,
 		           const std::vector<std::string>& key_names,
-		           const std::function<void(const std::string& key, const std::array<uint64_t, values_size_T>&)>& callback) const override
+		           const std::function<void(const std::string& key, const values_t&)>& callback) const override
 		{
 			node_base_t::print(key, key_index, key_names, callback);
 
@@ -323,7 +351,37 @@ class ctree
 			}
 		}
 
-	public:
+		void merge(const node_base_t* other) override
+		{
+			for (const auto& [key, node] : static_cast<const node_t*>(other)->next)
+			{
+				if (auto it = next.find(key); it != next.end())
+				{
+					it->second->merge(node);
+				}
+				else
+				{
+					if constexpr (sizeof...(next_counters_T) != 0)
+					{
+						using child_t = node_t<next_counters_T...>;
+						next.emplace(key, new child_t(*static_cast<child_t*>(node)));
+					}
+					else
+					{
+						next.emplace(key, new node_base_t(*node));
+					}
+				}
+			}
+
+			for (const auto& [key, value] : static_cast<const node_t*>(other)->convert)
+			{
+				if (convert.find(key) == convert.end())
+				{
+					convert.emplace(key, value);
+				}
+			}
+		}
+
 		std::map<next_counter_T,
 		         node_base_t*>
 		        next;
@@ -333,7 +391,7 @@ class ctree
 		        convert;
 	};
 
-	node_base_t* root_node;
+	node_base_t* root_node{};
 };
 
-}
+} // namespace common
diff --git a/common/define.h b/common/define.h
index 03846a26..47cc5fd0 100644
--- a/common/define.h
+++ b/common/define.h
@@ -1,15 +1,30 @@
 #pragma once
 
+#include <cstdint>
 #include <cstdio>
+#include <cstdlib>
 #include <ctime>
 #include <map>
 #include <optional>
 #include <set>
 #include <vector>
 
-#include <inttypes.h>
-
-#define YANET_UNUSED [[maybe_unused]]
+/**
+ *  GCC 7.5 version which we have to support for now due to Ubuntu 18 have a bug
+ *  (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81767) where unused variables
+ *  in structured bindings are incorrectly flagged as warnings, even though
+ *  they "can't" be used, cause they are not a real variables.
+ *
+ *  Previously, code used `(void)var;` to suppress these warnings, but this
+ *  approach was ugly and harder to grep.
+ *
+ *  One should use this macro in structured bindings to mark unused bunding.
+ *
+ *  Once we move to a newer GCC version where this bug is fixed,
+ *  we can easily remove this macro as it is much easier to grep and remove
+ *  than those void(var) statements.
+ */
+#define YANET_GCC_BUG_UNUSED(arg) (void)(arg)
 
 #define YANET_LOG_PRINT(msg, args...) fprintf(stdout, msg, ##args)
 
@@ -90,13 +105,13 @@ extern LogPriority logPriority;
 #define CALCULATE_LOGICALPORT_ID(portId, vlanId) ((portId << 13) | ((vlanId & 0xFFF) << 1) | 1)
 
 #if __cpp_exceptions
-#define YANET_THROW(string) throw string
+#define YANET_THROW(message) throw std::runtime_error(std::string(message))
 #else // __cpp_exceptions
-#define YANET_THROW(string)                             \
-	do                                              \
-	{                                               \
-		YANET_LOG_ERROR("%s\n", string.data()); \
-		std::abort();                           \
+#define YANET_THROW(message)                                               \
+	do                                                                 \
+	{                                                                  \
+		YANET_LOG_ERROR("%s\n", std::string_view(message).data()); \
+		std::abort();                                              \
 	} while (0)
 #endif // __cpp_exceptions
 
@@ -110,6 +125,31 @@ extern LogPriority logPriority;
 
 #define YANET_NEXTHOP_FLAG_DIRECTLY ((uint16_t)(1u << 0))
 
+/*
+ * @brief Macro to define serialization-friendly tuple accessors.
+ *
+ * Example usage:
+ * \code
+ * class MyClass {
+ * public:
+ *     int a;
+ *     std::string b;
+ *
+ *     // Automatically defines as_tuple() methods
+ *     SERIALIZABLE(a, b);
+ * };
+ * \endcode
+ *
+ * In cases where serialization/deserialization logic for a class is not
+ * straightforward or requires custom handling, you should define explicit
+ * `pop` and `push` methods as before, instead of using this macro.
+ *
+ * @param __VA_ARGS__ List of member variables to include in the tuple.
+ */
+#define SERIALIZABLE(...)                                 \
+	auto as_tuple() { return std::tie(__VA_ARGS__); } \
+	auto as_tuple() const { return std::tie(__VA_ARGS__); }
+
 /// @todo: move
 template<typename map_T,
          typename key_T>
diff --git a/common/generation.h b/common/generation.h
index 26ab14e6..fd93a097 100644
--- a/common/generation.h
+++ b/common/generation.h
@@ -123,7 +123,7 @@ class generation_manager
 	/** dangerous
 	generation_shared current_shared() const
 	{
-		return generation_shared(&current_mutex, this);
+	        return generation_shared(&current_mutex, this);
 	}
 	*/
 
@@ -145,7 +145,7 @@ class generation_manager
 	/** dangerous
 	generation_unique next_unique()
 	{
-		return generation_unique(&next_mutex, this);
+	        return generation_unique(&next_mutex, this);
 	}
 	*/
 
diff --git a/common/icontrolplane.h b/common/icontrolplane.h
index f123f080..88f25283 100644
--- a/common/icontrolplane.h
+++ b/common/icontrolplane.h
@@ -13,10 +13,7 @@ namespace interface
 class controlPlane
 {
 public:
-	controlPlane() :
-	        clientSocket(-1)
-	{
-	}
+	controlPlane() = default;
 
 	~controlPlane()
 	{
@@ -177,6 +174,16 @@ class controlPlane
 		return get<common::icp::requestType::route_get, common::icp::route_get::response>(request);
 	}
 
+	auto route_counters() const
+	{
+		return get<common::icp::requestType::route_counters, common::icp::route_counters::response>();
+	}
+
+	auto route_tunnel_counters() const
+	{
+		return get<common::icp::requestType::route_tunnel_counters, common::icp::route_tunnel_counters::response>();
+	}
+
 	auto route_tunnel_lookup(const common::icp::route_tunnel_lookup::request& request) const
 	{
 		return get<common::icp::requestType::route_tunnel_lookup, common::icp::route_tunnel_lookup::response>(request);
@@ -337,6 +344,11 @@ class controlPlane
 		return get<common::icp::requestType::convert, common::icp::convert::response>(request);
 	}
 
+	auto counters_stat() const
+	{
+		return get<common::icp::requestType::counters_stat, common::icp::counters_stat::response>();
+	}
+
 protected:
 	void connectToControlPlane() const
 	{
@@ -372,7 +384,7 @@ class controlPlane
 	}
 
 	template<common::icp::requestType T, class Req = std::tuple<>>
-	inline common::icp::response call(const Req& request = Req()) const
+	common::icp::response call(const Req& request = Req()) const
 	{
 		std::lock_guard<std::mutex> guard(mutex);
 		connectToControlPlane();
@@ -380,7 +392,7 @@ class controlPlane
 	}
 
 protected:
-	mutable int clientSocket;
+	mutable int clientSocket{-1};
 	mutable std::mutex mutex;
 };
 
diff --git a/common/icp.h b/common/icp.h
index 14febcf7..b8b6f2ea 100644
--- a/common/icp.h
+++ b/common/icp.h
@@ -15,9 +15,7 @@
 #include "result.h"
 #include "type.h"
 
-namespace common
-{
-namespace icp
+namespace common::icp
 {
 
 constexpr inline char socketPath[] = "/run/yanet/controlplane.sock";
@@ -87,6 +85,9 @@ enum class requestType : uint32_t
 	nat46clat_announce,
 	nat46clat_stats,
 	convert,
+	counters_stat,
+	route_counters,
+	route_tunnel_counters,
 	size // size should always be at the bottom of the list, this enum allows us to find out the size of the enum list
 };
 
@@ -220,6 +221,12 @@ inline const char* requestType_toString(requestType t)
 			return "nat46clat_stats";
 		case requestType::convert:
 			return "convert";
+		case requestType::counters_stat:
+			return "counters_stat";
+		case requestType::route_counters:
+			return "route_counters";
+		case requestType::route_tunnel_counters:
+			return "route_tunnel_counters";
 		case requestType::size:
 			return "unknown";
 	}
@@ -726,7 +733,7 @@ using request = std::tuple<std::optional<std::string>, ///< module
                            std::optional<std::string>, ///< transport_source
                            std::optional<std::string>, ///< transport_destination
                            std::optional<std::string>, ///< transport_flags
-                           std::optional<std::string>>; ///< keepstate
+                           std::optional<std::string>>; ///< recordstate
 
 using response = std::vector<std::tuple<std::optional<std::string>,
                                         std::optional<std::string>,
@@ -779,6 +786,23 @@ using request = std::tuple<std::string, ///< module_name
 using response = route_lookup::response;
 }
 
+namespace route_counters
+{
+using response = std::vector<std::tuple<uint32, ///< peer
+                                        ip_address_t, ///< nexthop
+                                        ip_prefix_t, ///< prefix
+                                        uint64_t, ///< count
+                                        uint64_t>>; ///< size
+}
+
+namespace route_tunnel_counters
+{
+using response = std::vector<std::tuple<uint32, ///< peer
+                                        ip_address_t, ///< nexthop
+                                        uint64_t, ///< count
+                                        uint64_t>>; ///< size
+}
+
 namespace route_tunnel_lookup
 {
 using request = std::tuple<std::string, ///< module_name
@@ -909,6 +933,22 @@ using response = std::vector<std::tuple<unsigned int, ///< id
                                         std::string>>; ///< name
 }
 
+namespace counters_stat
+{
+using one_size_info = std::tuple<uint16_t, ///< size of segments
+                                 uint32_t, ///< used_blocks
+                                 uint32_t, ///< busy_blocks
+                                 uint32_t>; ///< used_segments
+
+using common_info = std::tuple<uint32_t, ///< free_blocks
+                               uint32_t, ///< free_cells_
+                               uint64_t, ///< errors_external_
+                               uint64_t>; ///< errors_internal_
+
+using response = std::tuple<common_info,
+                            std::vector<one_size_info>>;
+}
+
 using request = std::tuple<requestType,
                            std::variant<std::tuple<>,
                                         acl_unwind::request,
@@ -956,6 +996,8 @@ using response = std::variant<std::tuple<>,
                               acl_unwind::response,
                               acl_lookup::response,
                               route_lookup::response, ///< + route_get::response
+                              route_counters::response,
+                              route_tunnel_counters::response,
                               route_tunnel_lookup::response, ///< + route_tunnel_get::response
                               getRibStats::response,
                               getDefenders::response,
@@ -976,7 +1018,6 @@ using response = std::variant<std::tuple<>,
                               nat46clat_config::response,
                               nat46clat_announce::response,
                               nat46clat_stats::response,
-                              convert::response>;
-}
-
+                              convert::response,
+                              counters_stat::response>;
 }
diff --git a/common/icp_proto.h b/common/icp_proto.h
index 0b68dd70..25bd18d2 100644
--- a/common/icp_proto.h
+++ b/common/icp_proto.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include "libprotobuf/controlplane.pb.h"
-
 namespace common::icp_proto
 {
 constexpr inline char socketPath[] = "/run/yanet/protocontrolplane.sock";
diff --git a/common/idataplane.h b/common/idataplane.h
index 5e1c40b9..dc64ba16 100644
--- a/common/idataplane.h
+++ b/common/idataplane.h
@@ -14,10 +14,7 @@ namespace interface
 class dataPlane
 {
 public:
-	dataPlane() :
-	        clientSocket(-1)
-	{
-	}
+	dataPlane() = default;
 
 	~dataPlane()
 	{
@@ -103,26 +100,11 @@ class dataPlane
 		return get<common::idp::requestType::clearFWState, eResult>();
 	}
 
-	common::idp::getAclCounters::response getAclCounters() const
-	{
-		return get<common::idp::requestType::getAclCounters, common::idp::getAclCounters::response>();
-	}
-
 	common::idp::getPortStatsEx::response getPortStatsEx() const
 	{
 		return get<common::idp::requestType::getPortStatsEx, common::idp::getPortStatsEx::response>();
 	}
 
-	common::idp::getCounters::response getCounters(const common::idp::getCounters::request& request) const
-	{
-		return get<common::idp::requestType::getCounters, common::idp::getCounters::response>(request);
-	}
-
-	common::idp::getOtherStats::response getOtherStats() const
-	{
-		return get<common::idp::requestType::getOtherStats, common::idp::getOtherStats::response>();
-	}
-
 	common::idp::getConfig::response getConfig() const
 	{
 		return get<common::idp::requestType::getConfig, common::idp::getConfig::response>();
@@ -173,6 +155,11 @@ class dataPlane
 		return get<common::idp::requestType::samples, common::idp::samples::response>();
 	}
 
+	auto hitcount_dump() const
+	{
+		return get<common::idp::requestType::hitcount_dump, common::idp::hitcount_dump::response>();
+	}
+
 	eResult debug_latch_update(const common::idp::debug_latch_update::request& request) const
 	{
 		return get<common::idp::requestType::debug_latch_update, common::idp::debug_latch_update::response>(request);
@@ -193,11 +180,6 @@ class dataPlane
 		return get<common::idp::requestType::version, common::idp::version::response>();
 	}
 
-	auto get_counter_by_name(const common::idp::get_counter_by_name::request& request) const
-	{
-		return get<common::idp::requestType::get_counter_by_name, common::idp::get_counter_by_name::response>(request);
-	}
-
 	auto get_shm_info() const
 	{
 		return get<common::idp::requestType::get_shm_info, common::idp::get_shm_info::response>();
@@ -287,7 +269,12 @@ class dataPlane
 		int ret = connect(clientSocket, (struct sockaddr*)&address, sizeof(address));
 		if (ret == -1)
 		{
-			throw std::string("connect(): ") + strerror(errno);
+			int error = errno;
+			YANET_LOG_ERROR("Error connect to socket %s, error: %d - %s\n",
+			                common::idp::socketPath,
+			                error,
+			                strerror(error));
+			throw std::string("connect(): ") + strerror(error);
 		}
 	}
 
@@ -298,7 +285,7 @@ class dataPlane
 	}
 
 	template<common::idp::requestType T, class Req>
-	inline common::idp::response call(const Req& request) const
+	common::idp::response call(const Req& request) const
 	{
 		std::lock_guard<std::mutex> guard(mutex);
 		connectToDataPlane();
@@ -312,7 +299,7 @@ class dataPlane
 	}
 
 	template<common::idp::requestType T, class Req>
-	inline common::idp::response call(Req&& request) const
+	common::idp::response call(Req&& request) const
 	{
 		std::lock_guard<std::mutex> guard(mutex);
 		connectToDataPlane();
@@ -320,7 +307,7 @@ class dataPlane
 	}
 
 protected:
-	mutable int clientSocket;
+	mutable int clientSocket{-1};
 	mutable std::mutex mutex;
 };
 
diff --git a/common/idp.h b/common/idp.h
index 3b2647e1..fbf2920b 100644
--- a/common/idp.h
+++ b/common/idp.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include <inttypes.h>
-
 #include <array>
 #include <map>
 #include <set>
@@ -14,6 +12,7 @@
 
 #include "acl.h"
 #include "balancer.h"
+#include "common/actions.h"
 #include "config.h"
 #include "memory_manager.h"
 #include "neighbor.h"
@@ -47,13 +46,10 @@ enum class requestType : uint32_t
 	get_ports_stats_extended,
 	getControlPlanePortStats,
 	getPortStatsEx,
-	getCounters,
 	getFragmentationStats,
 	getFWState,
 	getFWStateStats,
 	clearFWState,
-	getAclCounters,
-	getOtherStats,
 	getConfig,
 	getErrors,
 	getReport,
@@ -65,11 +61,11 @@ enum class requestType : uint32_t
 	balancer_real_connections,
 	limits,
 	samples,
+	hitcount_dump,
 	debug_latch_update,
 	unrdup_vip_to_balancers,
 	update_vip_vport_proto,
 	version,
-	get_counter_by_name,
 	get_shm_info,
 	get_shm_tsc_info,
 	set_shm_tsc_state,
@@ -368,7 +364,7 @@ using request = std::vector<std::tuple<acl::total_key_t, tAclGroupId>>;
 
 namespace acl_values
 {
-using request = std::vector<acl::value_t>;
+using request = std::vector<common::Actions>;
 }
 
 namespace dump_tags_ids
@@ -384,6 +380,7 @@ using request = lpm::request;
 namespace route_value_update
 {
 using interface = std::vector<std::tuple<tInterfaceId, ///< interface_id
+                                         tCounterId, ///< counter_id
                                          std::vector<uint32_t>, ///< labels
                                          ip_address_t, ///< neighbor_address
                                          uint16_t>>; ///< nexthop_flags
@@ -662,13 +659,6 @@ namespace getPortStatsEx
 using response = ::common::getPortStatsEx::response;
 }
 
-namespace getCounters
-{
-using request = std::vector<tCounterId>;
-
-using response = std::vector<uint64_t>;
-}
-
 namespace getFragmentationStats
 {
 using response = fragmentation::stats_t;
@@ -702,18 +692,6 @@ namespace getFWStateStats
 using response = fwstate::stats_t;
 }
 
-namespace getAclCounters
-{
-using response = std::vector<uint64_t>;
-}
-
-namespace getOtherStats
-{
-using worker = std::tuple<std::array<uint64_t, CONFIG_YADECAP_MBUFS_BURST_SIZE + 1>>; ///< bursts
-
-using response = std::tuple<std::map<tCoreId, worker>>;
-}
-
 namespace getConfig
 {
 enum class value_type ///< @todo: delete
@@ -862,13 +840,6 @@ using response = std::tuple<unsigned int, ///< major
                             std::string>; ///< custom
 }
 
-namespace get_counter_by_name
-{
-using request = std::tuple<std::string, std::optional<tCoreId>>;
-
-using response = std::map<tCoreId, uint64_t>;
-}
-
 namespace get_shm_info
 {
 using dump_meta = std::tuple<std::string, ///< ring name
@@ -923,6 +894,19 @@ using sample_t = std::tuple<uint8_t, ///< proto
 using response = std::vector<sample_t>;
 }
 
+namespace hitcount_dump
+{
+using id = std::string;
+
+struct Data
+{
+	uint64_t count; // Number of times a rule has been hit
+	uint64_t bytes; // Amount of packet bytes passed through the rule
+};
+
+using response = std::unordered_map<id, Data>;
+}
+
 namespace debug_latch_update
 {
 enum class id : uint32_t
@@ -1001,7 +985,6 @@ using request = std::tuple<requestType,
                                         getGlobalBase::request,
                                         getControlPlanePortStats::request,
                                         getWorkerStats::request,
-                                        getCounters::request,
                                         lpm4LookupAddress::request,
                                         lpm6LookupAddress::request,
                                         nat64stateful_state::request,
@@ -1009,7 +992,6 @@ using request = std::tuple<requestType,
                                         debug_latch_update::request,
                                         unrdup_vip_to_balancers::request,
                                         update_vip_vport_proto::request,
-                                        get_counter_by_name::request,
                                         dump_physical_port::request,
                                         neighbor_insert::request,
                                         neighbor_remove::request,
@@ -1026,11 +1008,9 @@ using response = std::variant<std::tuple<>,
                               get_ports_stats::response, ///< + getControlPlanePortStats::response
                               get_ports_stats_extended::response,
                               getPortStatsEx::response,
-                              getOtherStats::response,
                               getFragmentationStats::response,
                               getFWState::response,
                               getFWStateStats::response,
-                              getAclCounters::response, ///< + getCounters::response
                               getConfig::response,
                               getErrors::response,
                               getReport::response,
@@ -1043,7 +1023,7 @@ using response = std::variant<std::tuple<>,
                               version::response,
                               limits::response,
                               samples::response,
-                              get_counter_by_name::response,
+                              hitcount_dump::response,
                               get_shm_info::response,
                               get_shm_tsc_info::response,
                               neighbor_show::response,
diff --git a/common/memory_manager.h b/common/memory_manager.h
index 04e994a8..bd07ab04 100644
--- a/common/memory_manager.h
+++ b/common/memory_manager.h
@@ -1,9 +1,10 @@
 #pragma once
 
 #include <memory>
+#include <string>
 #include <vector>
 
-#include "stream.h"
+#include "common/define.h"
 
 namespace common::memory_manager
 {
@@ -38,10 +39,7 @@ inline uint64_t convert_string_to_bytes(std::string string)
 class memory_group
 {
 public:
-	memory_group() :
-	        limit(0)
-	{
-	}
+	memory_group() = default;
 
 	template<typename callback_t>
 	std::set<std::string> for_each(const callback_t& callback) const
@@ -68,23 +66,11 @@ class memory_group
 		return object_names;
 	}
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(name);
-		stream.pop(limit);
-		stream.pop(memory_groups);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(name);
-		stream.push(limit);
-		stream.push(memory_groups);
-	}
+	SERIALIZABLE(name, limit, memory_groups);
 
 public:
 	std::string name;
-	uint64_t limit;
+	uint64_t limit{};
 	std::vector<std::shared_ptr<memory_group>> memory_groups;
 };
 
diff --git a/common/nat46clat.h b/common/nat46clat.h
index b3c587d8..031aeaa5 100644
--- a/common/nat46clat.h
+++ b/common/nat46clat.h
@@ -1,6 +1,5 @@
 #pragma once
 
-#include "stream.h"
 #include "type.h"
 
 namespace nat46clat
@@ -18,49 +17,20 @@ enum class module_counter : tCounterId
 class config
 {
 public:
-	config() :
-	        dscp_mark_type(common::eDscpMarkType::never),
-	        dscp(0)
-	{
-	}
+	config() = default;
 
-	void pop(common::stream_in_t& stream)
-	{
-		stream.pop(nat46clat_id);
-		stream.pop(ipv6_source);
-		stream.pop(ipv6_destination);
-		stream.pop(dscp_mark_type);
-		stream.pop(dscp);
-		stream.pop(ipv6_prefixes);
-		stream.pop(ipv4_prefixes);
-		stream.pop(announces);
-		stream.pop(next_module);
-	}
-
-	void push(common::stream_out_t& stream) const
-	{
-		stream.push(nat46clat_id);
-		stream.push(ipv6_source);
-		stream.push(ipv6_destination);
-		stream.push(dscp_mark_type);
-		stream.push(dscp);
-		stream.push(ipv6_prefixes);
-		stream.push(ipv4_prefixes);
-		stream.push(announces);
-		stream.push(next_module);
-	}
+	SERIALIZABLE(nat46clat_id, ipv6_source, ipv6_destination, dscp_mark_type, dscp, ipv6_prefixes, ipv4_prefixes, announces, next_module);
 
 public:
 	nat46clat_id_t nat46clat_id;
 	common::ipv6_address_t ipv6_source;
 	common::ipv6_address_t ipv6_destination;
-	common::eDscpMarkType dscp_mark_type;
-	uint8_t dscp;
+	common::eDscpMarkType dscp_mark_type{common::eDscpMarkType::never};
+	uint8_t dscp{};
 	std::set<common::ipv6_prefix_t> ipv6_prefixes;
 	std::set<common::ipv4_prefix_t> ipv4_prefixes;
 	std::set<common::ip_prefix_t> announces;
 	std::string next_module;
 	common::globalBase::flow_t flow;
 };
-
 }
diff --git a/common/neighbor.h b/common/neighbor.h
index 01032091..7037ae5f 100644
--- a/common/neighbor.h
+++ b/common/neighbor.h
@@ -1,7 +1,6 @@
 #pragma once
 
-#include <inttypes.h>
-
+#include <cstdint>
 namespace common::neighbor
 {
 
diff --git a/common/refarray.h b/common/refarray.h
index a2c770a6..ea779bb4 100644
--- a/common/refarray.h
+++ b/common/refarray.h
@@ -17,10 +17,9 @@ class refarray_t
 	using id_t = uint64_t;
 
 public:
-	refarray_t() ///< @todo: fallback value?
+	refarray_t() :
+	        ids_unused_size(size_T) ///< @todo: fallback value?
 	{
-		ids_unused_size = size_T;
-		ids_unused_watermark = 0;
 	}
 
 	bool exist_id(const id_t& id)
@@ -42,7 +41,7 @@ class refarray_t
 		}
 
 		auto& [refcount, id] = it->second;
-		(void)id;
+		YANET_GCC_BUG_UNUSED(id);
 
 		refcount++;
 
@@ -59,7 +58,7 @@ class refarray_t
 			return std::nullopt;
 		}
 
-		id_t id;
+		id_t id = 0;
 		ids_unused_size--;
 		if (ids_unused.size())
 		{
@@ -107,7 +106,7 @@ class refarray_t
 
 		const auto& value = it->second;
 		auto& [refcount, values_id] = values[value];
-		(void)values_id;
+		YANET_GCC_BUG_UNUSED(values_id);
 
 		refcount--;
 		if (refcount)
@@ -163,7 +162,7 @@ class refarray_t
 
 		auto it = values.find(value);
 		const auto& [refcount, id] = it->second;
-		(void)refcount;
+		YANET_GCC_BUG_UNUSED(refcount);
 
 		return id;
 	}
@@ -186,7 +185,7 @@ class refarray_t
 		ids.clear();
 	}
 
-	std::tuple<uint64_t, uint64_t> stats() const
+	[[nodiscard]] std::tuple<uint64_t, uint64_t> stats() const
 	{
 		return {size_T - ids_unused_size, size_T};
 	}
@@ -203,7 +202,7 @@ class refarray_t
 
 protected:
 	std::vector<id_t> ids_unused;
-	std::atomic<id_t> ids_unused_watermark;
+	std::atomic<id_t> ids_unused_watermark{0};
 
 	std::map<value_T,
 	         std::tuple<uint64_t, ///< refcount
diff --git a/common/result.h b/common/result.h
index d4d5b1cc..e60719bc 100644
--- a/common/result.h
+++ b/common/result.h
@@ -1,6 +1,6 @@
 #pragma once
 
-#include <inttypes.h>
+#include <cstdint>
 
 namespace common
 {
diff --git a/common/rpc_channel.h b/common/rpc_channel.h
index fc406d02..12949b38 100644
--- a/common/rpc_channel.h
+++ b/common/rpc_channel.h
@@ -16,14 +16,12 @@ namespace common::proto
 class UnixProtobufRpcChannel : public google::protobuf::RpcChannel
 {
 public:
-	UnixProtobufRpcChannel(const std::string& socketPath) :
-	        clientSocket(-1)
+	UnixProtobufRpcChannel(const std::string& socketPath)
 	{
-
 		connectChannel(socketPath);
 	}
 
-	~UnixProtobufRpcChannel()
+	~UnixProtobufRpcChannel() override
 	{
 		if (clientSocket != -1)
 		{
@@ -60,11 +58,11 @@ class UnixProtobufRpcChannel : public google::protobuf::RpcChannel
 		}
 	}
 
-	virtual void CallMethod(const ::google::protobuf::MethodDescriptor* method,
-	                        ::google::protobuf::RpcController* controller,
-	                        const ::google::protobuf::Message* request,
-	                        ::google::protobuf::Message* response,
-	                        ::google::protobuf::Closure*)
+	void CallMethod(const ::google::protobuf::MethodDescriptor* method,
+	                ::google::protobuf::RpcController* controller,
+	                const ::google::protobuf::Message* request,
+	                ::google::protobuf::Message* response,
+	                ::google::protobuf::Closure*) override
 	{
 		std::lock_guard<std::mutex> guard(mutex);
 		// Get the service name method name and fill it into rpc_meta
@@ -86,7 +84,7 @@ class UnixProtobufRpcChannel : public google::protobuf::RpcChannel
 
 		// single response
 
-		uint64_t messageSize;
+		uint64_t messageSize = 0;
 		if (auto err = common::recvAll(clientSocket, (char*)&messageSize, sizeof(messageSize)); err != 0)
 		{
 			controller->SetFailed(std::string("recv response: ") + strerror(err));
@@ -103,7 +101,7 @@ class UnixProtobufRpcChannel : public google::protobuf::RpcChannel
 	}
 
 private:
-	mutable int clientSocket;
+	mutable int clientSocket{-1};
 	mutable std::mutex mutex{};
 	std::vector<uint8_t> buffer;
 };
diff --git a/common/rpc_controller.h b/common/rpc_controller.h
index f538877a..b11d247f 100644
--- a/common/rpc_controller.h
+++ b/common/rpc_controller.h
@@ -11,23 +11,23 @@ class RpcController : public google::protobuf::RpcController
 {
 public:
 	RpcController() { _reset(); }
-	virtual ~RpcController() {}
+	~RpcController() override = default;
 
-	virtual void Reset()
+	void Reset() override
 	{
 		_reset();
 	}
 
-	virtual bool Failed() const { return is_failed_; }
-	virtual void SetFailed(const std::string& reason)
+	[[nodiscard]] bool Failed() const override { return is_failed_; }
+	void SetFailed(const std::string& reason) override
 	{
 		is_failed_ = true;
 		error_code_ = reason;
 	}
-	virtual std::string ErrorText() const { return error_code_; }
-	virtual void StartCancel(){};
-	virtual bool IsCanceled() const { return false; };
-	virtual void NotifyOnCancel(::google::protobuf::Closure* /* callback */){};
+	[[nodiscard]] std::string ErrorText() const override { return error_code_; }
+	void StartCancel() override {};
+	[[nodiscard]] bool IsCanceled() const override { return false; };
+	void NotifyOnCancel(::google::protobuf::Closure* /* callback */) override {};
 
 private:
 	bool is_failed_;
diff --git a/common/scheduler.h b/common/scheduler.h
index 6ef48956..6fe773ac 100644
--- a/common/scheduler.h
+++ b/common/scheduler.h
@@ -1,7 +1,6 @@
 #pragma once
 
-#include <inttypes.h>
-
+#include <cstdint>
 namespace balancer
 {
 
diff --git a/common/sdpclient.h b/common/sdpclient.h
new file mode 100644
index 00000000..990cb31a
--- /dev/null
+++ b/common/sdpclient.h
@@ -0,0 +1,462 @@
+#pragma once
+
+#include <thread>
+
+#include "result.h"
+#include "sdpcommon.h"
+#include "shared_memory.h"
+
+#define SHARED_MEMORY_REREAD_TIMEOUT_MICROSECONDS 100
+#define SHARED_MEMORY_REREAD_MAXIMUM_ATTEMPTS 100
+
+namespace common::sdp
+{
+
+class SdpClient
+{
+public:
+	/*
+	 * The function opens buffers created in Dataplane in shared memory and fills in the necessary fields in the
+	 * DataPlaneInSharedMemory structure
+	 * Params:
+	 * sdp_data - the Data Plane In Shared Memory object contains data about connection to shared memory buffers
+	 * open_workers_data - if false, only the main file is opened, if true, files with workers counters on
+	 *                     different numa nodes are also opened
+	 * Returns: result::success if successful, in case of error hresult::error InitSharedMemory
+	 */
+	[[nodiscard]] static eResult ReadSharedMemoryData(DataPlaneInSharedMemory& sdp_data, bool open_workers_data)
+	{
+		// Read main file
+		int number_of_attempts = 0;
+		eResultRead result = eResultRead::need_reread;
+		while (result != eResultRead::ok)
+		{
+			number_of_attempts++;
+			std::string message_error;
+			uint64_t size_mmap = 0;
+			result = ReadItAgainMainFileDataplane(sdp_data, size_mmap, message_error);
+			if (result == eResultRead::error)
+			{
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+				YANET_LOG_ERROR("File %s. %s\n", YANET_SHARED_MEMORY_FILE_DATAPLANE, message_error.c_str());
+#else
+				YANET_LOG_ERROR("Key %d. %s\n", YANET_SHARED_MEMORY_KEY_DATAPLANE, message_error.c_str());
+#endif
+				sdp_data.UnmapBuffers(size_mmap);
+				return eResult::errorInitSharedMemory;
+			}
+			else if (result == eResultRead::need_reread)
+			{
+				sdp_data.UnmapBuffers(size_mmap);
+				if (number_of_attempts >= SHARED_MEMORY_REREAD_MAXIMUM_ATTEMPTS)
+				{
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+					YANET_LOG_ERROR("File %s. Attempts were made to read: %d. %s\n",
+					                YANET_SHARED_MEMORY_FILE_DATAPLANE,
+					                number_of_attempts,
+					                message_error.c_str());
+#else
+					YANET_LOG_ERROR("Key %d. Attempts were made to read: %d. %s\n",
+					                YANET_SHARED_MEMORY_KEY_DATAPLANE,
+					                number_of_attempts,
+					                message_error.c_str());
+#endif
+					return eResult::errorInitSharedMemory;
+				}
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+				YANET_LOG_WARNING("File %s. %s\n", YANET_SHARED_MEMORY_FILE_DATAPLANE, message_error.c_str());
+#else
+				YANET_LOG_WARNING("KEY %d. %s\n", YANET_SHARED_MEMORY_KEY_DATAPLANE, message_error.c_str());
+#endif
+				std::this_thread::sleep_for(std::chrono::microseconds{SHARED_MEMORY_REREAD_TIMEOUT_MICROSECONDS});
+			}
+		}
+
+		if (!open_workers_data)
+		{
+			return eResult::success;
+		}
+
+		// Read workers files
+
+		// Get all sockets
+		std::map<tSocketId, std::pair<void*, uint64_t>> sockets_buffer;
+		for (const auto& iter : sdp_data.workers)
+		{
+			sockets_buffer[iter.second.socket] = {nullptr, 0};
+		}
+		for (const auto& iter : sdp_data.workers_gc)
+		{
+			sockets_buffer[iter.second.socket] = {nullptr, 0};
+		}
+
+		// Open buffers for each socket
+#ifndef YANET_USE_POSIX_SHARED_MEMORY
+		key_t key_shared_memory_segment = YANET_SHARED_MEMORY_KEY_DATAPLANE;
+#endif
+		for (auto& iter : sockets_buffer)
+		{
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+			std::string filename = FileNameWorkerOnNumaNode(iter.first);
+			auto [buffer, size] = common::ipc::SharedMemory::OpenBufferFile(filename, false);
+			if (buffer == nullptr)
+			{
+				YANET_LOG_ERROR("Error openning shared memory buffer from file: %s\n", filename.c_str());
+				return eResult::errorInitSharedMemory;
+			}
+#else
+			key_shared_memory_segment++;
+			auto [buffer, size] = common::ipc::SharedMemory::OpenBufferKey(key_shared_memory_segment, false);
+			if (buffer == nullptr)
+			{
+				YANET_LOG_ERROR("Error openning shared memory buffer from segment: %d\n", key_shared_memory_segment);
+				return eResult::errorInitSharedMemory;
+			}
+#endif
+			iter.second = {buffer, size};
+		}
+
+		// Set buffers for workers
+		for (auto& iter : sdp_data.workers)
+		{
+			uint64_t shift = iter.second.shift_in_socket;
+			auto [buffer, size] = sockets_buffer[iter.second.socket];
+			if (shift + sdp_data.metadata_worker.size > size)
+			{
+				YANET_LOG_ERROR("Error in file for socket: %d, file size: %ld, worker: %d, metadata_worker.size: %ld, shift: %ld\n",
+				                iter.second.socket,
+				                size,
+				                iter.first,
+				                sdp_data.metadata_worker.size,
+				                shift);
+				return eResult::errorInitSharedMemory;
+			}
+			iter.second.buffer = ShiftBuffer<void*>(buffer, shift);
+		}
+		for (auto& iter : sdp_data.workers_gc)
+		{
+			uint64_t shift = iter.second.shift_in_socket;
+			auto [buffer, size] = sockets_buffer[iter.second.socket];
+			if (shift + sdp_data.metadata_worker_gc.size > size)
+			{
+				YANET_LOG_ERROR("Error in file for socket: %d, file size: %ld, worker: %d, metadata_worker_gc.size: %ld, shift: %ld\n",
+				                iter.second.socket,
+				                size,
+				                iter.first,
+				                sdp_data.metadata_worker_gc.size,
+				                shift);
+				return eResult::errorInitSharedMemory;
+			}
+			iter.second.buffer = ShiftBuffer<void*>(buffer, shift);
+		}
+
+		return eResult::success;
+	}
+
+	/*
+	 * The counter name function gets its value on workers.
+	 * Params:
+	 * - sdp_data - the Data Plane In Shared Memory object contains data about connection to shared memory buffers
+	 * - counter_name - the name of the counter
+	 * - core_id is the id of the core on which the worker is running for which it need to get the counter value,
+	 *   if it passed std::nullopt, then it gets from all workers
+	 * Return: The counter value for each core
+	 */
+	static std::map<tCoreId, uint64_t> GetCounterByName(const DataPlaneInSharedMemory& sdp_data,
+	                                                    const std::string& counter_name,
+	                                                    std::optional<tCoreId> core_id)
+	{
+		std::map<tCoreId, uint64_t> result;
+
+		// Find counter in workers
+		const auto& iter_workers = sdp_data.metadata_worker.counter_positions.find(counter_name);
+		if (iter_workers != sdp_data.metadata_worker.counter_positions.end())
+		{
+			uint64_t index = iter_workers->second;
+			for (const auto& [worker_core_id, worker_info] : sdp_data.workers)
+			{
+				if (!core_id.has_value() || worker_core_id == core_id)
+				{
+					auto* counters = common::sdp::ShiftBuffer<uint64_t*>(worker_info.buffer,
+					                                                     sdp_data.metadata_worker.start_counters);
+					result[worker_core_id] = counters[index];
+				}
+			}
+		}
+
+		// Find counter in workers_gc
+		const auto& iter_workers_gc = sdp_data.metadata_worker_gc.counter_positions.find(counter_name);
+		if (iter_workers_gc != sdp_data.metadata_worker_gc.counter_positions.end())
+		{
+			uint64_t index = iter_workers_gc->second;
+			for (const auto& [worker_core_id, worker_info] : sdp_data.workers_gc)
+			{
+				if (!core_id.has_value() || worker_core_id == core_id)
+				{
+					auto* counters = common::sdp::ShiftBuffer<uint64_t*>(worker_info.buffer,
+					                                                     sdp_data.metadata_worker.start_counters);
+					result[worker_core_id] = counters[index];
+				}
+			}
+		}
+
+		return result;
+	}
+
+	/*
+	 * The function works like the previous one, but it opens buffers in shared memory by itself. In case of
+	 *  an opening error, it calls exit().
+	 */
+	static std::map<tCoreId, uint64_t> GetCounterByName(const std::string& counter_name,
+	                                                    std::optional<tCoreId> core_id)
+	{
+		DataPlaneInSharedMemory sdp_data;
+		if (ReadSharedMemoryData(sdp_data, true) != eResult::success)
+		{
+			std::exit(1);
+		}
+		return GetCounterByName(sdp_data, counter_name, core_id);
+	}
+
+	/*
+	 * The function for each counter ID gets the sum of the values for it from all workers
+	 * Params:
+	 * - sdp_data - the Data Plane In Shared Memory object contains data about connection to shared memory buffers
+	 * - counter_ids - counter IDs
+	 * Return: Aggregated counter values
+	 */
+	static std::vector<uint64_t> GetCounters(const DataPlaneInSharedMemory& sdp_data,
+	                                         const std::vector<tCounterId>& counter_ids)
+	{
+		std::vector<uint64_t> result(counter_ids.size());
+		std::vector<uint64_t*> buffers;
+		for (const auto& iter : sdp_data.workers)
+		{
+			buffers.push_back(common::sdp::ShiftBuffer<uint64_t*>(iter.second.buffer,
+			                                                      sdp_data.metadata_worker.start_counters));
+		}
+
+		for (size_t i = 0; i < counter_ids.size(); i++)
+		{
+			auto counter_id = counter_ids[i];
+			if (counter_id >= YANET_CONFIG_COUNTERS_SIZE)
+			{
+				continue;
+			}
+
+			uint64_t counter = 0;
+			for (const auto& buffer : buffers)
+			{
+				counter += buffer[counter_id];
+			}
+
+			result[i] = counter;
+		}
+
+		return result;
+	}
+
+	/*
+	 * The function works like the previous one, but it opens buffers in shared memory by itself. In case of
+	 *  an opening error, it calls exit().
+	 */
+	static std::vector<uint64_t> GetCounters(const std::vector<tCounterId>& counter_ids)
+	{
+		DataPlaneInSharedMemory sdp_data;
+		if (ReadSharedMemoryData(sdp_data, true) != eResult::success)
+		{
+			std::exit(1);
+		}
+		return GetCounters(sdp_data, counter_ids);
+	}
+
+private:
+	enum class eResultRead : uint8_t
+	{
+		ok,
+		need_reread,
+		error
+	};
+
+	static eResultRead ReadMainFileDataplane(DataPlaneInSharedMemory& sdp_data, uint64_t& size_mmap, std::string& message)
+	{
+		// Try open buffer
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+		auto [buffer, size] = common::ipc::SharedMemory::OpenBufferFile(YANET_SHARED_MEMORY_FILE_DATAPLANE, false);
+#else
+		auto [buffer, size] = common::ipc::SharedMemory::OpenBufferKey(YANET_SHARED_MEMORY_KEY_DATAPLANE, false);
+#endif
+		size_mmap = size;
+		if (buffer == nullptr)
+		{
+			message = "File opening error";
+			return eResultRead::error;
+		}
+		sdp_data.dataplane_data = buffer;
+
+		// Compare size of buffer and size header of metadata dataplane
+		if (size < common::sdp::DataPlaneInSharedMemory::size_header)
+		{
+			message = "Size of file " + std::to_string(size) + " < " +
+			          std::to_string(common::sdp::DataPlaneInSharedMemory::size_header) + " size of header";
+			return eResultRead::need_reread;
+		}
+
+		// WORKERS
+		{
+			sdp_data.workers.clear();
+			sdp_data.workers_gc.clear();
+
+			uint64_t start_workers = ReadValue(buffer, 0);
+			uint64_t size_workers = ReadValue(buffer, 1);
+			if ((start_workers + size_workers > size) || (2 * sizeof(uint64_t) > size_workers))
+			{
+				message = "Bad postion info section WORKERS";
+				return eResultRead::need_reread;
+			}
+			uint64_t index = start_workers / sizeof(uint64_t);
+
+			uint64_t count_workers = ReadValue(buffer, index++);
+			uint64_t count_workers_gc = ReadValue(buffer, index++);
+			if ((2 + 3 * (count_workers + count_workers_gc)) * sizeof(uint64_t) > size_workers)
+			{
+				message = "Size of section WORKERS < (2 + 3 * (count_workers + count_workers_gc)) * sizeof(uint64_t)";
+				return eResultRead::need_reread;
+			}
+
+			for (uint64_t index_worker = 0; index_worker < count_workers; index_worker++)
+			{
+				uint64_t coreId = ReadValue(buffer, index++);
+				tSocketId socket = ReadValue(buffer, index++);
+				uint64_t shift_in_socket = ReadValue(buffer, index++);
+				sdp_data.workers[coreId] = {socket, shift_in_socket, nullptr};
+			}
+
+			for (uint64_t index_worker = 0; index_worker < count_workers_gc; index_worker++)
+			{
+				uint64_t coreId = ReadValue(buffer, index++);
+				tSocketId socket = ReadValue(buffer, index++);
+				uint64_t shift_in_socket = ReadValue(buffer, index++);
+				sdp_data.workers_gc[coreId] = {socket, shift_in_socket, nullptr};
+			}
+		}
+
+		// WORKERS_METADATA
+		{
+			uint64_t start_workers_metadata = ReadValue(buffer, 2);
+			uint64_t size_workers_metadata = ReadValue(buffer, 3);
+			if ((start_workers_metadata + size_workers_metadata > size) || (size_workers_metadata < 128))
+			{
+				message = "Bad postion info section WORKERS_METADATA";
+				return eResultRead::need_reread;
+			}
+			uint64_t index = start_workers_metadata / sizeof(uint64_t);
+
+			// 0-5 - values from MetadataWorker
+			sdp_data.metadata_worker.start_counters = ReadValue(buffer, index);
+			sdp_data.metadata_worker.start_acl_counters = ReadValue(buffer, index + 1);
+			sdp_data.metadata_worker.start_bursts = ReadValue(buffer, index + 2);
+			sdp_data.metadata_worker.start_stats = ReadValue(buffer, index + 3);
+			sdp_data.metadata_worker.start_stats_ports = ReadValue(buffer, index + 4);
+			sdp_data.metadata_worker.size = ReadValue(buffer, index + 5);
+			// 6 - n1 = size MetadataWorker.counter_positions
+			uint64_t n1 = ReadValue(buffer, index + 6);
+			// 7-9 - значения из MetadataWorker
+			sdp_data.metadata_worker_gc.start_counters = ReadValue(buffer, index + 7);
+			sdp_data.metadata_worker_gc.start_stats = ReadValue(buffer, index + 8);
+			sdp_data.metadata_worker_gc.size = ReadValue(buffer, index + 9);
+			// 10 - n2 = size MetadataWorker.counter_positions
+			uint64_t n2 = ReadValue(buffer, index + 10);
+
+			if (128 * (1 + n1 + n2) > size_workers_metadata)
+			{
+				message = "Size of section WORKERS_METADATA < 128 * (1 + n1 + n2)";
+				return eResultRead::need_reread;
+			}
+
+			if (!ReadMap(sdp_data.metadata_worker.counter_positions, buffer, start_workers_metadata + 128, n1))
+			{
+				return eResultRead::need_reread;
+			}
+			if (!ReadMap(sdp_data.metadata_worker_gc.counter_positions, buffer, start_workers_metadata + 128 * (1 + n1), n2))
+			{
+				return eResultRead::need_reread;
+			}
+		}
+
+		// BUS
+		{
+			sdp_data.start_bus_section = ReadValue(buffer, 4);
+			sdp_data.size_bus_section = ReadValue(buffer, 5);
+			if (sdp_data.start_bus_section + sdp_data.size_bus_section > size)
+			{
+				message = "Bad postion info section BUS";
+				return eResultRead::need_reread;
+			}
+		}
+
+		return eResultRead::ok;
+	}
+
+	static eResultRead ReadItAgainMainFileDataplane(DataPlaneInSharedMemory& sdp_data, uint64_t& size_mmap, std::string& message)
+	{
+		// First read
+		DataPlaneInSharedMemory tmp_data;
+		eResultRead result = ReadMainFileDataplane(tmp_data, size_mmap, message);
+		tmp_data.UnmapBuffers(size_mmap);
+		if (result != eResultRead::ok)
+		{
+			return result;
+		}
+
+		// Sleep
+		std::this_thread::sleep_for(std::chrono::microseconds{SHARED_MEMORY_REREAD_TIMEOUT_MICROSECONDS});
+
+		// Second read
+		result = ReadMainFileDataplane(sdp_data, size_mmap, message);
+		if (result != eResultRead::ok)
+		{
+			return result;
+		}
+		else if (!(sdp_data == tmp_data))
+		{
+			message = "The data changed during the re-reading";
+			return eResultRead::need_reread;
+		}
+
+		return eResultRead::ok;
+	}
+
+	static uint64_t ReadValue(void* buffer, uint64_t index)
+	{
+		auto* data = common::sdp::ShiftBuffer<uint8_t*>(buffer, index * sizeof(uint64_t));
+		uint64_t result = 0;
+		for (int i = 0; i < 8; i++)
+		{
+			result = 256 * result + data[i];
+		}
+		return result;
+	}
+
+	static bool ReadMap(std::map<std::string, uint64_t>& values, void* buffer, uint64_t shift, uint64_t count)
+	{
+		values.clear();
+		for (uint64_t index = 0; index < count; index++)
+		{
+			void* current = common::sdp::ShiftBuffer<void*>(buffer, shift + 128 * index);
+			uint64_t value = ReadValue(current, 0);
+			char* str = common::sdp::ShiftBuffer<char*>(current, 8);
+			if (str[119] != 0)
+			{
+				// 119 - index of last symbol
+				return false;
+			}
+			std::string name = std::string(str);
+			values[name] = value;
+		}
+
+		return true;
+	}
+};
+
+} // namespace common::sdp
diff --git a/common/sdpcommon.h b/common/sdpcommon.h
new file mode 100644
index 00000000..0fda626d
--- /dev/null
+++ b/common/sdpcommon.h
@@ -0,0 +1,234 @@
+#pragma once
+
+#include <algorithm>
+#include <numa.h>
+#include <sys/mman.h>
+
+#include "define.h"
+#include "idp.h"
+
+// #define YANET_USE_POSIX_SHARED_MEMORY
+
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+
+#define YANET_SHARED_MEMORY_FILE_DATAPLANE "yanet_dataplane.shm"
+#define YANET_SHARED_MEMORY_PREFIX_WORKERS "yanet_workers_node_"
+
+#else
+
+#define YANET_SHARED_MEMORY_KEY_DATAPLANE 54321
+
+#endif
+
+/*
+
+The structure of data storage in memory DataPlaneInSharedMemory
+
+The following files are created to store data in shared memory:
+1) The main file with information about workers, metadata, some common counters of the system
+2) A separate file is created for each socket (numa node) - it stores the data of the worker counters
+
+All numeric values are stored as 64-bit numbers in Big Endian
+
+---------------------------------------
+1 - The main file
+The file contains the following sections:
+- HEADER
+- WORKERS
+- WORKERS_METADATA
+- BUS
+
+HEADER - 1024 bytes in size (DataPlaneInSharedMemory::size_header)
+Contains the beginning and the size of the remaining sections, 2 numbers each:
+- 0,1 - WORKERS
+- 2,3 - WORKERS_MET
+- 4,5 - BUS
+  The remaining values are reserved
+
+WORKERS
+Contains the following values:
+  0 - n1 = number of workers
+  1 - n2 = number of worker_gc
+  The following contains n1 + n2 triples of numbers:
+  n - core_id
+  n+1 - socket
+  n+2 - shift in socket
+
+WORKERS_METADATA
+  At the beginning, 11 64-bit numbers are written:
+    0-5 - values from MetadataWorker
+    6 - n1 = size MetadataWorker.counter_positions
+    7-9 - values from MetadataWorker
+    10 - n2 = size MetadataWorker.counter_positions
+
+  Starting from 128 bytes, there are n1+n2 entries from counter_positions, each entry occupies 128 bytes:
+    The first 8 bytes are the value from the map
+    The remaining 120 bytes are a string (key), ending with a null byte
+
+BUS
+Contains a buffer used by cBus counters
+
+---------------------------------------
+2 - Socket data file
+The file consists of several blocks, each block corresponds to a worker or worker_gc.
+
+Block for worker
+  The block size is equal to MetadataWorker::size.
+  This block is divided into 5 blocks - counters, acl_counters, bursts, stats, stats_port.
+  To determine the beginning of a block, for example, stats:
+   DataPlaneInSharedMemory::workers_info[core_id].shift_in_socket + MetadataWorker::start_stats
+
+Block for worker_gc
+  The block size is equal to MetadataWorkerGc::size.
+  This block is divided into 2 blocks - counters, stats.
+
+*/
+
+namespace common::sdp
+{
+
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+inline std::string FileNameWorkerOnNumaNode(tSocketId socket_id)
+{
+	return YANET_SHARED_MEMORY_PREFIX_WORKERS + std::to_string(socket_id) + ".shm";
+}
+#endif
+
+template<typename TResult, typename TBuffer = void*>
+inline TResult ShiftBuffer(TBuffer buffer, uint64_t size)
+{
+	return reinterpret_cast<TResult>((reinterpret_cast<char*>(buffer) + size));
+}
+
+template<typename Key, typename Value>
+bool MapsEqual(const std::map<Key, Value>& left, const std::map<Key, Value>& right)
+{
+	if (left.size() != right.size())
+	{
+		return false;
+	}
+
+	auto [stop_left, stop_right] = std::mismatch(left.begin(), left.end(), right.begin(), right.end());
+
+	return (stop_left == left.end()) && (stop_right == right.end());
+}
+
+struct MetadataWorker
+{
+	uint64_t start_counters;
+	uint64_t start_acl_counters;
+	uint64_t start_bursts;
+	uint64_t start_stats;
+	uint64_t start_stats_ports;
+	uint64_t size;
+
+	std::map<std::string, uint64_t> counter_positions;
+
+	bool operator==(const MetadataWorker& other) const
+	{
+		return other.start_counters == start_counters &&
+		       other.start_acl_counters == start_acl_counters &&
+		       other.start_bursts == start_bursts &&
+		       other.start_stats == start_stats &&
+		       other.start_stats_ports == start_stats_ports &&
+		       other.size == size &&
+		       MapsEqual(other.counter_positions, counter_positions);
+	}
+};
+
+struct MetadataWorkerGc
+{
+	uint64_t start_counters;
+	uint64_t start_stats;
+	uint64_t size;
+
+	std::map<std::string, uint64_t> counter_positions;
+
+	bool operator==(const MetadataWorkerGc& other) const
+	{
+		return other.start_counters == start_counters &&
+		       other.start_stats == start_stats &&
+		       other.size == size &&
+		       MapsEqual(other.counter_positions, counter_positions);
+	}
+};
+
+struct WorkerInSharedMemory
+{
+	tSocketId socket;
+	uint64_t shift_in_socket;
+	void* buffer;
+
+	bool operator==(const WorkerInSharedMemory& other) const
+	{
+		return other.socket == socket &&
+		       other.shift_in_socket == shift_in_socket;
+	}
+};
+
+struct DataPlaneInSharedMemory
+{
+	static constexpr uint64_t size_header = 1024;
+
+	using workers_info = std::map<tCoreId, WorkerInSharedMemory>;
+
+	workers_info workers;
+	workers_info workers_gc;
+
+	MetadataWorker metadata_worker;
+	MetadataWorkerGc metadata_worker_gc;
+
+	uint64_t size_workers_section;
+	uint64_t size_workers_metadata_section;
+	uint64_t size_bus_section;
+
+	uint64_t size_dataplane_buffer;
+	void* dataplane_data = nullptr;
+	uint64_t start_bus_section;
+
+	void UnmapBuffers(uint64_t size)
+	{
+		if (dataplane_data != nullptr)
+		{
+			if (munmap(dataplane_data, size) < 0)
+			{
+				YANET_LOG_ERROR("Error munmap %d: %s", errno, strerror(errno));
+			}
+			dataplane_data = nullptr;
+		}
+	}
+
+	bool operator==(const DataPlaneInSharedMemory& other) const
+	{
+		return other.metadata_worker == metadata_worker &&
+		       other.metadata_worker_gc == metadata_worker_gc &&
+		       other.start_bus_section == start_bus_section &&
+		       MapsEqual(other.workers, workers) &&
+		       MapsEqual(other.workers_gc, workers_gc);
+	}
+
+	void FillSizes()
+	{
+		size_workers_section = Allign64((2 + 3 * (workers.size() + workers_gc.size())) * sizeof(uint64_t));
+		size_workers_metadata_section = 128 * (1 + metadata_worker.counter_positions.size() + metadata_worker_gc.counter_positions.size());
+		size_bus_section = Allign64(size_bus_section);
+		size_dataplane_buffer = size_header + size_workers_section + size_workers_metadata_section + size_bus_section;
+	}
+
+	static uint64_t Allign64(uint64_t value)
+	{
+		return ((value + 63) / 64) * 64;
+	}
+
+	[[nodiscard]] std::tuple<uint64_t*, uint64_t*, uint64_t*> BuffersBus() const
+	{
+		auto count_errors = static_cast<uint32_t>(common::idp::errorType::size);
+		auto count_requests = static_cast<uint32_t>(common::idp::requestType::size);
+		auto* requests = common::sdp::ShiftBuffer<uint64_t*>(dataplane_data, start_bus_section);
+		auto* errors = common::sdp::ShiftBuffer<uint64_t*>(dataplane_data, start_bus_section + count_requests * sizeof(uint64_t));
+		auto* durations = common::sdp::ShiftBuffer<uint64_t*>(dataplane_data, start_bus_section + (count_requests + count_errors) * sizeof(uint64_t));
+		return {requests, errors, durations};
+	}
+};
+
+} // namespace common::sdp
diff --git a/common/sendrecv.h b/common/sendrecv.h
index 328338f6..d2435214 100644
--- a/common/sendrecv.h
+++ b/common/sendrecv.h
@@ -2,8 +2,8 @@
 
 #include <string>
 
+#include <cstring>
 #include <google/protobuf/message.h>
-#include <string.h>
 #include <sys/socket.h>
 #include <unistd.h>
 #include <vector>
@@ -118,11 +118,11 @@ static int send(int clientSocket, Req&& request)
 }
 
 template<class Resp>
-static inline Resp recv(int clientSocket) //unsafe
+static inline Resp recv(int clientSocket) // unsafe
 {
 	std::vector<uint8_t> buffer;
 
-	uint64_t messageSize;
+	uint64_t messageSize = 0;
 	if (auto err = recvAll(clientSocket, (char*)&messageSize, sizeof(messageSize)); err != 0)
 	{
 		throw std::string("recv(): ") + strerror(err);
diff --git a/common/shared_memory.h b/common/shared_memory.h
new file mode 100644
index 00000000..e601c8be
--- /dev/null
+++ b/common/shared_memory.h
@@ -0,0 +1,342 @@
+#pragma once
+
+#include <cstring>
+#include <fcntl.h>
+#include <numa.h>
+#include <numaif.h>
+#include <optional>
+#include <sys/mman.h>
+#include <sys/shm.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "define.h"
+#include "type.h"
+
+namespace common::ipc
+{
+
+class SharedMemory
+{
+public:
+	static constexpr int mode_create = 0644;
+
+	/*
+	 * Check if HugeTLB Pages usage is available
+	 * Searches for a string of the type "Hugetlb: zzz kB" in the /proc/meminfo and returns true
+	 * if the parameter value is not 0
+	 * Some details in the Linux kernel source file Documentation/admin-guide/mm/hugetlbpage.rst
+	 */
+	static bool HugeTlbEnabled()
+	{
+		const char* path_meminfo = "/proc/meminfo";
+		const char* str_hugetlb = "Hugetlb:";
+
+		FILE* fd = fopen(path_meminfo, "r");
+		if (fd == nullptr)
+		{
+			YANET_LOG_ERROR("Cannot open %s, error %d: %s\n", path_meminfo, errno, strerror(errno));
+			return false;
+		}
+
+		bool hugetlb_enabled = false;
+		bool line_found = false;
+		unsigned hugetlb_len = sizeof(str_hugetlb);
+		char buffer[256];
+		while (fgets(buffer, sizeof(buffer), fd))
+		{
+			if (strncmp(buffer, str_hugetlb, hugetlb_len) == 0)
+			{
+				char* str = &buffer[hugetlb_len];
+				while (isspace((int)*str))
+				{
+					str++;
+				}
+				char* endptr = nullptr;
+				unsigned long long size = strtoull(str, &endptr, 0);
+				// The string still contains kB (or mB, gB), but it only matters to us
+				// whether the value is 0 or not
+				if (errno != 0)
+				{
+					YANET_LOG_ERROR("Error parsing size of %s in file %s\n", str_hugetlb, path_meminfo);
+					return false;
+				}
+				hugetlb_enabled = (size != 0);
+				line_found = true;
+				break;
+			}
+		}
+		fclose(fd);
+
+		if (!line_found)
+		{
+			YANET_LOG_WARNING("Not found string '%s' in file: %s\n", str_hugetlb, path_meminfo);
+		}
+
+		return hugetlb_enabled;
+	}
+
+	/*
+	 * Creating a buffer in shared memory (POSIX shared memory)
+	 * Params:
+	 * - filename - the name of the file without a path, the file is created in /dev/shm
+	 * - size - buffer size
+	 * - use_huge_tlb - if true, it will use MAP_HUGETLB
+	 * - socket_id - id of the numa node on which one want to allocate a buffer,
+	 *               if std::nullptr - it will be selected automatically by the system
+	 * Return value:
+	 * void* - address of the allocated buffer, nullptr if an error occurred
+	 */
+	static void* CreateBufferFile(std::string filename, size_t size, bool use_huge_tlb, std::optional<tSocketId> socket_id)
+	{
+		// Open or creare shared memory file
+		int flags_open = O_RDWR | O_CREAT;
+		int fd = shm_open(filename.c_str(), flags_open, mode_create);
+		if (fd == -1)
+		{
+			YANET_LOG_ERROR("shm_open(%s, %d, %o): %s\n", filename.c_str(), flags_open, mode_create, strerror(errno));
+			return nullptr;
+		}
+
+		// Truncate - set file size
+		int res_trunc = ftruncate(fd, size);
+		if (res_trunc < 0)
+		{
+			YANET_LOG_ERROR("filename=%s, ftruncate(%d, %lu): %s\n", filename.c_str(), fd, size, strerror(errno));
+			close(fd);
+			return nullptr;
+		}
+
+		// Set memory policy if necessary
+		auto [oldmask, oldpolicy] = SetMemoryPolicy(socket_id);
+
+		// Mmap memory
+		int prot = PROT_READ | PROT_WRITE;
+		int flags_mmap = GetFlags(MAP_SHARED, use_huge_tlb, MAP_HUGETLB);
+		void* addr = mmap(nullptr, size, prot, flags_mmap, fd, 0);
+		if (addr == MAP_FAILED)
+		{
+			// The error occurs when trying to use HugeTlb when this feature is not enabled in the kernel
+			YANET_LOG_ERROR("filename=%s, mmap(%p, %lu, %d, %d, %d, 0)\n", filename.c_str(), nullptr, size, prot, flags_mmap, fd);
+			return nullptr;
+		}
+
+		// Zero memory
+		memset(addr, 0, size);
+
+		// Restore memory policy if necessary
+		RestoreMemoryPolicy(socket_id, oldmask, oldpolicy);
+
+		// Close file
+		if (close(fd) != 0)
+		{
+			YANET_LOG_ERROR("filename=%s, error fclose %d: %s\n", filename.c_str(), errno, strerror(errno));
+		}
+
+		return addr;
+	}
+
+	/*
+	 * Creating a buffer in shared memory (System V shared memory)
+	 * Params:
+	 * - key - the identifier of segment
+	 * - size - buffer size
+	 * - use_huge_tlb - if true, it will use MAP_HUGETLB
+	 * - socket_id - id of the numa node on which one want to allocate a buffer,
+	 *               if std::nullptr - it will be selected automatically by the system
+	 * Return value:
+	 * void* - address of the allocated buffer, nullptr if an error occurred
+	 */
+	static void* CreateBufferKey(key_t key, size_t size, bool use_huge_tlb, std::optional<tSocketId> socket_id)
+	{
+		// Delete old segment
+		int shmid = shmget(key, 0, 0);
+		if ((shmid != -1) && (shmctl(shmid, IPC_RMID, nullptr) < 0))
+		{
+			YANET_LOG_ERROR("key = %d, shmctl(%d, IPC_RMID, nullptr): %s\n", key, shmid, strerror(errno));
+			return nullptr;
+		}
+
+		// Creare shared memory segment
+		int flags = GetFlags(IPC_CREAT | mode_create, use_huge_tlb, SHM_HUGETLB);
+		shmid = shmget(key, size, flags);
+		if (shmid == -1)
+		{
+			YANET_LOG_ERROR("shmget(%d, %lu, %d): %s\n", key, size, flags, strerror(errno));
+			return nullptr;
+		}
+
+		// Set memory policy if necessary
+		auto [oldmask, oldpolicy] = SetMemoryPolicy(socket_id);
+
+		// Mmap memory
+		void* addr = shmat(shmid, nullptr, 0);
+		if (addr == (void*)-1)
+		{
+			YANET_LOG_ERROR("shmat(%d, %p, %d): %s\n", shmid, nullptr, 0, strerror(errno));
+			return nullptr;
+		}
+
+		// Zero memory
+		memset(addr, 0, size);
+
+		// Restore memory policy if necessary
+		RestoreMemoryPolicy(socket_id, oldmask, oldpolicy);
+
+		return addr;
+	}
+
+	/*
+	 * Open an existing buffer in shared memory (POSIX shared memory)
+	 * Params:
+	 * - filename - the name of the file without a path, the file is created in /dev/shm
+	 * - use_huge_tlb - if true, it will use MAP_HUGETLB
+	 * Return values:
+	 * - void* - address of the allocated buffer, nullptr if an error occurred
+	 * - size - buffer size
+	 */
+	static std::pair<void*, size_t> OpenBufferFile(std::string filename, bool use_huge_tlb)
+	{
+		// Open shared memory file
+		int flags_open = O_RDONLY;
+		int fd = shm_open(filename.c_str(), flags_open, mode_create);
+		if (fd == -1)
+		{
+			YANET_LOG_ERROR("shm_open(%s, %d, %o): %s\n", filename.c_str(), flags_open, mode_create, strerror(errno));
+			return {nullptr, 0};
+		}
+
+		// Get the size of file
+		struct stat buffer;
+		int status = fstat(fd, &buffer);
+		if (status != 0)
+		{
+			YANET_LOG_ERROR("filename=%s, fstat(%d, &buffer): %s\n", filename.c_str(), fd, strerror(errno));
+			close(fd);
+			return {nullptr, 0};
+		}
+		size_t size = buffer.st_size;
+
+		// Mmap memory
+		int prot = PROT_READ;
+		int flags_mmap = GetFlags(MAP_SHARED, use_huge_tlb, MAP_HUGETLB);
+		void* addr = mmap(nullptr, size, prot, flags_mmap, fd, 0);
+		if (addr == MAP_FAILED)
+		{
+			YANET_LOG_ERROR("filename=%s, mmap(%p, %lu, %d, %d, %d, 0)\n", filename.c_str(), nullptr, size, prot, flags_mmap, fd);
+			close(fd);
+			return {nullptr, 0};
+		}
+
+		// Close file
+		if (close(fd) != 0)
+		{
+			YANET_LOG_ERROR("filename=%s, error fclose %d: %s\n", filename.c_str(), errno, strerror(errno));
+		}
+
+		return {addr, size};
+	}
+
+	/*
+	 * Open an existing buffer in shared memory (System V shared memory)
+	 * Params:
+	 * - key - the identifier of segment
+	 * - use_huge_tlb - if true, it will use MAP_HUGETLB
+	 * Return values:
+	 * - void* - address of the allocated buffer, nullptr if an error occurred
+	 * - size - buffer size
+	 */
+	static std::pair<void*, size_t> OpenBufferKey(key_t key, bool use_huge_tlb)
+	{
+		// Open shared memory segment
+		int flags = GetFlags(0, use_huge_tlb, SHM_HUGETLB);
+		int shmid = shmget(key, 0, flags);
+		if (shmid == -1)
+		{
+			YANET_LOG_ERROR("shmget(%d, %d, %d): %s\n", key, 0, flags, strerror(errno));
+			return {nullptr, 0};
+		}
+
+		// Get the size of segment
+		struct shmid_ds buf;
+		if (shmctl(shmid, IPC_STAT, &buf) == -1)
+		{
+			YANET_LOG_ERROR("key=%d, shmctl(%d, IPC_STAT, &buf): %s\n", key, shmid, strerror(errno));
+			return {nullptr, 0};
+		}
+		size_t size = buf.shm_segsz;
+
+		// Mmap memory
+		int shmflg = SHM_RDONLY;
+		auto addr = shmat(shmid, nullptr, shmflg);
+		if (addr == (void*)-1)
+		{
+			YANET_LOG_ERROR("key=%d, shmat(%d, %p, %d) = -1\n", key, shmid, nullptr, shmflg);
+			return {nullptr, 0};
+		}
+
+		return {addr, size};
+	}
+
+private:
+	static std::pair<struct bitmask*, int> SetMemoryPolicy(std::optional<tSocketId> socket_id)
+	{
+		struct bitmask* oldmask = nullptr;
+		int oldpolicy = 0;
+		if (socket_id.has_value())
+		{
+			oldmask = numa_allocate_nodemask();
+			if (get_mempolicy(&oldpolicy, oldmask->maskp, oldmask->size + 1, nullptr, 0) < 0)
+			{
+				YANET_LOG_WARNING("get_mempolicy(): %s, continue with the use of sockets turned off\n", strerror(errno));
+				oldpolicy = MPOL_DEFAULT;
+				socket_id = std::nullopt;
+			}
+			else
+			{
+				numa_set_preferred(*socket_id);
+				if (errno != 0)
+				{
+					YANET_LOG_ERROR("numa_set_preferred(%d): %s\n", *socket_id, strerror(errno));
+				}
+			}
+		}
+		return {oldmask, oldpolicy};
+	}
+
+	static void RestoreMemoryPolicy(std::optional<tSocketId> socket_id, struct bitmask* oldmask, int oldpolicy)
+	{
+		if (socket_id.has_value())
+		{
+			if (oldpolicy == MPOL_DEFAULT)
+			{
+				numa_set_localalloc();
+			}
+			else if (set_mempolicy(oldpolicy, oldmask->maskp, oldmask->size + 1) < 0)
+			{
+				YANET_LOG_ERROR("set_mempolicy(): %s\n", strerror(errno));
+				numa_set_localalloc();
+			}
+			numa_free_cpumask(oldmask);
+		}
+	}
+
+	static int GetFlags(int start_value, bool use_huge_tlb, int flag_of_huge_tlb)
+	{
+		int flags = start_value;
+		if (use_huge_tlb)
+		{
+			if (!HugeTlbEnabled())
+			{
+				YANET_LOG_ERROR("Attempt to use HugeTlb, but it is not enabled\n");
+			}
+			else
+			{
+				flags |= flag_of_huge_tlb;
+			}
+		}
+		return flags;
+	}
+};
+
+} // namespace common::ipc
diff --git a/common/static_vector.h b/common/static_vector.h
new file mode 100644
index 00000000..1e954a8b
--- /dev/null
+++ b/common/static_vector.h
@@ -0,0 +1,201 @@
+#pragma once
+
+#include <algorithm>
+#include <array>
+#include <stdexcept>
+#include <type_traits>
+#include <utility>
+
+namespace utils
+{
+
+template<typename T, std::size_t Cap, bool UseExceptions = false>
+class StaticVector
+{
+	using storage_t = std::aligned_storage_t<sizeof(T), alignof(T)>;
+	std::array<storage_t, Cap> buf_;
+	std::size_t len_ = 0;
+
+	T* AddressOfIndex(std::size_t idx)
+	{
+		return std::launder(reinterpret_cast<T*>(&buf_[idx]));
+	}
+
+	const T* AddressOfIndex(std::size_t idx) const
+	{
+		return std::launder(reinterpret_cast<const T*>(&buf_[idx]));
+	}
+
+	void HandleOutOfRange()
+	{
+		if constexpr (UseExceptions)
+		{
+			throw std::out_of_range("");
+		}
+		else
+		{
+			std::abort();
+		}
+	}
+
+	template<typename... Args>
+	void PushBackUnsafe(Args&&... args)
+	{
+		new (AddressOfIndex(len_)) T(std::forward<Args>(args)...);
+		++len_;
+	}
+
+	template<typename OtherVector>
+	void PerElementTransfer(OtherVector&& other)
+	{
+		// If T is trivially copyable, use trivial copy
+		if constexpr (std::is_trivially_copyable_v<T>)
+		{
+			std::copy(std::begin(other.buf_), std::begin(other.buf_) + other.len_, std::begin(buf_));
+			len_ = other.len_;
+		}
+		else
+		{
+			clear();
+
+			for (auto&& elem : other)
+			{
+				PushBackUnsafe(std::forward<decltype(elem)>(elem));
+			}
+
+			// If other is an rvalue, clear the original vector
+			if constexpr (std::is_rvalue_reference_v<decltype(other)>)
+			{
+				other.clear();
+			}
+		}
+	}
+
+public:
+	using iterator = T*;
+	using const_iterator = const T*;
+
+	StaticVector() = default;
+
+	~StaticVector()
+	{
+		clear();
+	}
+
+	StaticVector(const StaticVector& other)
+	{
+		PerElementTransfer(other);
+	}
+
+	StaticVector(StaticVector&& other) noexcept
+	{
+		PerElementTransfer(std::move(other));
+	}
+
+	StaticVector& operator=(const StaticVector& other)
+	{
+		if (this != &other)
+		{
+			clear();
+			PerElementTransfer(other);
+		}
+		return *this;
+	}
+
+	StaticVector& operator=(StaticVector&& other) noexcept
+	{
+		if (this != &other)
+		{
+			clear();
+			PerElementTransfer(std::move(other));
+		}
+		return *this;
+	}
+
+	template<typename U>
+	void push_back(U&& elem)
+	{
+		if (Full())
+		{
+			HandleOutOfRange();
+		}
+		PushBackUnsafe(std::forward<U>(elem));
+	}
+
+	template<typename... Args>
+	void emplace_back(Args&&... args)
+	{
+		if (Full())
+		{
+			HandleOutOfRange();
+		}
+		PushBackUnsafe(std::forward<Args>(args)...);
+	}
+
+	void pop_back()
+	{
+		if (empty())
+		{
+			HandleOutOfRange();
+		}
+		at(--len_).~T();
+	}
+
+	T& operator[](std::size_t pos)
+	{
+		return *AddressOfIndex(pos);
+	}
+
+	const T& operator[](std::size_t pos) const
+	{
+		return *AddressOfIndex(pos);
+	}
+
+	T& at(std::size_t pos)
+	{
+		if (pos >= size())
+		{
+			HandleOutOfRange();
+		}
+		return *AddressOfIndex(pos);
+	}
+
+	const T& at(std::size_t pos) const
+	{
+		if (pos >= size())
+		{
+			HandleOutOfRange();
+		}
+		return *AddressOfIndex(pos);
+	}
+
+	iterator begin() { return AddressOfIndex(0); }
+	iterator end() { return AddressOfIndex(size()); }
+	const_iterator begin() const { return AddressOfIndex(0); }
+	const_iterator end() const { return AddressOfIndex(size()); }
+	const_iterator cbegin() const { return AddressOfIndex(0); }
+	const_iterator cend() const { return AddressOfIndex(size()); }
+
+	[[nodiscard]] bool empty() const { return size() == 0; }
+	[[nodiscard]] constexpr std::size_t capacity() const { return Cap; }
+	[[nodiscard]] std::size_t size() const { return len_; }
+	[[nodiscard]] bool Full() const { return size() == capacity(); }
+
+	// Clear the vector and destruct elements
+	void clear()
+	{
+		if constexpr (std::is_trivially_destructible_v<T>)
+		{
+			len_ = 0;
+		}
+		else
+		{
+			while (!empty())
+			{
+				pop_back();
+			}
+		}
+	}
+};
+
+} // namespace utils
diff --git a/common/stream.h b/common/stream.h
index 36413cd3..3bbf6510 100644
--- a/common/stream.h
+++ b/common/stream.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include <inttypes.h>
-
 #include <map>
 #include <memory>
 #include <optional>
@@ -13,9 +11,17 @@
 #include <variant>
 #include <vector>
 
+#include "common/traits.h"
+
 namespace common
 {
 
+// TODO: This class offers serialization/deserialization of objects, but it is too restrictive.
+// Due to the pop method interface, which returns objects by reference in an argument,
+// we cannot use this with non DefaultConstructible objects.
+// This means that even though we serialize an object and want to deserialize it by
+// creating an object directly, without needing to first create a default one,
+// we are unable to do so.
 class stream_in_t
 {
 public:
@@ -81,8 +87,8 @@ class stream_in_t
 
 protected:
 	const std::vector<uint8_t>& inBuffer;
-	uint64_t inPosition;
-	bool failed;
+	uint64_t inPosition{};
+	bool failed{};
 };
 
 //
@@ -93,7 +99,7 @@ class stream_out_t
 	using integer_t = uint64_t;
 
 public:
-	stream_out_t();
+	stream_out_t() = default;
 
 	template<typename TType>
 	inline void push(const TType& value);
@@ -278,12 +284,46 @@ class stream_out_t
 	std::vector<uint8_t> outBuffer;
 };
 
+// Check if T has a pop method with signature void pop(stream_in_t&)
+template<typename T, typename = void>
+struct has_pop : std::false_type
+{};
+
+template<typename T>
+struct has_pop<T, std::void_t<decltype(std::declval<T>().pop(std::declval<common::stream_in_t&>()))>> : std::true_type
+{};
+
+template<typename T>
+constexpr bool has_pop_v = has_pop<T>::value;
+
+// Check if T has a push method with signature void push(stream_out_t&) const
+template<typename T, typename = void>
+struct has_push : std::false_type
+{};
+
+template<typename T>
+struct has_push<T, std::void_t<decltype(std::declval<const T>().push(std::declval<common::stream_out_t&>()))>> : std::true_type
+{};
+
+template<typename T>
+constexpr bool has_push_v = has_push<T>::value;
+
+// Check if T has an as_tuple() method
+template<typename T, typename = void>
+struct has_as_tuple : std::false_type
+{};
+
+template<typename T>
+struct has_as_tuple<T, std::void_t<decltype(std::declval<T>().as_tuple())>> : std::true_type
+{};
+
+template<typename T>
+constexpr bool has_as_tuple_v = has_as_tuple<T>::value;
+
 //
 
 inline stream_in_t::stream_in_t(const std::vector<uint8_t>& buffer) :
-        inBuffer(buffer),
-        inPosition(0),
-        failed(false)
+        inBuffer(buffer)
 {
 }
 
@@ -304,10 +344,22 @@ inline void stream_in_t::pop(TType& value)
 
 		inPosition += sizeof(TType);
 	}
-	else
+	// Use as_tuple method to deserialize members
+	else if constexpr (has_as_tuple_v<TType>)
+	{
+		auto tuple = value.as_tuple();
+		std::apply([this](auto&... args) { (this->pop(args), ...); }, tuple);
+	}
+	// Use the class's own pop method if it has one with the correct signature
+	else if constexpr (has_pop_v<TType>)
 	{
 		value.pop(*this);
 	}
+	else
+	{
+		static_assert(traits::always_false_v<TType>, "Type TType cannot be deserialized: "
+		                                             "no as_tuple or pop(stream_in_t&) method");
+	}
 }
 
 inline void stream_in_t::pop(char* buffer, uint64_t bufferSize)
@@ -332,7 +384,7 @@ inline void stream_in_t::pop(char* buffer, uint64_t bufferSize)
 
 inline void stream_in_t::pop(std::string& value)
 {
-	std::string::size_type size;
+	std::string::size_type size = 0;
 	pop(size);
 
 	if (this->inBuffer.size() - inPosition < size)
@@ -554,10 +606,6 @@ inline void stream_in_t::popVariant(std::variant<TArgs...>& variant,
 
 //
 
-inline stream_out_t::stream_out_t()
-{
-}
-
 template<typename TType>
 inline void stream_out_t::push(const TType& value)
 {
@@ -567,10 +615,22 @@ inline void stream_out_t::push(const TType& value)
 		auto& data = reinterpret_cast<ByteArray>(value);
 		outBuffer.insert(outBuffer.end(), std::begin(data), std::end(data));
 	}
-	else
+	// Use as_tuple method to serialize members
+	else if constexpr (has_as_tuple_v<TType>)
+	{
+		auto tuple = value.as_tuple();
+		std::apply([this](const auto&... args) { (this->push(args), ...); }, tuple);
+	}
+	// Use the class's own push method if it has one with the correct signature
+	else if constexpr (has_push_v<TType>)
 	{
 		value.push(*this);
 	}
+	else
+	{
+		static_assert(traits::always_false_v<TType>, "Type TType cannot be serialized: "
+		                                             "no as_tuple or push(stream_out_t&) method");
+	}
 }
 
 inline void stream_out_t::push(const char* buffer, uint64_t bufferSize)
diff --git a/common/traits.h b/common/traits.h
new file mode 100644
index 00000000..d8503f53
--- /dev/null
+++ b/common/traits.h
@@ -0,0 +1,96 @@
+#pragma once
+
+#include <functional>
+#include <iterator>
+#include <optional>
+#include <set>
+#include <type_traits>
+#include <variant>
+#include <vector>
+
+namespace traits
+{
+
+template<typename>
+struct always_false : std::false_type
+{};
+
+template<typename T>
+inline constexpr bool always_false_v = always_false<T>::value;
+
+template<typename T>
+struct is_optional : std::false_type
+{};
+
+template<typename T>
+struct is_optional<std::optional<T>> : std::true_type
+{};
+
+template<typename T>
+inline constexpr bool is_optional_v = is_optional<T>::value;
+
+template<typename T>
+struct is_variant : std::false_type
+{};
+
+template<typename... Types>
+struct is_variant<std::variant<Types...>> : std::true_type
+{};
+
+template<typename T>
+inline constexpr bool is_variant_v = is_variant<T>::value;
+
+template<typename T, typename = void>
+struct is_container : std::false_type
+{};
+
+/*
+ * Checks:
+ * Whether std::begin(T&), std::end(T&) and std::empty(T&) are valid expressions.
+ * Whether the result of std::begin(T&) can be dereferenced (i.e., *std::begin(T&) is valid)
+ */
+template<typename T>
+struct is_container<T,
+                    std::void_t<
+                            decltype(std::begin(std::declval<T&>())),
+                            decltype(std::end(std::declval<T&>())),
+                            decltype(std::empty(std::declval<T&>())),
+                            decltype(*std::begin(std::declval<T&>()))>> : std::true_type
+{};
+
+template<typename T>
+inline constexpr bool is_container_v = is_container<T>::value;
+
+template<typename T>
+struct is_vector : std::false_type
+{};
+
+template<typename T, typename Alloc>
+struct is_vector<std::vector<T, Alloc>> : std::true_type
+{};
+
+template<typename T>
+inline constexpr bool is_vector_v = is_vector<T>::value;
+
+template<typename T>
+struct is_set : std::false_type
+{};
+
+template<typename Key, typename Compare, typename Allocator>
+struct is_set<std::set<Key, Compare, Allocator>> : std::true_type
+{};
+
+template<typename T>
+inline constexpr bool is_set_v = is_set<T>::value;
+
+template<typename T>
+struct function
+{
+	template<typename R, typename... Args>
+	static std::tuple<Args...> pro_args(std::function<R(Args...)>);
+
+	using args = decltype(pro_args(std::function{std::declval<T>()}));
+};
+
+}
+// namespace utils
diff --git a/common/tsc_deltas.h b/common/tsc_deltas.h
index 9e503797..0bbcf34e 100644
--- a/common/tsc_deltas.h
+++ b/common/tsc_deltas.h
@@ -1,5 +1,7 @@
 #pragma once
 
+#include <algorithm>
+#include <array>
 #include <climits>
 #include <cstdint>
 #include <rte_branch_prediction.h>
@@ -10,16 +12,15 @@
 
 #include "common/define.h"
 
-#define YANET_TSC_BINS_SHIFT 2
-#define YANET_TSC_BINS_N 4
+constexpr auto YANET_TSC_BINS_SHIFT = 2;
+constexpr auto YANET_TSC_BINS_N = 4;
 
-namespace dataplane
+namespace dataplane::perf
 {
 
-namespace perf
-{
+using CountersArray = std::array<uint16_t, YANET_TSC_BINS_N>;
 
-struct tsc_base_values
+struct alignas(2 * RTE_CACHE_LINE_SIZE) tsc_base_values
 {
 	uint32_t logicalPort_ingress_handle = 18;
 	uint32_t acl_ingress_handle4 = 0;
@@ -46,39 +47,40 @@ struct tsc_base_values
 	uint32_t acl_egress_handle6 = 0;
 	uint32_t logicalPort_egress_handle = 0;
 	uint32_t controlPlane_handle = 0;
-} __attribute__((__aligned__(2 * RTE_CACHE_LINE_SIZE)));
+};
 
-struct tsc_deltas
+struct alignas(2 * RTE_CACHE_LINE_SIZE) tsc_deltas
 {
 	uint64_t iter_num;
-	uint16_t logicalPort_ingress_handle[YANET_TSC_BINS_N];
-	uint16_t acl_ingress_handle4[YANET_TSC_BINS_N];
-	uint16_t acl_ingress_handle6[YANET_TSC_BINS_N];
-	uint16_t tun64_ipv4_handle[YANET_TSC_BINS_N];
-	uint16_t tun64_ipv6_handle[YANET_TSC_BINS_N];
-	uint16_t route_handle4[YANET_TSC_BINS_N];
-	uint16_t route_handle6[YANET_TSC_BINS_N];
-
-	uint16_t decap_handle[YANET_TSC_BINS_N];
-	uint16_t nat64stateful_lan_handle[YANET_TSC_BINS_N];
-	uint16_t nat64stateful_wan_handle[YANET_TSC_BINS_N];
-	uint16_t nat64stateless_egress_handle[YANET_TSC_BINS_N];
-	uint16_t nat64stateless_ingress_handle[YANET_TSC_BINS_N];
-	uint16_t nat46clat_lan_handle[YANET_TSC_BINS_N];
-	uint16_t nat46clat_wan_handle[YANET_TSC_BINS_N];
-	uint16_t balancer_handle[YANET_TSC_BINS_N];
-
-	uint16_t balancer_icmp_reply_handle[YANET_TSC_BINS_N];
-	uint16_t balancer_icmp_forward_handle[YANET_TSC_BINS_N];
-	uint16_t route_tunnel_handle4[YANET_TSC_BINS_N];
-	uint16_t route_tunnel_handle6[YANET_TSC_BINS_N];
-	uint16_t acl_egress_handle4[YANET_TSC_BINS_N];
-	uint16_t acl_egress_handle6[YANET_TSC_BINS_N];
-	uint16_t logicalPort_egress_handle[YANET_TSC_BINS_N];
-
-	uint16_t controlPlane_handle[YANET_TSC_BINS_N];
-
-	YANET_ALWAYS_INLINE void write(uint64_t& tsc_start, uint32_t stack_size, uint16_t bins[YANET_TSC_BINS_N], uint32_t base)
+	CountersArray logicalPort_ingress_handle{};
+
+	CountersArray acl_ingress_handle4{};
+	CountersArray acl_ingress_handle6{};
+	CountersArray tun64_ipv4_handle{};
+	CountersArray tun64_ipv6_handle{};
+	CountersArray route_handle4{};
+	CountersArray route_handle6{};
+
+	CountersArray decap_handle{};
+	CountersArray nat64stateful_lan_handle{};
+	CountersArray nat64stateful_wan_handle{};
+	CountersArray nat64stateless_egress_handle{};
+	CountersArray nat64stateless_ingress_handle{};
+	CountersArray nat46clat_lan_handle{};
+	CountersArray nat46clat_wan_handle{};
+	CountersArray balancer_handle{};
+
+	CountersArray balancer_icmp_reply_handle{};
+	CountersArray balancer_icmp_forward_handle{};
+	CountersArray route_tunnel_handle4{};
+	CountersArray route_tunnel_handle6{};
+	CountersArray acl_egress_handle4{};
+	CountersArray acl_egress_handle6{};
+	CountersArray logicalPort_egress_handle{};
+
+	CountersArray controlPlane_handle{};
+
+	YANET_ALWAYS_INLINE void write(uint64_t& tsc_start, uint32_t stack_size, CountersArray& bins, uint32_t base)
 	{
 		if (!tsc_start || unlikely(stack_size == 0))
 		{
@@ -86,12 +88,12 @@ struct tsc_deltas
 		}
 
 		auto tsc_end = rte_get_tsc_cycles();
-		auto shifted_delta = (int64_t)((tsc_end - tsc_start) / stack_size) - base;
+		auto shifted_delta = static_cast<int64_t>((tsc_end - tsc_start) / stack_size) - base;
 
 		if (shifted_delta > 0)
 		{
-			int floor_log_4 = (sizeof(uint64_t) * CHAR_BIT - _lzcnt_u64(shifted_delta) - 1) >> 1;
-			int bin_idx = std::min(std::max(floor_log_4 - YANET_TSC_BINS_SHIFT, 0), 4 - 1);
+			uint16_t floor_log_4 = (sizeof(uint64_t) * CHAR_BIT - _lzcnt_u64(shifted_delta) - 1) >> 1;
+			uint16_t bin_idx = std::clamp(floor_log_4 - YANET_TSC_BINS_SHIFT, 0, YANET_TSC_BINS_N - 1);
 			bins[bin_idx]++;
 		}
 		else
@@ -102,14 +104,35 @@ struct tsc_deltas
 		tsc_start = tsc_end;
 	}
 
-} __attribute__((__aligned__(2 * RTE_CACHE_LINE_SIZE)));
-
-static_assert(sizeof(tsc_deltas) <= 8 * RTE_CACHE_LINE_SIZE,
-              "too many deltas");
-
-static_assert(std::is_pod_v<tsc_deltas> == true,
-              "tsc structure is not pod");
-
-}
+	[[nodiscard]] auto as_tuple() const
+	{
+		return std::tie(logicalPort_ingress_handle,
+		                acl_ingress_handle4,
+		                acl_ingress_handle6,
+		                tun64_ipv4_handle,
+		                tun64_ipv6_handle,
+		                route_handle4,
+		                route_handle6,
+		                decap_handle,
+		                nat64stateful_lan_handle,
+		                nat64stateful_wan_handle,
+		                nat64stateless_egress_handle,
+		                nat64stateless_ingress_handle,
+		                nat46clat_lan_handle,
+		                nat46clat_wan_handle,
+		                balancer_handle,
+		                balancer_icmp_reply_handle,
+		                balancer_icmp_forward_handle,
+		                route_tunnel_handle4,
+		                route_tunnel_handle6,
+		                acl_egress_handle4,
+		                acl_egress_handle6,
+		                logicalPort_egress_handle,
+		                controlPlane_handle);
+	}
+};
 
+static_assert(sizeof(tsc_deltas) <= 8 * RTE_CACHE_LINE_SIZE, "tsc_deltas size exceeds cache line size");
+static_assert(std::is_trivially_copyable<tsc_deltas>::value, "tsc_deltas should be trivially copyable");
+static_assert(std::is_standard_layout<tsc_deltas>::value, "tsc_deltas should have a standard layout");
 }
diff --git a/common/tuple.h b/common/tuple.h
new file mode 100644
index 00000000..daef539c
--- /dev/null
+++ b/common/tuple.h
@@ -0,0 +1,203 @@
+#pragma once
+
+#include <tuple>
+#include <type_traits>
+#include <variant>
+
+namespace utils
+{
+
+/**
+ * @brief Helper structure to extract types from a std::variant.
+ *
+ * This template specialization will convert a std::variant<Types...> into a std::tuple<Types...>.
+ *
+ * Example:
+ * using Variant = std::variant<int, double, std::string>;
+ * using TupleTypes = VariantTypes<Variant>::type; // std::tuple<int, double, std::string>
+ *
+ * @tparam Variant The std::variant type from which to extract types.
+ */
+template<typename Variant>
+struct VariantTypes;
+
+template<typename... Types>
+struct VariantTypes<std::variant<Types...>>
+{
+	using type = std::tuple<Types...>;
+};
+
+/**
+ * @brief Helper structure to filter types in a parameter pack according to a trait.
+ *
+ * Filters the types in a parameter pack based on whether they satisfy a given trait.
+ * The result is a std::tuple containing only the types that satisfy the trait.
+ *
+ * Example:
+ * using Filtered = FilteredTuple<std::is_integral, int, double, char>::type; // std::tuple<int, char>
+ *
+ * @tparam Trait The trait to filter types by.
+ * @tparam Ts The types to filter.
+ */
+template<template<typename> class Trait, typename... Ts>
+struct FilteredTuple
+{
+	using type = decltype(std::tuple_cat(
+	        std::conditional_t<Trait<Ts>::value, std::tuple<Ts>, std::tuple<>>{}...));
+};
+
+/**
+ * @brief Helper structure to filter types in a std::tuple according to a trait.
+ *
+ * This specialization allows you to pass a std::tuple of types to FilteredTuple.
+ *
+ * Example:
+ * using MyTuple = std::tuple<int, double, char>;
+ * using Filtered = FilteredTupleFromTuple<std::is_integral, MyTuple>::type; // std::tuple<int, char>
+ *
+ * @tparam Trait The trait to filter types by.
+ * @tparam Tuple The std::tuple containing types to filter.
+ */
+template<template<typename> class Trait, typename... Ts>
+struct FilteredTuple<Trait, std::tuple<Ts...>>
+{
+	using type = typename FilteredTuple<Trait, Ts...>::type;
+};
+
+/**
+ * @brief Helper structure to check if a type is present in a std::tuple.
+ *
+ * Example:
+ * using MyTuple = std::tuple<int, double, char>;
+ * constexpr bool isInTuple = IsInTuple<int, MyTuple>::value; // true
+ *
+ * @tparam T The type to check for.
+ * @tparam Tuple The std::tuple type to check within.
+ */
+template<typename T, typename Tuple>
+struct IsInTuple;
+
+template<typename T, typename... Ts>
+struct IsInTuple<T, std::tuple<Ts...>> : std::disjunction<std::is_same<T, Ts>...>
+{};
+
+/**
+ * @brief Helper structure to get the index of a first occurence of a type in a std::tuple.
+ *
+ * This structure calculates the zero-based index of type T within a std::tuple<Types...>.
+ * If the type is not found, a compile-time error is raised.
+ *
+ * Example:
+ * using MyTuple = std::tuple<int, double, char>;
+ * constexpr std::size_t index = IndexOf<double, MyTuple>::value; // index will be 1
+ *
+ * @tparam T The type to find the index of.
+ * @tparam Tuple The std::tuple type containing the types.
+ */
+template<typename T, typename Tuple>
+struct IndexOf;
+
+template<typename T, typename... Types>
+struct IndexOf<T, std::tuple<Types...>>
+{
+private:
+	template<std::size_t Index>
+	struct Helper
+	{
+		static constexpr std::size_t value()
+		{
+			if constexpr (Index >= sizeof...(Types))
+			{
+				static_assert(Index < sizeof...(Types), "Type T not found in tuple");
+				return 0; // This line will never be reached
+			}
+			else if constexpr (std::is_same_v<T, std::tuple_element_t<Index, std::tuple<Types...>>>)
+			{
+				return Index;
+			}
+			else
+			{
+				return Helper<Index + 1>::value();
+			}
+		}
+	};
+
+public:
+	static constexpr std::size_t value = Helper<0>::value();
+};
+
+/**
+ * @brief Helper to get the size of the first tuple in a parameter pack.
+ *
+ * This function extracts the size of the first tuple in the parameter pack `Tuples`.
+ *
+ * @tparam Tuples The types of the tuples.
+ * @return The size of the first tuple.
+ */
+template<typename... Tuples>
+constexpr std::size_t get_first_tuple_size()
+{
+	static_assert(sizeof...(Tuples) > 0, "At least one tuple is required.");
+	return std::tuple_size_v<std::decay_t<std::tuple_element_t<0, std::tuple<Tuples...>>>>;
+}
+
+template<std::size_t I, std::size_t N, typename Func, typename... Tuples>
+static void zip_apply_helper(Func&& f, Tuples&&... tuples)
+{
+	if constexpr (I < N)
+	{
+		f(std::get<I>(std::forward<Tuples>(tuples))...);
+		zip_apply_helper<I + 1, N>(std::forward<Func>(f), std::forward<Tuples>(tuples)...);
+	}
+}
+
+/**
+ * @brief Applies a function to corresponding elements of multiple tuples.
+ *
+ * The function `f` should be callable with the elements of the tuples at each index.
+ * This function works with any number of tuples, as long as they are all the same size.
+ *
+ * Example:
+ * ```
+ * auto t1 = std::make_tuple(1, 2, 3);
+ * auto t2 = std::make_tuple(4, 5, 6);
+ * zip_apply([](auto a, auto b) {  do something with a and b }, t1, t2);
+ * ```
+ *
+ * @tparam Func The type of the function to apply.
+ * @tparam Tuples The types of the tuples.
+ * @param f The function to apply.
+ * @param tuples The tuples to iterate over.
+ */
+template<typename Func, typename... Tuples>
+inline void zip_apply(Func&& f, Tuples&&... tuples)
+{
+	constexpr std::size_t tuple_size = get_first_tuple_size<Tuples...>();
+	static_assert((... && (std::tuple_size_v<std::decay_t<Tuples>> == tuple_size)), "All tuples must have the same size.");
+
+	zip_apply_helper<0, tuple_size>(std::forward<Func>(f), std::forward<Tuples>(tuples)...);
+}
+
+template<typename... Ts>
+constexpr auto decay_types(std::tuple<Ts...> const&) -> std::tuple<std::decay_t<Ts>...>;
+
+/**
+ * @brief Decays the types of a tuple's elements.
+ *
+ * It removes any const, volatile, and reference qualifiers from the element
+ * types and performs array-to-pointer and function-to-pointer conversions.
+ *
+ * Example usage:
+ * ```
+ * std::tuple<const int&, float, double> t;
+ * using DecayedTuple = decay_tuple<decltype(t)>;
+ * // DecayedTuple is std::tuple<int, float, double>
+ * ```
+ *
+ * @tparam T The type of the tuple to decay.
+ * @return A tuple type with decayed element types.
+ */
+template<typename T>
+using decay_tuple = decltype(decay_types(std::declval<T>()));
+
+} // namespace utils
diff --git a/common/type.h b/common/type.h
index 898a3f11..051ef803 100644
--- a/common/type.h
+++ b/common/type.h
@@ -8,11 +8,10 @@
 #include <vector>
 
 #include <arpa/inet.h>
-#include <inttypes.h>
 #include <memory.h>
 #include <nlohmann/json.hpp>
 
-#include "config.h"
+#include "config.release.h"
 #include "ctree.h"
 #include "define.h"
 #include "stream.h"
@@ -21,6 +20,7 @@
 using tCoreId = uint32_t;
 using tSocketId = uint32_t;
 using tPortId = uint16_t;
+constexpr tPortId INVALID_PORT_ID = std::numeric_limits<tPortId>::max();
 using tQueueId = uint8_t;
 using tCounterId = uint32_t;
 using tLogicalPortId = uint32_t;
@@ -61,45 +61,51 @@ class default_value_t
 	using this_type = default_value_t<type_t, default_value>;
 
 public:
-	inline default_value_t() :
+	default_value_t() :
 	        value(default_value)
 	{
 	}
 
-	inline default_value_t(const type_t& value) :
+	default_value_t(const type_t& value) :
 	        value(value)
 	{
 	}
 
-	inline operator const type_t&() const
+	operator const type_t&() const
 	{
 		return value;
 	}
 
-	inline this_type& operator+=(const this_type& second)
+	this_type& operator+=(const this_type& second)
 	{
 		this->value += second.value;
 		return *this;
 	}
 
-	inline this_type& operator-=(const this_type& second)
+	this_type& operator-=(const this_type& second)
 	{
 		this->value -= second.value;
 		return *this;
 	}
 
-	inline this_type& operator++()
+	this_type& operator++()
 	{
 		this->value++;
 		return *this;
 	}
 
-	inline this_type& operator--()
+	this_type& operator--()
 	{
 		this->value--;
 		return *this;
 	}
 
+	template<typename U = type_t, typename = std::enable_if_t<std::is_arithmetic_v<U>>>
+	operator std::string() const
+	{
+		return std::to_string(value);
+	}
+
 public:
 	type_t value;
 };
@@ -120,9 +126,11 @@ constexpr inline uint32_t unlabelled = 3;
 class uint
 {
 public:
-	uint(const std::string& string)
+	uint() = default;
+
+	uint(const std::string& string) :
+	        value(std::stoull(string, nullptr, 0))
 	{
-		value = std::stoull(string, nullptr, 0);
 	}
 
 	constexpr operator const uint64_t&() const
@@ -136,7 +144,7 @@ class uint
 		return std::to_string(value);
 	}
 
-	uint64_t value;
+	uint64_t value{};
 };
 
 class mac_address_t
@@ -198,12 +206,12 @@ class mac_address_t
 		return address < second.address;
 	}
 
-	constexpr operator const std::array<uint8_t, 6> &() const
+	constexpr operator const std::array<uint8_t, 6>&() const
 	{
 		return address;
 	}
 
-	constexpr operator std::array<uint8_t, 6> &()
+	constexpr operator std::array<uint8_t, 6>&()
 	{
 		return address;
 	}
@@ -214,12 +222,12 @@ class mac_address_t
 	}
 
 public:
-	bool is_default() const
+	[[nodiscard]] bool is_default() const
 	{
 		return *this == mac_address_t();
 	}
 
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		char buffer[64];
 		snprintf(buffer, 64, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X", address[0], address[1], address[2], address[3], address[4], address[5]);
@@ -231,20 +239,12 @@ class mac_address_t
 		return address.data();
 	}
 
-	const uint8_t* data() const
+	[[nodiscard]] const uint8_t* data() const
 	{
 		return address.data();
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(address);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(address);
-	}
+	SERIALIZABLE(address);
 
 protected:
 	std::array<uint8_t, 6> address;
@@ -302,14 +302,14 @@ class ipv4_address_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		char buffer[64];
 		snprintf(buffer, 64, "%u.%u.%u.%u", (address >> 24) & 0xFF, (address >> 16) & 0xFF, (address >> 8) & 0xFF, address & 0xFF);
 		return buffer;
 	}
 
-	constexpr ipv4_address_t applyMask(const uint8_t& mask) const
+	[[nodiscard]] constexpr ipv4_address_t applyMask(const uint8_t& mask) const
 	{
 		if (mask == 0 ||
 		    mask > 32)
@@ -320,7 +320,7 @@ class ipv4_address_t
 		return {address & (0xFFFFFFFFu << (32u - mask))};
 	}
 
-	constexpr std::tuple<ipv4_address_t, ipv4_address_t> splitNetwork(const uint8_t& mask) const
+	[[nodiscard]] constexpr std::tuple<ipv4_address_t, ipv4_address_t> splitNetwork(const uint8_t& mask) const
 	{
 		if (mask >= 32)
 		{
@@ -338,20 +338,12 @@ class ipv4_address_t
 		address &= ~((!bit) << (31 - index));
 	}
 
-	uint8_t get_bit(const uint32_t& index) const
+	[[nodiscard]] uint8_t get_bit(const uint32_t& index) const
 	{
 		return (address >> (31 - index)) & 1;
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(address);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(address);
-	}
+	SERIALIZABLE(address);
 
 protected:
 	uint32_t address;
@@ -421,12 +413,12 @@ class ipv6_address_t
 		return !memcmp(address.data(), second.address.data(), address.size());
 	}
 
-	constexpr operator const std::array<uint8_t, 16> &() const
+	constexpr operator const std::array<uint8_t, 16>&() const
 	{
 		return address;
 	}
 
-	constexpr operator std::array<uint8_t, 16> &()
+	constexpr operator std::array<uint8_t, 16>&()
 	{
 		return address;
 	}
@@ -437,7 +429,7 @@ class ipv6_address_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		char buffer[256];
 		inet_ntop(AF_INET6, address.data(), buffer, sizeof(buffer));
@@ -445,7 +437,7 @@ class ipv6_address_t
 		return buffer;
 	}
 
-	ipv6_address_t applyMask(const uint8_t& mask) const
+	[[nodiscard]] ipv6_address_t applyMask(const uint8_t& mask) const
 	{
 		if (mask == 0 ||
 		    mask > 128)
@@ -469,12 +461,12 @@ class ipv6_address_t
 		return {address0, address64};
 	}
 
-	uint128_t getAddress128() const
+	[[nodiscard]] uint128_t getAddress128() const
 	{
 		return ((uint128_t)(getAddress64(0)) << 64) + ((uint128_t)(getAddress64(64)));
 	}
 
-	uint64_t getAddress64(const uint8_t& offset) const
+	[[nodiscard]] uint64_t getAddress64(const uint8_t& offset) const
 	{
 		if (offset % 8 ||
 		    offset > 128 - 64)
@@ -485,7 +477,7 @@ class ipv6_address_t
 		return be64toh(*(uint64_t*)&address[offset / 8]);
 	}
 
-	uint32_t getAddress32(const uint8_t& offset) const
+	[[nodiscard]] uint32_t getAddress32(const uint8_t& offset) const
 	{
 		if (offset % 8 ||
 		    offset > 128 - 32)
@@ -496,12 +488,12 @@ class ipv6_address_t
 		return be32toh(*(uint32_t*)&address[offset / 8]);
 	}
 
-	ipv4_address_t get_mapped_ipv4_address() const
+	[[nodiscard]] ipv4_address_t get_mapped_ipv4_address() const
 	{
 		return ipv4_address_t(getAddress32(96));
 	}
 
-	constexpr const uint8_t* data() const
+	[[nodiscard]] constexpr const uint8_t* data() const
 	{
 		return address.data();
 	}
@@ -518,26 +510,18 @@ class ipv6_address_t
 		byte &= ~((!bit) << (7 - (index % 8)));
 	}
 
-	uint8_t get_bit(const uint32_t& index) const
+	[[nodiscard]] uint8_t get_bit(const uint32_t& index) const
 	{
 		uint32_t address = getAddress32((index / 32) * 32);
 		return (address >> (31 - (index % 32))) & 1;
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(address);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(address);
-	}
+	SERIALIZABLE(address);
 
 	/// Returns true if this is a multicast address (ff00::/8).
 	///
 	/// This property is defined by IETF RFC 4291.
-	constexpr bool is_multicast() const
+	[[nodiscard]] constexpr bool is_multicast() const
 	{
 		return (address[0] & 0xff) == 0xff;
 	}
@@ -549,9 +533,7 @@ class ipv6_address_t
 class ip_address_t
 {
 public:
-	constexpr ip_address_t()
-	{
-	}
+	constexpr ip_address_t() = default;
 
 	ip_address_t(const uint8_t ip_version, const uint8_t* bytes)
 	{
@@ -611,12 +593,12 @@ class ip_address_t
 		return !(address == second.address);
 	}
 
-	constexpr operator const std::variant<ipv4_address_t, ipv6_address_t> &() const
+	constexpr operator const std::variant<ipv4_address_t, ipv6_address_t>&() const
 	{
 		return address;
 	}
 
-	constexpr operator std::variant<ipv4_address_t, ipv6_address_t> &()
+	constexpr operator std::variant<ipv4_address_t, ipv6_address_t>&()
 	{
 		return address;
 	}
@@ -627,7 +609,7 @@ class ip_address_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		std::string string;
 
@@ -639,12 +621,12 @@ class ip_address_t
 		return string;
 	}
 
-	constexpr bool is_ipv4() const
+	[[nodiscard]] constexpr bool is_ipv4() const
 	{
 		return std::holds_alternative<ipv4_address_t>(address);
 	}
 
-	constexpr bool is_ipv6() const
+	[[nodiscard]] constexpr bool is_ipv6() const
 	{
 		return std::holds_alternative<ipv6_address_t>(address);
 	}
@@ -654,7 +636,7 @@ class ip_address_t
 		return std::get<ipv4_address_t>(address);
 	}
 
-	const ipv4_address_t& get_ipv4() const
+	[[nodiscard]] const ipv4_address_t& get_ipv4() const
 	{
 		return std::get<ipv4_address_t>(address);
 	}
@@ -664,12 +646,12 @@ class ip_address_t
 		return std::get<ipv6_address_t>(address);
 	}
 
-	const ipv6_address_t& get_ipv6() const
+	[[nodiscard]] const ipv6_address_t& get_ipv6() const
 	{
 		return std::get<ipv6_address_t>(address);
 	}
 
-	bool is_default() const
+	[[nodiscard]] bool is_default() const
 	{
 		if (is_ipv4() &&
 		    get_ipv4() == ipv4_address_t())
@@ -687,7 +669,7 @@ class ip_address_t
 		}
 	}
 
-	ip_address_t applyMask(const uint8_t& mask) const
+	[[nodiscard]] ip_address_t applyMask(const uint8_t& mask) const
 	{
 		if (is_ipv4())
 		{
@@ -699,15 +681,7 @@ class ip_address_t
 		}
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(address);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(address);
-	}
+	SERIALIZABLE(address);
 
 protected:
 	std::variant<ipv4_address_t, ipv6_address_t> address;
@@ -756,12 +730,12 @@ class ipv4_prefix_t
 		return prefix > second.prefix;
 	}
 
-	constexpr operator const std::tuple<ipv4_address_t, uint8_t> &() const
+	constexpr operator const std::tuple<ipv4_address_t, uint8_t>&() const
 	{
 		return prefix;
 	}
 
-	constexpr operator std::tuple<ipv4_address_t, uint8_t> &()
+	constexpr operator std::tuple<ipv4_address_t, uint8_t>&()
 	{
 		return prefix;
 	}
@@ -772,7 +746,7 @@ class ipv4_prefix_t
 	}
 
 public:
-	constexpr const ipv4_address_t& address() const
+	[[nodiscard]] constexpr const ipv4_address_t& address() const
 	{
 		return std::get<0>(prefix);
 	}
@@ -782,7 +756,7 @@ class ipv4_prefix_t
 		return std::get<0>(prefix);
 	}
 
-	constexpr const uint8_t& mask() const
+	[[nodiscard]] constexpr const uint8_t& mask() const
 	{
 		return std::get<1>(prefix);
 	}
@@ -792,23 +766,23 @@ class ipv4_prefix_t
 		return std::get<1>(prefix);
 	}
 
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		return address().toString() + "/" + std::to_string(mask());
 	}
 
-	constexpr bool isValid() const
+	[[nodiscard]] constexpr bool isValid() const
 	{
 		return mask() <= 32 &&
 		       address().applyMask(mask()) == address();
 	}
 
-	constexpr ipv4_prefix_t applyMask(const uint8_t& mask) const
+	[[nodiscard]] constexpr ipv4_prefix_t applyMask(const uint8_t& mask) const
 	{
 		return {address().applyMask(mask), mask};
 	}
 
-	constexpr std::tuple<ipv4_prefix_t, ipv4_prefix_t> splitNetwork() const
+	[[nodiscard]] constexpr std::tuple<ipv4_prefix_t, ipv4_prefix_t> splitNetwork() const
 	{
 		if (mask() >= 32)
 		{
@@ -820,17 +794,9 @@ class ipv4_prefix_t
 		        {address() | (1u << (32u - mask() - 1u)), (uint8_t)(mask() + 1)}};
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(prefix);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(prefix);
-	}
+	SERIALIZABLE(prefix);
 
-	bool subnetOf(const ipv4_prefix_t& other) const
+	[[nodiscard]] bool subnetOf(const ipv4_prefix_t& other) const
 	{
 		if (mask() < other.mask())
 		{
@@ -840,7 +806,7 @@ class ipv4_prefix_t
 		return address().applyMask(other.mask()) == other.address();
 	}
 
-	bool subnetFor(const ipv4_address_t& other) const
+	[[nodiscard]] bool subnetFor(const ipv4_address_t& other) const
 	{
 		return other.applyMask(mask()) == address().applyMask(mask());
 	}
@@ -852,9 +818,7 @@ class ipv4_prefix_t
 class ipv4_prefix_with_announces_t
 {
 public:
-	ipv4_prefix_with_announces_t()
-	{
-	}
+	ipv4_prefix_with_announces_t() = default;
 
 	ipv4_prefix_with_announces_t(const nlohmann::json& prefixJson)
 	{
@@ -911,17 +875,7 @@ class ipv4_prefix_with_announces_t
 		return prefix < second.prefix;
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(prefix);
-		stream.pop(announces);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(prefix);
-		stream.push(announces);
-	}
+	SERIALIZABLE(prefix, announces);
 
 public:
 	ipv4_prefix_t prefix;
@@ -971,12 +925,12 @@ class ipv6_prefix_t
 		return prefix > second.prefix;
 	}
 
-	constexpr operator const std::tuple<ipv6_address_t, uint8_t> &() const
+	constexpr operator const std::tuple<ipv6_address_t, uint8_t>&() const
 	{
 		return prefix;
 	}
 
-	constexpr operator std::tuple<ipv6_address_t, uint8_t> &()
+	constexpr operator std::tuple<ipv6_address_t, uint8_t>&()
 	{
 		return prefix;
 	}
@@ -987,7 +941,7 @@ class ipv6_prefix_t
 	}
 
 public:
-	constexpr const ipv6_address_t& address() const
+	[[nodiscard]] constexpr const ipv6_address_t& address() const
 	{
 		return std::get<0>(prefix);
 	}
@@ -997,7 +951,7 @@ class ipv6_prefix_t
 		return std::get<0>(prefix);
 	}
 
-	constexpr const uint8_t& mask() const
+	[[nodiscard]] constexpr const uint8_t& mask() const
 	{
 		return std::get<1>(prefix);
 	}
@@ -1007,12 +961,12 @@ class ipv6_prefix_t
 		return std::get<1>(prefix);
 	}
 
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		return address().toString() + "/" + std::to_string(mask());
 	}
 
-	bool isValid() const
+	[[nodiscard]] bool isValid() const
 	{
 		if (mask() > 128)
 		{
@@ -1032,22 +986,22 @@ class ipv6_prefix_t
 		return true;
 	}
 
-	ipv6_prefix_t applyMask(const uint8_t& mask) const
+	[[nodiscard]] ipv6_prefix_t applyMask(const uint8_t& mask) const
 	{
 		return {address().applyMask(mask), mask};
 	}
 
-	uint64_t getAddress64(const uint8_t& offset) const
+	[[nodiscard]] uint64_t getAddress64(const uint8_t& offset) const
 	{
 		return address().getAddress64(offset) & getAddressMask64(offset);
 	}
 
-	uint32_t getAddress32(const uint8_t& offset) const
+	[[nodiscard]] uint32_t getAddress32(const uint8_t& offset) const
 	{
 		return address().getAddress32(offset) & getAddressMask32(offset);
 	}
 
-	uint64_t getAddressMask64(const uint8_t& offset) const
+	[[nodiscard]] uint64_t getAddressMask64(const uint8_t& offset) const
 	{
 		if (offset > 128 - 64)
 		{
@@ -1067,7 +1021,7 @@ class ipv6_prefix_t
 		return 0xFFFFFFFFFFFFFFFFull << (64ull + offset - mask());
 	}
 
-	uint32_t getAddressMask32(const uint8_t& offset) const
+	[[nodiscard]] uint32_t getAddressMask32(const uint8_t& offset) const
 	{
 		if (offset > 128 - 32)
 		{
@@ -1087,22 +1041,14 @@ class ipv6_prefix_t
 		return 0xFFFFFFFFu << (32u + offset - mask());
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(prefix);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(prefix);
-	}
+	SERIALIZABLE(prefix);
 
-	bool subnetFor(const ipv6_address_t& other) const
+	[[nodiscard]] bool subnetFor(const ipv6_address_t& other) const
 	{
 		return other.applyMask(mask()) == address().applyMask(mask());
 	}
 
-	bool subnetOf(const ipv6_prefix_t& other) const
+	[[nodiscard]] bool subnetOf(const ipv6_prefix_t& other) const
 	{
 		if (mask() < other.mask())
 		{
@@ -1179,17 +1125,7 @@ class ipv6_prefix_with_announces_t
 		return prefix < second.prefix;
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(prefix);
-		stream.pop(announces);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(prefix);
-		stream.push(announces);
-	}
+	SERIALIZABLE(prefix, announces);
 
 public:
 	ipv6_prefix_t prefix;
@@ -1199,9 +1135,7 @@ class ipv6_prefix_with_announces_t
 class ip_prefix_t
 {
 public:
-	constexpr ip_prefix_t()
-	{
-	}
+	constexpr ip_prefix_t() = default;
 
 	constexpr ip_prefix_t(const ipv4_prefix_t& prefix) :
 	        prefix(prefix)
@@ -1252,12 +1186,12 @@ class ip_prefix_t
 		return prefix == second.prefix;
 	}
 
-	constexpr operator const std::variant<ipv4_prefix_t, ipv6_prefix_t> &() const
+	constexpr operator const std::variant<ipv4_prefix_t, ipv6_prefix_t>&() const
 	{
 		return prefix;
 	}
 
-	constexpr operator std::variant<ipv4_prefix_t, ipv6_prefix_t> &()
+	constexpr operator std::variant<ipv4_prefix_t, ipv6_prefix_t>&()
 	{
 		return prefix;
 	}
@@ -1268,7 +1202,7 @@ class ip_prefix_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		std::string string;
 
@@ -1280,12 +1214,12 @@ class ip_prefix_t
 		return string;
 	}
 
-	bool is_ipv4() const
+	[[nodiscard]] bool is_ipv4() const
 	{
 		return std::holds_alternative<ipv4_prefix_t>(prefix);
 	}
 
-	bool is_ipv6() const
+	[[nodiscard]] bool is_ipv6() const
 	{
 		return std::holds_alternative<ipv6_prefix_t>(prefix);
 	}
@@ -1295,7 +1229,7 @@ class ip_prefix_t
 		return std::get<ipv4_prefix_t>(prefix);
 	}
 
-	const ipv4_prefix_t& get_ipv4() const
+	[[nodiscard]] const ipv4_prefix_t& get_ipv4() const
 	{
 		return std::get<ipv4_prefix_t>(prefix);
 	}
@@ -1305,7 +1239,7 @@ class ip_prefix_t
 		return std::get<ipv6_prefix_t>(prefix);
 	}
 
-	const ipv6_prefix_t& get_ipv6() const
+	[[nodiscard]] const ipv6_prefix_t& get_ipv6() const
 	{
 		return std::get<ipv6_prefix_t>(prefix);
 	}
@@ -1322,7 +1256,7 @@ class ip_prefix_t
 		}
 	}
 
-	const uint8_t& mask() const
+	[[nodiscard]] const uint8_t& mask() const
 	{
 		if (is_ipv4())
 		{
@@ -1334,7 +1268,7 @@ class ip_prefix_t
 		}
 	}
 
-	bool is_default() const
+	[[nodiscard]] bool is_default() const
 	{
 		if (is_ipv4() &&
 		    get_ipv4() == ipv4_prefix_t())
@@ -1352,7 +1286,7 @@ class ip_prefix_t
 		}
 	}
 
-	bool is_host() const
+	[[nodiscard]] bool is_host() const
 	{
 		if (is_ipv4())
 		{
@@ -1364,7 +1298,7 @@ class ip_prefix_t
 		}
 	}
 
-	ip_prefix_t get_default() const
+	[[nodiscard]] ip_prefix_t get_default() const
 	{
 		if (is_ipv4())
 		{
@@ -1376,7 +1310,7 @@ class ip_prefix_t
 		}
 	}
 
-	ip_address_t address() const
+	[[nodiscard]] ip_address_t address() const
 	{
 		if (is_ipv4())
 		{
@@ -1388,7 +1322,7 @@ class ip_prefix_t
 		}
 	}
 
-	ip_prefix_t applyMask(const uint8_t& mask) const
+	[[nodiscard]] ip_prefix_t applyMask(const uint8_t& mask) const
 	{
 		if (is_ipv4())
 		{
@@ -1400,7 +1334,7 @@ class ip_prefix_t
 		}
 	}
 
-	bool subnetFor(const ip_address_t& other) const
+	[[nodiscard]] bool subnetFor(const ip_address_t& other) const
 	{
 		if (is_ipv4() && other.is_ipv4())
 		{
@@ -1413,15 +1347,7 @@ class ip_prefix_t
 		return false;
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(prefix);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(prefix);
-	}
+	SERIALIZABLE(prefix);
 
 protected:
 	std::variant<ipv4_prefix_t, ipv6_prefix_t> prefix;
@@ -1432,9 +1358,7 @@ class ip_prefix_with_announces_t
 public:
 	using variant_t = std::variant<ipv4_prefix_with_announces_t, ipv6_prefix_with_announces_t>;
 
-	ip_prefix_with_announces_t()
-	{
-	}
+	ip_prefix_with_announces_t() = default;
 
 	ip_prefix_with_announces_t(const nlohmann::json& prefixJson)
 	{
@@ -1487,7 +1411,7 @@ class ip_prefix_with_announces_t
 	}
 
 public:
-	ip_prefix_t get_prefix() const
+	[[nodiscard]] ip_prefix_t get_prefix() const
 	{
 		if (std::holds_alternative<ipv4_prefix_with_announces_t>(prefix))
 		{
@@ -1499,15 +1423,7 @@ class ip_prefix_with_announces_t
 		}
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(prefix);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(prefix);
-	}
+	SERIALIZABLE(prefix);
 
 protected:
 	variant_t prefix;
@@ -1571,20 +1487,12 @@ class community_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		return std::to_string(value >> 16) + ":" + std::to_string(value & 0xFFFF);
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(value);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(value);
-	}
+	SERIALIZABLE(value);
 
 protected:
 	uint32_t value;
@@ -1640,12 +1548,12 @@ class large_community_t
 		return value == second.value;
 	}
 
-	constexpr operator const std::array<uint32_t, 3> &() const
+	constexpr operator const std::array<uint32_t, 3>&() const
 	{
 		return value;
 	}
 
-	constexpr operator std::array<uint32_t, 3> &()
+	constexpr operator std::array<uint32_t, 3>&()
 	{
 		return value;
 	}
@@ -1656,20 +1564,12 @@ class large_community_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		return std::to_string(value[0]) + ":" + std::to_string(value[1]) + ":" + std::to_string(value[2]);
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(value);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(value);
-	}
+	SERIALIZABLE(value);
 
 public:
 	std::array<uint32_t, 3> value;
@@ -1678,44 +1578,42 @@ class large_community_t
 class values_t
 {
 public:
-	values_t()
-	{
-	}
+	values_t() = default;
 
-	template<typename... args_T>
-	values_t(const args_T&... args)
+	template<typename... Args>
+	values_t(const Args&... args)
 	{
 		insertHelper(args...);
 	}
 
-	operator const std::set<uint64_t> &() const
+	operator const std::set<uint64_t>&() const
 	{
 		return values;
 	}
 
-	operator std::set<uint64_t> &()
+	operator std::set<uint64_t>&()
 	{
 		return values;
 	}
 
-	auto begin() const
+	[[nodiscard]] auto begin() const
 	{
 		return values.begin();
 	}
 
-	auto end() const
+	[[nodiscard]] auto end() const
 	{
 		return values.end();
 	}
 
 protected:
-	template<typename arg0_T, typename... args_T>
+	template<typename arg0_T, typename... Args>
 	void insertHelper(const arg0_T& arg0,
-	                  const args_T&... args)
+	                  const Args&... args)
 	{
 		values.emplace(arg0);
 
-		if constexpr (sizeof...(args_T))
+		if constexpr (sizeof...(Args))
 		{
 			insertHelper(args...);
 		}
@@ -1728,9 +1626,7 @@ class values_t
 class range_t
 {
 public:
-	constexpr range_t()
-	{
-	}
+	constexpr range_t() = default;
 
 	constexpr range_t(const uint64_t& value) :
 	        range(value, value)
@@ -1772,12 +1668,12 @@ class range_t
 		return range < second.range;
 	}
 
-	constexpr operator const std::tuple<uint64_t, uint64_t> &() const
+	constexpr operator const std::tuple<uint64_t, uint64_t>&() const
 	{
 		return range;
 	}
 
-	constexpr operator std::tuple<uint64_t, uint64_t> &()
+	constexpr operator std::tuple<uint64_t, uint64_t>&()
 	{
 		return range;
 	}
@@ -1788,7 +1684,7 @@ class range_t
 	}
 
 public:
-	std::string toString() const
+	[[nodiscard]] std::string toString() const
 	{
 		return std::to_string(from()) + (from() == to() ? "" : "-" + std::to_string(to()));
 	}
@@ -1798,7 +1694,7 @@ class range_t
 		return std::get<0>(range);
 	}
 
-	const uint64_t& from() const
+	[[nodiscard]] const uint64_t& from() const
 	{
 		return std::get<0>(range);
 	}
@@ -1808,20 +1704,12 @@ class range_t
 		return std::get<1>(range);
 	}
 
-	const uint64_t& to() const
+	[[nodiscard]] const uint64_t& to() const
 	{
 		return std::get<1>(range);
 	}
 
-	void pop(stream_in_t& stream)
-	{
-		stream.pop(range);
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(range);
-	}
+	SERIALIZABLE(range);
 
 protected:
 	std::tuple<uint64_t, uint64_t> range;
@@ -1848,9 +1736,7 @@ class flags_t
 class ranges_t ///< @todo: rename filter_t
 {
 public:
-	ranges_t()
-	{
-	}
+	ranges_t() = default;
 
 	ranges_t(const uint64_t& value)
 	{
@@ -1896,17 +1782,17 @@ class ranges_t ///< @todo: rename filter_t
 		return ranges < second.ranges;
 	}
 
-	auto begin() const
+	[[nodiscard]] auto begin() const
 	{
 		return ranges.begin();
 	}
 
-	auto end() const
+	[[nodiscard]] auto end() const
 	{
 		return ranges.end();
 	}
 
-	bool empty() const
+	[[nodiscard]] bool empty() const
 	{
 		return ranges.empty();
 	}
@@ -1958,7 +1844,7 @@ class ranges_t ///< @todo: rename filter_t
 		ranges = newRanges;
 	}
 
-	bool isIntersect(const ranges_t& second) const
+	[[nodiscard]] bool isIntersect(const ranges_t& second) const
 	{
 		for (const auto& range : ranges)
 		{
@@ -1997,9 +1883,7 @@ constexpr ipv6_prefix_t ipv6_prefix_default = {ipv6_address_default, 0};
 
 //
 
-namespace worker
-{
-namespace stats
+namespace worker::stats
 {
 struct common
 {
@@ -2046,7 +1930,6 @@ struct port
 	uint64_t controlPlane_drops = 0; ///< @todo: DELETE
 };
 }
-}
 
 namespace worker_gc
 {
@@ -2248,7 +2131,7 @@ inline const char* eFlowType_toString(eFlowType t)
 
 enum class eFlowFlags : uint8_t
 {
-	keepstate = 1,
+	recordstate = 1,
 	log = 2,
 };
 
@@ -2301,7 +2184,6 @@ class tFlow
 {
 public:
 	tFlow() :
-	        type(eFlowType::controlPlane), ///< @todo: drop
 	        flags(0),
 	        counter_id(0)
 	{
@@ -2316,12 +2198,12 @@ class tFlow
 		data.atomic = 0;
 	}
 
-	inline bool operator==(const tFlow& second) const
+	bool operator==(const tFlow& second) const
 	{
 		return std::tie(type_params_atomic, data.atomic) == std::tie(second.type_params_atomic, second.data.atomic);
 	}
 
-	inline bool operator!=(const tFlow& second) const
+	bool operator!=(const tFlow& second) const
 	{
 		return !operator==(second);
 	}
@@ -2355,14 +2237,15 @@ class tFlow
 		return data.atomic;
 	}
 
-	void pop(stream_in_t& stream)
+	[[nodiscard]] std::string to_string() const
 	{
-		stream.pop(reinterpret_cast<uint8_t(&)[sizeof(*this)]>(*this));
-	}
-
-	void push(stream_out_t& stream) const
-	{
-		stream.push(reinterpret_cast<const uint8_t(&)[sizeof(*this)]>(*this));
+		std::ostringstream oss;
+		oss << "tFlow { type: " << eFlowType_toString(type)
+		    << ", flags: " << static_cast<int>(flags)
+		    << ", counter_id: " << counter_id
+		    << ", data: { atomic: " << data.atomic
+		    << " } }";
+		return oss.str();
 	}
 
 public:
@@ -2371,7 +2254,7 @@ class tFlow
 		uint32_t type_params_atomic;
 		struct
 		{
-			eFlowType type;
+			eFlowType type{eFlowType::controlPlane}; ///< @todo: drop
 			uint8_t flags : 2;
 			uint32_t counter_id : 22;
 		};
@@ -2428,6 +2311,19 @@ struct stats_t
 	uint64_t intersect_packets;
 	uint64_t unknown_network_type_packets;
 	uint64_t timeout_packets;
+
+	stats_t& operator+=(const stats_t& other)
+	{
+		current_count_packets += other.current_count_packets;
+		total_overflow_packets += other.total_overflow_packets;
+		not_fragment_packets += other.not_fragment_packets;
+		empty_packets += other.empty_packets;
+		flow_overflow_packets += other.flow_overflow_packets;
+		intersect_packets += other.intersect_packets;
+		unknown_network_type_packets += other.unknown_network_type_packets;
+		timeout_packets += other.timeout_packets;
+		return *this;
+	}
 };
 
 }
@@ -2479,6 +2375,25 @@ struct stats_t
 	uint64_t tcp_ok;
 	uint64_t tcp_timeout_sessions;
 	uint64_t tcp_unknown_sessions;
+
+	stats_t& operator+=(const stats_t& other)
+	{
+		bad_decap_transport += other.bad_decap_transport;
+		fragment += other.fragment;
+		bad_transport += other.bad_transport;
+		lookup_miss += other.lookup_miss;
+		local += other.local;
+		tcp_syn += other.tcp_syn;
+		tcp_unknown_option += other.tcp_unknown_option;
+		tcp_no_option += other.tcp_no_option;
+		tcp_insert_sessions += other.tcp_insert_sessions;
+		tcp_close_sessions += other.tcp_close_sessions;
+		tcp_retransmission += other.tcp_retransmission;
+		tcp_ok += other.tcp_ok;
+		tcp_timeout_sessions += other.tcp_timeout_sessions;
+		tcp_unknown_sessions += other.tcp_unknown_sessions;
+		return *this;
+	}
 };
 
 using value_t = std::tuple<common::ip_address_t, ///< nexthop
@@ -2512,6 +2427,19 @@ struct stats_t
 	uint64_t slowworker_drops;
 	uint64_t mempool_is_empty;
 	uint64_t unknown_dump_interface;
+
+	stats_t& operator+=(const stats_t& b)
+	{
+		repeat_packets += b.repeat_packets;
+		tofarm_packets += b.tofarm_packets;
+		farm_packets += b.farm_packets;
+		fwsync_multicast_ingress_packets += b.fwsync_multicast_ingress_packets;
+		slowworker_packets += b.slowworker_packets;
+		slowworker_drops += b.slowworker_drops;
+		mempool_is_empty += b.mempool_is_empty;
+		unknown_dump_interface += b.unknown_dump_interface;
+		return *this;
+	}
 };
 
 }
@@ -2592,7 +2520,7 @@ struct hash<common::ipv4_address_t>
 {
 	std::size_t operator()(const common::ipv4_address_t& ip_addr) const
 	{
-		const uint32_t ipv4 = static_cast<uint32_t>(ip_addr);
+		const auto ipv4 = static_cast<uint32_t>(ip_addr);
 		return std::hash<uint32_t>()(ipv4);
 	}
 };
@@ -2788,7 +2716,7 @@ using nexthop_stuff_t = std::tuple<ip_address_t, ///< nexthop
                                    uint32_t ///< local_preference
                                    >;
 
-using nexthop_map_t = std::unordered_map<uint32_t,
+using nexthop_map_t = std::unordered_map<uint32_t, ///< pptn_index -> protocol, peer, table_name
                                          std::unordered_map<std::string, ///< path_info
                                                             const rib::nexthop_stuff_t*>>;
 
diff --git a/common/unittest/meson.build b/common/unittest/meson.build
new file mode 100644
index 00000000..da6ace33
--- /dev/null
+++ b/common/unittest/meson.build
@@ -0,0 +1,28 @@
+dependencies = []
+dependencies += libjson.get_variable('nlohmann_json_dep')
+dependencies += dependency('threads')
+dependencies += dependency('gtest')
+dependencies += dependency('gtest_main')
+
+common_sources = files()
+
+sources = files('unittest.cpp',
+                'static_vector.cpp',
+                'shared_memory.cpp',
+                'tuple.cpp',
+                'variant_trait_map.cpp',
+                )
+
+arch = 'corei7'
+cpp_args_append = ['-march=' + arch]
+
+unittest = executable('yanet-common-unittest',
+                      [common_sources, sources],
+                      include_directories: yanet_rootdir,
+                      dependencies: dependencies,
+                      cpp_args: cpp_args_append,
+                      override_options: 'b_lto=false')
+
+test('common',
+     unittest,
+     protocol: 'gtest')
diff --git a/common/unittest/shared_memory.cpp b/common/unittest/shared_memory.cpp
new file mode 100644
index 00000000..ce46728a
--- /dev/null
+++ b/common/unittest/shared_memory.cpp
@@ -0,0 +1,53 @@
+#include <gtest/gtest.h>
+
+#include "../shared_memory.h"
+
+void TestForSize(void* buffer_writer, void* buffer_reader, size_t size, size_t size_reader)
+{
+	ASSERT_TRUE(buffer_writer != nullptr);
+	ASSERT_TRUE(buffer_reader != nullptr);
+	ASSERT_EQ(size, size_reader);
+
+	auto* buffer_writer8 = reinterpret_cast<uint8_t*>(buffer_writer);
+	auto* buffer_reader8 = reinterpret_cast<uint8_t*>(buffer_reader);
+
+	for (uint64_t index = 0; index < size; index++)
+	{
+		buffer_writer8[index] = (index & 0xff);
+	}
+
+	for (uint64_t index = 0; index < size; index++)
+	{
+		ASSERT_EQ(buffer_writer8[index], buffer_reader8[index]);
+	}
+}
+
+static std::vector<size_t> sizes_test = {1024, 512, 4096, 8192, 4096, 1024};
+
+TEST(SharedMemory, CreateAndOpenSharedMemoryBufferFile)
+{
+	bool use_huge_tlb = common::ipc::SharedMemory::HugeTlbEnabled();
+	std::string filename("test_shared_memory.shm");
+	for (size_t size : sizes_test)
+	{
+		void* buffer_writer = common::ipc::SharedMemory::CreateBufferFile(filename, size, use_huge_tlb, 0);
+		auto [buffer_reader, size_reader] = common::ipc::SharedMemory::OpenBufferFile(filename, use_huge_tlb);
+		TestForSize(buffer_writer, buffer_reader, size, size_reader);
+		ASSERT_EQ(munmap(buffer_writer, size), 0);
+		ASSERT_EQ(munmap(buffer_reader, size), 0);
+	}
+}
+
+TEST(SharedMemory, CreateAndOpenSharedMemoryBufferKey)
+{
+	bool use_huge_tlb = common::ipc::SharedMemory::HugeTlbEnabled();
+	key_t key = 54321;
+	for (size_t size : sizes_test)
+	{
+		void* buffer_writer = common::ipc::SharedMemory::CreateBufferKey(key, size, use_huge_tlb, 0);
+		auto [buffer_reader, size_reader] = common::ipc::SharedMemory::OpenBufferKey(key, use_huge_tlb);
+		TestForSize(buffer_writer, buffer_reader, size, size_reader);
+		ASSERT_EQ(shmdt(buffer_writer), 0);
+		ASSERT_EQ(shmdt(buffer_reader), 0);
+	}
+}
diff --git a/common/unittest/static_vector.cpp b/common/unittest/static_vector.cpp
new file mode 100644
index 00000000..91033879
--- /dev/null
+++ b/common/unittest/static_vector.cpp
@@ -0,0 +1,49 @@
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+
+#include "../static_vector.h"
+
+namespace
+{
+using utils::StaticVector;
+
+static constexpr std::string_view hw = "Hello World!";
+
+TEST(StaticVector, 001_Basic_element_store)
+{
+	StaticVector<char, hw.length(), true> v; // Enable exceptions
+	ASSERT_TRUE(v.empty());
+	for (auto& c : hw)
+	{
+		v.push_back(c);
+	}
+	ASSERT_EQ(hw.length(), v.size());
+	ASSERT_EQ(v.size(), v.capacity());
+	ASSERT_TRUE(v.Full());
+	bool caught = false;
+	try
+	{
+		v.push_back('c');
+	}
+	catch (std::out_of_range& e)
+	{
+		caught = true;
+	}
+	ASSERT_TRUE(caught);
+}
+
+TEST(StaticVector, 002_POD_copy_move)
+{
+	std::vector<std::uint64_t> ref;
+	StaticVector<std::uint64_t, 5> v;
+	for (auto e : ref)
+	{
+		v.push_back(e);
+	}
+	auto copy = v;
+	ASSERT_TRUE(std::mismatch(v.begin(), v.end(), copy.begin()).first == v.end());
+	auto moved = std::move(copy);
+	ASSERT_TRUE(std::mismatch(v.begin(), v.end(), moved.begin()).first == v.end());
+}
+
+} // namespace
diff --git a/common/unittest/tuple.cpp b/common/unittest/tuple.cpp
new file mode 100644
index 00000000..da3c0399
--- /dev/null
+++ b/common/unittest/tuple.cpp
@@ -0,0 +1,219 @@
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+
+#include "common/tuple.h"
+
+namespace
+{
+
+using utils::VariantTypes;
+
+TEST(VariantTypes, BasicExtraction)
+{
+	using Variant = std::variant<int, double, std::string>;
+	using ExpectedTuple = std::tuple<int, double, std::string>;
+	using ExtractedTuple = typename VariantTypes<Variant>::type;
+
+	static_assert(std::is_same_v<ExtractedTuple, ExpectedTuple>, "Extracted tuple doesn't match expected");
+}
+
+TEST(VariantTypes, EmptyVariant)
+{
+	using Variant = std::variant<>;
+	using ExpectedTuple = std::tuple<>;
+	using ExtractedTuple = typename VariantTypes<Variant>::type;
+
+	static_assert(std::is_same_v<ExtractedTuple, ExpectedTuple>, "Extracted empty tuple doesn't match expected");
+}
+
+using utils::FilteredTuple;
+
+TEST(FilteredTuple, FilteredTypes)
+{
+	using Filtered = typename FilteredTuple<std::is_integral, int, double, char>::type;
+	using Expected = std::tuple<int, char>;
+
+	static_assert(std::is_same_v<Filtered, Expected>, "Filtered tuple does not match expected");
+
+	using InputTuple = std::tuple<int, double, char>;
+	using Filtered = typename FilteredTuple<std::is_integral, InputTuple>::type;
+
+	static_assert(std::is_same_v<Filtered, Expected>, "Filtered tuple does not match expected");
+}
+
+TEST(FilteredTuple, NoMatch)
+{
+	using Filtered = typename FilteredTuple<std::is_integral, double, float, std::string>::type;
+	using Expected = std::tuple<>;
+
+	static_assert(std::is_same_v<Filtered, Expected>, "Expected empty tuple when no types match");
+
+	using InputTuple = std::tuple<double, float, std::string>;
+	using Filtered = typename FilteredTuple<std::is_integral, InputTuple>::type;
+
+	static_assert(std::is_same_v<Filtered, Expected>, "Expected empty tuple when no types match");
+}
+
+TEST(FilteredTuple, AllMatch)
+{
+	using Filtered = typename FilteredTuple<std::is_integral, int, char, long>::type;
+	using Expected = std::tuple<int, char, long>;
+
+	static_assert(std::is_same_v<Filtered, Expected>, "Filtered tuple should include all types");
+
+	using InputTuple = std::tuple<int, char, long>;
+	using Filtered = typename FilteredTuple<std::is_integral, InputTuple>::type;
+
+	static_assert(std::is_same_v<Filtered, Expected>, "Filtered tuple should include all types");
+}
+
+using utils::IsInTuple;
+
+TEST(IsInTuple, TypeInTuple)
+{
+	using MyTuple = std::tuple<int, double, char>;
+
+	constexpr bool is_int = IsInTuple<int, MyTuple>::value;
+	EXPECT_TRUE(is_int);
+
+	constexpr bool is_float = IsInTuple<float, MyTuple>::value;
+	EXPECT_FALSE(is_float);
+}
+
+TEST(IsInTuple, EmptyTuple)
+{
+	using EmptyTuple = std::tuple<>;
+
+	constexpr bool is_int = IsInTuple<int, EmptyTuple>::value;
+	EXPECT_FALSE(is_int);
+}
+
+using utils::IndexOf;
+
+TEST(IndexOf, IndexCalculation)
+{
+	using MyTuple = std::tuple<int, double, char>;
+
+	constexpr std::size_t index1 = IndexOf<int, MyTuple>::value;
+	constexpr std::size_t index2 = IndexOf<double, MyTuple>::value;
+	constexpr std::size_t index3 = IndexOf<char, MyTuple>::value;
+
+	EXPECT_EQ(index1, 0);
+	EXPECT_EQ(index2, 1);
+	EXPECT_EQ(index3, 2);
+}
+
+TEST(IndexOf, MultipleOccurrences)
+{
+	using MyTuple = std::tuple<int, double, int, char, int>;
+
+	constexpr std::size_t index1 = IndexOf<int, MyTuple>::value;
+	constexpr std::size_t index2 = IndexOf<double, MyTuple>::value;
+	constexpr std::size_t index3 = IndexOf<char, MyTuple>::value;
+
+	EXPECT_EQ(index1, 0); // IndexOf should return the first occurrence of 'int'
+	EXPECT_EQ(index2, 1); // 'double' appears at index 1
+	EXPECT_EQ(index3, 3); // 'char' appears at index 3
+}
+
+TEST(IndexOf, TypeNotFound)
+{
+	using MyTuple [[maybe_unused]] = std::tuple<int, double, char>;
+
+	// Expect compile-time failure for a type not present in the tuple
+	// The following line should trigger a compile-time error
+	// constexpr std::size_t invalidIndex = IndexOf<float, MyTuple>::value;
+}
+
+TEST(IndexOf, EmptyTuple)
+{
+	using EmptyTuple [[maybe_unused]] = std::tuple<>;
+
+	// Expect a compile-time failure if trying to get index from an empty tuple
+	// Uncommenting the following line should trigger a compile-time error:
+	// constexpr std::size_t invalidIndex = IndexOf<int, EmptyTuple>::value;
+}
+
+using utils::get_first_tuple_size;
+
+TEST(TupleSize, GetFirstTupleSize)
+{
+	using Tuple1 = std::tuple<int, double, char>;
+	constexpr std::size_t size1 = get_first_tuple_size<Tuple1>();
+	EXPECT_EQ(size1, 3);
+
+	using Tuple2 = std::tuple<float, bool, long, int, double>;
+	constexpr std::size_t size2 = get_first_tuple_size<Tuple1, Tuple2>();
+	EXPECT_EQ(size2, 3);
+
+	using EmptyTuple = std::tuple<>;
+	constexpr std::size_t size3 = get_first_tuple_size<EmptyTuple>();
+	EXPECT_EQ(size3, 0);
+}
+
+using utils::zip_apply;
+
+TEST(ZipApply, BasicUsage)
+{
+	auto t1 = std::make_tuple(1, 2, 3);
+	auto t2 = std::make_tuple(4, 5, 6);
+	std::vector<int> results;
+
+	auto op = [&](int a, int b) {
+		results.push_back(a + b);
+	};
+
+	zip_apply(op, t1, t2);
+
+	EXPECT_EQ(results.size(), 3u);
+	EXPECT_EQ(results[0], 5);
+	EXPECT_EQ(results[1], 7);
+	EXPECT_EQ(results[2], 9);
+
+	results.clear();
+	auto op2 = [&](int a, int b, int c, int d) {
+		results.push_back(a + b + c + d);
+	};
+
+	zip_apply(op2, t1, t2, t1, t2);
+
+	EXPECT_EQ(results.size(), 3u);
+	EXPECT_EQ(results[0], 10);
+	EXPECT_EQ(results[1], 14);
+	EXPECT_EQ(results[2], 18);
+}
+
+TEST(ZipApply, WorksWithSingleTuple)
+{
+	auto t1 = std::make_tuple(1, 2, 3);
+	std::vector<int> results;
+
+	auto op = [&](int a) {
+		results.push_back(a * 2);
+	};
+
+	zip_apply(op, t1);
+
+	EXPECT_EQ(results.size(), 3u);
+	EXPECT_EQ(results[0], 2);
+	EXPECT_EQ(results[1], 4);
+	EXPECT_EQ(results[2], 6);
+}
+
+TEST(ZipApply, DifferentSizesCompileError)
+{
+	// Expect a compile-time failure due to different tuple sizes
+	// Uncommenting the following lines should trigger a compile-time error:
+	/* auto t1 = std::make_tuple(1, 2); */
+	/* auto t2 = std::make_tuple(3); */
+	/* zip_apply([](int a, int b) {}, t1, t2); */
+}
+
+TEST(ZipApply, NoTuplesCompileError)
+{
+	// Expect a compile-time failure due to no tuples provided
+	// Uncommenting the following lines should trigger a compile-time error:
+	/* zip_apply([]() { }); */
+}
+
+} // namespace
diff --git a/common/unittest/unittest.cpp b/common/unittest/unittest.cpp
new file mode 100644
index 00000000..9cfa1ba3
--- /dev/null
+++ b/common/unittest/unittest.cpp
@@ -0,0 +1,3 @@
+#include "common/define.h"
+
+common::log::LogPriority common::log::logPriority = common::log::TLOG_DEBUG;
diff --git a/common/unittest/variant_trait_map.cpp b/common/unittest/variant_trait_map.cpp
new file mode 100644
index 00000000..0aa76df2
--- /dev/null
+++ b/common/unittest/variant_trait_map.cpp
@@ -0,0 +1,110 @@
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+#include <optional>
+
+#include "common/variant_trait_map.h"
+
+struct A
+{};
+struct B
+{};
+struct C
+{};
+struct D
+{};
+
+// Trait that holds for A and C
+template<typename T>
+struct SomeTrait : std::false_type
+{};
+
+template<>
+struct SomeTrait<A> : std::true_type
+{};
+
+template<>
+struct SomeTrait<C> : std::true_type
+{};
+
+// Trait that holds for all types
+template<typename T>
+struct AllTrait : std::true_type
+{};
+
+// Trait that holds for no types
+template<typename T>
+struct NoTrait : std::false_type
+{};
+
+using utils::VariantTraitMap;
+
+TEST(VariantTraitMap, BasicUsage)
+{
+	using MyVariant = std::variant<A, B, C>;
+	VariantTraitMap<MyVariant, SomeTrait, size_t> map;
+
+	map.get<A>() = 42;
+	EXPECT_EQ(map.get<A>(), 42);
+
+	map.get<C>() = 100;
+	EXPECT_EQ(map.get<C>(), 100);
+
+	++map.get<A>();
+	EXPECT_EQ(map.get<A>(), 43);
+
+	map.set<C>(200);
+	EXPECT_EQ(map.get<C>(), 200);
+
+	MyVariant runtime_variant(A{});
+
+	std::visit([&map](auto&& actual_variant) {
+		using T = std::decay_t<decltype(actual_variant)>;
+
+		if constexpr (SomeTrait<T>::value)
+		{
+			EXPECT_EQ(map.get<T>(), 43);
+		}
+	},
+	           runtime_variant);
+
+	// The following lines should cause compile-time errors if uncommented
+	// map.get<B>(); // B does not satisfy SomeTrait
+	// map.get<D>(); // D is not in MyVariant
+}
+
+TEST(VariantTraitMap, NoTypesTrait)
+{
+	using MyVariant [[maybe_unused]] = std::variant<A, B, C>;
+	// The following line should cause a compile-time error because no types satisfy the trait
+	// VariantTraitMap<MyVariant, NoTrait, int> map;
+}
+
+TEST(VariantTraitMap, SingleTypeVariant)
+{
+	using MyVariant = std::variant<A>;
+	VariantTraitMap<MyVariant, SomeTrait, int> map;
+
+	map.get<A>() = 10;
+	EXPECT_EQ(map.get<A>(), 10);
+}
+
+TEST(VariantTraitMap, AllTypesTrait)
+{
+	using MyVariant = std::variant<A, B, C>;
+	VariantTraitMap<MyVariant, AllTrait, std::optional<int>> map;
+
+	map.get<A>() = 1;
+	map.get<B>() = -2;
+
+	EXPECT_EQ(map.get<A>().value(), 1);
+	EXPECT_EQ(map.get<B>().value(), -2);
+	// will be default constructed
+	EXPECT_EQ(map.get<C>(), std::nullopt);
+}
+
+TEST(VariantTraitMap, EmptyVariant)
+{
+	using MyVariant [[maybe_unused]] = std::variant<>;
+	// The following line should cause a compile-time error because the variant is empty
+	// VariantTraitMap<MyVariant, SomeTrait, int> map;
+}
diff --git a/common/utils.h b/common/utils.h
new file mode 100644
index 00000000..20e20696
--- /dev/null
+++ b/common/utils.h
@@ -0,0 +1,50 @@
+#pragma once
+
+#include <iomanip>
+#include <vector>
+
+namespace utils
+{
+
+// Utility to calculate percentage
+// TODO C++20: use std::type_identity_t to establish non-deduced context
+// Will allow to do `to_percent(4.2, 1)`
+template<typename T>
+inline std::string to_percent(T current, T maximum = 1)
+{
+	double percent = 0.0;
+	if (maximum != 0)
+	{
+		percent = static_cast<double>(current) / static_cast<double>(maximum) * 100.0;
+	}
+
+	std::ostringstream stream;
+	stream << std::fixed << std::setprecision(2) << percent;
+	return stream.str();
+}
+
+// Split a string_view into a vector of strings based on a delimiter
+inline std::vector<std::string> split(const std::string_view str, char delimiter)
+{
+	std::vector<std::string> result;
+	size_t start = 0;
+	size_t end = 0;
+
+	while ((end = str.find(delimiter, start)) != std::string_view::npos)
+	{
+		result.emplace_back(str.substr(start, end - start));
+		start = end + 1;
+	}
+	result.emplace_back(str.substr(start));
+	return result;
+}
+
+// Split for std::string but disabled for const char* to avoid ambiguity
+template<typename T, typename = std::enable_if_t<!std::is_same_v<T, const char*>>>
+inline std::vector<std::string> split(const std::string& str, char delimiter)
+{
+	return split(std::string_view(str), delimiter);
+}
+
+}
+// namespace utils
diff --git a/common/variant_trait_map.h b/common/variant_trait_map.h
new file mode 100644
index 00000000..16fee0b4
--- /dev/null
+++ b/common/variant_trait_map.h
@@ -0,0 +1,126 @@
+#pragma once
+
+#include "tuple.h"
+
+namespace utils
+{
+
+/**
+ * @brief A class that maps types in a variant to a value V, based on a trait.
+ *
+ * This class uses a std::tuple to hold values of type V for each type in the
+ * variant that satisfies the trait.
+ *
+ * Example Usage:
+ * struct A {};
+ * struct B {};
+ * struct C {};
+ *
+ * template<typename T>
+ * struct IsSpecial : std::false_type {};
+ *
+ * template<>
+ * struct IsSpecial<A> : std::true_type {};
+ *
+ * template<>
+ * struct IsSpecial<C> : std::true_type {};
+ *
+ * using Variant = std::variant<A, B, C>;
+ * using MyMap = VariantTraitMap<Variant, IsSpecial, std::optional<size_t>>;
+ *
+ * MyMap map;
+ * map.set<A>(42); // Works because A satisfies IsSpecial
+ * map.set<C>(99); // Works because C satisfies IsSpecial
+ * auto val = map.get<A>(); // Returns 42
+ * auto val = map.get<B>(); // Compile-time error because B does not satisfy IsSpecial
+ *
+ * @tparam Variant The std::variant type containing different types.
+ * @tparam Trait   The trait that defines which types are mapped to a value.
+ * @tparam V       The value type to map the types to
+ */
+template<typename Variant, template<typename> class Trait, typename V>
+class VariantTraitMap
+{
+private:
+	using AllTypes = typename VariantTypes<Variant>::type;
+	static_assert(std::tuple_size<AllTypes>::value > 0, "Variant is empty");
+
+	using FilteredTypes = typename FilteredTuple<Trait, AllTypes>::type;
+	static_assert(std::tuple_size<FilteredTypes>::value > 0, "No types satisfy the trait");
+
+	template<typename Tuple>
+	struct StorageFromTuple;
+
+	template<typename... Ts>
+	struct StorageFromTuple<std::tuple<Ts...>>
+	{
+		using type = std::tuple<decltype((void)Ts(), V())...>;
+	};
+
+	using Storage = typename StorageFromTuple<FilteredTypes>::type;
+
+	// Storage is a tuple of V types repeated for each type in FilteredTypes
+	Storage storage_;
+
+public:
+	using Types = FilteredTypes;
+
+	VariantTraitMap() = default;
+
+	/**
+	 * @brief Retrieves the value associated with a specific type.
+	 *
+	 * This function retrieves the value of type V that is associated with a type T in the variant.
+	 *
+	 * Example:
+	 * map.get<A>() = 42;
+	 * size_t value = map.get<A>();
+	 *
+	 * @tparam T The type to retrieve the value for.
+	 * @return V& The value of type V associated with type T.
+	 */
+	template<typename T>
+	V& get()
+	{
+		static_assert(IsInTuple<T, AllTypes>::value, "Type T is not in Variant");
+		static_assert(Trait<T>::value, "Type T does not satisfy Trait");
+		constexpr std::size_t index = IndexOf<T, FilteredTypes>::value;
+		return std::get<index>(storage_);
+	}
+
+	/**
+	 * @brief Retrieves the value associated with a specific type (const version).
+	 *
+	 * This function retrieves the const value of type V that is associated with a type T in the variant.
+	 *
+	 * @tparam T The type to retrieve the value for.
+	 * @return const V& The const value of type V associated with type T.
+	 */
+	template<typename T>
+	const V& get() const
+	{
+		static_assert(IsInTuple<T, AllTypes>::value, "Type T is not in Variant");
+		static_assert(Trait<T>::value, "Type T does not satisfy Trait");
+		constexpr std::size_t index = IndexOf<T, FilteredTypes>::value;
+		return std::get<index>(storage_);
+	}
+
+	/**
+	 * @brief Sets the value associated with a specific type.
+	 *
+	 * This function sets the value of type V for a specific type T in the variant.
+	 *
+	 * Example:
+	 * map.set<A>(42);
+	 *
+	 * @tparam T The type to set the value for.
+	 * @param val The value of type V to set.
+	 */
+	template<typename T>
+	void set(const V& val)
+	{
+		get<T>() = val;
+	}
+};
+
+} // namespace utils
diff --git a/common/weight.h b/common/weight.h
index 0b882301..20c1fb84 100644
--- a/common/weight.h
+++ b/common/weight.h
@@ -16,7 +16,6 @@ class weight_t
 
 public:
 	weight_t() :
-	        size(0),
 	        current(0)
 	{
 		base.resize(size_T, 0);
@@ -114,7 +113,7 @@ class weight_t
 
 	mutable std::vector<index_type_T> base;
 
-	uint32_t size;
+	uint32_t size{};
 	mutable std::atomic<uint32_t> current;
 };
 
diff --git a/controlplane/acl.cpp b/controlplane/acl.cpp
index ebdaf3bb..81934f15 100644
--- a/controlplane/acl.cpp
+++ b/controlplane/acl.cpp
@@ -7,7 +7,6 @@
 #include <stdexcept>
 #include <string>
 #include <unordered_map>
-#include <unordered_set>
 #include <vector>
 
 #ifdef ACL_DEBUG
@@ -23,14 +22,10 @@
 	}
 
 #include "acl.h"
-#include "acl/bitset.h"
 #include "acl/dict.h"
-#include "acl/network.h"
 #include "acl/rule.h"
 #include "acl_compiler.h"
 
-#include "common/acl.h"
-
 namespace acl
 {
 
@@ -58,8 +53,8 @@ struct dispatcher_rules_t
 			{
 				const auto& network = *item.network;
 
-				filter_network_t* _src = new filter_network_t;
-				filter_network_t* _dst = new filter_network_t;
+				auto* _src = new filter_network_t;
+				auto* _dst = new filter_network_t;
 
 				if (std::holds_alternative<controlplane::base::acl_rule_network_ipv4_t>(network))
 				{
@@ -324,6 +319,9 @@ struct firewall_rules_t
 					case ipfw::rule_action_t::ALLOW:
 					case ipfw::rule_action_t::DUMP:
 					case ipfw::rule_action_t::DENY:
+					case ipfw::rule_action_t::CHECKSTATE:
+					case ipfw::rule_action_t::STATETIMEOUT:
+					case ipfw::rule_action_t::HITCOUNT:
 					{
 						// handle only meaning rules
 						auto& ruleref = yanet_rules.emplace_back(rulep, configp);
@@ -381,15 +379,6 @@ static inline auto is_term_filter(const ref_t<filter_t>& filter)
 	return (!filter || (!filter->src && !filter->dst && !filter->flags && !filter->proto));
 }
 
-static inline auto is_nonterm_action(const std::variant<int64_t, common::globalBase::tFlow, common::acl::action_t>& action)
-{
-	if (std::holds_alternative<common::acl::action_t>(action))
-	{
-		return true;
-	}
-	return false;
-}
-
 // gather matching rules from dispatcher
 static bool unwind_dispatcher(const dispatcher_rules_t& dispatcher,
                               const ref_t<filter_t>& filter,
@@ -421,7 +410,7 @@ static bool unwind_dispatcher(const dispatcher_rules_t& dispatcher,
 		ids.resize(idSize);
 
 		ACL_DBGMSG("gathered...");
-		if (is_term_filter(rule.filter) && !is_nonterm_action(rule.action))
+		if (is_term_filter(rule.filter) && (rule.is_term() || rule.is_skipto()))
 		{
 			ACL_DBGMSG("terminating filter...");
 			break;
@@ -471,43 +460,36 @@ static bool unwind(int64_t start_from, firewall_rules_t& fw, const dispatcher_ru
 			ids.insert(ids.end(), rule.ids.begin(), rule.ids.end());
 
 			ACL_DBGMSG("advancing further...");
-			if (std::holds_alternative<int64_t>(rule.action))
-			{
-				// handle skipto && allow action
-				start_from = std::get<int64_t>(rule.action);
-				if (start_from != DISPATCHER)
+			std::visit([&](const auto& action) {
+				using T = std::decay_t<decltype(action)>;
+
+				if constexpr (std::is_same_v<T, int64_t>)
 				{
-					ACL_DBGMSG("skipto " << start_from);
-					term_rule = unwind(start_from, fw, dispatcher, result_filter, iface, ids, rules, log || rule.log, recursion_limit + 1);
-					// if we have reached DISPATCHER, it will be handled next
+					// handle skipto && allow action
+					start_from = action;
+					if (start_from != DISPATCHER)
+					{
+						ACL_DBGMSG("skipto " << start_from);
+						term_rule = unwind(start_from, fw, dispatcher, result_filter, iface, ids, rules, log || rule.log, recursion_limit + 1);
+						// if we have reached DISPATCHER, it will be handled next
+					}
+					if (start_from == DISPATCHER)
+					{
+						ACL_DBGMSG("go to dispatcher...");
+						term_rule = unwind_dispatcher(dispatcher, result_filter, iface, ids, rules, log || rule.log);
+					}
 				}
-
-				if (start_from == DISPATCHER)
+				else
 				{
-					ACL_DBGMSG("go to dispatcher...");
-					term_rule = unwind_dispatcher(dispatcher, result_filter, iface, ids, rules, log || rule.log);
+					// Handle other types by emplacing them directly into rules
+					rules.emplace_back(std::move(result_filter), action, ids, log || rule.log);
+					ACL_DBGMSG(typeid(T).name() << " gathered...");
 				}
-			}
-			else if (std::holds_alternative<common::globalBase::tFlow>(rule.action))
-			{
-				// handle tFlows
-				rules.emplace_back(std::move(result_filter),
-				                   std::get<common::globalBase::tFlow>(rule.action),
-				                   ids,
-				                   log || rule.log);
-				ACL_DBGMSG("tFlow gathered...");
-			}
-			else
-			{
-				rules.emplace_back(std::move(result_filter),
-				                   std::get<common::acl::action_t>(rule.action),
-				                   ids,
-				                   log || rule.log);
-				ACL_DBGMSG("action_t gathered...");
-			}
+			},
+			           rule.action);
 
 			ids.resize(idSize);
-			if (is_term_filter(rule.filter) && !is_nonterm_action(rule.action))
+			if (is_term_filter(rule.filter) && (rule.is_term() || rule.is_skipto()))
 			{
 				ACL_DBGMSG("terminating filter...");
 				return true;
@@ -546,10 +528,10 @@ iface_map_t ifaceMapping(std::map<std::string, controlplane::base::logical_port_
 
 	for (const auto& [route_name, route] : routes)
 	{
-		(void)route_name;
+		YANET_GCC_BUG_UNUSED(route_name);
 		for (const auto& [name, iface] : route.interfaces)
 		{
-			(void)name;
+			YANET_GCC_BUG_UNUSED(name);
 			ret[iface.aclId].emplace(false, iface.nextModule);
 		}
 	}
@@ -560,7 +542,7 @@ iface_map_t ifaceMapping(std::map<std::string, controlplane::base::logical_port_
 // used by acl_lookup
 unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acls,
                      const iface_map_t& ifaces,
-                     const std::optional<std::string>& module,
+                     [[maybe_unused]] const std::optional<std::string>& module,
                      const std::optional<std::string>& direction,
                      const std::optional<std::string>& network_source,
                      const std::optional<std::string>& network_destination,
@@ -569,10 +551,8 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
                      const std::optional<std::string>& transport_source,
                      const std::optional<std::string>& transport_destination,
                      const std::optional<std::string>& transport_flags,
-                     const std::optional<std::string>& in_keepstate)
+                     const std::optional<std::string>& in_recordstate)
 {
-	(void)module;
-
 	unwind_result result;
 
 	try
@@ -664,7 +644,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
 				std::string transport_source = "any";
 				std::string transport_destination = "any";
 				std::string transport_flags = "any";
-				std::string keepstate = "false";
+				std::string recordstate = "false";
 				std::string next_module = "any";
 				std::string log = rule.log ? "true" : "false";
 
@@ -719,13 +699,13 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
 						}
 					}
 
-					if (rule.filter->keepstate)
+					if (rule.filter->recordstate)
 					{
-						keepstate = "true";
+						recordstate = "true";
 					}
 
-					if (in_keepstate &&
-					    keepstate != *in_keepstate)
+					if (in_recordstate &&
+					    recordstate != *in_recordstate)
 					{
 						continue;
 					}
@@ -754,7 +734,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
 				                    transport_source,
 				                    transport_destination,
 				                    transport_flags,
-				                    keepstate,
+				                    recordstate,
 				                    next_module,
 				                    ids,
 				                    log);
@@ -799,7 +779,7 @@ std::vector<rule_t> unwind_used_rules(const std::map<std::string, controlplane::
 	ids_map_map.emplace(ids_t(), 0);
 
 	result.ids_map.clear();
-	result.ids_map.push_back(ids_t());
+	result.ids_map.emplace_back();
 	std::set<ids_t> ids_overflow;
 
 #ifdef ACL_DEBUG
@@ -861,14 +841,14 @@ std::vector<rule_t> unwind_used_rules(const std::map<std::string, controlplane::
 			if (!rule.ids.empty())
 #endif
 			{
-				result.dispatcher.emplace_back(std::make_tuple(
+				result.dispatcher.emplace_back(
 #ifdef ACL_DEBUG
 				        rule.ids[0],
 #else
 				        FW_DISPATCHER_START_ID,
 #endif
 				        rule.to_string(),
-				        std::string()));
+				        std::string());
 			}
 			ACL_DBGMSG("dispatcher rule: " << rule.to_string());
 		}
@@ -883,16 +863,19 @@ std::vector<rule_t> unwind_used_rules(const std::map<std::string, controlplane::
 			start_filter = start_filter & filter;
 
 			auto rules = unwind_rules(fw, dispatcher, start_filter, iface);
-
-			for (auto& rule : rules)
+			auto rules_iter = rules.begin();
+			while (rules_iter != rules.end())
 			{
+				auto& rule = *rules_iter;
+				bool remove_rule = false;
+
 				if (std::holds_alternative<common::globalBase::tFlow>(rule.action))
 				{
 					auto& flow = std::get<common::globalBase::tFlow>(rule.action);
 
-					if (rule.filter->keepstate)
+					if (rule.filter->recordstate)
 					{
-						flow.flags |= (int)common::globalBase::eFlowFlags::keepstate;
+						flow.flags |= (int)common::globalBase::eFlowFlags::recordstate;
 					}
 					if (rule.log)
 					{
@@ -920,20 +903,33 @@ std::vector<rule_t> unwind_used_rules(const std::map<std::string, controlplane::
 						}
 					}
 				}
-				else if (std::holds_alternative<common::acl::action_t>(rule.action))
+				else if (std::holds_alternative<common::acl::dump_t>(rule.action))
 				{
-					auto& action = std::get<common::acl::action_t>(rule.action);
+					auto& action = std::get<common::acl::dump_t>(rule.action);
 					if (!action.dump_tag.empty())
 					{
-						auto it = result.tag_to_dump_id.find(action.dump_tag);
-						if (it == result.tag_to_dump_id.end())
+						if (result.dump_id_to_tag.size() >= YANET_CONFIG_DUMP_ID_TO_TAG_SIZE)
 						{
-							result.dump_id_to_tag.emplace_back(action.dump_tag);
-							it = result.tag_to_dump_id.emplace_hint(it, action.dump_tag, result.dump_id_to_tag.size());
+							// We should remove this rule because the dump_id would exceed the limit
+							remove_rule = true;
+						}
+						else
+						{
+							auto it = result.tag_to_dump_id.find(action.dump_tag);
+							if (it == result.tag_to_dump_id.end())
+							{
+								result.dump_id_to_tag.emplace_back(action.dump_tag);
+								it = result.tag_to_dump_id.emplace_hint(it, action.dump_tag, result.dump_id_to_tag.size());
+							}
+							action.dump_id = it->second;
 						}
-						action.dump_id = it->second;
 					}
 				}
+
+				if (remove_rule)
+					rules_iter = rules.erase(rules_iter);
+				else
+					++rules_iter;
 			}
 
 			auto [it, inserted] = rules_map.try_emplace(std::move(rules), aclId);
@@ -1026,7 +1022,7 @@ uint8_t string_to_proto(const std::string& string)
 
 std::set<uint32_t> lookup(const std::map<std::string, controlplane::base::acl_t>& acls,
                           const iface_map_t& ifaces,
-                          const std::optional<std::string>& module,
+                          [[maybe_unused]] const std::optional<std::string>& module,
                           const std::optional<std::string>& direction,
                           const std::optional<std::string>& network_source,
                           const std::optional<std::string>& network_destination,
@@ -1035,8 +1031,6 @@ std::set<uint32_t> lookup(const std::map<std::string, controlplane::base::acl_t>
                           const std::optional<std::string>& transport_source,
                           const std::optional<std::string>& transport_destination)
 {
-	(void)module;
-
 	std::set<uint32_t> result;
 
 	try
diff --git a/controlplane/acl.h b/controlplane/acl.h
index 077bb083..2822e3a0 100644
--- a/controlplane/acl.h
+++ b/controlplane/acl.h
@@ -3,6 +3,7 @@
 #include <nlohmann/json.hpp>
 
 #include "base.h"
+#include "common/idp.h"
 
 namespace acl
 {
@@ -67,7 +68,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
                      const std::optional<std::string>& transport_source,
                      const std::optional<std::string>& transport_destination,
                      const std::optional<std::string>& transport_flags,
-                     const std::optional<std::string>& keepstate);
+                     const std::optional<std::string>& recordstate);
 
 std::set<uint32_t> lookup(const std::map<std::string, controlplane::base::acl_t>& acls,
                           const acl::iface_map_t& ifaces,
diff --git a/controlplane/acl/bitset.h b/controlplane/acl/bitset.h
index be17730d..f4558a03 100644
--- a/controlplane/acl/bitset.h
+++ b/controlplane/acl/bitset.h
@@ -18,19 +18,19 @@ namespace acl
 struct bitset_t
 {
 public:
-	inline void insert(size_t i)
+	void insert(size_t i)
 	{
 		vals[i / 64] |= ((uint64_t)(1) << (i % 64));
 		first_one = std::min(first_one, i / 64);
 	}
 
-	inline bool operator[](size_t i) const
+	bool operator[](size_t i) const
 	{
 
 		return (vals[i / 64] & ((uint64_t)(1) << (i % 64))) != 0;
 	}
 
-	inline bool empty() const
+	[[nodiscard]] bool empty() const
 	{
 		return first_one == size;
 	}
@@ -41,7 +41,7 @@ struct bitset_t
 		printf("%s", to_string().c_str());
 	}
 
-	std::string to_string() const
+	[[nodiscard]] std::string to_string() const
 	{
 		std::string out;
 		for (size_t i = 0; i < size; ++i)
@@ -59,7 +59,7 @@ struct bitset_t
 	}
 #endif
 
-	inline bitset_t& operator|=(bitset_t const& other)
+	bitset_t& operator|=(bitset_t const& other)
 	{
 		if (other.empty())
 		{
@@ -74,7 +74,7 @@ struct bitset_t
 		return *this;
 	}
 
-	inline bitset_t& operator&=(bitset_t const& other)
+	bitset_t& operator&=(bitset_t const& other)
 	{
 		if (empty())
 		{
@@ -95,14 +95,14 @@ struct bitset_t
 		return *this;
 	}
 
-	friend inline bitset_t operator&(const bitset_t& rs1, const bitset_t& rs2)
+	friend bitset_t operator&(const bitset_t& rs1, const bitset_t& rs2)
 	{
 		bitset_t r = rs1;
 
 		return r &= rs2;
 	}
 
-	friend inline bool operator==(const bitset_t& p1, const bitset_t& p2)
+	friend bool operator==(const bitset_t& p1, const bitset_t& p2)
 	{
 		for (size_t i = p1.start(p2); i < p1.size; ++i)
 		{
@@ -115,12 +115,12 @@ struct bitset_t
 		return true;
 	}
 
-	friend inline bool operator!=(const bitset_t& p1, const bitset_t& p2)
+	friend bool operator!=(const bitset_t& p1, const bitset_t& p2)
 	{
 		return !(p1 == p2);
 	}
 
-	inline std::tuple<size_t, bool> minAnd(const bitset_t& p) const
+	[[nodiscard]] std::tuple<size_t, bool> minAnd(const bitset_t& p) const
 	{
 		for (size_t i = std::max(first_one, p.first_one); i < size; ++i)
 		{
@@ -134,8 +134,8 @@ struct bitset_t
 		return {0, false};
 	}
 
-	inline std::tuple<size_t, bool> minAnd(const bitset_t& p1,
-	                                       const bitset_t& p2) const
+	[[nodiscard]] std::tuple<size_t, bool> minAnd(const bitset_t& p1,
+	                                              const bitset_t& p2) const
 	{
 		for (size_t i = std::max(std::max(first_one, p1.first_one), p2.first_one); i < size; ++i)
 		{
@@ -149,7 +149,7 @@ struct bitset_t
 		return {0, false};
 	}
 
-	inline bool emptyAnd(const bitset_t& p1) const
+	[[nodiscard]] bool emptyAnd(const bitset_t& p1) const
 	{
 		for (size_t i = std::max(first_one, p1.first_one); i < size; ++i)
 		{
@@ -163,7 +163,7 @@ struct bitset_t
 	}
 
 private:
-	size_t start(const bitset_t& p1) const
+	[[nodiscard]] size_t start(const bitset_t& p1) const
 	{
 		return std::min(first_one, p1.first_one);
 	}
@@ -207,7 +207,7 @@ struct bitset_t
 	}
 };
 
-} //namespace acl
+} // namespace acl
 
 namespace std
 {
diff --git a/controlplane/acl/dict.h b/controlplane/acl/dict.h
index 000e905e..62d29e24 100644
--- a/controlplane/acl/dict.h
+++ b/controlplane/acl/dict.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include "../acl.h"
-
 #include "bitset.h"
 #include "network.h"
 #include "rule.h"
@@ -44,7 +42,7 @@ bool is_mask_simple(uint128_t mask)
 	bool end_found = false;
 	for (unsigned int i = 1; i <= 16; ++i)
 	{
-		const uint8_t byte = uint8_t((mask >> (128 - i * 8)) & 0xff);
+		const auto byte = uint8_t((mask >> (128 - i * 8)) & 0xff);
 		if (end_found)
 		{
 			if (byte > 0)
@@ -268,7 +266,7 @@ struct rdict_t
 		vec.reserve(map.size());
 		for (auto& v : map)
 		{
-			vec.push_back(v);
+			vec.emplace_back(v);
 		}
 
 		return vec;
@@ -477,7 +475,7 @@ struct id_dict_t
 	{
 	}
 
-	inline void insert(unsigned int id, unsigned int idx)
+	void insert(unsigned int id, unsigned int idx)
 	{
 		if (id >= table.size())
 		{
diff --git a/controlplane/acl/network.h b/controlplane/acl/network.h
index d8bdf260..c5f87d98 100644
--- a/controlplane/acl/network.h
+++ b/controlplane/acl/network.h
@@ -123,17 +123,13 @@ struct network_t
 	}
 
 	network_t(const ipfw::ipv4_prefix_mask_t& pref) :
-	        family(4)
+	        family(4), addr(std::get<0>(pref)), mask(std::get<1>(pref))
 	{
-		addr = std::get<0>(pref);
-		mask = std::get<1>(pref);
 	}
 
 	network_t(const ipfw::ipv6_prefix_mask_t& pref) :
-	        family(6)
+	        family(6), addr(std::get<0>(pref).getAddress128()), mask(std::get<1>(pref).getAddress128())
 	{
-		addr = std::get<0>(pref).getAddress128();
-		mask = std::get<1>(pref).getAddress128();
 	}
 
 	network_t(const common::ip_prefix_t& pref)
@@ -161,7 +157,7 @@ struct network_t
 	{
 	}
 
-	std::string to_string() const
+	[[nodiscard]] std::string to_string() const
 	{
 		std::stringstream ret;
 		if (family == 4)
@@ -194,7 +190,7 @@ struct network_t
 		return std::tie(family, mask, addr) < std::tie(second.family, second.mask, second.addr);
 	}
 
-	network_t normalize() const
+	[[nodiscard]] network_t normalize() const
 	{
 		return {family, addr & mask, mask};
 	}
diff --git a/controlplane/acl/rule.h b/controlplane/acl/rule.h
index 8bc8c45b..648bd662 100644
--- a/controlplane/acl/rule.h
+++ b/controlplane/acl/rule.h
@@ -7,7 +7,7 @@
 #include <string>
 #include <vector>
 
-#include "libfwparser/fw_parser.h"
+#include "common/actions.h"
 
 #include "network.h"
 
@@ -26,12 +26,12 @@ struct range_t : std::tuple<uint_t, uint_t>
 	inline range_t(unsigned int val) :
 	        std::tuple<uint_t, uint_t>(val, val) {}
 
-	uint_t from() const
+	[[nodiscard]] uint_t from() const
 	{
 		return std::get<0>(*this);
 	}
 
-	uint_t to() const
+	[[nodiscard]] uint_t to() const
 	{
 		return std::get<1>(*this);
 	}
@@ -39,13 +39,12 @@ struct range_t : std::tuple<uint_t, uint_t>
 
 struct filter_base_t
 {
-	unsigned long ref_count;
+	unsigned long ref_count{};
 
-	inline constexpr filter_base_t() :
-	        ref_count(0) {}
-	virtual bool is_none() const = 0;
-	virtual ~filter_base_t() {}
-	virtual std::string to_string() const = 0;
+	inline constexpr filter_base_t() = default;
+	[[nodiscard]] virtual bool is_none() const = 0;
+	virtual ~filter_base_t() = default;
+	[[nodiscard]] virtual std::string to_string() const = 0;
 };
 
 template<typename filter_t>
@@ -79,17 +78,17 @@ struct ref_t
 		ref_inc();
 	}
 
-	inline ref_t(const ref_t& _ref)
+	inline ref_t(const ref_t& _ref) :
+	        filter(_ref.filter)
 	{
-		filter = _ref.filter;
 		ref_inc();
 	}
 
 	/*
 	inline ref_t(ref_t&& _ref)
 	{
-		filter = _ref.filter;
-		_ref.filter = nullptr;
+	        filter = _ref.filter;
+	        _ref.filter = nullptr;
 	}
 */
 
@@ -145,7 +144,7 @@ struct ref_t
 		return filter != nullptr;
 	}
 
-	inline bool is_none() const
+	[[nodiscard]] inline bool is_none() const
 	{
 		return filter ? filter->is_none() : false;
 	}
@@ -181,7 +180,7 @@ struct filter_network_t : filter_base_t
 {
 	std::vector<network_t> networks;
 
-	inline filter_network_t() {}
+	inline filter_network_t() = default;
 
 	filter_network_t(const ipfw::rule_t::address_t& target)
 	{
@@ -199,12 +198,12 @@ struct filter_network_t : filter_base_t
 		networks.emplace_back(std::move(string));
 	}
 
-	virtual bool is_none() const
+	[[nodiscard]] bool is_none() const override
 	{
 		return networks.empty();
 	}
 
-	virtual std::string to_string() const
+	[[nodiscard]] std::string to_string() const override
 	{
 		if (networks.empty())
 		{
@@ -233,7 +232,7 @@ struct filter_network_t : filter_base_t
 
 inline ref_t<filter_network_t> and_op(const ref_t<filter_network_t>& a, const ref_t<filter_network_t>& b)
 {
-	filter_network_t* result = new filter_network_t;
+	auto* result = new filter_network_t;
 
 	for (const auto& a_item : a.filter->networks)
 	{
@@ -269,7 +268,7 @@ struct filter_prm_t : filter_base_t
 {
 	std::vector<range_t<uint_t>> ranges;
 
-	inline filter_prm_t() {}
+	inline filter_prm_t() = default;
 
 	filter_prm_t(const common::ranges_t& _ranges)
 	{
@@ -335,12 +334,12 @@ struct filter_prm_t : filter_base_t
 		}
 	}
 
-	virtual bool is_none() const
+	[[nodiscard]] bool is_none() const override
 	{
 		return ranges.empty();
 	}
 
-	virtual std::string to_string() const
+	[[nodiscard]] std::string to_string() const override
 	{
 		std::string ret;
 
@@ -371,7 +370,7 @@ struct filter_prm_t : filter_base_t
 template<typename uint_t>
 ref_t<filter_prm_t<uint_t>> and_op(const ref_t<filter_prm_t<uint_t>>& a, const ref_t<filter_prm_t<uint_t>>& b)
 {
-	filter_prm_t<uint_t>* result = new filter_prm_t<uint_t>;
+	auto* result = new filter_prm_t<uint_t>;
 
 	for (const auto& a_item : a.filter->ranges)
 	{
@@ -396,7 +395,7 @@ using filter_prm16_t = filter_prm_t<uint16_t>;
 
 static inline ref_t<filter_prm16_t> icmp_prm1(const common::ranges_t& types, const common::ranges_t& codes)
 {
-	filter_prm16_t* filter = new filter_prm16_t;
+	auto* filter = new filter_prm16_t;
 
 	if (types == ranges_t{common::range_t{0x00, 0xFF}} && codes == ranges_t{common::range_t{0x00, 0xFF}})
 	{
@@ -593,12 +592,12 @@ struct filter_id_t : filter_base_t
 	inline filter_id_t(int _val) :
 	        val(_val) {}
 
-	virtual bool is_none() const
+	[[nodiscard]] bool is_none() const override
 	{
 		return val < 0;
 	}
 
-	virtual std::string to_string() const
+	[[nodiscard]] std::string to_string() const override
 	{
 		return std::to_string(val);
 	}
@@ -742,12 +741,12 @@ struct filter_proto_t : filter_base_t
 		}
 	}
 
-	virtual bool is_none() const
+	[[nodiscard]] bool is_none() const override
 	{
 		return type.is_none() || prm1.is_none() || prm2.is_none();
 	}
 
-	virtual std::string to_string() const
+	[[nodiscard]] std::string to_string() const override
 	{
 		bool has_ports = false, has_icmptypes = false,
 		     has_icmp6types = false, has_flags = false;
@@ -849,7 +848,7 @@ struct filter_t : filter_base_t
 	ref_t<filter_prm8_t> flags;
 	ref_t<filter_proto_t> proto;
 	ref_t<filter_id_t> dir;
-	ref_t<filter_bool_t> keepstate;
+	ref_t<filter_bool_t> recordstate;
 
 	filter_t(const ref_t<filter_id_t>& _acl_id,
 	         const ref_t<filter_network_t>& _src,
@@ -857,14 +856,14 @@ struct filter_t : filter_base_t
 	         const ref_t<filter_prm8_t>& _flags,
 	         const ref_t<filter_proto_t>& _proto,
 	         const ref_t<filter_id_t>& _dir,
-	         const ref_t<filter_bool_t>& keepstate) :
+	         const ref_t<filter_bool_t>& recordstate) :
 	        acl_id(_acl_id),
 	        src(_src),
 	        dst(_dst),
 	        flags(_flags),
 	        proto(_proto),
 	        dir(_dir),
-	        keepstate(keepstate)
+	        recordstate(recordstate)
 	{}
 
 	filter_t(ipfw::rule_ptr_t rulep)
@@ -918,18 +917,18 @@ struct filter_t : filter_base_t
 				dir = new filter_id_t(1);
 				break;
 		}
-		if (rulep->keepstate)
+		if (rulep->recordstate)
 		{
-			keepstate = new filter_bool_t(true);
+			recordstate = new filter_bool_t(true);
 		}
 	}
 
-	virtual bool is_none() const
+	[[nodiscard]] bool is_none() const override
 	{
-		return acl_id.is_none() || src.is_none() || dst.is_none() || proto.is_none() || dir.is_none() || keepstate.is_none();
+		return acl_id.is_none() || src.is_none() || dst.is_none() || proto.is_none() || dir.is_none() || recordstate.is_none();
 	}
 
-	virtual std::string to_string() const
+	[[nodiscard]] std::string to_string() const override
 	{
 		std::string ret;
 
@@ -953,9 +952,9 @@ struct filter_t : filter_base_t
 		{
 			ret += " frag " + frag_to_string(flags);
 		}
-		if (keepstate)
+		if (recordstate)
 		{
-			ret += " keepstate";
+			ret += " recordstate";
 		}
 
 		if (acl_id)
@@ -968,7 +967,7 @@ struct filter_t : filter_base_t
 
 	bool operator==(const filter_t& o) const
 	{
-		return src == o.src && dst == o.dst && flags == o.flags && proto == o.proto && dir == o.dir && keepstate == o.keepstate;
+		return src == o.src && dst == o.dst && flags == o.flags && proto == o.proto && dir == o.dir && recordstate == o.recordstate;
 	}
 };
 
@@ -1023,15 +1022,23 @@ inline ref_t<filter_t> and_op(const ref_t<filter_t>& a, const ref_t<filter_t>& b
 	                    a.filter->flags & b.filter->flags,
 	                    a.filter->proto & b.filter->proto,
 	                    a.filter->dir & b.filter->dir,
-	                    a.filter->keepstate & b.filter->keepstate);
+	                    a.filter->recordstate & b.filter->recordstate);
 }
 
 const int64_t DISPATCHER = -1;
 
+// TODO: When rewriting the current ACL library into LibFilter, we should consider not using repetitive variants
+// to represent rule actions. Currently, we have this one, which is not even fully correct since it contains
+// int64_t for representing a line number for the SKIPTO instruction, which is not a rule action in an unwound rule
+// sense.
+//
+// Additionally, we might have another variant for representing rules that are suitable for execution in the dataplane.
+using rule_action = std::variant<int64_t, common::globalBase::tFlow, common::acl::dump_t, common::acl::check_state_t, common::acl::state_timeout_t, common::acl::hit_count_t>;
+
 struct rule_t
 {
 	ref_t<filter_t> filter;
-	std::variant<int64_t, common::globalBase::tFlow, common::acl::action_t> action;
+	rule_action action;
 	ids_t ids;
 	int64_t ruleno;
 	mutable std::string text;
@@ -1039,24 +1046,14 @@ struct rule_t
 	std::set<std::string> via;
 	bool log;
 
-	rule_t(const ref_t<filter_t>& _filter, common::globalBase::tFlow flow, const ids_t& ids, bool log) :
-	        filter(_filter),
-	        action(flow),
-	        ids(ids),
-	        log(log)
-	{
-		ruleno = DISPATCHER;
-	}
-
-	rule_t(const ref_t<filter_t>& _filter, common::acl::action_t action, const ids_t& ids, bool log) :
-	        filter(_filter),
-	        action(action),
-	        ids(ids),
-	        log(log)
-	{
-		ruleno = DISPATCHER;
-	}
+public:
+	// Templated constructor to handle all variants of rule_action
+	template<typename T>
+	rule_t(const ref_t<filter_t>& _filter, T action, ids_t ids, bool log) :
+	        filter(_filter), action(rule_action(action)), ids(std::move(ids)), ruleno(DISPATCHER), log(log)
+	{}
 
+	// Specialized constructor for skipto
 	rule_t(const ref_t<filter_t>& _filter, int64_t num, int64_t skipto) :
 	        filter(_filter),
 	        action(skipto),
@@ -1064,9 +1061,9 @@ struct rule_t
 	        log(false)
 	{}
 
-	rule_t(ipfw::rule_ptr_t rulep, ipfw::fw_config_ptr_t configp)
+	rule_t(ipfw::rule_ptr_t rulep, ipfw::fw_config_ptr_t configp) :
+	        text(rulep->text)
 	{
-		text = rulep->text;
 		switch (rulep->action)
 		{
 			case ipfw::rule_action_t::SKIPTO:
@@ -1098,8 +1095,17 @@ struct rule_t
 			case ipfw::rule_action_t::ALLOW:
 				action = DISPATCHER;
 				break;
+			case ipfw::rule_action_t::CHECKSTATE:
+				action = common::acl::check_state_t{};
+				break;
 			case ipfw::rule_action_t::DUMP:
-				action = common::acl::action_t(std::get<std::string>(rulep->action_arg));
+				action = common::acl::dump_t(std::get<std::string>(rulep->action_arg));
+				break;
+			case ipfw::rule_action_t::STATETIMEOUT:
+				action = common::acl::state_timeout_t(std::get<int64_t>(rulep->action_arg));
+				break;
+			case ipfw::rule_action_t::HITCOUNT:
+				action = common::acl::hit_count_t(std::get<std::string>(rulep->action_arg));
 				break;
 			default:
 				YANET_LOG_WARNING("unexpected rule action in rule '%s'\n", rulep->text.data());
@@ -1111,12 +1117,12 @@ struct rule_t
 		ids.emplace_back(rulep->ruleid);
 		for (const auto& [name, how] : rulep->ifaces)
 		{
-			(void)how; // XXX: we can use in/out filters
+			YANET_GCC_BUG_UNUSED(how); // XXX: we can use in/out filters
 			via.insert(name);
 		}
 		for (const auto& [direction, tables] : rulep->iface_tables)
 		{
-			(void)direction; // XXX: we can use in/out filters
+			YANET_GCC_BUG_UNUSED(direction); // XXX: we can use in/out filters
 			for (const auto& tablename : tables)
 			{
 				if (configp->m_tables.count(tablename) == 0)
@@ -1130,7 +1136,7 @@ struct rule_t
 					const auto& ifnames = std::get<ipfw::tables::ifname_t>(table);
 					for (const auto& [iface, label] : ifnames)
 					{
-						(void)label;
+						YANET_GCC_BUG_UNUSED(label);
 						via.insert(iface);
 					}
 				}
@@ -1138,7 +1144,7 @@ struct rule_t
 				{
 					YANET_LOG_WARNING("wrong type for interface table %s\n", tablename.data());
 				}
-				(void)location;
+				YANET_GCC_BUG_UNUSED(location);
 			}
 		}
 	}
@@ -1154,41 +1160,56 @@ struct rule_t
 
 	const std::string& to_string() const
 	{
-		if (std::holds_alternative<common::globalBase::tFlow>(action))
-		{
-			auto flow = std::get<common::globalBase::tFlow>(action);
-			if (flow.type == common::globalBase::eFlowType::drop || flow.type == common::globalBase::eFlowType::controlPlane)
+		std::visit([this](const auto& rule) {
+			using T = std::decay_t<decltype(rule)>;
+			if constexpr (std::is_same_v<T, common::globalBase::tFlow>)
 			{
-				text = "deny";
+				if (rule.type == common::globalBase::eFlowType::drop ||
+				    rule.type == common::globalBase::eFlowType::controlPlane)
+				{
+					text = "deny";
+				}
+				else
+				{
+					text = "flow " + std::string(eFlowType_toString(rule.type)) +
+					       "(" + std::to_string(rule.data.atomic) + ")";
+				}
 			}
-			else
+			else if constexpr (std::is_same_v<T, common::acl::dump_t>)
 			{
-				text = "flow " + std::string(eFlowType_toString(flow.type)) + "(" + std::to_string(flow.data.atomic) + ")";
+				if (!rule.dump_tag.empty())
+				{
+					text = "dump(" + rule.dump_tag + ")";
+				}
 			}
-		}
-		else if (std::holds_alternative<common::acl::action_t>(action))
-		{
-			auto rule_action = std::get<common::acl::action_t>(action);
-			if (!rule_action.dump_tag.empty())
+			else if constexpr (std::is_same_v<T, common::acl::check_state_t>)
 			{
-				text = "dump(" + rule_action.dump_tag + ")";
+				text = "check-state";
 			}
-		}
-		else
-		{
-			auto arg = std::get<int64_t>(action);
-			switch (arg)
+			else if constexpr (std::is_same_v<T, common::acl::state_timeout_t>)
 			{
-				case DISPATCHER:
-					text = "allow";
-					break;
-				case 0:
-					text = "skipto tablearg";
-					break;
-				default:
-					text = "skipto " + std::to_string(arg);
+				text = "state-timeout(" + std::to_string(rule.timeout) + ")";
 			}
-		}
+			else if constexpr (std::is_same_v<T, common::acl::hit_count_t>)
+			{
+				text = "hitcount(" + rule.id + ")";
+			}
+			else if constexpr (std::is_same_v<T, int64_t>)
+			{
+				switch (rule)
+				{
+					case DISPATCHER:
+						text = "allow";
+						break;
+					case 0:
+						text = "skipto tablearg";
+						break;
+					default:
+						text = "skipto " + std::to_string(rule);
+				}
+			}
+		},
+		           action);
 
 		if (log)
 		{
@@ -1226,9 +1247,19 @@ struct rule_t
 	{
 		return action == o.action && filter == o.filter && log == o.log;
 	}
+
+	bool is_term() const
+	{
+		return std::holds_alternative<common::globalBase::tFlow>(action);
+	}
+
+	bool is_skipto() const
+	{
+		return std::holds_alternative<int64_t>(action);
+	}
 };
 
-} //namespace acl
+} // namespace acl
 
 namespace
 {
@@ -1319,7 +1350,7 @@ struct hash<acl::filter_t>
 	size_t operator()(const acl::filter_t& f) const noexcept
 	{
 		size_t h = 0;
-		hash_combine(h, f.src, f.dst, f.flags, f.proto, f.dir, f.keepstate);
+		hash_combine(h, f.src, f.dst, f.flags, f.proto, f.dir, f.recordstate);
 
 		return h;
 	}
@@ -1331,26 +1362,51 @@ struct hash<acl::rule_t>
 	size_t operator()(const acl::rule_t& r) const noexcept
 	{
 		size_t h = 0;
-		if (std::holds_alternative<int64_t>(r.action))
-		{
-			const auto& act = std::get<int64_t>(r.action);
-			hash_combine(h, act);
-		}
-		else if (std::holds_alternative<common::globalBase::tFlow>(r.action))
-		{
-			auto flow = std::get<common::globalBase::tFlow>(r.action);
-			hash_combine(h, 1, (uint64_t(flow.type) << 32) & flow.data.atomic);
-		}
-		else
-		{
-			auto action = std::get<common::acl::action_t>(r.action);
-			hash_combine(h, action.dump_id);
-		}
+		// value to hash based on the type of action
+		size_t action_value = 0;
+
+		std::visit([&action_value](const auto& action) {
+			using T = std::decay_t<decltype(action)>;
+
+			if constexpr (std::is_same_v<T, int64_t>)
+			{
+				action_value = action;
+			}
+			else if constexpr (std::is_same_v<T, common::globalBase::tFlow>)
+			{
+				uint64_t high_part = static_cast<uint64_t>(action.type) << 32;
+				uint64_t low_part = static_cast<uint32_t>(action.data.atomic);
+				action_value = high_part | low_part;
+			}
+			else if constexpr (std::is_same_v<T, common::acl::check_state_t>)
+			{
+				// Since check_state_t acts as a marker (either present or not),
+				// it doesn't have specific members to hash.
+				// To uniquely identify its presence in the hash, we use a
+				// predefined static constant as a unique identifier.
+				action_value = common::acl::check_state_t::HASH_IDENTIFIER;
+			}
+			else if constexpr (std::is_same_v<T, common::acl::dump_t>)
+			{
+				action_value = action.dump_id;
+			}
+			else if constexpr (std::is_same_v<T, common::acl::state_timeout_t>)
+			{
+				action_value = action.timeout;
+			}
+			else if constexpr (std::is_same_v<T, common::acl::hit_count_t>)
+			{
+				action_value = std::hash<std::string>{}(action.id);
+			}
+		},
+		           r.action);
+
 		if (r.filter)
 		{
 			hash_combine(h, **r.filter);
 		}
-		hash_combine(h, r.log);
+
+		hash_combine(h, action_value, r.log);
 
 		return h;
 	}
diff --git a/controlplane/acl_base.h b/controlplane/acl_base.h
index 49931b13..b5446c36 100644
--- a/controlplane/acl_base.h
+++ b/controlplane/acl_base.h
@@ -1,10 +1,6 @@
 #pragma once
 
-#include <map>
-#include <set>
-#include <unordered_map>
-
-#include <cinttypes>
+#include <cstdint>
 
 using tAclGroupId = uint32_t;
 
diff --git a/controlplane/acl_compiler.cpp b/controlplane/acl_compiler.cpp
index aa18f92d..70fdba31 100644
--- a/controlplane/acl_compiler.cpp
+++ b/controlplane/acl_compiler.cpp
@@ -1,5 +1,6 @@
 #include "acl_compiler.h"
 #include "acl_filter.h"
+#include "acl_value.h"
 
 using namespace acl;
 
@@ -101,7 +102,7 @@ void compiler_t::compile(const std::vector<rule_t>& unwind_rules,
 		result.acl_total_table.emplace_back(key, value);
 	}
 
-	result.acl_values.swap(value.vector);
+	result.acl_values = std::move(value.vector);
 
 	YANET_LOG_INFO("acl::compile: done\n");
 }
@@ -171,8 +172,8 @@ void compiler_t::collect(const std::vector<rule_t>& unwind_rules)
 			}
 			else
 			{
-				network_ipv4_source_filter.emplace(network_t(4, 0, 0));
-				network_ipv6_source_filter.emplace(network_t(6, 0, 0));
+				network_ipv4_source_filter.emplace(4, 0, 0);
+				network_ipv6_source_filter.emplace(6, 0, 0);
 
 				src_family[4] = true;
 				src_family[6] = true;
@@ -197,8 +198,8 @@ void compiler_t::collect(const std::vector<rule_t>& unwind_rules)
 			}
 			else
 			{
-				network_ipv4_destination_filter.emplace(network_t(4, 0, 0));
-				network_ipv6_destination_filter.emplace(network_t(6, 0, 0));
+				network_ipv4_destination_filter.emplace(4, 0, 0);
+				network_ipv6_destination_filter.emplace(6, 0, 0);
 
 				dst_family[4] = true;
 				dst_family[6] = true;
@@ -266,27 +267,39 @@ void compiler_t::collect(const std::vector<rule_t>& unwind_rules)
 		}
 
 		/// total_table
-		{
-			rule.total_table_filter_id = total_table.collect(rule_id,
-			                                                 std::tie(rule.via_filter_id,
-			                                                          rule.transport_table_filter_id));
-		}
+		total_table.collect(rule_id,
+		                    std::tie(rule.via_filter_id,
+		                             rule.transport_table_filter_id));
 
-		/// value
 		{
+			// FIXME: unwind_rule being const makes that we cannot use move semantics, even though at this point
+			// we don't need unwinded rules anymore. It will be nice to use moves, but this requires a little bit API
+			// tweaking. Move here does nothing, as this is a const pointer, so just passing by value
 			if (auto flow = std::get_if<common::globalBase::tFlow>(&unwind_rule.action))
 			{
-				rule.value_filter_id = value.collect({*flow});
+				rule.value_filter_id = value.collect_initial_rule(*flow);
+			}
+			else if (auto dump = std::get_if<common::acl::dump_t>(&unwind_rule.action))
+			{
+				rule.value_filter_id = value.collect_initial_rule(*dump);
+			}
+			else if (auto check_state = std::get_if<common::acl::check_state_t>(&unwind_rule.action))
+			{
+				rule.value_filter_id = value.collect_initial_rule(*check_state);
+			}
+			else if (auto state_timeout = std::get_if<common::acl::state_timeout_t>(&unwind_rule.action))
+			{
+				rule.value_filter_id = value.collect_initial_rule(*state_timeout);
 			}
-			else if (auto action = std::get_if<common::acl::action_t>(&unwind_rule.action))
+			else if (auto hit_count = std::get_if<common::acl::hit_count_t>(&unwind_rule.action))
 			{
-				rule.value_filter_id = value.collect({*action});
+				rule.value_filter_id = value.collect_initial_rule(*hit_count);
 			}
 		}
 
 		/// terminating
 		{
-			rule.terminating = std::holds_alternative<common::globalBase::tFlow>(unwind_rule.action);
+			rule.terminating = unwind_rule.is_term();
 		}
 
 		YANET_LOG_DEBUG("acl::compile: rule: %s\n", unwind_rule.to_string().data());
@@ -301,7 +314,6 @@ void compiler_t::collect(const std::vector<rule_t>& unwind_rules)
 		YANET_LOG_DEBUG("acl::compile: transport_filter_id: %u\n", rule.transport_filter_id);
 		YANET_LOG_DEBUG("acl::compile: transport_table_filter_id: %u\n", rule.transport_table_filter_id);
 		YANET_LOG_DEBUG("acl::compile: via_filter_id: %u\n", rule.via_filter_id);
-		YANET_LOG_DEBUG("acl::compile: total_table_filter_id: %u\n", rule.total_table_filter_id);
 		YANET_LOG_DEBUG("acl::compile: value_filter_id: %u\n", rule.value_filter_id);
 	}
 
@@ -323,11 +335,8 @@ void compiler_t::collect(const std::vector<rule_t>& unwind_rules)
 	YANET_LOG_INFO("acl::compile: transport_table.filters: %lu\n",
 	               transport_table.filters.size());
 
-	YANET_LOG_INFO("acl::compile: total_table.filters: %lu\n",
-	               total_table.filters.size());
-
-	YANET_LOG_INFO("acl::compile: value.filters: %lu\n",
-	               value.filters.size());
+	YANET_LOG_INFO("acl::compile: value.vector: %lu\n",
+	               value.vector.size());
 }
 
 void compiler_t::network_compile()
diff --git a/controlplane/acl_filter.h b/controlplane/acl_filter.h
index 5352ac1b..07a34d33 100644
--- a/controlplane/acl_filter.h
+++ b/controlplane/acl_filter.h
@@ -34,7 +34,7 @@ class filter_transport
 		                second.icmpv6_identifier);
 	}
 
-	inline bool protocol_contain(const uint8_t protocol_value) const
+	[[nodiscard]] inline bool protocol_contain(const uint8_t protocol_value) const
 	{
 		for (const auto& range : protocol.vector)
 		{
diff --git a/controlplane/acl_flat.h b/controlplane/acl_flat.h
index 9601bac3..de7e0bb8 100644
--- a/controlplane/acl_flat.h
+++ b/controlplane/acl_flat.h
@@ -1,6 +1,5 @@
 #pragma once
 
-#include "acl/bitset.h"
 #include "acl_base.h"
 
 #include "common/acl.h"
diff --git a/controlplane/acl_network.h b/controlplane/acl_network.h
index 3171a253..ca5d2799 100644
--- a/controlplane/acl_network.h
+++ b/controlplane/acl_network.h
@@ -63,14 +63,12 @@ class network_t
 
 	void compile()
 	{
-		for (unsigned int filter_id = 0;
-		     filter_id < filters.size();
-		     filter_id++)
+		for (auto& filter : filters)
 		{
 			remap_group_ids.resize(0);
 			remap_group_ids.resize(group_id, 0);
 
-			for (const auto& network : filters[filter_id])
+			for (const auto& network : filter)
 			{
 				tree.insert(network.addr, network.mask, group_id, remap_group_ids);
 			}
diff --git a/controlplane/acl_network_table.cpp b/controlplane/acl_network_table.cpp
index 89b2da4c..c682c8e3 100644
--- a/controlplane/acl_network_table.cpp
+++ b/controlplane/acl_network_table.cpp
@@ -61,18 +61,11 @@ void network_table_t::prepare(const uint32_t height, const uint32_t width)
 
 void network_table_t::compile()
 {
-	for (unsigned int filter_id = 0;
-	     filter_id < filters.size();
-	     filter_id++)
+	for (auto [network_ipv4_source_filter_id, network_ipv4_destination_filter_id, network_ipv6_source_filter_id, network_ipv6_destination_filter_id] : filters)
 	{
 		remap_group_ids.clear();
 		remap_group_ids.resize(group_id, 0);
 
-		const auto& [network_ipv4_source_filter_id,
-		             network_ipv4_destination_filter_id,
-		             network_ipv6_source_filter_id,
-		             network_ipv6_destination_filter_id] = filters[filter_id];
-
 		const auto& network_ipv4_source_group_ids = compiler->network_ipv4_source.filter_group_ids[network_ipv4_source_filter_id];
 		const auto& network_ipv4_destination_group_ids = compiler->network_ipv4_destination.filter_group_ids[network_ipv4_destination_filter_id];
 		const auto& network_ipv6_source_group_ids = compiler->network_ipv6_source.filter_group_ids[network_ipv6_source_filter_id];
diff --git a/controlplane/acl_network_table.h b/controlplane/acl_network_table.h
index ac8a6470..b1e33695 100644
--- a/controlplane/acl_network_table.h
+++ b/controlplane/acl_network_table.h
@@ -1,6 +1,10 @@
 #pragma once
 
-#include "acl/bitset.h"
+#include <map>
+#include <set>
+#include <tuple>
+#include <vector>
+
 #include "acl_base.h"
 
 namespace acl::compiler
diff --git a/controlplane/acl_rule.h b/controlplane/acl_rule.h
index 1b500ec9..242df10b 100644
--- a/controlplane/acl_rule.h
+++ b/controlplane/acl_rule.h
@@ -22,7 +22,6 @@ class rule_t
 	unsigned int transport_filter_id;
 	unsigned int transport_table_filter_id;
 	unsigned int via_filter_id;
-	unsigned int total_table_filter_id;
 	unsigned int value_filter_id;
 	bool terminating;
 };
diff --git a/controlplane/acl_table.h b/controlplane/acl_table.h
index 281b712d..aa0d26e4 100644
--- a/controlplane/acl_table.h
+++ b/controlplane/acl_table.h
@@ -1,11 +1,7 @@
 #pragma once
 
-#include <functional>
-
-#include "acl/bitset.h"
 #include "acl_base.h"
-
-#include "common/acl.h"
+#include "common/define.h"
 
 namespace acl::compiler
 {
diff --git a/controlplane/acl_total_table.cpp b/controlplane/acl_total_table.cpp
index 7478d8ee..46191dc9 100644
--- a/controlplane/acl_total_table.cpp
+++ b/controlplane/acl_total_table.cpp
@@ -12,97 +12,84 @@ total_table_t::total_table_t(compiler_t* compiler) :
 void total_table_t::clear()
 {
 	table.clear();
-	remap_group_ids.clear();
-	group_id = 1;
-	filters.clear();
-	filter_ids.clear();
-	filter_id_by_rule_id.clear();
-	filter_id_group_ids.clear();
-	bitmask.clear();
-	map.clear();
-	reverse_map.clear();
-	reverse_map_next.clear();
 }
 
-unsigned int total_table_t::collect(const unsigned int rule_id, const filter& filter)
+void total_table_t::collect(const unsigned int rule_id, const filter& filter)
 {
-	(void)rule_id;
-
-	auto it = filter_ids.find(filter);
-	if (it == filter_ids.end())
-	{
-		filters.emplace_back(filter);
-		it = filter_ids.emplace_hint(it, filter, filter_ids.size());
-	}
-
-	filter_id_by_rule_id.emplace_back(it->second);
-	return it->second;
+	auto [via_filter_id, transport_table_filter_id] = filter;
+	acl_rules_by_filter_id[transport_table_filter_id].emplace_back(rule_id, via_filter_id);
 }
 
 void total_table_t::prepare()
 {
-	filter_id_group_ids.resize(filter_ids.size());
+	for (auto& thread : compiler->transport_table.threads)
+	{
+		for (auto group : thread.all_groups)
+		{
+			for (auto filter_id : thread.group_id_filter_ids[group])
+			{
+				for (const auto& [rule_id, acl_id] : acl_rules_by_filter_id[filter_id])
+				{
+					group_to_acl_rule_map[group][acl_id].insert(rule_id);
+				}
+			}
+		}
+	}
 }
 
+/**
+ * @brief Compiles the total table by processing groups and their associated ACL rules.
+ *
+ * This function iterates through all threads, groups, and their respective ACL rules,
+ * and fills the total table with rules. The rules are processed until a terminating rule
+ * is encountered or all rules have been processed. If no terminating rule is found, a
+ * default "drop" action is appended at the end (see `value_t::compile()`).
+ */
 void total_table_t::compile()
 {
-	common::acl::total_key_t key;
-	memset(&key, 0, sizeof(key));
+	YANET_LOG_DEBUG("Compiling total table\n");
 
-	for (const auto& rule : compiler->rules)
+	for (auto& thread : compiler->transport_table.threads)
 	{
-		const auto filter_id = rule.total_table_filter_id;
-		const auto group_id = rule.value_filter_id;
-
-		if (!filter_id_group_ids[filter_id].empty())
+		for (auto group : thread.all_groups)
 		{
-			continue;
-		}
-
-		const auto& [acl_id, transport_table_filter_id] = filters[filter_id];
-		/// @todo: acl_id -> via_filter_id
+			YANET_LOG_DEBUG("Processing group %u:\n", group);
 
-		key.acl_id = acl_id;
-		bool used = false;
-		for (const auto& thread : compiler->transport_table.threads)
-		{
-			for (const auto transport_table_group_id : thread.transport_table_filter_id_group_ids[transport_table_filter_id])
+			auto& acl_rules_map = group_to_acl_rule_map[group];
+			for (auto& [acl_id, rule_ids] : acl_rules_map)
 			{
-				key.transport_id = transport_table_group_id;
-				auto it = table.find(key);
-				if (it == table.end())
-				{
-					// If there is no such key in table, then we save [key, group_id]
-					// without any additional checks.
-					it = table.emplace_hint(it, key, group_id);
-					used = true;
-				}
-				else
+				common::acl::total_key_t key{acl_id, group};
+
+				YANET_LOG_DEBUG("\tFilling key {%u, %u}\n", key.transport_id, key.acl_id);
+
+				// At this point there's nothing in this group hence we should add at least one rule.
+				// Do it here, cause there are a decent chance that there will be only one rule or it
+				// will be terminating, so the following loop will be unnecessary.
+				auto rule_iter = rule_ids.begin();
+				const auto& first_rule = compiler->rules[*rule_iter];
+				YANET_LOG_DEBUG("\t\tAdding rule %u\n", first_rule.rule_id);
+				table[key] = compiler->value.collect(first_rule.value_filter_id);
+				compiler->used_rules.push_back(first_rule.rule_id);
+
+				if (first_rule.terminating)
+					continue;
+
+				YANET_LOG_DEBUG("\t\tThat rule was not terminating, so continue\n");
+
+				for (++rule_iter; rule_iter != rule_ids.end(); ++rule_iter)
 				{
-					// If table already has such key, then we are trying to collect
-					// new combination of the previous group_id and the current group_id.
-					// If new_group_id differs from the current group_id, then we replace
-					// the previous group_id with the new one. Otherwise we don't do anything.
-					const auto new_group_id = compiler->value.collect(it->second, group_id);
-					if (new_group_id != it->second)
+					const auto& rule = compiler->rules[*rule_iter];
+					compiler->value.append_to_last(rule.value_filter_id);
+					compiler->used_rules.push_back(rule.rule_id);
+					YANET_LOG_DEBUG("\t\tAppending rule %u\n", rule.rule_id);
+
+					if (rule.terminating)
 					{
-						it->second = new_group_id;
-						used = true;
+						YANET_LOG_DEBUG("\t\tThat rule was terminating, so break from processing for this acl_id and group\n");
+						break;
 					}
 				}
-
-				if (rule.terminating && used)
-				{
-					// If the rule is termineting and has been used, then we mark filter_id
-					// as filled in to prevent further additional checks.
-					filter_id_group_ids[filter_id].emplace(it->second);
-				}
 			}
 		}
-
-		if (used)
-		{
-			compiler->used_rules.emplace_back(rule.rule_id);
-		}
 	}
 }
diff --git a/controlplane/acl_total_table.h b/controlplane/acl_total_table.h
index db93de46..b2b0becd 100644
--- a/controlplane/acl_total_table.h
+++ b/controlplane/acl_total_table.h
@@ -1,6 +1,5 @@
 #pragma once
 
-#include "acl/bitset.h"
 #include "acl_base.h"
 
 #include "common/acl.h"
@@ -18,29 +17,16 @@ class total_table_t
 	                          unsigned int>; ///< transport_table_filter_id
 
 	void clear();
-	unsigned int collect(const unsigned int rule_id, const filter& filter);
+	void collect(const unsigned int rule_id, const filter& filter);
 	void prepare();
 	void compile();
-	void compile_thread(const unsigned int thread_id, const unsigned int threads_count);
 
 public:
-	acl::compiler_t* compiler;
-
-	std::map<common::acl::total_key_t, tAclGroupId> table;
-
-	std::vector<tAclGroupId> remap_group_ids;
-	tAclGroupId group_id;
-
-	std::vector<filter> filters;
-	std::map<filter, unsigned int> filter_ids;
-	std::vector<unsigned int> filter_id_by_rule_id;
-	std::vector<std::set<tAclGroupId>> filter_id_group_ids;
+	std::map<common::acl::total_key_t, unsigned int> table;
 
-	std::vector<uint8_t> bitmask; /// @todo: bitmask_t
-
-	std::unordered_map<bitset_t, tAclGroupId> map;
-	std::map<tAclGroupId, bitset_t> reverse_map;
-	std::map<tAclGroupId, bitset_t> reverse_map_next;
+private:
+	acl::compiler_t* compiler;
+	std::unordered_map<unsigned int, std::vector<filter>> acl_rules_by_filter_id;
+	std::unordered_map<tAclGroupId, std::unordered_map<unsigned int, std::set<unsigned int>>> group_to_acl_rule_map;
 };
-
 }
diff --git a/controlplane/acl_transport.cpp b/controlplane/acl_transport.cpp
index 2eaa3edc..840b074b 100644
--- a/controlplane/acl_transport.cpp
+++ b/controlplane/acl_transport.cpp
@@ -1,5 +1,4 @@
 #include "acl_compiler.h"
-#include "acl_network_table.h"
 
 using namespace acl::compiler;
 
@@ -64,10 +63,10 @@ void transport_t::distribute()
 	for (const auto& [key, network_table_group_ids] : variation)
 	{
 		const auto& [size, filter_ids] = key;
-		(void)size;
+		YANET_GCC_BUG_UNUSED(size);
 
 		unsigned int best_layer_id = 0;
-		size_t best_filter_ids_count = (size_t)-1;
+		auto best_filter_ids_count = (size_t)-1;
 
 		for (unsigned int layer_id = 0;
 		     layer_id < compiler->transport_layers_size_max;
@@ -105,12 +104,8 @@ void transport_t::distribute()
 
 void transport_t::compile()
 {
-	for (unsigned int layer_id = 0;
-	     layer_id < layers.size();
-	     layer_id++)
+	for (auto& layer : layers)
 	{
-		auto& layer = layers[layer_id];
-
 		for (const auto filter_id : layer.filter_ids_set)
 		{
 			const auto& filter = filters[filter_id];
@@ -144,12 +139,8 @@ void transport_t::compile()
 		layer.icmp_identifier.prepare();
 	}
 
-	for (unsigned int layer_id = 0;
-	     layer_id < layers.size();
-	     layer_id++)
+	for (auto& layer : layers)
 	{
-		auto& layer = layers[layer_id];
-
 		layer.protocol.compile();
 		layer.tcp_source.compile();
 		layer.tcp_destination.compile();
@@ -163,12 +154,8 @@ void transport_t::compile()
 
 void transport_t::populate()
 {
-	for (unsigned int layer_id = 0;
-	     layer_id < layers.size();
-	     layer_id++)
+	for (auto& layer : layers)
 	{
-		auto& layer = layers[layer_id];
-
 		layer.protocol.populate();
 		layer.tcp_source.populate();
 		layer.tcp_destination.populate();
diff --git a/controlplane/acl_transport_table.cpp b/controlplane/acl_transport_table.cpp
index b6576dfc..6a6bb050 100644
--- a/controlplane/acl_transport_table.cpp
+++ b/controlplane/acl_transport_table.cpp
@@ -72,9 +72,8 @@ transport_table::thread_t::thread_t(transport_table_t* transport_table,
                                     const unsigned int threads_count) :
         transport_table(transport_table),
         thread_id(thread_id),
-        threads_count(threads_count)
+        threads_count(threads_count), group_id(1 + thread_id)
 {
-	group_id = 1 + thread_id;
 }
 
 void transport_table::thread_t::start()
@@ -159,14 +158,11 @@ void transport_table::thread_t::compile()
 	std::array<size_t, dimension> table_indexes;
 	table_indexes.fill(0);
 
-	for (unsigned int filter_id = 0;
-	     filter_id < transport_table->filters.size();
-	     filter_id++)
+	for (auto [network_table_filter_id, network_flags_filter_id, transport_filter_id] : transport_table->filters)
 	{
 		remap_group_ids.clear();
 		remap_group_ids.resize(group_id, 0);
 
-		const auto& [network_table_filter_id, network_flags_filter_id, transport_filter_id] = transport_table->filters[filter_id];
 		const auto& network_table_group_ids_orig = transport_table->compiler->network_table.filter_id_group_ids[network_table_filter_id];
 		const auto& network_flags_group_ids = transport_table->compiler->network_flags.filter_id_group_ids[network_flags_filter_id];
 
@@ -492,6 +488,7 @@ void transport_table::thread_t::populate()
 			filter_id_group_ids[filter_id].emplace_back(i);
 			group_id_filter_ids[i].emplace(filter_id);
 			transport_table_filter_id_group_ids[filter_id].emplace_back(i);
+			all_groups.insert(i);
 		}
 	}
 }
diff --git a/controlplane/acl_transport_table.h b/controlplane/acl_transport_table.h
index 789b3197..1064ec88 100644
--- a/controlplane/acl_transport_table.h
+++ b/controlplane/acl_transport_table.h
@@ -2,11 +2,9 @@
 
 #include <thread>
 
-#include "acl/bitset.h"
 #include "acl_base.h"
 #include "acl_table.h"
 
-#include "common/acl.h"
 #include "common/idp.h"
 
 namespace acl::compiler
@@ -68,6 +66,9 @@ class thread_t
 	std::vector<std::vector<tAclGroupId>> filter_id_group_ids;
 	std::map<tAclGroupId, std::set<unsigned int>> group_id_filter_ids;
 	std::vector<std::vector<tAclGroupId>> transport_table_filter_id_group_ids;
+	// FIXME: I have a strong feeling that a containter with all groups should be already presented somewhere.
+	// Even if it does not, maybe all I need is a vector, since we don't have to order groups.
+	std::set<tAclGroupId> all_groups;
 
 	common::idp::updateGlobalBase::acl_transport_table::request acl_transport_table;
 
diff --git a/controlplane/acl_tree.h b/controlplane/acl_tree.h
index 8cb9a526..90c78b78 100644
--- a/controlplane/acl_tree.h
+++ b/controlplane/acl_tree.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include <cinttypes>
-
 #include "common/acl.h"
 
 namespace acl::compiler
@@ -167,7 +165,7 @@ class tree_t
 	{
 		for (const auto& [gap_size, address, mask] : prefixes)
 		{
-			(void)gap_size;
+			YANET_GCC_BUG_UNUSED(gap_size);
 
 			if (is_mask_gapped(mask))
 			{
@@ -178,7 +176,7 @@ class tree_t
 
 		for (const auto& [gap_size, address, mask] : prefixes)
 		{
-			(void)gap_size;
+			YANET_GCC_BUG_UNUSED(gap_size);
 
 			if (!is_mask_gapped(mask))
 			{
@@ -272,7 +270,7 @@ class tree_t
 		{
 			const auto& [warp_address, warp_mask] = map_key;
 			const auto& [shift, warp_chunk_id] = map_value;
-			(void)shift;
+			YANET_GCC_BUG_UNUSED(shift);
 
 			std::set<unsigned int> last_multirefs_chunk_ids;
 			get_last_gapped_chunks_step(warp_address, warp_mask, last_multirefs_chunk_ids, root_chunk_id);
@@ -514,7 +512,7 @@ class tree_t
 			{
 				const auto& [prev_address, prev_mask] = key;
 				const auto& [prev_shift, prev_warp_chunk_id] = value;
-				(void)prev_warp_chunk_id;
+				YANET_GCC_BUG_UNUSED(prev_warp_chunk_id);
 
 				type_t shared_shadow_mask = warp_shadow_mask & (prev_mask & (prev_mask + 1));
 
@@ -571,8 +569,8 @@ class tree_t
 			const auto& [warp_address, warp_mask] = map_key;
 			const auto& [shift, warp_chunk_id] = map_value;
 
-			(void)shift;
-			(void)warp_chunk_id;
+			YANET_GCC_BUG_UNUSED(shift);
+			YANET_GCC_BUG_UNUSED(warp_chunk_id);
 
 			type_t warp_shadow_mask = warp_mask & (warp_mask + 1);
 
diff --git a/controlplane/acl_value.cpp b/controlplane/acl_value.cpp
index 0593abb0..35e1fe43 100644
--- a/controlplane/acl_value.cpp
+++ b/controlplane/acl_value.cpp
@@ -1,5 +1,6 @@
 #include "acl_value.h"
-#include "acl_compiler.h"
+
+#include "common/actions.h"
 
 using namespace acl::compiler;
 
@@ -10,74 +11,70 @@ value_t::value_t()
 
 void value_t::clear()
 {
-	vector.clear();
-	filters.clear();
-	filter_ids.clear();
+	intermediate_vector.clear();
+	rule_actions.clear();
 
 	{
 		/// @todo: find default_flow
+
 		common::globalBase::flow_t default_flow;
 		default_flow.type = common::globalBase::eFlowType::drop;
-		collect({default_flow});
+		collect_initial_rule(std::move(default_flow));
 	}
 }
 
-unsigned int value_t::collect(const filter& filter)
+unsigned int value_t::collect(unsigned int rule_action_id)
+{
+	intermediate_vector.emplace_back(rule_actions[rule_action_id]);
+	return intermediate_vector.size() - 1;
+}
+
+void value_t::append_to_last(unsigned int rule_action_id)
+{
+	intermediate_vector.back().add(rule_actions[rule_action_id]);
+}
+
+void value_t::ensure_termination(IntermediateActions& actions)
 {
-	auto it = filter_ids.find(filter);
-	if (it == filter_ids.end())
+	auto& last_action = actions.path.back();
+
+	if (!std::holds_alternative<common::FlowAction>(last_action.raw_action))
 	{
-		filters.emplace_back(filter);
-		it = filter_ids.emplace_hint(it, filter, filter_ids.size());
+		// Adding default "drop" rule to the end
+		actions.add(rule_actions[0]);
 	}
+}
+
+void value_t::move_timeout_from_state_timeout_to_flow(IntermediateActions& actions)
+{
+	if (const auto* state_timeout_action = actions.get<common::StateTimeoutAction>())
+	{
+		// Flow action should exist at this point
+		auto* flow_action = actions.get<common::FlowAction>();
+		flow_action->timeout = state_timeout_action->timeout;
 
-	return it->second;
+		actions.remove<common::StateTimeoutAction>();
+	}
 }
 
-// This collect function is only used in acl_total_table compiler to squash
-// non-terminating and terminating rules into one unique group_id.
-unsigned int value_t::collect(const tAclGroupId prev_id, const tAclGroupId id)
+void value_t::finalize_actions(IntermediateActions&& actions)
 {
-	unsigned int ret;
-	auto prev_filter = filters[prev_id];
-	if (std::holds_alternative<common::globalBase::flow_t>(prev_filter.back()))
+	if (actions.indices.get<common::CheckStateAction>().has_value())
 	{
-		ret = prev_id;
+		vector.emplace_back(common::BaseActions<common::ActionsPath::WithCheckState>(std::move(actions)));
 	}
 	else
 	{
-		const auto& filter = filters[id];
-		prev_filter.emplace_back(filter.back());
-		ret = collect(prev_filter);
+		vector.emplace_back(common::BaseActions<common::ActionsPath::Default>(std::move(actions)));
 	}
-
-	return ret;
 }
 
 void value_t::compile()
 {
-	for (const auto& filter : filters)
+	for (auto& actions : intermediate_vector)
 	{
-		int dumps_counter = 0;
-		common::acl::value_t value;
-		for (const auto& it : filter)
-		{
-			if (auto action = std::get_if<common::acl::action_t>(&it))
-			{
-				if (dumps_counter >= YANET_CONFIG_DUMP_ID_SIZE ||
-				    action->dump_id >= YANET_CONFIG_DUMP_ID_TO_TAG_SIZE)
-				{
-					continue;
-				}
-				value.dump_ids[dumps_counter] = action->dump_id;
-				dumps_counter++;
-			}
-			else
-			{
-				value.flow = std::get<common::globalBase::tFlow>(it);
-			}
-		}
-
-		vector.emplace_back(std::move(value));
+		ensure_termination(actions);
+		move_timeout_from_state_timeout_to_flow(actions);
+		finalize_actions(std::move(actions));
 	}
 }
diff --git a/controlplane/acl_value.h b/controlplane/acl_value.h
index 10350d9a..55db4236 100644
--- a/controlplane/acl_value.h
+++ b/controlplane/acl_value.h
@@ -1,31 +1,82 @@
 #pragma once
 
-#include "acl_base.h"
-
-#include "common/acl.h"
-#include "common/type.h"
+#include "common/actions.h"
 
 namespace acl::compiler
 {
 
 class value_t
 {
-public:
-	value_t();
+	using IntermediateActions = common::acl::IntermediateActions;
+
+	/**
+	 * Ensures that the last action in each path is terminating. If not, a default "drop" rule is added.
+	 */
+	void ensure_termination(IntermediateActions& actions);
+
+	/**
+	 * Removes the StateTimeoutAction to reduce dataplane load
+	 * by moving the timeout value directly into the FlowAction.
+	 */
+	void move_timeout_from_state_timeout_to_flow(IntermediateActions& actions);
+
+	/**
+	 * Finalizes the intermediate actions into a vector of BaseActions objects.
+	 */
+	void finalize_actions(IntermediateActions&& actions);
 
 public:
-	using filter = std::vector<std::variant<common::globalBase::flow_t, common::acl::action_t>>;
+	value_t();
 
 	void clear();
-	unsigned int collect(const filter& filter);
-	unsigned int collect(const tAclGroupId prev_id, const tAclGroupId id);
+
+	/**
+	 * Collects an initial rule and stores it for later use.
+	 *
+	 * @return The index of the collected rule in the rule_actions vector.
+	 */
+	template<typename T>
+	unsigned int collect_initial_rule(T&& rule)
+	{
+		static_assert(!std::is_same_v<std::decay_t<T>, int64_t>,
+		              "int64_t should not be a type of action in unwinded rule");
+
+		rule_actions.emplace_back(std::forward<T>(rule));
+		return rule_actions.size() - 1;
+	}
+
+	/**
+	 * Collects an action from the rule_actions vector and stores it in the intermediate vector.
+	 *
+	 * @param rule_actions_id The index of the rule in the rule_actions vector.
+	 * @return The index of the collected action in the intermediate_vector.
+	 */
+	unsigned int collect(unsigned int rule_actions_id);
+
+	/**
+	 * Compiles the collected actions into a final set of executable actions.
+	 *
+	 * The compile process involves:
+	 * 1. Ensuring that the last action in the path is terminating.
+	 *    If not, a default "drop" rule is added.
+	 * 2. Removing StateTimeout action and moving it's timeout value to FlowAction
+	 * 3. Finalizing the actions into a vector of BaseActions objects
+	 */
 	void compile();
 
-public:
-	std::vector<common::acl::value_t> vector;
+	// FIXME: I don't like this name.. Why was it called like that previously?
+	std::vector<IntermediateActions> intermediate_vector;
 
-	std::vector<filter> filters;
-	std::map<filter, unsigned int> filter_ids;
-};
+	// FIXME: I don't like this name.. Why was it called like that previously?
+	std::vector<common::Actions> vector;
+
+	// FIXME:
+	// The initial objects are created using collect_inintial_rule and stored here.
+	// Then we create copies in intermediate_vector.
+	// I've tried to use shared pointers and/or real pointers, but then a bunch
+	// of issues arise when serializing a `vector` with stream.push/pop
+	std::vector<common::Action> rule_actions;
 
+	void append_to_last(unsigned int rule_action_id);
+};
 }
diff --git a/controlplane/balancer.cpp b/controlplane/balancer.cpp
index 0d8ebd8d..4774ef76 100644
--- a/controlplane/balancer.cpp
+++ b/controlplane/balancer.cpp
@@ -159,14 +159,14 @@ void balancer_t::Real(
 	request.reserve(req->reals().size());
 	for (const auto& real : req->reals())
 	{
-		request.push_back({real.module(),
-		                   convert_to_ip_address(real.virtual_ip()),
-		                   real.proto() == common::icp_proto::NetProto::tcp ? IPPROTO_TCP : IPPROTO_UDP,
-		                   real.virtual_port_opt_case() == common::icp_proto::BalancerRealRequest_Real::VirtualPortOptCase::kVirtualPort ? std::make_optional(real.virtual_port()) : std::nullopt,
-		                   convert_to_ip_address(real.real_ip()),
-		                   real.real_port_opt_case() == common::icp_proto::BalancerRealRequest_Real::RealPortOptCase::kRealPort ? std::make_optional(real.real_port()) : std::nullopt,
-		                   real.enable(),
-		                   real.weight_opt_case() == common::icp_proto::BalancerRealRequest_Real::WeightOptCase::kWeight ? std::make_optional(real.weight()) : std::nullopt});
+		request.emplace_back(real.module(),
+		                     convert_to_ip_address(real.virtual_ip()),
+		                     real.proto() == common::icp_proto::NetProto::tcp ? IPPROTO_TCP : IPPROTO_UDP,
+		                     real.virtual_port_opt_case() == common::icp_proto::BalancerRealRequest_Real::VirtualPortOptCase::kVirtualPort ? std::make_optional(real.virtual_port()) : std::nullopt,
+		                     convert_to_ip_address(real.real_ip()),
+		                     real.real_port_opt_case() == common::icp_proto::BalancerRealRequest_Real::RealPortOptCase::kRealPort ? std::make_optional(real.real_port()) : std::nullopt,
+		                     real.enable(),
+		                     real.weight_opt_case() == common::icp_proto::BalancerRealRequest_Real::WeightOptCase::kWeight ? std::make_optional(real.weight()) : std::nullopt);
 	}
 
 	balancer_real(request);
@@ -212,7 +212,7 @@ void balancer_t::controlplane_values(common::icp::controlplane_values::response&
 		controlplane_values.emplace_back("balancer.reals_unordered.size", std::to_string(reals_unordered.size()));
 		controlplane_values.emplace_back("balancer.reals_unordered_ids_unused.size", std::to_string(reals_unordered_ids_unused.size()));
 	}
-	controlplane_values.emplace_back("balancer.real_counters.size", std::to_string(real_counters.get_counters().size()));
+	controlplane_values.emplace_back("balancer.real_counters.size", std::to_string(real_counters.size()));
 }
 
 void balancer_t::reload_before()
@@ -241,21 +241,21 @@ void balancer_t::reload(const controlplane::base_t& base_prev,
 		                  ipv6_outer_source_network,
 		                  reals] : balancer.services)
 		{
-			(void)service_id;
-			(void)version;
-			(void)scheduler;
-			(void)scheduler_params;
-			(void)reals;
-			(void)flags;
-			(void)forwarding_method;
-			(void)ipv4_outer_source_network;
-			(void)ipv6_outer_source_network;
+			YANET_GCC_BUG_UNUSED(service_id);
+			YANET_GCC_BUG_UNUSED(version);
+			YANET_GCC_BUG_UNUSED(scheduler);
+			YANET_GCC_BUG_UNUSED(scheduler_params);
+			YANET_GCC_BUG_UNUSED(reals);
+			YANET_GCC_BUG_UNUSED(flags);
+			YANET_GCC_BUG_UNUSED(forwarding_method);
+			YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+			YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 			service_counters.remove({module_name, {virtual_ip, proto, virtual_port}});
 
 			for (const auto& [real_ip, real_port, real_weight] : reals)
 			{
-				(void)real_weight;
+				YANET_GCC_BUG_UNUSED(real_weight);
 
 				const std::tuple<std::string,
 				                 balancer::service_key_t,
@@ -286,14 +286,14 @@ void balancer_t::reload(const controlplane::base_t& base_prev,
 		                  ipv6_outer_source_network,
 		                  reals] : balancer.services)
 		{
-			(void)service_id;
-			(void)version;
-			(void)scheduler;
-			(void)scheduler_params;
-			(void)flags;
-			(void)forwarding_method;
-			(void)ipv4_outer_source_network;
-			(void)ipv6_outer_source_network;
+			YANET_GCC_BUG_UNUSED(service_id);
+			YANET_GCC_BUG_UNUSED(version);
+			YANET_GCC_BUG_UNUSED(scheduler);
+			YANET_GCC_BUG_UNUSED(scheduler_params);
+			YANET_GCC_BUG_UNUSED(flags);
+			YANET_GCC_BUG_UNUSED(forwarding_method);
+			YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+			YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 			service_counters.insert({module_name, {virtual_ip, proto, virtual_port}});
 
@@ -301,7 +301,7 @@ void balancer_t::reload(const controlplane::base_t& base_prev,
 
 			for (const auto& [real_ip, real_port, real_weight] : reals)
 			{
-				(void)real_weight;
+				YANET_GCC_BUG_UNUSED(real_weight);
 
 				const std::tuple<std::string,
 				                 balancer::service_key_t,
@@ -405,10 +405,10 @@ common::icp::balancer_summary::response balancer_t::balancer_summary() const
 
 	for (auto& [response_module_name, response_services, response_reals_enabled, response_reals, response_connections, response_next_module] : response)
 	{
-		(void)response_services;
-		(void)response_reals_enabled;
-		(void)response_reals;
-		(void)response_next_module;
+		YANET_GCC_BUG_UNUSED(response_services);
+		YANET_GCC_BUG_UNUSED(response_reals_enabled);
+		YANET_GCC_BUG_UNUSED(response_reals);
+		YANET_GCC_BUG_UNUSED(response_next_module);
 
 		auto it = name_id.find(response_module_name);
 		if (it == name_id.end())
@@ -421,15 +421,15 @@ common::icp::balancer_summary::response balancer_t::balancer_summary() const
 		response_connections = 0;
 		for (const auto& [socket_id, service_connections] : balancer_service_connections)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 
 			uint32_t socket_connections = 0;
 			for (const auto& [key, value] : service_connections)
 			{
 				const auto& [balancer_id, virtual_ip, proto, virtual_port] = key;
-				(void)virtual_ip;
-				(void)proto;
-				(void)virtual_port;
+				YANET_GCC_BUG_UNUSED(virtual_ip);
+				YANET_GCC_BUG_UNUSED(proto);
+				YANET_GCC_BUG_UNUSED(virtual_port);
 
 				if (response_module_id == balancer_id)
 				{
@@ -462,7 +462,7 @@ common::icp::balancer_service::response balancer_t::balancer_service(const commo
 	for (auto& [module, balancer] : services)
 	{
 		const auto& [module_id, module_name] = module;
-		(void)module_id;
+		YANET_GCC_BUG_UNUSED(module_id);
 
 		if (filter_module &&
 		    module_name != *filter_module)
@@ -495,9 +495,9 @@ common::icp::balancer_service::response balancer_t::balancer_service(const commo
 			response[module][service_key].swap(service);
 
 			auto& [scheduler, version, connections, packets, bytes] = response[module][service_key];
-			(void)scheduler;
-			(void)version;
-			(void)connections; ///< @todo: DELETE
+			YANET_GCC_BUG_UNUSED(scheduler);
+			YANET_GCC_BUG_UNUSED(version);
+			YANET_GCC_BUG_UNUSED(connections); ///< @todo: DELETE
 
 			auto it = counters.find({module_name,
 			                         {virtual_ip, proto, virtual_port}});
@@ -527,7 +527,7 @@ common::icp::balancer_real_find::response balancer_t::balancer_real_find(const c
 	for (auto& [module, balancer] : reals)
 	{
 		const auto& [module_id, module_name] = module;
-		(void)module_id;
+		YANET_GCC_BUG_UNUSED(module_id);
 
 		if (filter_module &&
 		    module_name != *filter_module)
@@ -560,15 +560,15 @@ common::icp::balancer_real_find::response balancer_t::balancer_real_find(const c
 			response[module][service_key].swap(service);
 
 			auto& [scheduler, version, response_reals] = response[module][service_key];
-			(void)scheduler;
-			(void)version;
+			YANET_GCC_BUG_UNUSED(scheduler);
+			YANET_GCC_BUG_UNUSED(version);
 
 			std::vector<common::icp::balancer_real_find::real> filtered_reals;
 			for (auto& [real_ip, real_port, enabled, weight, connections, packets, bytes] : response_reals)
 			{
-				(void)connections; ///< @todo: DELETE
-				(void)packets;
-				(void)bytes;
+				YANET_GCC_BUG_UNUSED(connections); ///< @todo: DELETE
+				YANET_GCC_BUG_UNUSED(packets);
+				YANET_GCC_BUG_UNUSED(bytes);
 
 				if (filter_real_ip &&
 				    real_ip != *filter_real_ip)
@@ -668,11 +668,11 @@ void balancer_t::update_service(const balancer::generation_config_t& generation_
 		                  ipv6_outer_source_network,
 		                  reals] : balancer.services)
 		{
-			(void)flags;
-			(void)scheduler_params;
-			(void)forwarding_method;
-			(void)ipv4_outer_source_network;
-			(void)ipv6_outer_source_network;
+			YANET_GCC_BUG_UNUSED(flags);
+			YANET_GCC_BUG_UNUSED(scheduler_params);
+			YANET_GCC_BUG_UNUSED(forwarding_method);
+			YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+			YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 			if (service_id >= YANET_CONFIG_BALANCER_SERVICES_SIZE)
 			{
@@ -684,9 +684,9 @@ void balancer_t::update_service(const balancer::generation_config_t& generation_
 			auto& [service_scheduler, service_version, service_connections, service_packets, service_bytes] = generation_services.services[{balancer.balancer_id, module_name}][{virtual_ip, proto, virtual_port}];
 			service_scheduler = to_string(scheduler); ///< @todo: OPT
 			service_version = version;
-			(void)service_connections; ///< @todo: DELETE
-			(void)service_packets; ///< filled in request
-			(void)service_bytes; ///< filled in request
+			YANET_GCC_BUG_UNUSED(service_connections); ///< @todo: DELETE
+			YANET_GCC_BUG_UNUSED(service_packets); ///< filled in request
+			YANET_GCC_BUG_UNUSED(service_bytes); ///< filled in request
 
 			auto& [reals_service_scheduler, reals_version, service_reals] = generation_services.reals[{balancer.balancer_id, module_name}][{virtual_ip, proto, virtual_port}];
 			reals_service_scheduler = service_scheduler;
@@ -764,8 +764,8 @@ void balancer_t::compile(common::idp::updateGlobalBase::request& globalbase,
 		                  ipv6_outer_source_network,
 		                  reals] : balancer.services)
 		{
-			(void)scheduler_params;
-			(void)version;
+			YANET_GCC_BUG_UNUSED(scheduler_params);
+			YANET_GCC_BUG_UNUSED(version);
 
 			if (service_id >= YANET_CONFIG_BALANCER_SERVICES_SIZE)
 			{
@@ -776,11 +776,11 @@ void balancer_t::compile(common::idp::updateGlobalBase::request& globalbase,
 
 			for (const auto& [real_ip, real_port, weight] : reals)
 			{
-				(void)weight;
+				YANET_GCC_BUG_UNUSED(weight);
 
 				balancer::real_key_global_t key = {module_name, {virtual_ip, proto, virtual_port}, {real_ip, real_port}};
 
-				const auto counter_ids = real_counters.get_ids(key);
+				const auto counter_id = real_counters.get_id(key);
 
 				uint32_t real_unordered_id = 0;
 				{
@@ -797,26 +797,22 @@ void balancer_t::compile(common::idp::updateGlobalBase::request& globalbase,
 					}
 				}
 
-				req_reals.emplace_back(common::idp::updateGlobalBase::update_balancer_services::real{
-				        real_unordered_id,
-				        real_ip,
-				        counter_ids[0]});
+				req_reals.emplace_back(real_unordered_id, real_ip, counter_id);
 				req_binding.emplace_back(real_unordered_id);
 			}
 
-			const auto counter_ids = service_counters.get_ids({module_name, {virtual_ip, proto, virtual_port}});
-			req_services.emplace_back(common::idp::updateGlobalBase::update_balancer_services::service{
+			const auto counter_id = service_counters.get_id({module_name, {virtual_ip, proto, virtual_port}});
+			req_services.emplace_back(
 			        service_id,
 			        flags,
-			        counter_ids[0],
+			        counter_id,
 			        scheduler,
 			        forwarding_method,
 			        balancer.default_wlc_power, // todo use scheduler_params.wlc_power when other services will be able to set it
 			        (uint32_t)real_start,
 			        (uint32_t)(req_reals.size() - real_start),
 			        ipv4_outer_source_network,
-			        ipv6_outer_source_network,
-			});
+			        ipv6_outer_source_network);
 		}
 	}
 
@@ -849,13 +845,13 @@ void balancer_t::flush_reals(common::idp::updateGlobalBaseBalancer::request& bal
 		                  ipv6_outer_source_network,
 		                  reals] : balancer.services)
 		{
-			(void)flags;
-			(void)scheduler;
-			(void)scheduler_params;
-			(void)version;
-			(void)forwarding_method;
-			(void)ipv4_outer_source_network;
-			(void)ipv6_outer_source_network;
+			YANET_GCC_BUG_UNUSED(flags);
+			YANET_GCC_BUG_UNUSED(scheduler);
+			YANET_GCC_BUG_UNUSED(scheduler_params);
+			YANET_GCC_BUG_UNUSED(version);
+			YANET_GCC_BUG_UNUSED(forwarding_method);
+			YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+			YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 			if (service_id >= YANET_CONFIG_BALANCER_SERVICES_SIZE)
 			{
diff --git a/controlplane/balancer.h b/controlplane/balancer.h
index 926f6ac2..3bcba0cf 100644
--- a/controlplane/balancer.h
+++ b/controlplane/balancer.h
@@ -10,7 +10,6 @@
 #include "common/generation.h"
 #include "common/icp.h"
 #include "common/idataplane.h"
-#include "common/refarray.h"
 #include "libprotobuf/controlplane.pb.h"
 
 namespace balancer
@@ -37,17 +36,11 @@ using real_counter_key_t = real_key_global_t;
 class generation_config_t
 {
 public:
-	generation_config_t() :
-	        services_count(0),
-	        reals_count(0)
-	{
-	}
+	generation_config_t() = default;
 
-	void update(const controlplane::base_t& base_prev,
+	void update([[maybe_unused]] const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
-
 		for (const auto& [name, balancer] : base_next.balancers)
 		{
 			name_id[name] = balancer.balancer_id;
@@ -61,20 +54,17 @@ class generation_config_t
 public:
 	std::map<std::string, balancer_id_t> name_id;
 	std::map<std::string, controlplane::balancer::config_t> config_balancers;
-	uint64_t services_count;
-	uint64_t reals_count;
+	uint64_t services_count{};
+	uint64_t reals_count{};
 };
 
 class generation_services_t
 {
 public:
-	generation_services_t() :
-	        reals_enabled_count(0)
-	{
-	}
+	generation_services_t() = default;
 
 public:
-	uint64_t reals_enabled_count;
+	uint64_t reals_enabled_count{};
 	common::icp::balancer_summary::response summary;
 	common::icp::balancer_service::response services;
 	common::icp::balancer_real_find::response reals;
diff --git a/controlplane/base.h b/controlplane/base.h
index 6b06b13d..7f96a5e4 100644
--- a/controlplane/base.h
+++ b/controlplane/base.h
@@ -1,11 +1,11 @@
 #pragma once
 
-#include <array>
 #include <map>
+#include <utility>
 #include <vector>
 
 #include "common/controlplaneconfig.h"
-#include "common/idp.h"
+#include "common/memory_manager.h"
 #include "common/nat46clat.h"
 #include "common/type.h"
 #include "libfwparser/fw_parser.h"
@@ -21,20 +21,16 @@ namespace base
 class logical_port_t
 {
 public:
-	logical_port_t() :
-	        vlanId(0),
-	        promiscuousMode(0)
-	{
-	}
+	logical_port_t() = default;
 
 public:
 	tLogicalPortId logicalPortId;
 
 	std::string physicalPort;
 	tPortId physicalPortId;
-	uint16_t vlanId;
+	uint16_t vlanId{};
 	mac_address_t macAddress;
-	uint8_t promiscuousMode;
+	uint8_t promiscuousMode{};
 	std::string nextModule;
 	common::globalBase::tFlow flow;
 };
@@ -42,13 +38,9 @@ class logical_port_t
 class decap_t
 {
 public:
-	decap_t() :
-	        dscpMarkType(common::eDscpMarkType::never),
-	        dscp(0)
-	{
-	}
+	decap_t() = default;
 
-	std::set<ipv6_prefix_t> prefixes() const
+	[[nodiscard]] std::set<ipv6_prefix_t> prefixes() const
 	{
 		std::set<ipv6_prefix_t> prefixes;
 		for (const auto& prefix : ipv6DestinationPrefixes)
@@ -62,8 +54,8 @@ class decap_t
 	tDecapId decapId;
 
 	std::set<ipv6_prefix_with_announces_t> ipv6DestinationPrefixes;
-	common::eDscpMarkType dscpMarkType;
-	uint8_t dscp;
+	common::eDscpMarkType dscpMarkType{common::eDscpMarkType::never};
+	uint8_t dscp{};
 	uint8_t ipv6_enabled;
 	std::string nextModule;
 	common::globalBase::tFlow flow;
@@ -72,19 +64,13 @@ class decap_t
 class nat64stateless_t
 {
 public:
-	nat64stateless_t() :
-	        dscpMarkType(common::eDscpMarkType::never),
-	        dscp(0),
-	        firewall(1),
-	        farm(0)
-	{
-	}
+	nat64stateless_t() = default;
 
 public:
 	tNat64statelessId nat64statelessId;
 
-	common::eDscpMarkType dscpMarkType;
-	uint8_t dscp;
+	common::eDscpMarkType dscpMarkType{common::eDscpMarkType::never};
+	uint8_t dscp{};
 
 	std::map<std::tuple<ipv6_address_t, ///< ipv6Address
 	                    ipv6_address_t, ///< ipv6DestinationAddress
@@ -94,7 +80,7 @@ class nat64stateless_t
 	                    tNat64statelessTranslationId>>
 	        translations;
 
-	uint8_t firewall;
+	uint8_t firewall{1};
 	std::optional<ipv6_prefix_t> nat64_wkp_prefix;
 	std::optional<ipv6_prefix_t> nat64_src_prefix;
 
@@ -105,7 +91,7 @@ class nat64stateless_t
 
 	std::optional<ipv6_address_t> defrag_farm_prefix;
 	std::optional<ipv6_address_t> defrag_source_prefix;
-	uint8_t farm;
+	uint8_t farm{};
 
 	/// @todo: ingressFlow;
 	/// @todo: egressFlow;
@@ -114,9 +100,7 @@ class nat64stateless_t
 class acl_rule_network_ipv4_t
 {
 public:
-	acl_rule_network_ipv4_t()
-	{
-	}
+	acl_rule_network_ipv4_t() = default;
 
 	acl_rule_network_ipv4_t(const std::set<ipv4_prefix_t>& sourcePrefixes,
 	                        const std::set<ipv4_prefix_t>& destinationPrefixes) :
@@ -133,9 +117,7 @@ class acl_rule_network_ipv4_t
 class acl_rule_network_ipv6_t
 {
 public:
-	acl_rule_network_ipv6_t()
-	{
-	}
+	acl_rule_network_ipv6_t() = default;
 
 	acl_rule_network_ipv6_t(const std::set<ipv6_prefix_t>& sourcePrefixes,
 	                        const std::set<ipv6_prefix_t>& destinationPrefixes) :
@@ -152,14 +134,12 @@ class acl_rule_network_ipv6_t
 class acl_rule_transport_tcp_t
 {
 public:
-	acl_rule_transport_tcp_t()
-	{
-	}
+	acl_rule_transport_tcp_t() = default;
 
-	acl_rule_transport_tcp_t(const ranges_t& sourcePorts,
-	                         const ranges_t& destinationPorts) :
-	        sourcePorts(sourcePorts),
-	        destinationPorts(destinationPorts)
+	acl_rule_transport_tcp_t(ranges_t sourcePorts,
+	                         ranges_t destinationPorts) :
+	        sourcePorts(std::move(sourcePorts)),
+	        destinationPorts(std::move(destinationPorts))
 	{
 	}
 
@@ -172,14 +152,12 @@ class acl_rule_transport_tcp_t
 class acl_rule_transport_udp_t
 {
 public:
-	acl_rule_transport_udp_t()
-	{
-	}
+	acl_rule_transport_udp_t() = default;
 
-	acl_rule_transport_udp_t(const ranges_t& sourcePorts,
-	                         const ranges_t& destinationPorts) :
-	        sourcePorts(sourcePorts),
-	        destinationPorts(destinationPorts)
+	acl_rule_transport_udp_t(ranges_t sourcePorts,
+	                         ranges_t destinationPorts) :
+	        sourcePorts(std::move(sourcePorts)),
+	        destinationPorts(std::move(destinationPorts))
 	{
 	}
 
@@ -198,27 +176,27 @@ class acl_rule_transport_icmpv4_t
 	{
 	}
 
-	acl_rule_transport_icmpv4_t(const ranges_t& types) :
-	        types(types),
+	acl_rule_transport_icmpv4_t(ranges_t types) :
+	        types(std::move(types)),
 	        codes(range_t{0x00, 0xFF}),
 	        identifiers(range_t{0x0000, 0xFFFF})
 	{
 	}
 
-	acl_rule_transport_icmpv4_t(const ranges_t& types,
-	                            const ranges_t& codes) :
-	        types(types),
-	        codes(codes),
+	acl_rule_transport_icmpv4_t(ranges_t types,
+	                            ranges_t codes) :
+	        types(std::move(types)),
+	        codes(std::move(codes)),
 	        identifiers(range_t{0x0000, 0xFFFF})
 	{
 	}
 
-	acl_rule_transport_icmpv4_t(const ranges_t& types,
-	                            const ranges_t& codes,
-	                            const ranges_t& identifiers) :
-	        types(types),
-	        codes(codes),
-	        identifiers(identifiers)
+	acl_rule_transport_icmpv4_t(ranges_t types,
+	                            ranges_t codes,
+	                            ranges_t identifiers) :
+	        types(std::move(types)),
+	        codes(std::move(codes)),
+	        identifiers(std::move(identifiers))
 	{
 	}
 
@@ -238,27 +216,27 @@ class acl_rule_transport_icmpv6_t
 	{
 	}
 
-	acl_rule_transport_icmpv6_t(const ranges_t& types) :
-	        types(types),
+	acl_rule_transport_icmpv6_t(ranges_t types) :
+	        types(std::move(types)),
 	        codes(range_t{0x00, 0xFF}),
 	        identifiers(range_t{0x0000, 0xFFFF})
 	{
 	}
 
-	acl_rule_transport_icmpv6_t(const ranges_t& types,
-	                            const ranges_t& codes) :
-	        types(types),
-	        codes(codes),
+	acl_rule_transport_icmpv6_t(ranges_t types,
+	                            ranges_t codes) :
+	        types(std::move(types)),
+	        codes(std::move(codes)),
 	        identifiers(range_t{0x0000, 0xFFFF})
 	{
 	}
 
-	acl_rule_transport_icmpv6_t(const ranges_t& types,
-	                            const ranges_t& codes,
-	                            const ranges_t& identifiers) :
-	        types(types),
-	        codes(codes),
-	        identifiers(identifiers)
+	acl_rule_transport_icmpv6_t(ranges_t types,
+	                            ranges_t codes,
+	                            ranges_t identifiers) :
+	        types(std::move(types)),
+	        codes(std::move(codes)),
+	        identifiers(std::move(identifiers))
 	{
 	}
 
@@ -271,12 +249,10 @@ class acl_rule_transport_icmpv6_t
 class acl_rule_transport_other_t
 {
 public:
-	acl_rule_transport_other_t()
-	{
-	}
+	acl_rule_transport_other_t() = default;
 
-	acl_rule_transport_other_t(const ranges_t& protocolTypes) :
-	        protocolTypes(protocolTypes)
+	acl_rule_transport_other_t(ranges_t protocolTypes) :
+	        protocolTypes(std::move(protocolTypes))
 	{
 	}
 
@@ -295,9 +271,7 @@ class acl_rule_t
 	};
 
 public:
-	acl_rule_t()
-	{
-	}
+	acl_rule_t() = default;
 
 	template<typename transport_T>
 	acl_rule_t(const std::variant<acl_rule_network_ipv4_t, acl_rule_network_ipv6_t>& network,
@@ -395,9 +369,7 @@ class acl_sync_config_t
 class acl_t
 {
 public:
-	acl_t()
-	{
-	}
+	acl_t() = default;
 
 public:
 	tAclId aclId;
@@ -430,26 +402,18 @@ class base_rib
 class base_t
 {
 public:
-	base_t() :
-	        interfacesCount(0),
-	        nat64statelessTranslationsCount(0),
-	        services_count(0),
-	        reals_count(0),
-	        tun64MappingsCount(0),
-	        storeSamples(false),
-	        serial(0),
-	        nat64stateful_pool_size(0)
+	base_t()
 	{
 		variables["balancer_real_timeout"] = 900;
 	}
 
 public:
 	std::map<std::string, std::string> moduleTypes;
-	tInterfaceId interfacesCount;
-	tNat64statelessTranslationId nat64statelessTranslationsCount;
-	balancer_service_id_t services_count;
-	balancer_real_id_t reals_count;
-	tun64_id_t tun64MappingsCount;
+	tInterfaceId interfacesCount{};
+	tNat64statelessTranslationId nat64statelessTranslationsCount{};
+	balancer_service_id_t services_count{};
+	balancer_real_id_t reals_count{};
+	tun64_id_t tun64MappingsCount{};
 	std::map<tInterfaceId, std::string> interfaceNames; ///< @todo: per route
 	std::map<tSocketId, std::set<tInterfaceId>> socket_interfaces; ///< @todo: per route
 
@@ -470,8 +434,8 @@ class base_t
 	acl::iface_map_t result_iface_map;
 	std::vector<std::string> dump_id_to_tag;
 	std::map<unsigned int, std::string> logicalport_id_to_name;
-	bool storeSamples;
-	uint32_t serial;
+	bool storeSamples{};
+	uint32_t serial{};
 
 	std::map<std::string, common::uint64> variables;
 	std::map<std::string, ///< vrf
@@ -479,7 +443,7 @@ class base_t
 	                  std::vector<std::string>>>
 	        vrf_fqdns;
 
-	uint32_t nat64stateful_pool_size;
+	uint32_t nat64stateful_pool_size{};
 
 	std::map<std::string, ///< vrf_name
 	         std::vector<base_rib>>
diff --git a/controlplane/bus.cpp b/controlplane/bus.cpp
index 0cd8d2ad..8584b4c5 100644
--- a/controlplane/bus.cpp
+++ b/controlplane/bus.cpp
@@ -103,7 +103,7 @@ void bus::clientThread(int clientSocket)
 
 	for (;;)
 	{
-		uint64_t messageSize;
+		uint64_t messageSize = 0;
 		if (auto err = common::recvAll(clientSocket, (char*)&messageSize, sizeof(messageSize)); err != 0)
 		{
 			/// @todo: log
diff --git a/controlplane/bus.h b/controlplane/bus.h
index e9c51494..3f4f7aed 100644
--- a/controlplane/bus.h
+++ b/controlplane/bus.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include "common/icp.h"
-
 #include "module.h"
 
 namespace controlplane::module
diff --git a/controlplane/configconverter.cpp b/controlplane/configconverter.cpp
index 4d32fe61..7062dcdb 100644
--- a/controlplane/configconverter.cpp
+++ b/controlplane/configconverter.cpp
@@ -7,9 +7,7 @@
 
 #include "acl.h"
 #include "configconverter.h"
-#include "controlplane.h"
 #include "errors.h"
-#include "isystem.h"
 
 eResult config_converter_t::process(uint32_t serial)
 {
@@ -339,7 +337,7 @@ void config_converter_t::processLogicalPorts()
 {
 	for (auto& [moduleName, logicalPort] : baseNext.logicalPorts)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (logicalPort.logicalPortId >= CONFIG_YADECAP_LOGICALPORTS_SIZE)
 		{
@@ -367,7 +365,7 @@ void config_converter_t::serializeLogicalPorts()
 {
 	for (auto& [moduleName, logicalPort] : baseNext.logicalPorts)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		globalbase.emplace_back(common::idp::updateGlobalBase::requestType::updateLogicalPort,
 		                        common::idp::updateGlobalBase::updateLogicalPort::request{logicalPort.logicalPortId,
@@ -383,7 +381,7 @@ void config_converter_t::processRoutes()
 {
 	for (auto& [module_name, route] : baseNext.routes)
 	{
-		(void)module_name;
+		YANET_GCC_BUG_UNUSED(module_name);
 
 		if (route.routeId >= CONFIG_YADECAP_ROUTES_SIZE)
 		{
@@ -392,7 +390,7 @@ void config_converter_t::processRoutes()
 
 		for (auto& [interface_name, interface] : route.interfaces)
 		{
-			(void)interface_name;
+			YANET_GCC_BUG_UNUSED(interface_name);
 
 			if (interface.interfaceId >= CONFIG_YADECAP_INTERFACES_SIZE)
 			{
@@ -427,7 +425,7 @@ void config_converter_t::serializeRoutes()
 {
 	for (auto& [moduleName, route] : baseNext.routes)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		std::optional<common::idp::updateGlobalBase::update_route::tunnel> tunnel;
 		if (route.tunnel_enabled)
@@ -449,7 +447,7 @@ void config_converter_t::processDecap()
 {
 	for (auto& [moduleName, decap] : baseNext.decaps)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (decap.decapId >= CONFIG_YADECAP_DECAPS_SIZE)
 		{
@@ -479,7 +477,7 @@ void config_converter_t::processNat64stateful()
 {
 	for (auto& [name, nat64stateful] : baseNext.nat64statefuls)
 	{
-		(void)name;
+		YANET_GCC_BUG_UNUSED(name);
 
 		if (nat64stateful.nat64stateful_id >= YANET_CONFIG_NAT64STATEFULS_SIZE)
 		{
@@ -504,7 +502,7 @@ void config_converter_t::processTun64()
 {
 	for (auto& [moduleName, tunnel] : baseNext.tunnels)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (tunnel.tun64Id >= CONFIG_YADECAP_TUN64_SIZE)
 		{
@@ -528,7 +526,7 @@ void config_converter_t::processNat64()
 {
 	for (auto& [moduleName, nat64stateless] : baseNext.nat64statelesses)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (nat64stateless.nat64statelessId >= CONFIG_YADECAP_NAT64STATELESSES_SIZE)
 		{
@@ -587,7 +585,7 @@ void config_converter_t::processNat46clat()
 {
 	for (auto& [module_name, nat46clat] : baseNext.nat46clats)
 	{
-		(void)module_name;
+		YANET_GCC_BUG_UNUSED(module_name);
 
 		if (nat46clat.nat46clat_id >= YANET_CONFIG_NAT46CLATS_SIZE)
 		{
@@ -614,7 +612,7 @@ void config_converter_t::processBalancer()
 
 	for (auto& [moduleName, balancer] : baseNext.balancers)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (balancer.balancer_id >= YANET_CONFIG_BALANCERS_SIZE)
 		{
@@ -650,17 +648,17 @@ void config_converter_t::processBalancer()
 		                  reals] : balancer.services)
 		{
 			/// @todo:
-			(void)vip;
-			(void)proto;
-			(void)vport;
-			(void)scheduler;
-			(void)scheduler_params;
-			(void)flags;
-			(void)reals;
-			(void)version;
-			(void)forwarding_method;
-			(void)ipv4_outer_source_network;
-			(void)ipv6_outer_source_network;
+			YANET_GCC_BUG_UNUSED(vip);
+			YANET_GCC_BUG_UNUSED(proto);
+			YANET_GCC_BUG_UNUSED(vport);
+			YANET_GCC_BUG_UNUSED(scheduler);
+			YANET_GCC_BUG_UNUSED(scheduler_params);
+			YANET_GCC_BUG_UNUSED(flags);
+			YANET_GCC_BUG_UNUSED(reals);
+			YANET_GCC_BUG_UNUSED(version);
+			YANET_GCC_BUG_UNUSED(forwarding_method);
+			YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+			YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 			if (service_id >= YANET_CONFIG_BALANCER_SERVICES_SIZE)
 			{
@@ -688,7 +686,7 @@ void config_converter_t::processDregress()
 {
 	for (auto& [moduleName, dregress] : baseNext.dregresses)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (dregress.dregressId >= CONFIG_YADECAP_DREGRESS_SIZE)
 		{
@@ -719,7 +717,7 @@ void config_converter_t::processAcl()
 {
 	for (auto& [moduleName, acl] : baseNext.acls)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (acl.synchronization)
 		{
@@ -872,7 +870,7 @@ void config_converter_t::acl_rules_route_local(controlplane::base::acl_t& acl,
 
 	for (const auto& [interfaceName, interface] : route.interfaces)
 	{
-		(void)interfaceName;
+		YANET_GCC_BUG_UNUSED(interfaceName);
 
 		for (const auto& ipAddress : interface.ip_prefixes)
 		{
@@ -892,10 +890,8 @@ void config_converter_t::acl_rules_route_local(controlplane::base::acl_t& acl,
 }
 
 void config_converter_t::acl_rules_route_forward(controlplane::base::acl_t& acl,
-                                                 const std::string& next_module) const
+                                                 [[maybe_unused]] const std::string& next_module) const
 {
-	(void)next_module;
-
 	common::globalBase::tFlow flow = convertToFlow(next_module);
 	acl.nextModuleRules.emplace_back(flow);
 }
@@ -1113,8 +1109,8 @@ void config_converter_t::acl_rules_nat64stateless_ingress(controlplane::base::ac
 		const auto& [ipv6Address, ipv6DestinationAddress, ingressPortRange] = key;
 		const auto& [ipv4Address, egressPortRange, translationId] = value;
 
-		(void)ipv4Address;
-		(void)egressPortRange;
+		YANET_GCC_BUG_UNUSED(ipv4Address);
+		YANET_GCC_BUG_UNUSED(egressPortRange);
 
 		flow.data.nat64stateless.translationId = translationId;
 		flow_icmp.data.nat64stateless.translationId = translationId;
@@ -1274,7 +1270,7 @@ void config_converter_t::acl_rules_nat64stateless_egress(controlplane::base::acl
 
 	for (const auto& [key, value] : nat64stateless.translations)
 	{
-		(void)key;
+		YANET_GCC_BUG_UNUSED(key);
 
 		const auto& [ipv4Address, egressPortRange, translationId] = value;
 
@@ -1609,13 +1605,13 @@ void config_converter_t::acl_rules_balancer(controlplane::base::acl_t& acl,
 	                  ipv6_outer_source_network,
 	                  reals] : balancer.services)
 	{
-		(void)scheduler;
-		(void)scheduler_params;
-		(void)version;
-		(void)flags;
-		(void)forwarding_method;
-		(void)ipv4_outer_source_network;
-		(void)ipv6_outer_source_network;
+		YANET_GCC_BUG_UNUSED(scheduler);
+		YANET_GCC_BUG_UNUSED(scheduler_params);
+		YANET_GCC_BUG_UNUSED(version);
+		YANET_GCC_BUG_UNUSED(flags);
+		YANET_GCC_BUG_UNUSED(forwarding_method);
+		YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+		YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 		if (reals.empty())
 		{
@@ -1703,15 +1699,15 @@ void config_converter_t::acl_rules_balancer_icmp_reply(controlplane::base::acl_t
 	                  ipv6_outer_source_network,
 	                  reals] : balancer.services)
 	{
-		(void)scheduler;
-		(void)scheduler_params;
-		(void)flags;
-		(void)proto;
-		(void)vport;
-		(void)version;
-		(void)forwarding_method;
-		(void)ipv4_outer_source_network;
-		(void)ipv6_outer_source_network;
+		YANET_GCC_BUG_UNUSED(scheduler);
+		YANET_GCC_BUG_UNUSED(scheduler_params);
+		YANET_GCC_BUG_UNUSED(flags);
+		YANET_GCC_BUG_UNUSED(proto);
+		YANET_GCC_BUG_UNUSED(vport);
+		YANET_GCC_BUG_UNUSED(version);
+		YANET_GCC_BUG_UNUSED(forwarding_method);
+		YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+		YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 		if (reals.empty())
 		{
@@ -1772,15 +1768,15 @@ void config_converter_t::acl_rules_balancer_icmp_forward(controlplane::base::acl
 	                  ipv6_outer_source_network,
 	                  reals] : balancer.services)
 	{
-		(void)scheduler;
-		(void)scheduler_params;
-		(void)flags;
-		(void)proto;
-		(void)vport;
-		(void)version;
-		(void)forwarding_method;
-		(void)ipv4_outer_source_network;
-		(void)ipv6_outer_source_network;
+		YANET_GCC_BUG_UNUSED(scheduler);
+		YANET_GCC_BUG_UNUSED(scheduler_params);
+		YANET_GCC_BUG_UNUSED(flags);
+		YANET_GCC_BUG_UNUSED(proto);
+		YANET_GCC_BUG_UNUSED(vport);
+		YANET_GCC_BUG_UNUSED(version);
+		YANET_GCC_BUG_UNUSED(forwarding_method);
+		YANET_GCC_BUG_UNUSED(ipv4_outer_source_network);
+		YANET_GCC_BUG_UNUSED(ipv6_outer_source_network);
 
 		if (reals.empty())
 		{
@@ -1812,8 +1808,8 @@ std::string config_converter_t::checkLimit(size_t count, const std::string& name
 	uint64_t limit = 0;
 	for (const auto& [limit_name, socket_id, current, maximum] : limits)
 	{
-		(void)socket_id;
-		(void)current;
+		YANET_GCC_BUG_UNUSED(socket_id);
+		YANET_GCC_BUG_UNUSED(current);
 
 		if (limit_name == name)
 		{
@@ -1859,10 +1855,10 @@ void config_converter_t::buildAcl()
 
 	for (auto& [route_name, route] : baseNext.routes)
 	{
-		(void)route_name;
+		YANET_GCC_BUG_UNUSED(route_name);
 		for (auto& [name, iface] : route.interfaces)
 		{
-			(void)name;
+			YANET_GCC_BUG_UNUSED(name);
 			auto it = result.out_iface_map.find(iface.nextModule);
 			if (it != result.out_iface_map.end())
 			{
@@ -1899,7 +1895,7 @@ void config_converter_t::buildAcl()
 	common::idp::updateGlobalBase::fwstate_synchronization_update::request fwstate_sync_request;
 	for (const auto& [moduleName, acl] : baseNext.acls)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		if (acl.synchronization)
 		{
@@ -1931,7 +1927,7 @@ void config_converter_t::buildAcl()
 	common::idp::updateGlobalBase::update_early_decap_flags::request early_decap_flags_request = false;
 	for (const auto& [moduleName, acl] : baseNext.acls)
 	{
-		(void)moduleName;
+		YANET_GCC_BUG_UNUSED(moduleName);
 
 		// if at least one acl module has early_decap config section, early_decap feature is globally switched on
 		if ((!acl.src4_early_decap.empty() && !acl.dst4_early_decap.empty()) || (!acl.src6_early_decap.empty() && !acl.dst6_early_decap.empty()))
diff --git a/controlplane/configconverter.h b/controlplane/configconverter.h
index 12c2da88..7b5751d9 100644
--- a/controlplane/configconverter.h
+++ b/controlplane/configconverter.h
@@ -1,22 +1,26 @@
 #pragma once
 
+#include <utility>
+
 #include "base.h"
+#include "common/idp.h"
+#include "common/result.h"
 
 class config_converter_t
 {
 public:
 	config_converter_t(cControlPlane* controlplane,
-	                   const controlplane::base_t& baseNext,
-	                   const common::idp::limits::response& limits) :
+	                   controlplane::base_t baseNext,
+	                   common::idp::limits::response limits) :
 	        controlplane(controlplane),
-	        baseNext(baseNext),
-	        limits(limits)
+	        baseNext(std::move(baseNext)),
+	        limits(std::move(limits))
 	{
 	}
 
 	[[nodiscard]] eResult process(uint32_t serial);
 
-	const controlplane::base_t& getBaseNext() const
+	[[nodiscard]] const controlplane::base_t& getBaseNext() const
 	{
 		return baseNext;
 	}
@@ -45,8 +49,8 @@ class config_converter_t
 	std::string checkLimit(size_t count, const std::string& limit, size_t multiplier(size_t));
 
 	void convertToFlow(const std::string& nextModule, common::globalBase::tFlow& flow) const;
-	common::globalBase::tFlow convertToFlow(std::string nextModule) const;
-	common::globalBase::tFlow convertToFlow(std::string nextModule, const std::string& entryName) const;
+	[[nodiscard]] common::globalBase::tFlow convertToFlow(std::string nextModule) const;
+	[[nodiscard]] common::globalBase::tFlow convertToFlow(std::string nextModule, const std::string& entryName) const;
 
 	void acl_rules_route_local(controlplane::base::acl_t& acl, const std::string& next_module) const;
 	void acl_rules_route_forward(controlplane::base::acl_t& acl, const std::string& next_module) const;
diff --git a/controlplane/configparser.cpp b/controlplane/configparser.cpp
index a21d25ea..b0352697 100644
--- a/controlplane/configparser.cpp
+++ b/controlplane/configparser.cpp
@@ -156,33 +156,33 @@ controlplane::base_t config_parser_t::loadConfig(const std::string& rootFilePath
 	try
 	{
 		const auto& [dataplane_physicalports, dataplane_workers, dataplane_values] = dataPlaneConfig;
-		(void)dataplane_workers;
-		(void)dataplane_values;
+		YANET_GCC_BUG_UNUSED(dataplane_workers);
+		YANET_GCC_BUG_UNUSED(dataplane_values);
 
 		for (const auto& [core_id, worker] : dataplane_workers)
 		{
-			(void)core_id;
+			YANET_GCC_BUG_UNUSED(core_id);
 			const auto& [ports, socket_id] = worker;
-			(void)ports;
+			YANET_GCC_BUG_UNUSED(ports);
 			// add entry for sockets with workers, including slow worker
 			baseNext.socket_interfaces[socket_id] = {};
 		}
 		for (const auto& [route_name, route] : baseNext.routes)
 		{
-			(void)route_name;
+			YANET_GCC_BUG_UNUSED(route_name);
 
 			for (const auto& [interface_name, interface] : route.interfaces)
 			{
-				(void)interface_name;
+				YANET_GCC_BUG_UNUSED(interface_name);
 
 				if (exist(baseNext.logicalPorts, interface.nextModule))
 				{
 					const auto& logicalport = baseNext.logicalPorts[interface.nextModule];
 
 					const auto& [physicalport_name, socket_id, mac_address, pci] = dataplane_physicalports.find(logicalport.physicalPortId)->second;
-					(void)physicalport_name;
-					(void)mac_address;
-					(void)pci;
+					YANET_GCC_BUG_UNUSED(physicalport_name);
+					YANET_GCC_BUG_UNUSED(mac_address);
+					YANET_GCC_BUG_UNUSED(pci);
 
 					baseNext.socket_interfaces[socket_id].emplace(interface.interfaceId);
 				}
@@ -534,12 +534,9 @@ void config_parser_t::loadConfig_decap(controlplane::base_t& baseNext,
 void config_parser_t::loadConfig_nat64stateful(controlplane::base_t& baseNext,
                                                const std::string& moduleId,
                                                const nlohmann::json& moduleJson,
-                                               const std::string& rootFilePath,
-                                               const std::map<std::string, nlohmann::json>& jsons)
+                                               [[maybe_unused]] const std::string& rootFilePath,
+                                               [[maybe_unused]] const std::map<std::string, nlohmann::json>& jsons)
 {
-	(void)rootFilePath;
-	(void)jsons;
-
 	auto& nat64stateful = baseNext.nat64statefuls[moduleId];
 	nat64stateful_id_t nat64stateful_id = baseNext.nat64statefuls.size();
 
@@ -667,7 +664,7 @@ void config_parser_t::loadConfig_tun64(controlplane::base_t& baseNext,
 	}
 	else
 	{
-		tunnel.prefixes.emplace(common::ip_prefix_t(tunnel.ipv6SourceAddress, 128));
+		tunnel.prefixes.emplace(tunnel.ipv6SourceAddress, 128);
 	}
 
 	if (exist(moduleJson, "mappings"))
@@ -1046,12 +1043,9 @@ void config_parser_t::loadConfig_nat64stateless_translations(controlplane::base_
 void config_parser_t::loadConfig_nat46clat(controlplane::base_t& baseNext,
                                            const std::string& moduleId,
                                            const nlohmann::json& moduleJson,
-                                           const std::string& rootFilePath,
-                                           const std::map<std::string, nlohmann::json>& jsons)
+                                           [[maybe_unused]] const std::string& rootFilePath,
+                                           [[maybe_unused]] const std::map<std::string, nlohmann::json>& jsons)
 {
-	(void)rootFilePath;
-	(void)jsons;
-
 	auto& nat46clat = baseNext.nat46clats[moduleId];
 	nat46clat_id_t nat46clat_id = baseNext.nat46clats.size();
 
@@ -1169,7 +1163,7 @@ void config_parser_t::loadConfig_acl(controlplane::base_t& baseNext,
 
 	if (exist(moduleJson, "macros"))
 	{
-		std::string includePath = moduleJson["macros"].get<std::string>();
+		auto includePath = moduleJson["macros"].get<std::string>();
 		if (includePath.find("/") != 0) ///< relative path
 		{
 			includePath = dirname(rootFilePath) + "/" + includePath;
@@ -1182,7 +1176,7 @@ void config_parser_t::loadConfig_acl(controlplane::base_t& baseNext,
 
 	if (exist(moduleJson, "dnscache"))
 	{
-		std::string includePath = moduleJson["dnscache"].get<std::string>();
+		auto includePath = moduleJson["dnscache"].get<std::string>();
 		if (includePath.find("/") != 0) ///< relative path
 		{
 			includePath = dirname(rootFilePath) + "/" + includePath;
@@ -1246,7 +1240,7 @@ void config_parser_t::loadConfig_acl(controlplane::base_t& baseNext,
 
 			for (const auto& ipJson : srcPrefixes)
 			{
-				std::string prefix_str = ipJson.get<std::string>();
+				auto prefix_str = ipJson.get<std::string>();
 				ip_prefix_t prefix(prefix_str);
 
 				if (prefix.is_ipv4())
@@ -1264,7 +1258,7 @@ void config_parser_t::loadConfig_acl(controlplane::base_t& baseNext,
 		{
 			for (const auto& ipJson : earlyDecapJson["dstAddresses"])
 			{
-				std::string addr_str = ipJson.get<std::string>();
+				auto addr_str = ipJson.get<std::string>();
 				ip_prefix_t addr(addr_str);
 
 				if (addr.is_ipv4())
@@ -1688,7 +1682,7 @@ void config_parser_t::loadConfig_balancer_services(controlplane::base_t& baseNex
 
 		std::string scheduler_string = service_json["scheduler"];
 
-		balancer::scheduler scheduler;
+		balancer::scheduler scheduler{};
 		balancer::scheduler_params scheduler_params{};
 		if (scheduler_string == "rr")
 		{
@@ -1711,7 +1705,7 @@ void config_parser_t::loadConfig_balancer_services(controlplane::base_t& baseNex
 			throw error_result_t(eResult::invalidConfigurationFile, "unknown scheduler: " + scheduler_string);
 		}
 
-		balancer::forwarding_method forwarding_method;
+		balancer::forwarding_method forwarding_method{};
 
 		if (!exist(service_json, "lvs_method"))
 		{
@@ -1952,7 +1946,7 @@ void config_parser_t::loadConfig_memory_group(common::memory_manager::memory_gro
 	{
 		auto memory_group_next = std::make_shared<common::memory_manager::memory_group>();
 
-		std::string name = json_iter["name"].get<std::string>();
+		auto name = json_iter["name"].get<std::string>();
 		std::string limit = "0";
 		if (exist(json_iter, "limit"))
 		{
diff --git a/controlplane/configparser.h b/controlplane/configparser.h
index 65284ff9..df6ee28e 100644
--- a/controlplane/configparser.h
+++ b/controlplane/configparser.h
@@ -5,18 +5,19 @@
 #include "common/controlplaneconfig.h"
 
 #include "base.h"
+#include "common/idp.h"
 
 class config_parser_t
 {
 public:
 	config_parser_t(common::idp::getConfig::response dataPlaneConfig) :
-	        dataPlaneConfig(dataPlaneConfig)
+	        dataPlaneConfig(std::move(dataPlaneConfig))
 	{}
 
 	controlplane::base_t loadConfig(const std::string& rootFilePath, const nlohmann::json& rootJson, const std::map<std::string, nlohmann::json>& jsons = {});
 
 protected:
-	tPortId getPhysicalPortId(const std::string& name) const;
+	[[nodiscard]] tPortId getPhysicalPortId(const std::string& name) const;
 	void loadConfig_logicalPort(controlplane::base_t& baseNext, const std::string& moduleId, const nlohmann::json& moduleJson);
 	void loadConfig_route(controlplane::base_t& baseNext, const std::string& moduleId, const nlohmann::json& moduleJson, const std::string& rootFilePath, const std::map<std::string, nlohmann::json>& jsons);
 	void loadConfig_route_peers(controlplane::base_t& baseNext, controlplane::route::config_t& route, const nlohmann::json& json, const std::string& rootFilePath, const std::map<std::string, nlohmann::json>& jsons);
diff --git a/controlplane/controlplane.cpp b/controlplane/controlplane.cpp
index b461c089..16ff417f 100644
--- a/controlplane/controlplane.cpp
+++ b/controlplane/controlplane.cpp
@@ -21,10 +21,6 @@ cControlPlane::cControlPlane() :
 {
 }
 
-cControlPlane::~cControlPlane()
-{
-}
-
 eResult cControlPlane::init(const std::string& jsonFilePath)
 {
 	eResult result = eResult::success;
@@ -42,6 +38,13 @@ eResult cControlPlane::init(const std::string& jsonFilePath)
 		sockets.emplace(std::get<1>(iter.second)); ///< @todo
 	}
 
+	result = common::sdp::SdpClient::ReadSharedMemoryData(sdp_data, true);
+	if (result != eResult::success)
+	{
+		return result;
+	}
+	counter_manager.init(&sdp_data);
+
 	modules.emplace_back(new telegraf_t); ///< @todo
 	modules.emplace_back(new rib_t); ///< @todo
 	modules.emplace_back(new controlplane::module::bus); ///< @todo
@@ -149,6 +152,10 @@ eResult cControlPlane::init(const std::string& jsonFilePath)
 		return command_convert(std::get<common::icp::convert::request>(std::get<1>(request)));
 	});
 
+	register_command(common::icp::requestType::counters_stat, [this]() {
+		return command_counters_stat();
+	});
+
 	if (!jsonFilePath.empty())
 	{
 		std::ifstream fromFileStream(jsonFilePath);
@@ -260,6 +267,11 @@ eResult cControlPlane::getPhysicalPortName(const tPortId& portId,
 	return eResult::invalidPortId;
 }
 
+const common::sdp::DataPlaneInSharedMemory* cControlPlane::getSdpData() const
+{
+	return &sdp_data;
+}
+
 common::icp::getPhysicalPorts::response cControlPlane::getPhysicalPorts() const
 {
 	common::icp::getPhysicalPorts::response response;
@@ -411,7 +423,7 @@ common::icp::limit_summary::response cControlPlane::limit_summary() const
 
 common::icp::acl_unwind::response cControlPlane::acl_unwind(const common::icp::acl_unwind::request& request) const
 {
-	const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, keepstate] = request;
+	const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, recordstate] = request;
 
 	generations.current_lock();
 	std::map<std::string, controlplane::base::acl_t> acls = generations.current().acls;
@@ -430,7 +442,7 @@ common::icp::acl_unwind::response cControlPlane::acl_unwind(const common::icp::a
 		acls.swap(acls_next);
 	}
 
-	return acl::unwind(acls, iface_map, module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, keepstate);
+	return acl::unwind(acls, iface_map, module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, recordstate);
 }
 
 common::icp::acl_lookup::response cControlPlane::acl_lookup(const common::icp::acl_lookup::request& request) const
@@ -469,7 +481,7 @@ common::icp::acl_lookup::response cControlPlane::acl_lookup(const common::icp::a
 	std::map<uint32_t, std::string> labels;
 	for (const auto& [module, acl] : acls)
 	{
-		(void)module;
+		YANET_GCC_BUG_UNUSED(module);
 
 		for (const auto& [label, info] : acl.firewall->labels())
 		{
@@ -491,7 +503,7 @@ common::icp::acl_lookup::response cControlPlane::acl_lookup(const common::icp::a
 
 		for (const auto& [id, gen_text, orig_text] : rules)
 		{
-			(void)gen_text;
+			YANET_GCC_BUG_UNUSED(gen_text);
 
 			if (ids.count(id))
 			{
@@ -603,7 +615,7 @@ common::icp::getFwLabels::response cControlPlane::command_getFwLabels()
 	for (const auto& [module, acl] : current.acls)
 	{
 		const auto& fw = acl.firewall;
-		(void)module;
+		YANET_GCC_BUG_UNUSED(module);
 		for (const auto& [label, info] : fw->labels())
 		{
 			auto ruleno = std::get<unsigned int>(info);
@@ -621,7 +633,7 @@ common::icp::getFwList::response cControlPlane::command_getFwList(const common::
 	if (rules_type == common::icp::getFwList::requestType::static_rules_original ||
 	    rules_type == common::icp::getFwList::requestType::static_rules_generated)
 	{
-		auto counters = dataPlane.getAclCounters();
+		auto counters = getAclCounters();
 		auto current_guard = generations.current_lock_guard();
 		const auto& current = generations.current();
 		const auto need_orig = (rules_type == common::icp::getFwList::requestType::static_rules_original);
@@ -653,7 +665,7 @@ common::icp::getFwList::response cControlPlane::command_getFwList(const common::
 
 		for (const auto& [id, gen_text, unused_text] : current.dispatcher)
 		{
-			(void)unused_text;
+			YANET_GCC_BUG_UNUSED(unused_text);
 			// XXX: if we need accounting for dispatcher rules
 			//      we can prepare id mappings for them.
 			response_rules.emplace_back(id, 0, gen_text);
@@ -830,6 +842,11 @@ common::icp::convert::response cControlPlane::command_convert(const common::icp:
 	return response;
 }
 
+common::icp::counters_stat::response cControlPlane::command_counters_stat()
+{
+	return counter_manager.full_stat();
+}
+
 common::icp::convert::response cControlPlane::convert_logical_module()
 {
 	common::icp::convert::response response;
@@ -840,7 +857,7 @@ common::icp::convert::response cControlPlane::convert_logical_module()
 
 	for (auto [id, name] : logicalport_id_to_name)
 	{
-		response.push_back({id, name});
+		response.emplace_back(id, name);
 	}
 
 	return response;
@@ -880,7 +897,7 @@ eResult cControlPlane::loadConfig(const std::string& rootFilePath,
 		{
 			{
 				std::unique_lock aclCountersDelta_lock(aclCountersDelta_mutex);
-				aclCountersDelta = dataPlane.getAclCounters();
+				aclCountersDelta = getAclCounters();
 			}
 
 			generations.next_lock();
@@ -999,3 +1016,20 @@ void cControlPlane::register_service(google::protobuf::Service* service)
 {
 	services[service->GetDescriptor()->name()] = service;
 }
+
+std::vector<uint64_t> cControlPlane::getAclCounters()
+{
+	std::vector<uint64_t> response(YANET_CONFIG_ACL_COUNTERS_SIZE);
+
+	uint64_t start_acl_counters = sdp_data.metadata_worker.start_acl_counters;
+	for (const auto& iter : sdp_data.workers)
+	{
+		auto* aclCounters = common::sdp::ShiftBuffer<uint64_t*>(iter.second.buffer, start_acl_counters);
+		for (size_t i = 0; i < YANET_CONFIG_ACL_COUNTERS_SIZE; i++)
+		{
+			response[i] += aclCounters[i];
+		}
+	}
+
+	return response;
+}
diff --git a/controlplane/controlplane.h b/controlplane/controlplane.h
index 89d3c593..7e807a05 100644
--- a/controlplane/controlplane.h
+++ b/controlplane/controlplane.h
@@ -1,8 +1,5 @@
 #pragma once
 
-#include <atomic>
-#include <functional>
-#include <map>
 #include <mutex>
 #include <shared_mutex>
 #include <thread>
@@ -11,16 +8,12 @@
 
 #include <nlohmann/json.hpp>
 
+#include "balancer.h"
 #include "common/generation.h"
 #include "common/icp.h"
 #include "common/idataplane.h"
 #include "common/idp.h"
 #include "common/result.h"
-#include "libprotobuf/controlplane.pb.h"
-
-#include "balancer.h"
-#include "base.h"
-#include "counter.h"
 #include "dregress.h"
 #include "durations.h"
 #include "fqdn.h"
@@ -37,7 +30,7 @@ class cControlPlane
 {
 public:
 	cControlPlane();
-	~cControlPlane();
+	~cControlPlane() = default;
 
 	eResult init(const std::string& jsonFilePath);
 	void start();
@@ -67,14 +60,14 @@ class cControlPlane
 		else if constexpr (std::is_invocable_r_v<common::icp::response, decltype(function)>)
 		{
 			commands[type] = [function](const common::icp::request& request) {
-				(void)request;
+				YANET_GCC_BUG_UNUSED(request);
 				return function();
 			};
 		}
 		else if constexpr (std::is_invocable_r_v<void, decltype(function)>)
 		{
 			commands[type] = [function](const common::icp::request& request) {
-				(void)request;
+				YANET_GCC_BUG_UNUSED(request);
 				function();
 				return std::tuple<>{};
 			};
@@ -100,6 +93,8 @@ class cControlPlane
 		}
 	}
 
+	const common::sdp::DataPlaneInSharedMemory* getSdpData() const;
+
 protected: /** commands */
 	common::icp::getPhysicalPorts::response getPhysicalPorts() const;
 	common::icp::getLogicalPorts::response getLogicalPorts() const;
@@ -124,6 +119,7 @@ class cControlPlane
 	common::icp::loadConfig::response command_loadConfig(const common::icp::loadConfig::request& request);
 	common::icp::version::response command_version();
 	common::icp::convert::response command_convert(const common::icp::convert::request& request);
+	common::icp::counters_stat::response command_counters_stat();
 
 	common::icp::convert::response convert_logical_module();
 
@@ -197,6 +193,8 @@ class cControlPlane
 private:
 	/// used only in loadConfig()
 	controlplane::base_t base;
+	common::sdp::DataPlaneInSharedMemory sdp_data;
 
 	void register_service(google::protobuf::Service* service);
+	std::vector<uint64_t> getAclCounters();
 };
diff --git a/controlplane/counter.h b/controlplane/counter.h
index e33a7bc5..c0a8acd6 100644
--- a/controlplane/counter.h
+++ b/controlplane/counter.h
@@ -1,115 +1,72 @@
 #pragma once
 
+#include "common/icp.h"
+#include "common/sdpclient.h"
+#include "common/sdpcommon.h"
+#include "segment_allocator.h"
 #include <mutex>
 
-#include "type.h"
-
-#include "common/idataplane.h"
-#include "common/refarray.h"
-
 class counter_manager_t
 {
 public:
 	static_assert((uint32_t)common::globalBase::static_counter_type::size <= YANET_CONFIG_COUNTERS_SIZE);
 
-	counter_manager_t()
+	counter_manager_t() :
+	        counter_shifts(YANET_CONFIG_COUNTERS_SIZE, 0)
 	{
-		for (unsigned int counter_id = (uint32_t)common::globalBase::static_counter_type::size;
-		     counter_id < YANET_CONFIG_COUNTERS_SIZE;
-		     counter_id++)
-		{
-			counter_unused_ids.emplace(counter_id);
-		}
-		counter_unused_ids_size = counter_unused_ids.size();
-		counter_shifts.resize(YANET_CONFIG_COUNTERS_SIZE, 0);
 	}
 
-	std::tuple<uint64_t, uint64_t> stats() const
+	void init(const common::sdp::DataPlaneInSharedMemory* sdp_data)
 	{
-		return {YANET_CONFIG_COUNTERS_SIZE - counter_unused_ids_size, YANET_CONFIG_COUNTERS_SIZE};
+		this->sdp_data = sdp_data;
 	}
 
-protected:
-	template<typename key_T,
-	         size_t size_T>
-	friend class counter_t;
-
-	template<size_t size_T>
-	std::array<tCounterId, size_T> counter_reserve()
+	std::tuple<uint64_t, uint64_t> stats() const
 	{
-		static_assert(size_T <= YANET_CONFIG_COUNTER_FALLBACK_SIZE);
+		std::lock_guard<std::mutex> guard(counter_mutex);
+		return {YANET_CONFIG_COUNTERS_SIZE - allocator.Size(), YANET_CONFIG_COUNTERS_SIZE};
+	}
 
+	common::icp::counters_stat::response full_stat() const
+	{
 		std::lock_guard<std::mutex> guard(counter_mutex);
 
-		/// @todo: opt std::array<tCounterId, size_T> reserve_ids;
-		std::vector<tCounterId> reserve_ids;
-		reserve_ids.reserve(size_T);
-		std::set<tCounterId> bad_counter_ids;
-		while (counter_unused_ids.size())
+		const auto* blocks_stat = allocator.GetBlocksStat();
+		std::vector<common::icp::counters_stat::one_size_info> sizes_info;
+		for (uint16_t size = 1; size <= max_buffer_size; size++)
 		{
-			const uint32_t counter_id = *counter_unused_ids.begin();
-			counter_unused_ids.erase(counter_id);
-
-			if (reserve_ids.size())
+			const auto& block = blocks_stat[size];
+			if ((block.used_blocks != 0) || (block.busy_blocks != 0) || (block.used_segments != 0))
 			{
-				if (reserve_ids.back() + 1 != counter_id)
-				{
-					for (const auto& counter_id : reserve_ids)
-					{
-						bad_counter_ids.emplace(counter_id);
-					}
-
-					reserve_ids.clear();
-				}
-			}
-
-			reserve_ids.emplace_back(counter_id);
-
-			if (reserve_ids.size() == size_T)
-			{
-				for (const auto& counter_id : bad_counter_ids)
-				{
-					counter_unused_ids.emplace(counter_id);
-				}
-				bad_counter_ids.clear();
-
-				counter_unused_ids_size = counter_unused_ids.size();
-
-				std::array<tCounterId, size_T> result;
-				std::copy_n(reserve_ids.begin(), size_T, result.begin());
-				return result;
+				sizes_info.emplace_back(size, block.used_blocks, block.busy_blocks, block.used_segments);
 			}
 		}
 
-		for (const auto& counter_id : reserve_ids)
-		{
-			counter_unused_ids.emplace(counter_id);
-		}
+		auto [errors_external, errors_internal] = allocator.GetErrors();
+		common::icp::counters_stat::common_info common_info(blocks_stat[0].used_blocks, ///< free_blocks
+		                                                    allocator.Size(), ///< free_cells_
+		                                                    errors_external, ///< errors_external_
+		                                                    errors_internal); ///< errors_internal_
 
-		for (const auto& counter_id : bad_counter_ids)
-		{
-			counter_unused_ids.emplace(counter_id);
-		}
-		bad_counter_ids.clear();
+		return {common_info, sizes_info};
+	}
 
-		YANET_LOG_WARNING("not enough counters\n");
+protected:
+	template<typename key_T,
+	         size_t size_T>
+	friend class counter_t;
 
-		/// fallback
-		std::array<tCounterId, size_T> result;
-		for (size_t i = 0;
-		     i < size_T;
-		     i++)
-		{
-			result[i] = i;
-		}
-		return result;
+	tCounterId counter_reserve(size_t size)
+	{
+		std::lock_guard<std::mutex> guard(counter_mutex);
+		return allocator.Allocate(size);
 	}
 
 	void counter_allocate(const std::vector<tCounterId>& counter_ids)
 	{
 		/// @todo: check counter_ids are reserved
 
-		const auto getCountersResponse = counter_dataplane.getCounters(counter_ids);
+		const auto getCountersResponse = common::sdp::SdpClient::GetCounters(*sdp_data, counter_ids);
 
 		std::lock_guard<std::mutex> guard(counter_mutex);
 		for (unsigned int i = 0;
@@ -126,7 +83,7 @@ class counter_manager_t
 	{
 		std::vector<uint64_t> result(counter_ids.size());
 
-		const auto getCountersResponse = counter_dataplane.getCounters(counter_ids);
+		const auto getCountersResponse = common::sdp::SdpClient::GetCounters(*sdp_data, counter_ids);
 
 		std::lock_guard<std::mutex> guard(counter_mutex);
 		for (unsigned int i = 0;
@@ -141,22 +98,20 @@ class counter_manager_t
 		return result;
 	}
 
-	void counter_release(const std::vector<tCounterId>& counter_ids)
+	void counter_release(tCounterId counter_id, size_t size)
 	{
 		std::lock_guard<std::mutex> guard(counter_mutex);
-		for (const auto& counter_id : counter_ids)
-		{
-			counter_unused_ids.emplace(counter_id);
-		}
-		counter_unused_ids_size = counter_unused_ids.size();
+		allocator.Free(counter_id, size);
 	}
 
 protected:
+	static constexpr uint32_t counter_index_begin = (((uint32_t)common::globalBase::static_counter_type::size + 63) / 64) * 64;
+	static constexpr uint32_t max_buffer_size = 64;
+
 	mutable std::mutex counter_mutex;
-	interface::dataPlane counter_dataplane;
-	std::set<tCounterId> counter_unused_ids;
-	std::atomic<uint64_t> counter_unused_ids_size;
 	std::vector<uint64_t> counter_shifts;
+	SegmentAllocator<counter_index_begin, YANET_CONFIG_COUNTERS_SIZE, 64 * 64, max_buffer_size, 0> allocator;
+	const common::sdp::DataPlaneInSharedMemory* sdp_data;
 };
 
 template<typename key_T,
@@ -164,10 +119,9 @@ template<typename key_T,
 class counter_t
 {
 public:
-	counter_t() :
-	        manager(nullptr)
-	{
-	}
+	static_assert(size_T <= YANET_CONFIG_COUNTER_FALLBACK_SIZE);
+
+	counter_t() = default;
 
 	void init(counter_manager_t* manager)
 	{
@@ -181,14 +135,14 @@ class counter_t
 
 		std::vector<tCounterId> counter_ids;
 		counter_ids.reserve(counters_inserted.size() * size_T);
-		for (const auto& [key, counter_ids_array] : counters_inserted)
+		for (const auto& [key, counter_id] : counters_inserted)
 		{
-			for (const auto& counter_id : counter_ids_array)
+			for (size_t index = 0; index < size_T; index++)
 			{
-				counter_ids.emplace_back(counter_id);
+				counter_ids.push_back(counter_id + index);
 			}
 
-			counters_allocated.emplace(key, counter_ids_array);
+			counters_allocated.emplace(key, counter_id);
 			callback(key);
 		}
 		counters_inserted.clear();
@@ -198,7 +152,7 @@ class counter_t
 
 	void allocate()
 	{
-		allocate([](const key_T& key) { (void)key; });
+		allocate([]([[maybe_unused]] const key_T& key) {});
 	}
 
 	template<typename callback_T>
@@ -206,27 +160,19 @@ class counter_t
 	{
 		std::lock_guard<std::mutex> guard(mutex);
 
-		std::vector<tCounterId> counter_ids;
-		counter_ids.reserve(counters_gc_removed.size() * size_T);
-		for (const auto& [key, counter_ids_array] : counters_gc_removed)
+		for (const auto& [key, counter_id] : counters_gc_removed)
 		{
-			for (const auto& counter_id : counter_ids_array)
-			{
-				counter_ids.emplace_back(counter_id);
-			}
-
 			callback(key);
 			counters.erase(key);
 			counters_allocated.erase(key);
+			manager->counter_release(counter_id, size_T);
 		}
 		counters_gc_removed.clear();
-
-		manager->counter_release(counter_ids);
 	}
 
 	void release()
 	{
-		release([](const key_T& key) { (void)key; });
+		release([]([[maybe_unused]] const key_T& key) {});
 	}
 
 	void insert(const key_T& key)
@@ -237,7 +183,7 @@ class counter_t
 		if (counters_it != counters.end())
 		{
 			auto& [counter_id, refcount] = counters_it->second;
-			(void)counter_id;
+			YANET_GCC_BUG_UNUSED(counter_id);
 
 			if (!refcount)
 			{
@@ -249,14 +195,12 @@ class counter_t
 		}
 		else
 		{
-			const auto counter_ids = manager->counter_reserve<size_T>();
+			const auto counter_id = manager->counter_reserve(size_T);
 
 			counters.emplace_hint(counters_it,
 			                      key,
-			                      std::tuple<std::array<tCounterId, size_T>,
-			                                 uint32_t>(counter_ids,
-			                                           1));
-			counters_inserted.emplace(key, counter_ids);
+			                      std::tuple<tCounterId, uint32_t>(counter_id, 1));
+			counters_inserted.emplace(key, counter_id);
 		}
 	}
 
@@ -268,7 +212,7 @@ class counter_t
 		auto counters_it = counters.find(key);
 		if (counters_it != counters.end())
 		{
-			auto& [counter_ids_array, refcount] = counters_it->second;
+			auto& [counter_id, refcount] = counters_it->second;
 
 			if (!refcount)
 			{
@@ -283,12 +227,7 @@ class counter_t
 				auto counters_inserted_it = counters_inserted.find(key);
 				if (counters_inserted_it != counters_inserted.end())
 				{
-					std::vector<tCounterId> counter_ids_removed;
-					for (const auto& counter_id : counters_inserted_it->second)
-					{
-						counter_ids_removed.emplace_back(counter_id);
-					}
-					manager->counter_release(counter_ids_removed);
+					manager->counter_release(counters_inserted_it->second, size_T);
 
 					if (counters_allocated.count(key))
 					{
@@ -303,7 +242,7 @@ class counter_t
 					uint32_t timestamp = time(nullptr);
 					timestamp += timeout;
 
-					counters_removed.emplace(key, std::tuple<std::array<tCounterId, size_T>, uint32_t>(counter_ids_array, timestamp));
+					counters_removed.emplace(key, std::tuple<tCounterId, uint32_t>(counter_id, timestamp));
 				}
 			}
 		}
@@ -314,7 +253,7 @@ class counter_t
 		}
 	}
 
-	std::array<tCounterId, size_T> get_ids(const key_T& key)
+	tCounterId get_id(const key_T& key)
 	{
 		std::lock_guard<std::mutex> guard(mutex);
 
@@ -322,26 +261,13 @@ class counter_t
 		if (iter == counters.end())
 		{
 			/// fallback
-			std::array<tCounterId, size_T> result;
-			for (size_t i = 0;
-			     i < size_T;
-			     i++)
-			{
-				result[i] = i;
-			}
-
-			return result;
+			return 0;
 		}
 
-		const auto& [counter_ids, refcount] = iter->second;
-		(void)refcount;
-
-		return counter_ids;
-	}
+		const auto& [counter_id, refcount] = iter->second;
+		YANET_GCC_BUG_UNUSED(refcount);
 
-	tCounterId get_id(const key_T& key)
-	{
-		return get_ids(key)[0];
+		return counter_id;
 	}
 
 	std::map<key_T, std::array<uint64_t, size_T>> get_counters() const ///< get_values
@@ -350,13 +276,13 @@ class counter_t
 
 		/// @todo: opt
 		std::vector<tCounterId> manager_counter_ids;
-		for (const auto& [key, counter_ids_array] : counters_allocated)
+		for (const auto& [key, counter_id] : counters_allocated)
 		{
-			(void)key;
+			YANET_GCC_BUG_UNUSED(key);
 
-			for (const auto& counter_id : counter_ids_array)
+			for (size_t index = 0; index < size_T; index++)
 			{
-				manager_counter_ids.emplace_back(counter_id);
+				manager_counter_ids.emplace_back(counter_id + index);
 			}
 		}
 
@@ -365,9 +291,9 @@ class counter_t
 		std::map<key_T, std::array<uint64_t, size_T>> result;
 
 		size_t i = 0;
-		for (const auto& [key, counter_ids_array] : counters_allocated)
+		for (const auto& [key, counter_id] : counters_allocated)
 		{
-			(void)counter_ids_array;
+			YANET_GCC_BUG_UNUSED(counter_id);
 
 			std::array<uint64_t, size_T> array;
 			for (size_t array_i = 0;
@@ -384,6 +310,12 @@ class counter_t
 		return result;
 	}
 
+	size_t size() const
+	{
+		std::lock_guard<std::mutex> guard(mutex);
+		return counters_allocated.size();
+	}
+
 	void gc()
 	{
 		std::lock_guard<std::mutex> guard(mutex);
@@ -396,11 +328,11 @@ class counter_t
 			     counters_removed_it != counters_removed.end();)
 			{
 				const auto& [key, ids_timestamp] = *counters_removed_it;
-				const auto& [counter_ids_array, timestamp] = ids_timestamp;
+				const auto& [counter_id, timestamp] = ids_timestamp;
 
 				if (current_time >= timestamp)
 				{
-					counters_gc_removed.emplace(key, counter_ids_array);
+					counters_gc_removed.emplace(key, counter_id);
 
 					counters_removed_it = counters_removed.erase(counters_removed_it);
 					continue;
@@ -412,29 +344,13 @@ class counter_t
 	}
 
 protected:
-	counter_manager_t* manager;
+	counter_manager_t* manager{};
 
 	mutable std::mutex mutex;
 
-	std::map<key_T,
-	         std::tuple<std::array<tCounterId, size_T>,
-	                    uint32_t>>
-	        counters; ///< refcount
-
-	std::map<key_T,
-	         std::array<tCounterId, size_T>>
-	        counters_inserted;
-
-	std::map<key_T,
-	         std::tuple<std::array<tCounterId, size_T>,
-	                    uint32_t>>
-	        counters_removed; ///< timestamp
-
-	std::map<key_T,
-	         std::array<tCounterId, size_T>>
-	        counters_gc_removed;
-
-	std::map<key_T,
-	         std::array<tCounterId, size_T>>
-	        counters_allocated;
+	std::map<key_T, std::tuple<tCounterId, uint32_t>> counters; ///< refcount
+	std::map<key_T, tCounterId> counters_inserted;
+	std::map<key_T, std::tuple<tCounterId, uint32_t>> counters_removed; ///< timestamp
+	std::map<key_T, tCounterId> counters_gc_removed;
+	std::map<key_T, tCounterId> counters_allocated;
 };
diff --git a/controlplane/dregress.cpp b/controlplane/dregress.cpp
index c5a10764..21156075 100644
--- a/controlplane/dregress.cpp
+++ b/controlplane/dregress.cpp
@@ -48,12 +48,12 @@ void dregress_t::prefix_insert(const std::tuple<std::string, uint32_t>& vrf_prio
 
 	for (const auto& [pptn_index, path_info_to_nh_ptr] : nexthops)
 	{
-		(void)pptn_index;
+		YANET_GCC_BUG_UNUSED(pptn_index);
 
 		for (const auto& [path_info, nexthop_stuff_ptr] : path_info_to_nh_ptr)
 		{
 			const auto& [nexthop, labels, origin, med, aspath, nexthop_communities, large_communities, local_preference] = *nexthop_stuff_ptr;
-			(void)large_communities;
+			YANET_GCC_BUG_UNUSED(large_communities);
 
 			if ((prefix.is_ipv4() && nexthop.is_ipv4()) ||
 			    (prefix.is_ipv6() && nexthop.is_ipv6()))
@@ -232,7 +232,7 @@ void dregress_t::compile(common::idp::updateGlobalBase::request& globalbase,
 
 	for (const auto& [config_module_name, config_module] : generation.dregresses)
 	{
-		(void)config_module_name;
+		YANET_GCC_BUG_UNUSED(config_module_name);
 
 		globalbase.emplace_back(common::idp::updateGlobalBase::requestType::dregress_local_prefix_update,
 		                        config_module.localPrefixes);
@@ -297,11 +297,11 @@ void dregress_t::value_compile(common::idp::updateGlobalBase::request& globalbas
 	bool is_best = true;
 	for (const auto& [attribute, destinations] : attribute_destinations)
 	{
-		(void)attribute;
+		YANET_GCC_BUG_UNUSED(attribute);
 
 		for (const auto& [nexthop, label, communities, peer_as, origin_as] : destinations)
 		{
-			(void)vrf_priority; ///< @todo
+			YANET_GCC_BUG_UNUSED(vrf_priority); ///< @todo
 			auto community = generation.get_peer_link_community(communities);
 			if (community)
 			{
diff --git a/controlplane/dregress.h b/controlplane/dregress.h
index 3ea8cd41..a512b1b8 100644
--- a/controlplane/dregress.h
+++ b/controlplane/dregress.h
@@ -1,6 +1,7 @@
 #pragma once
 
 #include "base.h"
+#include "isystem.h"
 #include "module.h"
 #include "rib.h"
 #include "type.h"
@@ -26,33 +27,29 @@ using value_key_t = std::tuple<std::tuple<std::string, ///< vrf
 class generation_t
 {
 public:
-	generation_t()
-	{
-	}
+	generation_t() = default;
 
-	void update(const controlplane::base_t& base_prev,
+	void update([[maybe_unused]] const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
-
 		routes = base_next.routes;
 		dregresses = base_next.dregresses;
 
 		/// @todo: VRF
 		for (const auto& [moduleName, dregress] : dregresses)
 		{
-			(void)moduleName;
+			YANET_GCC_BUG_UNUSED(moduleName);
 
 			our_as.insert(dregress.ourAs.begin(), dregress.ourAs.end());
 		}
 	}
 
-	std::optional<community_t> get_peer_link_community(const std::set<community_t>& communities) const
+	[[nodiscard]] std::optional<community_t> get_peer_link_community(const std::set<community_t>& communities) const
 	{
 		/// @todo: VRF
 		for (const auto& [moduleName, dregress] : dregresses)
 		{
-			(void)moduleName;
+			YANET_GCC_BUG_UNUSED(moduleName);
 
 			for (const auto& community : communities)
 			{
diff --git a/controlplane/durations.h b/controlplane/durations.h
index a9df8bf9..8b64d3f6 100644
--- a/controlplane/durations.h
+++ b/controlplane/durations.h
@@ -2,9 +2,7 @@
 
 #include <mutex>
 
-#include "base.h"
 #include "module.h"
-#include "type.h"
 
 class durations_t : public module_t
 {
diff --git a/controlplane/errors.h b/controlplane/errors.h
index 81f63891..468a3d3c 100644
--- a/controlplane/errors.h
+++ b/controlplane/errors.h
@@ -1,5 +1,6 @@
 #pragma once
 
+#include <stdexcept>
 #include <string>
 
 #include "common/result.h"
@@ -11,7 +12,7 @@ class error_result_t : public std::runtime_error
 	        std::runtime_error(error), code(result)
 	{}
 
-	eResult result() const
+	[[nodiscard]] eResult result() const
 	{
 		return code;
 	}
diff --git a/controlplane/fqdn.cpp b/controlplane/fqdn.cpp
index 0852ca39..503d1ce4 100644
--- a/controlplane/fqdn.cpp
+++ b/controlplane/fqdn.cpp
@@ -21,10 +21,8 @@ void fqdn_t::reload_before()
 
 void fqdn_t::reload(const controlplane::base_t& base_prev,
                     const controlplane::base_t& base_next,
-                    common::idp::updateGlobalBase::request& globalbase)
+                    [[maybe_unused]] common::idp::updateGlobalBase::request& globalbase)
 {
-	(void)globalbase;
-
 	generations.next().update(base_prev, base_next);
 }
 
diff --git a/controlplane/fqdn.h b/controlplane/fqdn.h
index 373601a6..26ebf043 100644
--- a/controlplane/fqdn.h
+++ b/controlplane/fqdn.h
@@ -1,7 +1,6 @@
 #pragma once
 
 #include "base.h"
-#include "counter.h"
 #include "module.h"
 #include "type.h"
 
@@ -18,7 +17,7 @@ class generation_t
 	void update(const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
+		YANET_GCC_BUG_UNUSED(base_prev);
 
 		vrf_fqdns = base_next.vrf_fqdns;
 
diff --git a/controlplane/isystem.cpp b/controlplane/isystem.cpp
index f95db2d0..b3182d7d 100644
--- a/controlplane/isystem.cpp
+++ b/controlplane/isystem.cpp
@@ -1,13 +1,12 @@
-#include <errno.h>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
 #include <ifaddrs.h>
 #include <linux/sockios.h>
 #include <net/if.h>
 #include <net/if_arp.h>
 #include <netdb.h>
 #include <netinet/in.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <unistd.h>
@@ -41,11 +40,11 @@ bool system::getEtherAddress(const uint32_t& ipAddress,
 {
 	/// @todo: try to connect
 
-	int arpSocket;
+	int arpSocket = 0;
 	struct arpreq request;
-	struct sockaddr_in* sin;
-	struct ifaddrs* interfaces;
-	struct ifaddrs* interfaceNext;
+	struct sockaddr_in* sin = nullptr;
+	struct ifaddrs* interfaces = nullptr;
+	struct ifaddrs* interfaceNext = nullptr;
 
 	arpSocket = socket(AF_INET, SOCK_DGRAM, 0);
 	if (arpSocket == -1)
@@ -179,8 +178,7 @@ void system::updateRoute(const uint32_t& network,
 		snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), " nexthop via %s", ipv4_address_t(nexthop).toString().data());
 	}
 
-	int ret = ::system(buffer);
-	(void)ret;
+	[[maybe_unused]] int ret = ::system(buffer);
 }
 
 void system::updateRoute(const ip_prefix_t& prefix,
@@ -221,8 +219,7 @@ void system::removeRoute(const uint32_t& network,
 	char buffer[512];
 	snprintf(buffer, sizeof(buffer), "ip route del %s", prefix.toString().data());
 
-	int ret = ::system(buffer);
-	(void)ret;
+	[[maybe_unused]] int ret = ::system(buffer);
 }
 
 void system::removeRoute(const ip_prefix_t& prefix)
@@ -242,9 +239,9 @@ std::set<uint32_t> system::getLocalIpAddresses()
 {
 	std::set<uint32_t> result;
 
-	struct ifaddrs* ifaddr;
-	struct ifaddrs* ifa;
-	int n;
+	struct ifaddrs* ifaddr = nullptr;
+	struct ifaddrs* ifa = nullptr;
+	int n = 0;
 
 	if (getifaddrs(&ifaddr) == -1)
 	{
@@ -276,9 +273,9 @@ std::set<std::array<uint8_t, 16>> system::getLocalIPv6Addresses()
 {
 	std::set<std::array<uint8_t, 16>> result;
 
-	struct ifaddrs* ifaddr;
-	struct ifaddrs* ifa;
-	int n;
+	struct ifaddrs* ifaddr = nullptr;
+	struct ifaddrs* ifa = nullptr;
+	int n = 0;
 
 	if (getifaddrs(&ifaddr) == -1)
 	{
@@ -308,11 +305,9 @@ std::set<std::array<uint8_t, 16>> system::getLocalIPv6Addresses()
 	return result;
 }
 
-std::optional<mac_address_t> system::get_mac_address(const std::string& vrf,
+std::optional<mac_address_t> system::get_mac_address([[maybe_unused]] const std::string& vrf,
                                                      const ip_address_t& address)
 {
-	(void)vrf; ///< @todo: VRF
-
 	if (address.is_ipv4())
 	{
 		std::array<uint8_t, 6> neighborMacAddress;
diff --git a/controlplane/libbird.cpp b/controlplane/libbird.cpp
index 79939bb0..3cd478b4 100644
--- a/controlplane/libbird.cpp
+++ b/controlplane/libbird.cpp
@@ -1,5 +1,8 @@
 #include "libbird.h"
 
+#include <vector>
+#include <unistd.h>
+#include <sys/un.h>
 #include <vector>
 #include "common/type.h"
 #include "common/icp.h"
diff --git a/controlplane/main.cpp b/controlplane/main.cpp
index 2fb6debf..bb2a45c2 100644
--- a/controlplane/main.cpp
+++ b/controlplane/main.cpp
@@ -1,7 +1,5 @@
-#include <signal.h>
-//#include <systemd/sd-daemon.h>
-
-#include <iostream>
+#include <csignal>
+#include <systemd/sd-daemon.h>
 
 #include "controlplane.h"
 
@@ -49,7 +47,7 @@ int main(int argc,
 	/** @todo
 	if (signal(SIGINT, handleSignal) == SIG_ERR)
 	{
-		return 3;
+	        return 3;
 	}
 	*/
 
diff --git a/controlplane/memory_manager.cpp b/controlplane/memory_manager.cpp
index 4f2990d9..a41d1f15 100644
--- a/controlplane/memory_manager.cpp
+++ b/controlplane/memory_manager.cpp
@@ -2,11 +2,9 @@
 
 using namespace controlplane::memory_manager;
 
-void memory_manager::reload(const base_t& base_prev,
+void memory_manager::reload([[maybe_unused]] const base_t& base_prev,
                             const base_t& base_next,
-                            common::idp::updateGlobalBase::request& globalbase)
+                            [[maybe_unused]] common::idp::updateGlobalBase::request& globalbase)
 {
-	(void)base_prev;
-	(void)globalbase;
 	dataplane.memory_manager_update(base_next.root_memory_group);
 }
diff --git a/controlplane/module.cpp b/controlplane/module.cpp
index 6d6c1f71..2622ea41 100644
--- a/controlplane/module.cpp
+++ b/controlplane/module.cpp
@@ -6,10 +6,6 @@ cModule::cModule() :
 {
 }
 
-cModule::~cModule()
-{
-}
-
 eResult cModule::moduleInit(cControlPlane* controlPlane)
 {
 	this->controlPlane = controlPlane;
@@ -66,27 +62,22 @@ void cModule::moduleJoin()
 	join();
 }
 
-void cModule::limit(common::icp::limit_summary::response& limits) const
+void cModule::limit([[maybe_unused]] common::icp::limit_summary::response& limits) const
 {
-	(void)limits;
 }
 
-void cModule::controlplane_values(common::icp::controlplane_values::response& controlplane_values) const
+void cModule::controlplane_values([[maybe_unused]] common::icp::controlplane_values::response& controlplane_values) const
 {
-	(void)controlplane_values;
 }
 
 void cModule::reload_before()
 {
 }
 
-void cModule::reload(const controlplane::base_t& base_prev,
-                     const controlplane::base_t& base_next,
-                     common::idp::updateGlobalBase::request& globalbase)
+void cModule::reload([[maybe_unused]] const controlplane::base_t& base_prev,
+                     [[maybe_unused]] const controlplane::base_t& base_next,
+                     [[maybe_unused]] common::idp::updateGlobalBase::request& globalbase)
 {
-	(void)base_prev;
-	(void)base_next;
-	(void)globalbase;
 }
 
 void cModule::reload_after()
diff --git a/controlplane/module.h b/controlplane/module.h
index fd107bdc..1fc336b5 100644
--- a/controlplane/module.h
+++ b/controlplane/module.h
@@ -20,7 +20,7 @@ class cModule
 {
 public:
 	cModule();
-	virtual ~cModule();
+	virtual ~cModule() = default;
 
 	eResult moduleInit(cControlPlane* controlPlane);
 	void moduleStart();
diff --git a/controlplane/nat46clat.cpp b/controlplane/nat46clat.cpp
index 54f19af0..cdbf0753 100644
--- a/controlplane/nat46clat.cpp
+++ b/controlplane/nat46clat.cpp
@@ -3,11 +3,9 @@
 
 using namespace nat46clat;
 
-void generation_config::update(const controlplane::base_t& base_prev,
+void generation_config::update([[maybe_unused]] const controlplane::base_t& base_prev,
                                const controlplane::base_t& base_next)
 {
-	(void)base_prev;
-
 	config_nat46clats = base_next.nat46clats;
 
 	for (const auto& [module_name, nat46clat] : base_next.nat46clats)
@@ -55,14 +53,14 @@ void manager::reload(const controlplane::base_t& base_prev,
 
 	for (const auto& [module_name, nat46clat] : base_next.nat46clats)
 	{
-		(void)nat46clat;
+		YANET_GCC_BUG_UNUSED(nat46clat);
 
 		module_counters.insert(module_name);
 	}
 
 	for (const auto& [module_name, nat46clat] : base_prev.nat46clats)
 	{
-		(void)nat46clat;
+		YANET_GCC_BUG_UNUSED(nat46clat);
 
 		module_counters.remove(module_name);
 	}
diff --git a/controlplane/nat64stateful.cpp b/controlplane/nat64stateful.cpp
index 23e2c96e..f7f66d1a 100644
--- a/controlplane/nat64stateful.cpp
+++ b/controlplane/nat64stateful.cpp
@@ -33,14 +33,14 @@ void nat64stateful_t::reload(const controlplane::base_t& base_prev,
 
 	for (const auto& [name, nat64stateful] : base_next.nat64statefuls)
 	{
-		(void)nat64stateful;
+		YANET_GCC_BUG_UNUSED(nat64stateful);
 
 		module_counters.insert(name);
 	}
 
 	for (const auto& [name, nat64stateful] : base_prev.nat64statefuls)
 	{
-		(void)nat64stateful;
+		YANET_GCC_BUG_UNUSED(nat64stateful);
 
 		module_counters.remove(name);
 	}
diff --git a/controlplane/nat64stateful.h b/controlplane/nat64stateful.h
index c5be76c3..41b5a4bd 100644
--- a/controlplane/nat64stateful.h
+++ b/controlplane/nat64stateful.h
@@ -10,7 +10,6 @@
 #include "common/generation.h"
 #include "common/icp.h"
 #include "common/idataplane.h"
-#include "common/refarray.h"
 
 namespace nat64stateful
 {
@@ -20,11 +19,9 @@ using module_counter_key_t = std::string; ///< module_name
 class generation_config_t
 {
 public:
-	void update(const controlplane::base_t& base_prev,
+	void update([[maybe_unused]] const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
-
 		config_nat64statefuls = base_next.nat64statefuls;
 
 		for (const auto& [name, nat64stateful] : base_next.nat64statefuls)
diff --git a/controlplane/protobus.cpp b/controlplane/protobus.cpp
index d0316793..79b37f43 100644
--- a/controlplane/protobus.cpp
+++ b/controlplane/protobus.cpp
@@ -1,7 +1,6 @@
 #include <vector>
 
 #include <fcntl.h>
-#include <inttypes.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -101,7 +100,7 @@ void protoBus::clientThread(int clientSocket)
 
 	for (;;)
 	{
-		uint64_t messageSize;
+		uint64_t messageSize = 0;
 		if (auto err = common::recvAll(clientSocket, (char*)&messageSize, sizeof(messageSize)); err != 0)
 		{
 			if (err > 0)
diff --git a/controlplane/protobus.h b/controlplane/protobus.h
index 921e9bac..e24b7c4f 100644
--- a/controlplane/protobus.h
+++ b/controlplane/protobus.h
@@ -1,12 +1,8 @@
 #pragma once
 
-#include "common/icp.h"
-
 #include "module.h"
 
-namespace controlplane
-{
-namespace module
+namespace controlplane::module
 {
 
 class protoBus : public cModule
@@ -27,4 +23,3 @@ class protoBus : public cModule
 };
 
 }
-}
diff --git a/controlplane/rib.cpp b/controlplane/rib.cpp
index a5379f3b..53576cc7 100644
--- a/controlplane/rib.cpp
+++ b/controlplane/rib.cpp
@@ -6,14 +6,6 @@
 
 using namespace controlplane::module;
 
-rib_t::rib_t()
-{
-}
-
-rib_t::~rib_t()
-{
-}
-
 eResult rib_t::init()
 {
 	controlPlane->register_command(common::icp::requestType::rib_update, [this](const common::icp::request& request) {
@@ -75,13 +67,10 @@ eResult rib_t::init()
 	return eResult::success;
 }
 
-void rib_t::reload(const controlplane::base_t& base_prev,
+void rib_t::reload([[maybe_unused]] const controlplane::base_t& base_prev,
                    const controlplane::base_t& base_next,
-                   common::idp::updateGlobalBase::request& globalbase)
+                   [[maybe_unused]] common::idp::updateGlobalBase::request& globalbase)
 {
-	(void)base_prev;
-	(void)globalbase;
-
 	common::icp::rib_update::request request;
 
 	{
@@ -187,7 +176,7 @@ void rib_t::rib_insert(const common::icp::rib_update::insert& request)
 			for (const auto& [nexthop, nlris] : nexthops)
 			{
 				auto& [summary_prefixes, summary_paths, summary_eor] = this->summary[{vrf, priority, protocol, peer, table_name}];
-				(void)summary_eor;
+				YANET_GCC_BUG_UNUSED(summary_eor);
 
 				for (const auto& [prefix, path_information, labels] : nlris)
 				{
@@ -287,13 +276,13 @@ void rib_t::rib_remove(const common::icp::rib_update::remove& request)
 			}
 
 			auto& [summary_prefixes, summary_paths, summary_eor] = this->summary[{vrf, priority, protocol, peer, table_name}];
-			(void)summary_eor;
+			YANET_GCC_BUG_UNUSED(summary_eor);
 
 			rib::pptn_t current_pptn = {protocol, peer, table_name};
 
 			for (const auto& [prefix, path_information, labels] : nlris)
 			{
-				(void)labels;
+				YANET_GCC_BUG_UNUSED(labels);
 
 				unsigned int prefixes_diff = 0;
 				unsigned int paths_diff = 0;
@@ -382,9 +371,9 @@ void rib_t::rib_clear(const common::icp::rib_update::clear& request)
 		{
 			const auto& [vrf, priority, protocol, peer, table_name] = summary_key;
 			auto& [summary_prefixes, summary_paths, summary_eor] = summary_value;
-			(void)table_name;
-			(void)summary_prefixes;
-			(void)summary_paths;
+			YANET_GCC_BUG_UNUSED(table_name);
+			YANET_GCC_BUG_UNUSED(summary_prefixes);
+			YANET_GCC_BUG_UNUSED(summary_paths);
 
 			if (protocol != request_protocol)
 			{
@@ -419,7 +408,7 @@ void rib_t::rib_clear(const common::icp::rib_update::clear& request)
 			if (request_attribute)
 			{
 				const auto& [request_peer, request_vrf_priority] = *request_attribute;
-				(void)request_peer;
+				YANET_GCC_BUG_UNUSED(request_peer);
 
 				if (request_vrf_priority != vrf_priority)
 				{
@@ -434,7 +423,7 @@ void rib_t::rib_clear(const common::icp::rib_update::clear& request)
 				for (auto& [pptn_index, path_info_to_nh_ptr] : pptn_to_path_info_to_nh_ptr)
 				{
 					const auto& [protocol, peer, table_name] = proto_peer_table_name[pptn_index];
-					(void)table_name;
+					YANET_GCC_BUG_UNUSED(table_name);
 
 					if (request_protocol != protocol)
 					{
@@ -444,7 +433,7 @@ void rib_t::rib_clear(const common::icp::rib_update::clear& request)
 					if (request_attribute)
 					{
 						const auto& [request_peer, request_vrf_priority] = request_attribute.value();
-						(void)request_vrf_priority;
+						YANET_GCC_BUG_UNUSED(request_vrf_priority);
 
 						if (request_peer != peer)
 						{
@@ -454,7 +443,7 @@ void rib_t::rib_clear(const common::icp::rib_update::clear& request)
 
 					for (auto& [path_info, nh_ptr] : path_info_to_nh_ptr)
 					{
-						(void)path_info;
+						YANET_GCC_BUG_UNUSED(path_info);
 						--nh_to_ref_count[*nh_ptr];
 
 						// nexthop stuff is not referenced by any prefix anymore - remove it entirely
@@ -516,8 +505,8 @@ void rib_t::rib_clear(const common::icp::rib_update::clear& request)
 		for (auto& [summary_key, summary_value] : this->summary)
 		{
 			const auto& [vrf, priority, protocol, peer, table_name] = summary_key;
-			(void)summary_value;
-			(void)table_name;
+			YANET_GCC_BUG_UNUSED(summary_value);
+			YANET_GCC_BUG_UNUSED(table_name);
 
 			if (protocol != request_protocol)
 			{
@@ -556,15 +545,15 @@ void rib_t::rib_eor(const common::icp::rib_update::eor& request)
 	const auto& [protocol, vrf, priority, peer, table_name] = request;
 
 	auto& [summary_prefixes, summary_paths, summary_eor] = this->summary[{vrf, priority, protocol, peer, table_name}];
-	(void)summary_prefixes;
-	(void)summary_paths;
+	YANET_GCC_BUG_UNUSED(summary_prefixes);
+	YANET_GCC_BUG_UNUSED(summary_paths);
 
 	summary_eor = true;
 }
 
 void rib_t::rib_flush(bool force_flush)
 {
-	bool flush;
+	bool flush = false;
 	{
 		std::lock_guard<std::mutex> rib_update_guard(rib_update_mutex);
 		std::lock_guard<std::mutex> prefixes_guard(prefixes_mutex);
@@ -662,7 +651,7 @@ common::icp::rib_lookup::response rib_t::rib_lookup(const common::icp::rib_looku
 		for (const auto& [vrf_priority, prefixes_to_pptn_to_path_info_to_nh_ptr] : prefixes_to_path_info_to_nh_ptr)
 		{
 			const auto& [vrf, priority] = vrf_priority;
-			(void)priority;
+			YANET_GCC_BUG_UNUSED(priority);
 
 			if (request_vrf != vrf)
 			{
@@ -705,7 +694,7 @@ common::icp::rib_get::response rib_t::rib_get(const common::icp::rib_get::reques
 	for (const auto& [vrf_priority, prefixes_to_pptn_to_path_info_to_nh_ptr] : prefixes_to_path_info_to_nh_ptr)
 	{
 		const auto& [vrf, priority] = vrf_priority;
-		(void)priority;
+		YANET_GCC_BUG_UNUSED(priority);
 
 		if (request_vrf != vrf)
 		{
@@ -822,7 +811,7 @@ void rib_t::rib_load(const common::icp::rib_load::request& request)
 		{
 			for (const auto& [prefix, pptn_to_path_info_to_nh_ptr] : prefixes_to_pptn_to_path_info_to_nh_ptr)
 			{
-				(void)pptn_to_path_info_to_nh_ptr;
+				YANET_GCC_BUG_UNUSED(pptn_to_path_info_to_nh_ptr);
 				this->prefixes_reb[vrf_priority].insert(prefix);
 			}
 		}
@@ -837,7 +826,7 @@ void rib_t::rib_load(const common::icp::rib_load::request& request)
 		{
 			const auto& [index, ref_count] = index_ref_count_pair;
 			auto [nh_to_ref_count_it, insert_result] = this->nh_to_ref_count.insert({nh, ref_count});
-			(void)insert_result;
+			YANET_GCC_BUG_UNUSED(insert_result);
 
 			const rib::nexthop_stuff_t* nh_ptr = &(nh_to_ref_count_it->first);
 
diff --git a/controlplane/rib.h b/controlplane/rib.h
index 06f75332..b16bd576 100644
--- a/controlplane/rib.h
+++ b/controlplane/rib.h
@@ -1,28 +1,12 @@
 #pragma once
 
-#include <array>
+#include "module.h"
 #include <atomic>
-#include <functional>
-#include <map>
 #include <mutex>
-#include <set>
-#include <tuple>
-#include <unordered_map>
-#include <unordered_set>
-
-#include "common/icp.h"
-#include "common/idataplane.h"
-#include "common/idp.h"
-
-#include "isystem.h"
-#include "module.h"
-#include "type.h"
 
 namespace rib
 {
 
-using nexthop_t = common::rib::nexthop_t;
-
 using vrf_priority_t = common::rib::vrf_priority_t;
 
 using pptn_t = common::rib::pptn_t;
@@ -38,8 +22,8 @@ using path_info_to_nexthop_stuff_ptr_t = common::rib::path_info_to_nexthop_stuff
 class rib_t : public cModule
 {
 public:
-	rib_t();
-	~rib_t() override;
+	rib_t() = default;
+	~rib_t() override = default;
 
 	eResult init() override;
 	void reload(const controlplane::base_t& base_prev, const controlplane::base_t& base_next, common::idp::updateGlobalBase::request& globalbase) override;
@@ -95,8 +79,8 @@ class rib_t : public cModule
 	                              std::string, ///< protocol
 	                              ip_address_t, ///< peer
 	                              std::string>, ///< table_name
-	                   std::tuple<common::uint64,
-	                              common::uint64,
-	                              common::uint8>>
+	                   std::tuple<common::uint64, ///< prefixes
+	                              common::uint64, ///< paths
+	                              common::uint8>> ///< eor
 	        summary;
 };
diff --git a/controlplane/route.cpp b/controlplane/route.cpp
index 4d7b066c..73e0380b 100644
--- a/controlplane/route.cpp
+++ b/controlplane/route.cpp
@@ -1,5 +1,24 @@
 #include "route.h"
+#include "common/icp.h"
 #include "controlplane.h"
+#include "controlplane/route.h"
+
+uint32_t ExtractPeerIdFromPathInformation(const std::string& path_information)
+{
+	auto pi_it = path_information.find_last_of(':');
+	if (pi_it != std::string::npos)
+	{
+		try
+		{
+			return std::stoll(path_information.substr(pi_it + 1), nullptr, 0);
+		}
+		catch (...)
+		{
+			YANET_LOG_WARNING("bad peer_id: %s\n", path_information.data());
+		}
+	}
+	return 0;
+}
 
 eResult route_t::init()
 {
@@ -14,6 +33,8 @@ eResult route_t::init()
 	tunnel_counter.insert({true, 0, ip_address_t(), 0}); ///< fallback v4
 	tunnel_counter.insert({false, 0, ip_address_t(), 0}); ///< fallback v6
 
+	route_counter.init(&controlPlane->counter_manager);
+
 	controlPlane->register_command(common::icp::requestType::route_config, [this]() {
 		return route_config();
 	});
@@ -30,6 +51,14 @@ eResult route_t::init()
 		return route_get(std::get<common::icp::route_get::request>(std::get<1>(request)));
 	});
 
+	controlPlane->register_command(common::icp::requestType::route_counters, [this]() {
+		return route_counters();
+	});
+
+	controlPlane->register_command(common::icp::requestType::route_tunnel_counters, [this]() {
+		return route_tunnel_counters();
+	});
+
 	controlPlane->register_command(common::icp::requestType::route_interface, [this]() {
 		return route_interface();
 	});
@@ -60,8 +89,7 @@ void route_t::prefix_update(const std::tuple<std::string, uint32_t>& vrf_priorit
 		                    std::size_t,
 		                    std::string,
 		                    uint32_t>,
-		         std::set<std::tuple<ip_address_t,
-		                             std::vector<uint32_t>>>>
+		         route::destination_interface_t>
 		        interface_destination_next;
 		for (const auto& [pptn_index, path_info_to_nh_ptr] : *nexthops)
 		{
@@ -73,7 +101,7 @@ void route_t::prefix_update(const std::tuple<std::string, uint32_t>& vrf_priorit
 				auto current_guard = generations.current_lock_guard();
 				for (const auto& [name, module] : generations.current().routes) ///< @todo: DELETE
 				{
-					(void)name;
+					YANET_GCC_BUG_UNUSED(name);
 
 					if (exist(module.ignore_tables, table_name))
 					{
@@ -89,17 +117,17 @@ void route_t::prefix_update(const std::tuple<std::string, uint32_t>& vrf_priorit
 
 			for (const auto& [path_info, nh_ptr] : path_info_to_nh_ptr)
 			{
-				(void)path_info;
+				uint32_t peer_id = ExtractPeerIdFromPathInformation(path_info);
 
 				const auto& [nexthop, labels, origin, med, aspath, communities, large_communities, local_preference] = *nh_ptr;
-				(void)communities;
-				(void)large_communities;
+				YANET_GCC_BUG_UNUSED(communities);
+				YANET_GCC_BUG_UNUSED(large_communities);
 
 				interface_destination_next[{std::numeric_limits<decltype(local_preference)>::max() - local_preference,
 				                            aspath.size(),
 				                            origin,
 				                            med}]
-				        .emplace(nexthop, labels);
+				        .emplace(nexthop, peer_id, prefix, labels);
 			}
 		}
 
@@ -187,12 +215,12 @@ void route_t::tunnel_prefix_update(const std::tuple<std::string, uint32_t>& vrf_
 
 		for (const auto& [pptn_index, path_info_to_nh_ptr] : *nexthops)
 		{
-			(void)pptn_index;
+			YANET_GCC_BUG_UNUSED(pptn_index);
 
 			for (const auto& [path_information, nh_ptr] : path_info_to_nh_ptr)
 			{
 				const auto& [nexthop, labels, origin, med, aspath, communities, large_communities, local_preference] = *nh_ptr;
-				(void)communities;
+				YANET_GCC_BUG_UNUSED(communities);
 
 				if ((prefix.is_ipv4() && nexthop.is_ipv4()) ||
 				    (prefix.is_ipv4() && nexthop.is_ipv6()) ||
@@ -200,7 +228,6 @@ void route_t::tunnel_prefix_update(const std::tuple<std::string, uint32_t>& vrf_
 				{
 					if (labels.size() == 1)
 					{
-						uint32_t peer_id = 0;
 						uint32_t origin_as = 0;
 						uint32_t weight = 0;
 						std::optional<uint32_t> override_length;
@@ -210,18 +237,7 @@ void route_t::tunnel_prefix_update(const std::tuple<std::string, uint32_t>& vrf_
 							origin_as = aspath.back();
 						}
 
-						auto pi_it = path_information.find_last_of(':');
-						if (pi_it != std::string::npos)
-						{
-							try
-							{
-								peer_id = std::stoll(path_information.substr(pi_it + 1), nullptr, 0);
-							}
-							catch (...)
-							{
-								YANET_LOG_WARNING("bad peer_id: %s\n", path_information.data());
-							}
-						}
+						uint32_t peer_id = ExtractPeerIdFromPathInformation(path_information);
 
 						if (peer_id < 10000 ||
 						    peer_id >= 11000)
@@ -386,11 +402,13 @@ void route_t::prefix_flush()
 	generations_neighbors.next_lock();
 
 	tunnel_counter.allocate();
+	route_counter.allocate();
 
 	compile(globalbase, generations.current());
 	dataplane.updateGlobalBase(globalbase); ///< может вызвать исключение, которое никто не поймает, и это приведёт к abort()
 
 	tunnel_counter.release();
+	route_counter.release();
 
 	generations_neighbors.next_unlock();
 	generations.next_unlock();
@@ -441,7 +459,7 @@ common::icp::route_lookup::response route_t::route_lookup(const common::icp::rou
 		if (exist(prefixes, vrf))
 		{
 			const auto& [priority_current, update] = prefixes[vrf];
-			(void)update;
+			YANET_GCC_BUG_UNUSED(update);
 
 			for (auto it = priority_current.rbegin();
 			     it != priority_current.rend();
@@ -501,7 +519,7 @@ common::icp::route_get::response route_t::route_get(const common::icp::route_get
 		if (exist(prefixes, vrf))
 		{
 			const auto& [priority_current, update] = prefixes[vrf];
-			(void)update;
+			YANET_GCC_BUG_UNUSED(update);
 
 			for (auto it = priority_current.rbegin();
 			     it != priority_current.rend();
@@ -537,6 +555,46 @@ common::icp::route_get::response route_t::route_get(const common::icp::route_get
 	return result;
 }
 
+common::icp::route_counters::response route_t::route_counters()
+{
+	common::icp::route_counters::response result;
+
+	auto current_guard = generations.current_lock_guard();
+	auto counter_values = route_counter.get_counters();
+
+	for (const auto& [key, counts] : counter_values)
+	{
+		const auto [link_id, nexthop, prefix] = key;
+		if (counts[0] != 0 || counts[1] != 0)
+		{
+			result.emplace_back(link_id, nexthop, prefix, counts[0], counts[1]);
+		}
+	}
+
+	return result;
+}
+
+common::icp::route_tunnel_counters::response route_t::route_tunnel_counters()
+{
+	common::icp::route_tunnel_counters::response result;
+
+	auto current_guard = generations.current_lock_guard();
+	auto counter_values = tunnel_counter.get_counters();
+
+	for (const auto& [key, counts] : counter_values)
+	{
+		const auto [is_ipv4, link_id, nexthop, origin_as] = key;
+		YANET_GCC_BUG_UNUSED(is_ipv4);
+		YANET_GCC_BUG_UNUSED(origin_as);
+		if (counts[0] != 0 || counts[1] != 0)
+		{
+			result.emplace_back(link_id, nexthop, counts[0], counts[1]);
+		}
+	}
+
+	return result;
+}
+
 common::icp::route_interface::response route_t::route_interface() const
 {
 	common::icp::route_interface::response response;
@@ -609,7 +667,7 @@ common::icp::route_tunnel_lookup::response route_t::route_tunnel_lookup(const co
 		if (exist(tunnel_prefixes, vrf))
 		{
 			const auto& [priority_current, update] = tunnel_prefixes[vrf];
-			(void)update;
+			YANET_GCC_BUG_UNUSED(update);
 
 			for (auto it = priority_current.rbegin();
 			     it != priority_current.rend();
@@ -628,7 +686,7 @@ common::icp::route_tunnel_lookup::response route_t::route_tunnel_lookup(const co
 
 						for (const auto& [nexthop, egress_interface_name, label, peer_id, origin_as, weight_percent] : destinations)
 						{
-							(void)origin_as;
+							YANET_GCC_BUG_UNUSED(origin_as);
 
 							std::optional<uint32_t> result_label;
 							std::optional<std::string> result_peer;
@@ -687,7 +745,7 @@ common::icp::route_tunnel_get::response route_t::route_tunnel_get(const common::
 		if (exist(tunnel_prefixes, vrf))
 		{
 			const auto& [priority_current, update] = tunnel_prefixes[vrf];
-			(void)update;
+			YANET_GCC_BUG_UNUSED(update);
 
 			for (auto it = priority_current.rbegin();
 			     it != priority_current.rend();
@@ -706,7 +764,7 @@ common::icp::route_tunnel_get::response route_t::route_tunnel_get(const common::
 
 						for (const auto& [nexthop, egress_interface_name, label, peer_id, origin_as, weight_percent] : destinations)
 						{
-							(void)origin_as;
+							YANET_GCC_BUG_UNUSED(origin_as);
 
 							std::optional<uint32_t> result_label;
 							std::optional<std::string> result_peer;
@@ -838,7 +896,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [module_name, nat64stateless] : base_prev.nat64statelesses)
 		{
-			(void)module_name;
+			YANET_GCC_BUG_UNUSED(module_name);
 
 			for (const auto& prefix : nat64stateless.nat64_prefixes)
 			{
@@ -855,7 +913,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [module_name, nat64stateless] : base_next.nat64statelesses)
 		{
-			(void)module_name;
+			YANET_GCC_BUG_UNUSED(module_name);
 
 			for (const auto& prefix : nat64stateless.nat64_prefixes)
 			{
@@ -872,7 +930,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [config_module_name, config_module] : base_prev.routes)
 		{
-			(void)config_module_name;
+			YANET_GCC_BUG_UNUSED(config_module_name);
 
 			for (const auto& prefix : config_module.local_prefixes)
 			{
@@ -884,7 +942,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [config_module_name, config_module] : base_next.routes)
 		{
-			(void)config_module_name;
+			YANET_GCC_BUG_UNUSED(config_module_name);
 
 			for (const auto& prefix : config_module.local_prefixes)
 			{
@@ -896,11 +954,11 @@ void route_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [config_module_name, config_module] : base_prev.routes)
 		{
-			(void)config_module_name;
+			YANET_GCC_BUG_UNUSED(config_module_name);
 
 			for (const auto& [interface_name, interface] : config_module.interfaces)
 			{
-				(void)interface_name;
+				YANET_GCC_BUG_UNUSED(interface_name);
 
 				for (const auto& ip_prefix : interface.ip_prefixes)
 				{
@@ -917,7 +975,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [config_module_name, config_module] : base_next.routes)
 		{
-			(void)config_module_name;
+			YANET_GCC_BUG_UNUSED(config_module_name);
 
 			for (const auto& [interface_name, interface] : config_module.interfaces)
 			{
@@ -947,6 +1005,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 #endif // CONFIG_YADECAP_AUTOTEST
 
 	tunnel_counter.allocate();
+	route_counter.allocate();
 
 	compile(globalbase, generations.next());
 	compile_interface(globalbase, generations.next(), generations_neighbors.next());
@@ -955,6 +1014,7 @@ void route_t::reload(const controlplane::base_t& base_prev,
 void route_t::reload_after()
 {
 	tunnel_counter.release();
+	route_counter.release();
 	generations_neighbors.switch_generation();
 	generations.switch_generation();
 	generations_neighbors.next_unlock();
@@ -967,7 +1027,7 @@ void route_t::prefix_flush_prefixes(common::idp::updateGlobalBase::request& glob
 
 	for (auto& [vrf, priority_current_update] : prefixes)
 	{
-		(void)vrf; ///< @todo: VRF
+		YANET_GCC_BUG_UNUSED(vrf); ///< @todo: VRF
 
 		auto& [priority_current, update] = priority_current_update;
 
@@ -993,7 +1053,7 @@ void route_t::prefix_flush_prefixes(common::idp::updateGlobalBase::request& glob
 
 			for (const auto& [priority, current] : priority_current)
 			{
-				(void)priority;
+				YANET_GCC_BUG_UNUSED(priority);
 
 				for (const auto& update_prefix : update_prefixes)
 				{
@@ -1033,7 +1093,7 @@ void route_t::tunnel_prefix_flush_prefixes(common::idp::updateGlobalBase::reques
 
 	for (auto& [vrf, priority_current_update] : tunnel_prefixes)
 	{
-		(void)vrf; ///< @todo: VRF
+		YANET_GCC_BUG_UNUSED(vrf); ///< @todo: VRF
 
 		auto& [priority_current, update] = priority_current_update;
 
@@ -1059,7 +1119,7 @@ void route_t::tunnel_prefix_flush_prefixes(common::idp::updateGlobalBase::reques
 
 			for (const auto& [priority, current] : priority_current)
 			{
-				(void)priority;
+				YANET_GCC_BUG_UNUSED(priority);
 
 				for (const auto& update_prefix : update_prefixes)
 				{
@@ -1100,12 +1160,56 @@ void route_t::tunnel_prefix_flush_values(common::idp::updateGlobalBase::request&
 
 std::optional<uint32_t> route_t::value_insert(const route::value_key_t& value_key)
 {
-	return values.update_or_insert(value_key);
+	if (values.exist_value(value_key))
+	{
+		values.update(value_key);
+		return values.get_id(value_key);
+	}
+
+	auto value_id = values.insert(value_key);
+	if (!value_id)
+	{
+		return std::nullopt;
+	}
+
+	const auto& [vrf_priority, destination, fallback] = value_key;
+	YANET_GCC_BUG_UNUSED(vrf_priority);
+	YANET_GCC_BUG_UNUSED(fallback);
+
+	/// counters
+	if (const auto nexthops = std::get_if<route::destination_interface_t>(&destination))
+	{
+		for (const auto& [nexthop, peer_id, prefix, labels] : *nexthops)
+		{
+			YANET_GCC_BUG_UNUSED(labels);
+
+			route_counter.insert({peer_id, nexthop, prefix});
+		}
+	}
+
+	return value_id;
 }
 
 void route_t::value_remove(const uint32_t& value_id)
 {
-	values.remove_id(value_id);
+	auto value_key = values.remove_id(value_id);
+	if (value_key)
+	{
+		const auto& [vrf_priority, destination, fallback] = *value_key;
+		YANET_GCC_BUG_UNUSED(vrf_priority);
+		YANET_GCC_BUG_UNUSED(fallback);
+
+		/// counters
+		if (const auto nexthops = std::get_if<route::destination_interface_t>(&destination))
+		{
+			for (const auto& [nexthop, peer_id, prefix, labels] : *nexthops)
+			{
+				YANET_GCC_BUG_UNUSED(labels);
+
+				route_counter.remove({peer_id, nexthop, prefix}, 20);
+			}
+		}
+	}
 }
 
 void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
@@ -1144,13 +1248,15 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 		                               interface_id,
 		                               interface_name,
 		                               std::vector<uint32_t>(),
-		                               ipv4_address_t()); ///< default
+		                               ipv4_address_t(), ///< default
+		                               0,
+		                               fallback);
 	}
 	else
 	{
 		for (const auto& destination_iter : std::get<0>(destination)) ///< interface
 		{
-			const auto& [nexthop, labels] = destination_iter;
+			const auto& [nexthop, peer_id, prefix, labels] = destination_iter;
 
 			if (nexthop.is_default())
 			{
@@ -1185,7 +1291,9 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 				                               interface_id,
 				                               interface_name,
 				                               labels,
-				                               nexthop);
+				                               nexthop,
+				                               peer_id,
+				                               prefix);
 
 				continue;
 			}
@@ -1209,7 +1317,7 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 
 			auto& [priority_current, update] = prefixes[vrf];
 			auto& current = priority_current[priority];
-			(void)update;
+			YANET_GCC_BUG_UNUSED(update);
 
 			const auto value_id_label = current.get(prefix_next);
 			if (value_id_label)
@@ -1232,7 +1340,7 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 	{
 		auto& [priority_current, update] = prefixes[vrf];
 		auto& current = priority_current[priority];
-		(void)update;
+		YANET_GCC_BUG_UNUSED(update);
 
 		const auto value_id_fallback = current.get(fallback);
 		if (value_id_fallback)
@@ -1281,17 +1389,19 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 		/// same numa
 		for (const auto& item : request_interface)
 		{
-			const auto& [nexthop, egress_interface_id, egress_interface_name, labels, neighbor_address] = item;
+			const auto& [nexthop, egress_interface_id, egress_interface_name, labels, neighbor_address, peer, prefix] = item;
 
 			if (exist(interfaces, egress_interface_id))
 			{
+				const auto counter_id = route_counter.get_id({peer, nexthop, prefix});
+
 				uint16_t flags = 0;
 				if (neighbor_address.is_default())
 				{
 					flags |= YANET_NEXTHOP_FLAG_DIRECTLY;
 				}
 
-				update_interface.emplace_back(egress_interface_id, labels, neighbor_address, flags);
+				update_interface.emplace_back(egress_interface_id, counter_id, labels, neighbor_address, flags);
 
 				value_lookup[value_id][socket_id].emplace_back(nexthop,
 				                                               egress_interface_name,
@@ -1304,7 +1414,9 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 		{
 			for (const auto& item : request_interface)
 			{
-				const auto& [nexthop, egress_interface_id, egress_interface_name, labels, neighbor_address] = item;
+				const auto& [nexthop, egress_interface_id, egress_interface_name, labels, neighbor_address, peer, prefix] = item;
+
+				const auto counter_id = route_counter.get_id({peer, nexthop, prefix});
 
 				uint16_t flags = 0;
 				if (neighbor_address.is_default())
@@ -1312,7 +1424,7 @@ void route_t::value_compile(common::idp::updateGlobalBase::request& globalbase,
 					flags |= YANET_NEXTHOP_FLAG_DIRECTLY;
 				}
 
-				update_interface.emplace_back(egress_interface_id, labels, neighbor_address, flags);
+				update_interface.emplace_back(egress_interface_id, counter_id, labels, neighbor_address, flags);
 
 				value_lookup[value_id][socket_id].emplace_back(nexthop,
 				                                               egress_interface_name,
@@ -1337,9 +1449,9 @@ void route_t::value_compile_label(common::idp::updateGlobalBase::request& global
 {
 	const auto& value_key = values.get_value(value_id);
 	const auto& [vrf_priority, destination, fallback] = value_key;
-	(void)globalbase;
-	(void)vrf_priority;
-	(void)fallback;
+	YANET_GCC_BUG_UNUSED(globalbase);
+	YANET_GCC_BUG_UNUSED(vrf_priority);
+	YANET_GCC_BUG_UNUSED(fallback);
 
 	if (const auto virtual_port_id = std::get_if<uint32_t>(&destination))
 	{
@@ -1349,7 +1461,7 @@ void route_t::value_compile_label(common::idp::updateGlobalBase::request& global
 
 	for (const auto& destination_iter : std::get<0>(destination)) ///< interface
 	{
-		auto [nexthop, labels] = destination_iter;
+		auto [nexthop, peer_id, prefix, labels] = destination_iter;
 
 		if (labels.size() != 1)
 		{
@@ -1371,7 +1483,9 @@ void route_t::value_compile_label(common::idp::updateGlobalBase::request& global
 			                               interface_id,
 			                               interface_name,
 			                               labels,
-			                               nexthop);
+			                               nexthop,
+			                               peer_id,
+			                               prefix);
 		}
 		else
 		{
@@ -1388,9 +1502,9 @@ void route_t::value_compile_fallback(common::idp::updateGlobalBase::request& glo
 {
 	const auto& value_key = values.get_value(value_id);
 	const auto& [vrf_priority, destination, fallback] = value_key;
-	(void)globalbase;
-	(void)vrf_priority;
-	(void)fallback;
+	YANET_GCC_BUG_UNUSED(globalbase);
+	YANET_GCC_BUG_UNUSED(vrf_priority);
+	YANET_GCC_BUG_UNUSED(fallback);
 
 	if (const auto virtual_port_id = std::get_if<uint32_t>(&destination))
 	{
@@ -1400,7 +1514,7 @@ void route_t::value_compile_fallback(common::idp::updateGlobalBase::request& glo
 
 	for (const auto& destination_iter : std::get<0>(destination)) ///< interface
 	{
-		const auto& [nexthop, labels] = destination_iter;
+		const auto& [nexthop, peer_id, prefix, labels] = destination_iter;
 
 		auto interface = generation.get_interface_by_neighbor(nexthop);
 		if (interface)
@@ -1418,7 +1532,9 @@ void route_t::value_compile_fallback(common::idp::updateGlobalBase::request& glo
 			                               interface_id,
 			                               interface_name,
 			                               labels,
-			                               nexthop);
+			                               nexthop,
+			                               peer_id,
+			                               prefix);
 		}
 	}
 }
@@ -1438,15 +1554,15 @@ std::optional<uint32_t> route_t::tunnel_value_insert(const route::tunnel_value_k
 	}
 
 	const auto& [vrf_priority, destination, fallback] = value_key;
-	(void)vrf_priority;
+	YANET_GCC_BUG_UNUSED(vrf_priority);
 
 	/// counters
 	if (const auto nexthops = std::get_if<route::tunnel_destination_interface_t>(&destination))
 	{
 		for (const auto& [nexthop, label, peer_id, origin_as, weight] : *nexthops)
 		{
-			(void)label;
-			(void)weight;
+			YANET_GCC_BUG_UNUSED(label);
+			YANET_GCC_BUG_UNUSED(weight);
 
 			tunnel_counter.insert({fallback.is_ipv4(), peer_id, nexthop, origin_as});
 		}
@@ -1461,15 +1577,15 @@ void route_t::tunnel_value_remove(const uint32_t& value_id)
 	if (value_key)
 	{
 		const auto& [vrf_priority, destination, fallback] = *value_key;
-		(void)vrf_priority;
+		YANET_GCC_BUG_UNUSED(vrf_priority);
 
 		/// counters
 		if (const auto nexthops = std::get_if<route::tunnel_destination_interface_t>(&destination))
 		{
 			for (const auto& [nexthop, label, peer_id, origin_as, weight] : *nexthops)
 			{
-				(void)label;
-				(void)weight;
+				YANET_GCC_BUG_UNUSED(label);
+				YANET_GCC_BUG_UNUSED(weight);
 
 				tunnel_counter.remove({fallback.is_ipv4(), peer_id, nexthop, origin_as}, 20);
 			}
@@ -1485,7 +1601,7 @@ void route_t::tunnel_value_compile(common::idp::updateGlobalBase::request& globa
 	std::vector<route::tunnel_value_interface_t> request_interface;
 
 	const auto& [vrf_priority, destination, fallback] = value_key;
-	(void)vrf_priority; ///< @todo: VRF
+	YANET_GCC_BUG_UNUSED(vrf_priority); ///< @todo: VRF
 
 	tunnel_value_lookup[value_id].clear();
 
@@ -1696,11 +1812,11 @@ void route_t::tunnel_value_compile(common::idp::updateGlobalBase::request& globa
 		for (const auto& item : request_interface)
 		{
 			const auto& [nexthop, egress_interface_id, label, egress_interface_name, peer_id, origin_as, weight, neighbor_address] = item;
-			(void)egress_interface_name;
+			YANET_GCC_BUG_UNUSED(egress_interface_name);
 
 			if (exist(interfaces, egress_interface_id))
 			{
-				const auto counter_ids = tunnel_counter.get_ids({fallback.is_ipv4(), peer_id, nexthop, origin_as});
+				const auto counter_id = tunnel_counter.get_id({fallback.is_ipv4(), peer_id, nexthop, origin_as});
 
 				uint16_t flags = 0;
 				if (neighbor_address.is_default())
@@ -1708,7 +1824,7 @@ void route_t::tunnel_value_compile(common::idp::updateGlobalBase::request& globa
 					flags |= YANET_NEXTHOP_FLAG_DIRECTLY;
 				}
 
-				update_nexthops.emplace_back(egress_interface_id, counter_ids[0], label, nexthop, neighbor_address, flags);
+				update_nexthops.emplace_back(egress_interface_id, counter_id, label, nexthop, neighbor_address, flags);
 				weights.emplace_back(weight);
 
 				tunnel_value_lookup[value_id][socket_id].emplace_back(nexthop,
@@ -1728,9 +1844,9 @@ void route_t::tunnel_value_compile(common::idp::updateGlobalBase::request& globa
 			for (const auto& item : request_interface)
 			{
 				const auto& [nexthop, egress_interface_id, label, egress_interface_name, peer_id, origin_as, weight, neighbor_address] = item;
-				(void)egress_interface_name;
+				YANET_GCC_BUG_UNUSED(egress_interface_name);
 
-				const auto counter_ids = tunnel_counter.get_ids({fallback.is_ipv4(), peer_id, nexthop, origin_as});
+				const auto counter_id = tunnel_counter.get_id({fallback.is_ipv4(), peer_id, nexthop, origin_as});
 
 				uint16_t flags = 0;
 				if (neighbor_address.is_default())
@@ -1738,7 +1854,7 @@ void route_t::tunnel_value_compile(common::idp::updateGlobalBase::request& globa
 					flags |= YANET_NEXTHOP_FLAG_DIRECTLY;
 				}
 
-				update_nexthops.emplace_back(egress_interface_id, counter_ids[0], label, nexthop, neighbor_address, flags);
+				update_nexthops.emplace_back(egress_interface_id, counter_id, label, nexthop, neighbor_address, flags);
 				weights.emplace_back(weight);
 
 				tunnel_value_lookup[value_id][socket_id].emplace_back(nexthop,
@@ -1764,12 +1880,12 @@ void route_t::tunnel_value_compile(common::idp::updateGlobalBase::request& globa
 
 		for (auto& [nexthop, egress_interface_name, label, peer_id, origin_as, weight_percent] : tunnel_value_lookup[value_id][socket_id])
 		{
-			(void)socket_id;
-			(void)nexthop;
-			(void)egress_interface_name;
-			(void)label;
-			(void)peer_id;
-			(void)origin_as;
+			YANET_GCC_BUG_UNUSED(socket_id);
+			YANET_GCC_BUG_UNUSED(nexthop);
+			YANET_GCC_BUG_UNUSED(egress_interface_name);
+			YANET_GCC_BUG_UNUSED(label);
+			YANET_GCC_BUG_UNUSED(peer_id);
+			YANET_GCC_BUG_UNUSED(origin_as);
 
 			if (weight_is_fallback)
 			{
@@ -1793,16 +1909,16 @@ std::set<std::string> route_t::get_ingress_physical_ports(const tSocketId& socke
 
 	/// @todo: use function
 	const auto& [dataplane_physicalports, dataplane_workers, dataplane_values] = controlPlane->dataPlaneConfig;
-	(void)dataplane_workers;
-	(void)dataplane_values;
+	YANET_GCC_BUG_UNUSED(dataplane_workers);
+	YANET_GCC_BUG_UNUSED(dataplane_values);
 
 	for (const auto& [dataplane_physicalport_id, dataplane_physicalport] : dataplane_physicalports)
 	{
-		(void)dataplane_physicalport_id;
+		YANET_GCC_BUG_UNUSED(dataplane_physicalport_id);
 
 		const auto& [physicalport_name, dataplane_socket_id, mac_address, pci] = dataplane_physicalport;
-		(void)mac_address;
-		(void)pci;
+		YANET_GCC_BUG_UNUSED(mac_address);
+		YANET_GCC_BUG_UNUSED(pci);
 
 		if (socket_id != dataplane_socket_id)
 		{
@@ -1820,6 +1936,7 @@ void route_t::tunnel_gc_thread()
 	while (!flagStop)
 	{
 		tunnel_counter.gc();
+		route_counter.gc();
 		std::this_thread::sleep_for(std::chrono::seconds(3));
 	}
 }
diff --git a/controlplane/route.h b/controlplane/route.h
index 88f7025d..890bb7e9 100644
--- a/controlplane/route.h
+++ b/controlplane/route.h
@@ -2,6 +2,7 @@
 
 #include "base.h"
 #include "counter.h"
+#include "isystem.h"
 #include "module.h"
 #include "rib.h"
 #include "type.h"
@@ -18,8 +19,14 @@ namespace route
 using directly_connected_destination_t = std::tuple<tInterfaceId, ///< interface_id
                                                     std::string>; ///< interface_name
 
-using destination_t = std::variant<std::set<std::tuple<ip_address_t,
-                                                       std::vector<uint32_t>>>,
+using destination_interface_t = std::set<
+        std::tuple<
+                ip_address_t, ///< nexthop
+                uint32_t, ///< peer_id
+                ip_prefix_t, ///< prefix
+                std::vector<uint32_t>>>; ///< labels
+
+using destination_t = std::variant<destination_interface_t,
                                    directly_connected_destination_t, ///< via interface
                                    uint32_t>; ///< virtual_port_id
 
@@ -32,11 +39,16 @@ using value_interface_t = std::tuple<ip_address_t,
                                      tInterfaceId,
                                      std::string,
                                      std::vector<uint32_t>,
-                                     ip_address_t>; ///< neighbor_address
+                                     ip_address_t, ///< neighbor_address
+                                     uint32_t, ///< peer_id
+                                     ip_prefix_t>; ///< prefix
 
 using lookup_t = std::tuple<ip_address_t, ///< nexthop
                             std::string,
                             std::vector<uint32_t>>; ///< labels
+using route_counter_key_t = std::tuple<uint32_t, ///< peer_id
+                                       ip_address_t, ///< nexthop
+                                       ip_prefix_t>; ///< prefix
 
 using tunnel_destination_interface_t = std::set<
         std::tuple<
@@ -86,20 +98,16 @@ using tunnel_counter_key_t = std::tuple<bool, ///< is_ipv4
 class generation_t
 {
 public:
-	generation_t()
-	{
-	}
+	generation_t() = default;
 
-	void update(const controlplane::base_t& base_prev,
+	void update([[maybe_unused]] const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
-
 		routes = base_next.routes;
 
 		for (const auto& [module_name, route] : base_next.routes)
 		{
-			(void)module_name;
+			YANET_GCC_BUG_UNUSED(module_name);
 
 			for (const auto& [interface_name, interface] : route.interfaces)
 			{
@@ -132,7 +140,7 @@ class generation_t
 		socket_interfaces = base_next.socket_interfaces;
 	}
 
-	std::optional<const std::tuple<tInterfaceId, std::string>*> get_interface_by_neighbor(const ip_address_t& address) const
+	[[nodiscard]] std::optional<const std::tuple<tInterfaceId, std::string>*> get_interface_by_neighbor(const ip_address_t& address) const
 	{
 		for (const auto& [prefix, interface] : interface_by_neighbors)
 		{
@@ -145,7 +153,7 @@ class generation_t
 		return std::nullopt;
 	}
 
-	std::optional<const std::string*> get_vrf(const std::string& route_name) const
+	[[nodiscard]] std::optional<const std::string*> get_vrf(const std::string& route_name) const
 	{
 		auto it = routes.find(route_name);
 		if (it == routes.end())
@@ -156,7 +164,7 @@ class generation_t
 		return &it->second.vrf; ///< read only after update
 	}
 
-	const std::map<uint32_t, std::string>* get_peers() const
+	[[nodiscard]] const std::map<uint32_t, std::string>* get_peers() const
 	{
 		return &peers;
 	}
@@ -179,7 +187,7 @@ class generation_t
 class generation_neighbors_t
 {
 public:
-	std::optional<const common::mac_address_t*> get_mac_address(const std::string& route_name, const std::string& interface_name, const common::ip_address_t& neighbor) const
+	[[nodiscard]] std::optional<const common::mac_address_t*> get_mac_address(const std::string& route_name, const std::string& interface_name, const common::ip_address_t& neighbor) const
 	{
 		auto it = mac_addresses.find({route_name, interface_name, neighbor});
 		if (it == mac_addresses.end())
@@ -218,6 +226,8 @@ class route_t : public module_t
 	common::icp::route_summary::response route_summary() const;
 	common::icp::route_lookup::response route_lookup(const common::icp::route_lookup::request& request);
 	common::icp::route_get::response route_get(const common::icp::route_get::request& request);
+	common::icp::route_counters::response route_counters();
+	common::icp::route_tunnel_counters::response route_tunnel_counters();
 	common::icp::route_interface::response route_interface() const;
 	common::icp::route_tunnel_lookup::response route_tunnel_lookup(const common::icp::route_tunnel_lookup::request& request);
 	common::icp::route_tunnel_get::response route_tunnel_get(const common::icp::route_tunnel_get::request& request);
@@ -297,4 +307,5 @@ class route_t : public module_t
 
 	friend class telegraf_t;
 	counter_t<route::tunnel_counter_key_t, 2> tunnel_counter;
+	counter_t<route::route_counter_key_t, 2> route_counter;
 };
diff --git a/controlplane/segment_allocator.h b/controlplane/segment_allocator.h
new file mode 100644
index 00000000..5250ef12
--- /dev/null
+++ b/controlplane/segment_allocator.h
@@ -0,0 +1,306 @@
+#pragma once
+
+#include <cstdint>
+#include <cstring>
+#include <utility>
+
+#define ENABLE_BIT(v, b) (v) |= ((uint64_t)1) << (b)
+#define GET_BIT(v, b) (((v) >> (b)) & 1)
+#define DISABLE_BIT(v, b) (v) &= ~(((uint64_t)1) << (b))
+
+template<uint32_t IndexBegin, uint32_t IndexEnd, uint32_t BlockSize, uint32_t MaxBufferSize, uint32_t ErrorResult>
+class SegmentAllocator
+{
+public:
+	static_assert((BlockSize % 64) == 0);
+	static_assert((BlockSize <= 64 * 64) && (BlockSize >= 64));
+	static_assert((MaxBufferSize <= 64) && (MaxBufferSize >= 1));
+	// Last block can't be less than MaxBufferSize
+	static_assert(((IndexEnd - IndexBegin) % BlockSize == 0) || ((IndexEnd - IndexBegin) % BlockSize >= MaxBufferSize));
+
+	struct OneSizeBlockInfo
+	{
+		uint32_t head_block = 0;
+		uint32_t used_blocks = 0;
+		uint32_t busy_blocks = 0;
+		uint32_t used_segments = 0;
+	};
+
+	SegmentAllocator() :
+	        free_cells_(IndexEnd - IndexBegin)
+	{
+		// Initialize blocks in main list of free blocks and set size of each block
+		for (uint32_t index = 0; index < total_blocks_; ++index)
+		{
+			all_blocks_[index].Initialize(index - 1, index + 1);
+		}
+		all_blocks_[0].previous = null_block_;
+		all_blocks_[total_blocks_ - 1].next = null_block_;
+		// the size of the last block may vary
+		all_blocks_[total_blocks_ - 1].block_size = IndexEnd - IndexBegin - (total_blocks_ - 1) * BlockSize;
+
+		// Initialize data for each size of segments
+		for (uint32_t index = 1; index <= MaxBufferSize; ++index)
+		{
+			sizes_info_[index].head_block = null_block_;
+		}
+		// size = 0 - free blocks, at start head_block = 0
+		sizes_info_[0].used_blocks = total_blocks_;
+	}
+
+	uint32_t Allocate(uint16_t size)
+	{
+		if ((size == 0) || (size > MaxBufferSize))
+		{
+			// bad size
+			errors_external_++;
+			return ErrorResult;
+		}
+
+		// try find block
+		OneSizeBlockInfo& size_info = sizes_info_[size];
+		if (size_info.head_block == null_block_)
+		{
+			uint32_t block_index = sizes_info_[0].head_block;
+			// no free blocks this size
+			if (block_index == null_block_)
+			{
+				// no free blocks
+				return ErrorResult;
+			}
+			else
+			{
+				// move block from list of free to blocks of this size
+				RemoveFromList(block_index, 0);
+				all_blocks_[block_index].SetSize(size);
+				InsertToList(block_index, size);
+			}
+		}
+
+		OneBlock& block = all_blocks_[size_info.head_block];
+		uint16_t index_in_block = block.Allocate();
+		if (index_in_block == error_in_block_)
+		{
+			errors_internal_++;
+			return ErrorResult;
+		}
+		uint32_t result = size_info.head_block * BlockSize + index_in_block * size + IndexBegin;
+		if (block.free_segments == 0)
+		{
+			// block is busy
+			RemoveFromList(size_info.head_block, size);
+			size_info.busy_blocks++;
+		}
+		size_info.used_segments++;
+
+		free_cells_ -= size;
+		return result;
+	}
+
+	uint32_t Free(uint32_t start, uint16_t size)
+	{
+		if ((size == 0) || (size > MaxBufferSize) || (start >= IndexEnd) || (start < IndexBegin))
+		{
+			errors_external_++;
+			return false;
+		}
+
+		uint32_t block_index = (start - IndexBegin) / BlockSize;
+		OneBlock& block = all_blocks_[block_index];
+		if (block.one_segment_size != size)
+		{
+			errors_external_++;
+			return false;
+		}
+		else if ((start - block_index * BlockSize - IndexBegin) % size != 0)
+		{
+			errors_external_++;
+			return false;
+		}
+
+		bool block_was_busy = (block.free_segments == 0);
+		uint16_t index = (start - block_index * BlockSize - IndexBegin) / size;
+		if (block.Free(index) == error_in_block_)
+		{
+			errors_external_++;
+			return false;
+		}
+
+		OneSizeBlockInfo& size_info = sizes_info_[size];
+		if (block_was_busy)
+		{
+			if ((block.previous != null_block_) || (block.next != null_block_))
+			{
+				errors_internal_++;
+			}
+			InsertToList(block_index, size);
+			size_info.busy_blocks--;
+		}
+		if (block.free_segments == block.total_segments)
+		{
+			RemoveFromList(block_index, size);
+			InsertToList(block_index, 0);
+		}
+
+		size_info.used_segments--;
+		free_cells_ += size;
+		return true;
+	}
+
+	[[nodiscard]] uint32_t Size() const
+	{
+		return free_cells_;
+	}
+
+	const OneSizeBlockInfo* GetBlocksStat() const
+	{
+		return sizes_info_;
+	}
+
+	[[nodiscard]] std::pair<uint64_t, uint64_t> GetErrors() const
+	{
+		return {errors_external_, errors_internal_};
+	}
+
+private:
+	struct OneBlock
+	{
+		// indexes of previous and next blocks in list
+		uint32_t previous;
+		uint32_t next;
+
+		// block structure
+		uint16_t block_size;
+		uint16_t one_segment_size;
+		uint16_t total_segments;
+		uint16_t free_segments;
+
+		// bit masks of segments usage
+		uint64_t group_mask;
+		uint64_t masks[BlockSize / 64];
+
+		void Initialize(uint32_t previous, uint32_t next)
+		{
+			this->previous = previous;
+			this->next = next;
+			block_size = BlockSize;
+			group_mask = 0;
+			memset(masks, 0, sizeof(masks));
+		}
+
+		void SetSize(uint16_t segment_size)
+		{
+			one_segment_size = segment_size;
+			total_segments = block_size / segment_size;
+			free_segments = total_segments;
+		}
+
+		uint16_t Allocate()
+		{
+			// calling the function implies that we are sure that there are free segments
+			if ((~group_mask) == 0)
+			{
+				return error_in_block_;
+			}
+
+			uint16_t group = __builtin_ctzll(~group_mask);
+			if ((group >= sizeof(masks) / sizeof(masks[0])) || ((~masks[group]) == 0))
+			{
+				return error_in_block_;
+			}
+			uint16_t index_in_group = __builtin_ctzll(~masks[group]);
+			uint16_t index = group * 64 + index_in_group;
+
+			if (index >= total_segments)
+			{
+				return error_in_block_;
+			}
+
+			// set bits usage
+			ENABLE_BIT(masks[group], index_in_group);
+			if ((~masks[group]) == 0)
+			{
+				ENABLE_BIT(group_mask, group);
+			}
+
+			// change number of free segments
+			free_segments--;
+
+			return index;
+		}
+
+		uint16_t Free(uint16_t index)
+		{
+			if (index >= total_segments)
+			{
+				return error_in_block_;
+			}
+
+			uint16_t group = index >> 6; // divide by 64
+			index &= 0x003f; // % 64
+
+			if (GET_BIT(masks[group], index) == 0)
+			{
+				return error_in_block_;
+			}
+
+			// set bits usage
+			DISABLE_BIT(masks[group], index);
+			if (masks[group] == 0)
+			{
+				DISABLE_BIT(group_mask, group);
+			}
+
+			// change number of free segments
+			free_segments++;
+
+			return 0;
+		}
+	};
+
+	static constexpr uint32_t total_blocks_ = (IndexEnd - IndexBegin + BlockSize - 1) / BlockSize;
+	static constexpr uint32_t null_block_ = static_cast<uint32_t>(-1);
+	static constexpr uint16_t error_in_block_ = static_cast<uint16_t>(-1);
+
+	OneBlock all_blocks_[total_blocks_];
+	OneSizeBlockInfo sizes_info_[MaxBufferSize + 1];
+
+	uint32_t free_cells_;
+	uint64_t errors_external_ = 0;
+	uint64_t errors_internal_ = 0;
+
+	void RemoveFromList(uint32_t block_index, uint16_t size)
+	{
+		OneBlock& block = all_blocks_[block_index];
+		sizes_info_[size].used_blocks--;
+
+		// change links in previous and next block
+		if (block.previous != null_block_)
+		{
+			all_blocks_[block.previous].next = block.next;
+		}
+		if (block.next != null_block_)
+		{
+			all_blocks_[block.next].previous = block.previous;
+		}
+
+		// if it was head
+		if (sizes_info_[size].head_block == block_index)
+		{
+			sizes_info_[size].head_block = block.next;
+		}
+
+		// we don't have to delete links to the previous and next one, but we do it only
+		// for internal verification when we add it to the list
+		block.previous = null_block_;
+		block.next = null_block_;
+	}
+
+	void InsertToList(uint32_t block_index, uint16_t size)
+	{
+		all_blocks_[block_index].next = sizes_info_[size].head_block;
+		all_blocks_[block_index].previous = null_block_;
+		sizes_info_[size].head_block = block_index;
+		sizes_info_[size].used_blocks++;
+	}
+};
diff --git a/controlplane/telegraf.cpp b/controlplane/telegraf.cpp
index 6f7cf2d9..05dc955f 100644
--- a/controlplane/telegraf.cpp
+++ b/controlplane/telegraf.cpp
@@ -4,8 +4,7 @@
 using common::int64;
 using controlplane::module::telegraf;
 
-YANET_UNUSED
-static inline double perSecond(const int64_t& valueDiff, const uint64_t& timeDiff)
+[[maybe_unused]] static inline double perSecond(const int64_t& valueDiff, const uint64_t& timeDiff)
 {
 	if (timeDiff == 0)
 	{
@@ -52,10 +51,6 @@ telegraf_t::telegraf_t() :
 {
 }
 
-telegraf_t::~telegraf_t()
-{
-}
-
 eResult telegraf_t::init()
 {
 	controlPlane->register_command(common::icp::requestType::telegraf_unsafe, [this]() {
@@ -92,10 +87,8 @@ void telegraf_t::reload_before()
 
 void telegraf_t::reload(const controlplane::base_t& base_prev,
                         const controlplane::base_t& base_next,
-                        common::idp::updateGlobalBase::request& globalbase)
+                        [[maybe_unused]] common::idp::updateGlobalBase::request& globalbase)
 {
-	(void)globalbase;
-
 	generations.next().update(base_prev, base_next);
 }
 
@@ -145,7 +138,7 @@ common::icp::telegraf_unsafe::response telegraf_t::telegraf_unsafe()
 		{
 			const auto& [encap_packets, encap_bytes, encap_dropped, decap_packets, decap_bytes, decap_unknown] = tun64Stats.at(name);
 
-			(void)tunnel;
+			YANET_GCC_BUG_UNUSED(tunnel);
 			responseTun64[name] = {encap_packets, encap_bytes, encap_dropped, decap_packets, decap_bytes, decap_unknown};
 		}
 	}
@@ -181,7 +174,7 @@ common::icp::telegraf_mappings::response telegraf_t::telegraf_mappings()
 				const auto& [encap_packets, encap_bytes, decap_packets, decap_bytes] = counters.at({name, ipv4_address});
 				const common::tun64mapping::stats_t stats = {encap_packets, encap_bytes, decap_packets, decap_bytes};
 
-				(void)location;
+				YANET_GCC_BUG_UNUSED(location);
 				response.emplace_back(name, ipv4_address, ipv6_address, stats);
 			}
 		}
@@ -224,7 +217,7 @@ common::icp::telegraf_dregress_traffic::response telegraf_t::telegraf_dregress_t
 		{
 			const auto& [is_ipv4, peer_id, nexthop, origin_as] = key;
 			const auto& [packets, bytes] = value;
-			(void)origin_as;
+			YANET_GCC_BUG_UNUSED(origin_as);
 
 			auto it = dregress_traffic_counters_prev.find(key);
 			if (it != dregress_traffic_counters_prev.end())
@@ -305,15 +298,21 @@ common::icp::telegraf_other::response telegraf_t::telegraf_other()
 {
 	auto& dataPlane = dataPlaneOther;
 
-	//
+	std::map<tCoreId, std::array<uint64_t, CONFIG_YADECAP_MBUFS_BURST_SIZE + 1>> currWorkers;
+	const common::sdp::DataPlaneInSharedMemory* sdp_data = controlPlane->getSdpData();
+	for (const auto& [coreId, worker_info] : sdp_data->workers)
+	{
+		std::array<uint64_t, CONFIG_YADECAP_MBUFS_BURST_SIZE + 1> bursts;
+		auto* worker_bursts =
+		        common::sdp::ShiftBuffer<uint64_t*>(worker_info.buffer, sdp_data->metadata_worker.start_bursts);
+		memcpy(&bursts[0], worker_bursts, sizeof(uint64_t) * (CONFIG_YADECAP_MBUFS_BURST_SIZE + 1));
+		currWorkers[coreId] = bursts;
+	}
 
-	const auto getOtherStatsResponse = dataPlane.getOtherStats();
 	const auto portsStatsExtended = dataPlane.get_ports_stats_extended();
 
 	//
 
-	const auto& [currWorkers] = getOtherStatsResponse;
-
 	common::icp::telegraf_other::response response;
 	auto& [response_flagFirst, response_workers, response_ports] = response;
 
@@ -323,8 +322,7 @@ common::icp::telegraf_other::response telegraf_t::telegraf_other()
 	{
 		for (const auto& [coreId, workerStats] : currWorkers)
 		{
-			response_workers[coreId] = {calcUsage(std::get<0>(workerStats),
-			                                      std::get<0>(prevWorkers[coreId]))};
+			response_workers[coreId] = {calcUsage(workerStats, prevWorkers[coreId])};
 		}
 	}
 	else
diff --git a/controlplane/telegraf.h b/controlplane/telegraf.h
index b432bf2f..34f9f3b4 100644
--- a/controlplane/telegraf.h
+++ b/controlplane/telegraf.h
@@ -1,7 +1,6 @@
 #pragma once
 
 #include <map>
-#include <mutex>
 
 #include "common/icp.h"
 #include "common/idataplane.h"
@@ -17,18 +16,14 @@ namespace telegraf
 class generation_t
 {
 public:
-	generation_t()
-	{
-	}
+	generation_t() = default;
 
-	void update(const controlplane::base_t& base_prev,
+	void update([[maybe_unused]] const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
-
 		for (const auto& [module_name, dregress] : base_next.dregresses)
 		{
-			(void)module_name;
+			YANET_GCC_BUG_UNUSED(module_name);
 
 			communities.insert(dregress.communities.begin(), dregress.communities.end());
 		}
@@ -36,19 +31,19 @@ class generation_t
 
 		for (const auto& [module_name, route] : base_next.routes)
 		{
-			(void)module_name;
+			YANET_GCC_BUG_UNUSED(module_name);
 
 			peers.insert(route.peers.begin(), route.peers.end());
 		}
 		peers[0] = "unknown";
 	}
 
-	const std::map<community_t, std::string>* get_communities() const
+	[[nodiscard]] const std::map<community_t, std::string>* get_communities() const
 	{
 		return &communities;
 	}
 
-	const std::map<uint32_t, std::string>* get_peers() const
+	[[nodiscard]] const std::map<uint32_t, std::string>* get_peers() const
 	{
 		return &peers;
 	}
@@ -64,7 +59,7 @@ class telegraf_t : public module_t
 {
 public:
 	telegraf_t();
-	~telegraf_t();
+	~telegraf_t() override = default;
 
 	eResult init() override;
 	void reload_before() override;
@@ -88,7 +83,7 @@ class telegraf_t : public module_t
 
 	bool flagFirst;
 
-	std::map<tCoreId, common::idp::getOtherStats::worker> prevWorkers;
+	std::map<tCoreId, std::array<uint64_t, CONFIG_YADECAP_MBUFS_BURST_SIZE + 1>> prevWorkers;
 
 	std::map<std::tuple<bool, uint32_t, common::ip_address_t>, std::array<common::uint64, 2>> route_tunnel_peer_counters; ///< @todo: gc
 	std::map<route::tunnel_counter_key_t, std::array<uint64_t, 2>> dregress_traffic_counters_prev;
diff --git a/controlplane/tun64.cpp b/controlplane/tun64.cpp
index cccc46d1..142f9088 100644
--- a/controlplane/tun64.cpp
+++ b/controlplane/tun64.cpp
@@ -1,14 +1,6 @@
 #include "tun64.h"
 #include "controlplane.h"
 
-tun64_t::tun64_t()
-{
-}
-
-tun64_t::~tun64_t()
-{
-}
-
 eResult tun64_t::init()
 {
 	tunnel_counters.init(&controlPlane->counter_manager);
@@ -50,7 +42,7 @@ void tun64_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [ipv4_address, mapping] : tunnel.mappings)
 		{
-			(void)mapping;
+			YANET_GCC_BUG_UNUSED(mapping);
 			mappings_counters.insert({name, ipv4_address});
 		}
 	}
@@ -61,7 +53,7 @@ void tun64_t::reload(const controlplane::base_t& base_prev,
 
 		for (const auto& [ipv4_address, mapping] : tunnel.mappings)
 		{
-			(void)mapping;
+			YANET_GCC_BUG_UNUSED(mapping);
 			mappings_counters.remove({name, ipv4_address});
 		}
 	}
@@ -123,9 +115,9 @@ void tun64_t::compile(common::idp::updateGlobalBase::request& globalbase,
 {
 	for (auto& [name, tunnel] : generation_config.config_tunnels)
 	{
-		const auto counter_ids = tunnel_counters.get_ids(name);
+		const auto counter_id = tunnel_counters.get_id(name);
 
-		tunnel.flow.counter_id = counter_ids[0];
+		tunnel.flow.counter_id = counter_id;
 		globalbase.emplace_back(common::idp::updateGlobalBase::requestType::tun64_update,
 		                        common::idp::updateGlobalBase::tun64_update::request{tunnel.tun64Id,
 		                                                                             tunnel.dscpMarkType,
@@ -139,13 +131,13 @@ void tun64_t::compile(common::idp::updateGlobalBase::request& globalbase,
 		for (const auto& [ipv4_address, mapping] : tunnel.mappings)
 		{
 			const auto& [ipv6_address, location] = mapping;
-			const auto counter_ids = mappings_counters.get_ids({name, ipv4_address});
+			const auto counter_id = mappings_counters.get_id({name, ipv4_address});
 
-			(void)location;
+			YANET_GCC_BUG_UNUSED(location);
 			tun64mappings_update_request.emplace_back(tunnel.tun64Id,
 			                                          ipv4_address,
 			                                          ipv6_address,
-			                                          counter_ids[0]);
+			                                          counter_id);
 		}
 
 		globalbase.emplace_back(common::idp::updateGlobalBase::requestType::tun64mappings_update,
diff --git a/controlplane/tun64.h b/controlplane/tun64.h
index 850c5e86..bd2a2b49 100644
--- a/controlplane/tun64.h
+++ b/controlplane/tun64.h
@@ -9,7 +9,6 @@
 #include "common/generation.h"
 #include "common/icp.h"
 #include "common/idataplane.h"
-#include "common/refarray.h"
 
 namespace tun64
 {
@@ -17,11 +16,9 @@ namespace tun64
 class generation_config_t
 {
 public:
-	void update(const controlplane::base_t& base_prev,
+	void update([[maybe_unused]] const controlplane::base_t& base_prev,
 	            const controlplane::base_t& base_next)
 	{
-		(void)base_prev;
-
 		config_tunnels = base_next.tunnels;
 	}
 
@@ -38,8 +35,8 @@ class generation_config_t
 class tun64_t : public module_t
 {
 public:
-	tun64_t();
-	~tun64_t();
+	tun64_t() = default;
+	~tun64_t() override = default;
 
 	eResult init() override;
 	void reload_before() override;
diff --git a/controlplane/type.h b/controlplane/type.h
index 1ba4e17e..ae408d95 100644
--- a/controlplane/type.h
+++ b/controlplane/type.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include <array>
-
 #include "common/type.h"
 
 class cControlPlane;
diff --git a/controlplane/unittest/acl.cpp b/controlplane/unittest/acl.cpp
index 1ab63424..6857b5e8 100644
--- a/controlplane/unittest/acl.cpp
+++ b/controlplane/unittest/acl.cpp
@@ -1,20 +1,23 @@
+#include <gmock/gmock-matchers.h>
 #include <gmock/gmock.h>
 #include <gtest/gtest.h>
 #include <nlohmann/json.hpp>
 
 #include "../acl.h"
+#include "common/actions.h"
 
 namespace
 {
 
 using common::ipv4_address_t;
 using common::globalBase::eFlowType;
+using controlplane::base::acl_t;
 
-auto make_default_acl(const std::string& rules, tAclId aclId = 1) -> controlplane::base::acl_t
+auto make_default_acl(const std::string& rules, tAclId aclId = 1) -> acl_t
 {
-	controlplane::base::acl_t acl;
+	acl_t acl;
 	common::globalBase::tFlow flow{};
-	flow.type = common::globalBase::eFlowType::route;
+	flow.type = eFlowType::route;
 
 	acl.aclId = aclId;
 	acl.nextModules = {"unmatched"};
@@ -61,9 +64,125 @@ add deny ip from any to any
 	return rules;
 }
 
-TEST(ACL, 001_Basic)
+// Custom matcher to check if a variant holds a specific type
+template<typename T>
+class HoldsAlternativeMatcher : public ::testing::MatcherInterface<const common::RawAction&>
 {
-	auto fw = make_default_acl(R"IPFW(
+public:
+	bool MatchAndExplain(const common::RawAction& v, ::testing::MatchResultListener* listener) const override
+	{
+		return std::holds_alternative<T>(v);
+	}
+
+	void DescribeTo(std::ostream* os) const override
+	{
+		*os << "holds alternative of type " << typeid(T).name();
+	}
+};
+
+template<typename T>
+::testing::Matcher<const common::RawAction&> HoldsAlternative()
+{
+	return ::testing::MakeMatcher(new HoldsAlternativeMatcher<T>());
+}
+
+::testing::Matcher<const common::RawAction&> IsCheckStateAction()
+{
+	return HoldsAlternative<common::CheckStateAction>();
+}
+
+::testing::Matcher<const common::RawAction&> IsFlowAction()
+{
+	return HoldsAlternative<common::FlowAction>();
+}
+
+::testing::Matcher<const common::RawAction&> IsDumpAction()
+{
+	return HoldsAlternative<common::DumpAction>();
+}
+
+::testing::Matcher<const common::RawAction&> IsHitcountAction()
+{
+	return HoldsAlternative<common::HitCountAction>();
+}
+
+class ACL : public ::testing::Test
+{
+protected:
+	acl::result_t result;
+
+	// Helper function to compile the ACL with the interface map
+	void compile_acl(const std::string& acl_rules, const acl::iface_map_t& iface_map = {{1, {{true, "vlan1"}}}})
+	{
+		auto fw = make_default_acl(acl_rules);
+		std::map<std::string, acl_t> acls{{"acl0", std::move(fw)}};
+
+		acl::compile(acls, iface_map, result);
+
+		validate_paths();
+	}
+
+	// Helper function to visit a specific group based on its index
+	template<typename Func>
+	void visit_action_group(size_t group_index, Func&& func)
+	{
+		ASSERT_LT(group_index, result.acl_total_table.size()) << "Group index out of range.";
+		auto total_table_value = std::get<1>(result.acl_total_table[group_index]);
+		const auto& value = result.acl_values[total_table_value];
+
+		std::visit(std::forward<Func>(func), value);
+	}
+
+	// Helper function to visit actions and apply the provided lambda to all action groups
+	template<typename Func>
+	void visit_actions(Func&& func)
+	{
+		for (size_t group_index = 0; group_index < result.acl_total_table.size(); ++group_index)
+		{
+			visit_action_group(group_index, std::forward<Func>(func));
+		}
+	}
+
+	template<typename T>
+	static constexpr bool is_with_check_state()
+	{
+		return std::is_same_v<std::decay_t<T>, common::BaseActions<common::ActionsPath::WithCheckState>>;
+	}
+
+	void validate_paths()
+	{
+		visit_actions([&](const auto& actions) {
+			// Default path should always end with a FlowAction
+			EXPECT_THAT(actions.default_path_last_raw_action(), IsFlowAction());
+
+			if constexpr (is_with_check_state<decltype(actions)>())
+			{
+				// Check-state path should always end with CheckStateAction
+				EXPECT_THAT(actions.check_state_path_last_raw_action(), IsCheckStateAction());
+			}
+		});
+	}
+};
+
+class ACLWithUnwind : public ACL
+{
+protected:
+	acl::unwind_result unwind_result;
+
+	void unwind_and_compile_acl(const std::string& acl_rules, const acl::iface_map_t& iface_map = {{1, {{true, "vlan1"}}}})
+	{
+		auto fw = make_default_acl(acl_rules);
+		std::map<std::string, acl_t> acls{{"acl0", std::move(fw)}};
+
+		unwind_result = acl::unwind(acls, iface_map, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
+
+		acl::compile(acls, iface_map, result);
+	}
+};
+
+TEST_F(ACL, 001_Basic)
+{
+	compile_acl(R"IPFW(
 :BEGIN
 add skipto :IN ip from any to any in
 
@@ -75,15 +194,11 @@ add allow tcp from { 2abc:123:ff1c:2030:0:5678::/ffff:ffff:ffff:fff0:ffff:ffff::
 add allow tcp from { 2abc:123:ff1c:2030:aabb:5678::/ffff:ffff:ffff:fff0:ffff:ffff:: } to any 84
 add deny ip from any to any
 )IPFW");
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
 }
 
-TEST(ACL, 002_IPv4Only)
+TEST_F(ACL, 002_IPv4Only)
 {
-	auto fw = make_default_acl(R"IPFW(
+	compile_acl(R"IPFW(
 :BEGIN
 add skipto :IN ip from any to any in
 
@@ -91,42 +206,26 @@ add skipto :IN ip from any to any in
 add allow tcp from { 1.2.3.4 } to any dst-port 80
 add deny ip from any to any
 )IPFW");
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
 }
 
-TEST(ACL, 003_Over500)
+TEST_F(ACL, 003_Over500)
 {
-	auto fw = make_default_acl(generate_firewall_conf(500));
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	compile_acl(generate_firewall_conf(500));
 }
 
-TEST(ACL, 004_Over1000)
+TEST_F(ACL, 004_Over1000)
 {
-	auto fw = make_default_acl(generate_firewall_conf(1000));
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	compile_acl(generate_firewall_conf(1000));
 }
 
-TEST(ACL, 005_Over4000)
+TEST_F(ACL, 005_Over4000)
 {
-	auto fw = make_default_acl(generate_firewall_conf(4000));
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	compile_acl(generate_firewall_conf(4000));
 }
 
-TEST(ACL, 006_Counters)
+TEST_F(ACL, 006_Counters)
 {
-	auto fw = make_default_acl(R"IPFW(
+	compile_acl(R"IPFW(
 :BEGIN
 add 1 skipto :IN ip from any to any in
 
@@ -141,20 +240,14 @@ add 6 allow tcp from { 1.2.3.5 } to any dst-port 80
 add 7 deny ip from any to any
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	visit_actions([&](const auto& actions) {
+		EXPECT_THAT(actions.get_flow().counter_id, ::testing::Ge(1));
+		EXPECT_THAT(actions.get_flow().counter_id, ::testing::Lt(5));
+	});
 
 	auto& ids_map = result.ids_map;
 	ASSERT_EQ(ids_map.size(), 5);
-	for (const auto& [total_table_key, total_table_value] : result.acl_total_table)
-	{
-		(void)total_table_key;
 
-		const auto& value = result.acl_values[total_table_value];
-		EXPECT_THAT(value.flow.counter_id, ::testing::Ge(1));
-		EXPECT_THAT(value.flow.counter_id, ::testing::Lt(5));
-	}
 	EXPECT_THAT(ids_map[0], ::testing::ElementsAre());
 	EXPECT_THAT(ids_map[1], ::testing::ElementsAre(1, 2, 5));
 	EXPECT_THAT(ids_map[2], ::testing::ElementsAre(1, 2, 7));
@@ -162,46 +255,37 @@ add 7 deny ip from any to any
 	EXPECT_THAT(ids_map[4], ::testing::ElementsAre(1, 4));
 }
 
-TEST(ACL, 007_OrderDeny)
+TEST_F(ACL, 007_OrderDeny)
 {
-	auto fw = make_default_acl(R"IPFW(
+	compile_acl(R"IPFW(
 :BEGIN
 add 1 deny ip from any to any in
 add 2 allow ip from { 1.2.3.4 } to any in
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	ASSERT_EQ(result.acl_total_table.size(), 1);
+
+	visit_actions([&](const auto& actions) {
+		EXPECT_EQ(eFlowType::drop, actions.get_flow().type);
+	});
 
 	auto& ids_map = result.ids_map;
-	ASSERT_EQ(result.acl_total_table.size(), 1);
 	ASSERT_EQ(ids_map.size(), 2);
-	for (const auto& [total_table_key, total_table_value] : result.acl_total_table)
-	{
-		(void)total_table_key;
-
-		const auto& value = result.acl_values[total_table_value];
-		EXPECT_THAT(value.flow.type, ::testing::Eq(common::globalBase::eFlowType::drop));
-	}
 	EXPECT_THAT(ids_map[0], ::testing::ElementsAre());
 	EXPECT_THAT(ids_map[1], ::testing::ElementsAre(1));
 }
 
-TEST(ACL, 008_OrderAllow)
+TEST_F(ACL, 008_OrderAllow)
 {
-	auto fw = make_default_acl(R"IPFW(
+	compile_acl(R"IPFW(
 :BEGIN
 add 1 allow ip from { 1.2.3.4 } to any in
 add 2 deny ip from any to any in
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	ASSERT_EQ(result.acl_total_table.size(), 2);
 
 	auto& ids_map = result.ids_map;
-	ASSERT_EQ(result.acl_total_table.size(), 2);
 	ASSERT_EQ(ids_map.size(), 3);
 
 	EXPECT_THAT(ids_map[0], ::testing::ElementsAre());
@@ -209,17 +293,14 @@ add 2 deny ip from any to any in
 	EXPECT_THAT(ids_map[2], ::testing::ElementsAre(2));
 }
 
-TEST(ACL, 010_Via)
+TEST_F(ACL, 010_Via)
 {
-	auto fw = make_default_acl(R"IPFW(
+	compile_acl(R"IPFW(
 :BEGIN
 add 1 allow ip from { 1.2.3.4 } to any in via port0
 add 2 deny ip from any to any in
-)IPFW");
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "port0"}, {true, "port1"}}}}, result);
+)IPFW",
+	            {{1, {{true, "port0"}, {true, "port1"}}}});
 
 	auto& ids_map = result.ids_map;
 	ASSERT_EQ(ids_map.size(), 3);
@@ -237,18 +318,15 @@ add 2 deny ip from any to any in
 	EXPECT_THAT(acl_map[1], ::testing::ElementsAre(1, 2));
 }
 
-TEST(ACL, 011_ViaOut)
+TEST_F(ACL, 011_ViaOut)
 {
-	auto fw = make_default_acl(R"IPFW(
+	compile_acl(R"IPFW(
 :BEGIN
 add allow ip from { 1.2.3.4 } to any out via port0 // id 1
 add allow ip from { 1.2.3.5 } to any out via port1 // id 2
 add deny ip from any to any out // id 3
-)IPFW");
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-	acl::result_t result;
-	acl::compile(acls, {{1, {{false, "port0"}, {false, "port1"}, {false, "port2"}, {false, "port3"}}}}, result);
+)IPFW",
+	            {{1, {{false, "port0"}, {false, "port1"}, {false, "port2"}, {false, "port3"}}}});
 
 	auto& ids_map = result.ids_map;
 	ASSERT_EQ(ids_map.size(), 4);
@@ -265,9 +343,17 @@ add deny ip from any to any out // id 3
 	EXPECT_THAT(ifaces["port3"], 3);
 }
 
-TEST(ACL, 012_Lookup)
+// stringify a tuple
+template<typename Tuple>
+std::string stringify(Tuple&& v)
+{
+	return std::apply([](auto&&... e) { return (((e ? *e : "any") + "|") + ...); },
+	                  std::forward<Tuple>(v));
+}
+
+TEST_F(ACLWithUnwind, 012_Lookup)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add skipto :ALL ip from any to any // id 1
 
@@ -276,12 +362,10 @@ add allow ip from { 1.2.3.4 } to any out via port0 // id 2
 add allow log ip from { 1.2.3.5 } to any out via port1 // id 3
 add deny ip from any to any out // id 4
 add allow ip from any to any in // id 5
-)IPFW");
+)IPFW",
+	                       {{1, {{false, "port0"}, {false, "port1"}, {false, "port2"}, {false, "port3"}, {true, "port0"}}}});
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-
-	auto ret = acl::unwind(acls, {{1, {{false, "port0"}, {false, "port1"}, {false, "port2"}, {false, "port3"}, {true, "port0"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 6);
+	ASSERT_EQ(unwind_result.size(), 6);
 
 	std::set<std::string> expect = {"port2 port3 |1|any|any|any|any|any|any|any|false|drop(0)|1, 4|false|",
 	                                "port0 |1|1.2.3.4/255.255.255.255|any|any|any|any|any|any|false|logicalPort_egress(0)|1, 2|false|",
@@ -290,9 +374,7 @@ add allow ip from any to any in // id 5
 	                                "port1 |1|1.2.3.5/255.255.255.255|any|any|any|any|any|any|false|logicalPort_egress(0)|1, 3|true|",
 	                                "port1 |1|any|any|any|any|any|any|any|false|drop(0)|1, 4|false|"};
 
-	auto stringify = [](auto& v) { return std::apply([](auto... e) { return (((e ? *e : "any") + "|") + ...); }, v); };
-
-	for (const auto& r : ret)
+	for (const auto& r : unwind_result)
 	{
 		auto str = stringify(r);
 
@@ -301,64 +383,48 @@ add allow ip from any to any in // id 5
 	}
 }
 
-TEST(ACL, 013_DefaultAction)
+TEST_F(ACLWithUnwind, 013_DefaultAction)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add 1 allow icmp from { 1.2.3.4 } to any in
-)IPFW");
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-
-	auto ret = acl::unwind(acls, {{1, {{true, "vlan1"}, {false, "vlan1"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 3);
-
-	auto stringify = [](auto& v) { return std::apply([](auto... e) { return (((e ? *e : "any") + "|") + ...); }, v); };
+)IPFW",
+	                       {{1, {{true, "vlan1"}, {false, "vlan1"}}}});
 
-	EXPECT_THAT(stringify(ret[0]), ::testing::Eq("vlan1 |0|1.2.3.4/255.255.255.255|any|any|1|any|any|any|false|route(0)|1|false|"));
-	EXPECT_THAT(stringify(ret[1]), ::testing::Eq("vlan1 |0|any|any|any|any|any|any|any|false|route(0)||false|"));
-	EXPECT_THAT(stringify(ret[2]), ::testing::Eq("vlan1 |1|any|any|any|any|any|any|any|false|logicalPort_egress(0)||false|"));
+	ASSERT_EQ(unwind_result.size(), 3);
+	ASSERT_EQ(result.acl_total_table.size(), 4);
 
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}, {false, "vlan1"}}}}, result);
+	EXPECT_EQ("vlan1 |0|1.2.3.4/255.255.255.255|any|any|1|any|any|any|false|route(0)|1|false|", stringify(unwind_result[0]));
+	EXPECT_EQ("vlan1 |0|any|any|any|any|any|any|any|false|route(0)||false|", stringify(unwind_result[1]));
+	EXPECT_EQ("vlan1 |1|any|any|any|any|any|any|any|false|logicalPort_egress(0)||false|", stringify(unwind_result[2]));
 
 	auto& ids_map = result.ids_map;
-	ASSERT_EQ(result.acl_total_table.size(), 4);
 	ASSERT_EQ(ids_map.size(), 2);
 
 	EXPECT_THAT(ids_map[0], ::testing::ElementsAre());
 	EXPECT_THAT(ids_map[1], ::testing::ElementsAre(1));
 }
 
-TEST(ACL, 014_Log)
+TEST_F(ACLWithUnwind, 014_Log)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add 100 allow log ip from { 1.2.3.4 } to any in via port0
 add 200 deny log ip from any to any in
 add 300 deny ip from any to any
-)IPFW");
-
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-
-	auto ret = acl::unwind(acls, {{1, {{true, "port0"}, {true, "port1"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 3);
+)IPFW",
+	                       {{1, {{true, "port0"}, {true, "port1"}}}});
 
-	auto stringify = [](auto& v) { return std::apply([](auto... e) { return (((e ? *e : "any") + "|") + ...); }, v); };
+	ASSERT_EQ(unwind_result.size(), 3);
+	ASSERT_EQ(result.acl_total_table.size(), 4);
 
-	EXPECT_THAT(stringify(ret[0]), ::testing::Eq("port1 |0|any|any|any|any|any|any|any|false|drop(0)|2|true|"));
-	EXPECT_THAT(stringify(ret[1]), ::testing::Eq("port0 |0|1.2.3.4/255.255.255.255|any|any|any|any|any|any|false|route(0)|1|true|"));
-	EXPECT_THAT(stringify(ret[2]), ::testing::Eq("port0 |0|any|any|any|any|any|any|any|false|drop(0)|2|true|"));
+	EXPECT_EQ("port1 |0|any|any|any|any|any|any|any|false|drop(0)|2|true|", stringify(unwind_result[0]));
+	EXPECT_EQ("port0 |0|1.2.3.4/255.255.255.255|any|any|any|any|any|any|false|route(0)|1|true|", stringify(unwind_result[1]));
+	EXPECT_EQ("port0 |0|any|any|any|any|any|any|any|false|drop(0)|2|true|", stringify(unwind_result[2]));
 
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "port0"}, {true, "port1"}}}}, result);
-
-	ASSERT_EQ(result.acl_total_table.size(), 4);
-	for (const auto& [total_table_key, total_table_value] : result.acl_total_table)
-	{
-		(void)total_table_key;
-		EXPECT_THAT(result.acl_values[total_table_value].flow.flags, ::testing::Eq((uint8_t)common::globalBase::eFlowFlags::log));
-	}
+	visit_actions([&](const auto& actions) {
+		EXPECT_EQ(actions.get_flow().flags, static_cast<int>(common::globalBase::eFlowFlags::log));
+	});
 
 	auto& ids_map = result.ids_map;
 	ASSERT_EQ(ids_map.size(), 3);
@@ -376,36 +442,31 @@ add 300 deny ip from any to any
 	EXPECT_THAT(acl_map[1], ::testing::ElementsAre(1, 2));
 
 	ASSERT_EQ(result.rules.size(), 3);
-	EXPECT_THAT(std::get<2>(result.rules[100].front()), ::testing::Eq("allow log ip from { 1.2.3.4 } to any in via port0"));
-	EXPECT_THAT(std::get<2>(result.rules[200].front()), ::testing::Eq("deny log ip from any to any in"));
-	EXPECT_THAT(std::get<2>(result.rules[300].front()), ::testing::Eq("deny ip from any to any"));
+	EXPECT_EQ("allow log ip from { 1.2.3.4 } to any in via port0", std::get<2>(result.rules[100].front()));
+	EXPECT_EQ("deny log ip from any to any in", std::get<2>(result.rules[200].front()));
+	EXPECT_EQ("deny ip from any to any", std::get<2>(result.rules[300].front()));
 }
 
-TEST(ACL, 015_GappedMask)
+TEST_F(ACLWithUnwind, 015_GappedMask)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add 100 allow proto tcp dst-addr 4242@2abc:123:c00::/40
 add 200 allow proto tcp dst-addr fc00/23@2abc:123:c00::/40
 add 300 allow proto tcp dst-addr 1234567@2abc:123:c00::/40
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-
-	auto ret = acl::unwind(acls, {{1, {{true, "vlan1"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 4);
+	ASSERT_EQ(unwind_result.size(), 4);
 
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
 	// check that parser correctly expands gapped mask in rules -> compare with generated text
-	EXPECT_THAT(std::get<1>(result.rules[100].front()), ::testing::Eq("allow dst-addr 2abc:123:c00::4242:0:0/ffff:ffff:ff00:0:ffff:ffff:: proto 6"));
-	EXPECT_THAT(std::get<1>(result.rules[200].front()), ::testing::Eq("allow dst-addr 2abc:123:c00::fc00:0:0/ffff:ffff:ff00:0:ffff:fe00:: proto 6"));
-	EXPECT_THAT(std::get<1>(result.rules[300].front()), ::testing::Eq("allow dst-addr 2abc:123:c00:0:123:4567::/ffff:ffff:ff00:0:ffff:ffff:: proto 6"));
+	EXPECT_EQ("allow dst-addr 2abc:123:c00::4242:0:0/ffff:ffff:ff00:0:ffff:ffff:: proto 6", std::get<1>(result.rules[100].front()));
+	EXPECT_EQ("allow dst-addr 2abc:123:c00::fc00:0:0/ffff:ffff:ff00:0:ffff:fe00:: proto 6", std::get<1>(result.rules[200].front()));
+	EXPECT_EQ("allow dst-addr 2abc:123:c00:0:123:4567::/ffff:ffff:ff00:0:ffff:ffff:: proto 6", std::get<1>(result.rules[300].front()));
 }
 
-TEST(ACL, 016_TcpFlags)
+TEST_F(ACLWithUnwind, 016_TcpFlags)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add 100 deny tcp from any to any setup
 add 150 deny tcp from any to any tcpflags syn,!ack // the same as setup
@@ -415,25 +476,19 @@ add 400 allow tcp from any to any tcpflags rst
 add 500 allow tcp from any to any established
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-
-	auto ret = acl::unwind(acls, {{1, {{true, "vlan1"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 7);
-
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	ASSERT_EQ(unwind_result.size(), 7);
 	// check that parser correctly expands tcpflags and then filter correctly formats them
-	EXPECT_THAT(std::get<1>(result.rules[100].front()), ::testing::Eq("deny proto 6 setup"));
-	EXPECT_THAT(std::get<1>(result.rules[150].front()), ::testing::Eq("deny proto 6 setup"));
-	EXPECT_THAT(std::get<1>(result.rules[200].front()), ::testing::Eq("deny proto 6 tcpflags fin,psh,urg"));
-	EXPECT_THAT(std::get<1>(result.rules[300].front()), ::testing::Eq("deny proto 6 tcpflags !fin,!syn,!rst,!psh,!ack,!urg"));
-	EXPECT_THAT(std::get<1>(result.rules[400].front()), ::testing::Eq("allow proto 6 tcpflags rst"));
-	EXPECT_THAT(std::get<1>(result.rules[500].front()), ::testing::Eq("allow proto 6 etsablished"));
+	EXPECT_EQ("deny proto 6 setup", std::get<1>(result.rules[100].front()));
+	EXPECT_EQ("deny proto 6 setup", std::get<1>(result.rules[150].front()));
+	EXPECT_EQ("deny proto 6 tcpflags fin,psh,urg", std::get<1>(result.rules[200].front()));
+	EXPECT_EQ("deny proto 6 tcpflags !fin,!syn,!rst,!psh,!ack,!urg", std::get<1>(result.rules[300].front()));
+	EXPECT_EQ("allow proto 6 tcpflags rst", std::get<1>(result.rules[400].front()));
+	EXPECT_EQ("allow proto 6 etsablished", std::get<1>(result.rules[500].front()));
 }
 
-TEST(ACL, 017_IcmpTypes)
+TEST_F(ACLWithUnwind, 017_IcmpTypes)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add 100 allow icmp from any to any icmptypes 0,8,3,11,12
 # parser automatically inserts ICMP or ICMPv6 protocol
@@ -442,36 +497,202 @@ add 200 deny ip from any to any icmptypes 1,2,3,9,10,13
 add 300 allow ip from any to any icmp6types 133,134,135,136
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
-
-	auto ret = acl::unwind(acls, {{1, {{true, "vlan1"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 4);
-
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
+	ASSERT_EQ(unwind_result.size(), 4);
 	// check that parser correctly expands icmptypes and then filter correctly formats them
-	EXPECT_THAT(std::get<1>(result.rules[100].front()), ::testing::Eq("allow proto 1 icmptypes 0,3,8,11,12"));
-	EXPECT_THAT(std::get<1>(result.rules[200].front()), ::testing::Eq("deny proto 1 icmptypes 1,2,3,9,10,13"));
-	EXPECT_THAT(std::get<1>(result.rules[300].front()), ::testing::Eq("allow proto 58 icmp6types 133,134,135,136"));
+	EXPECT_EQ("allow proto 1 icmptypes 0,3,8,11,12", std::get<1>(result.rules[100].front()));
+	EXPECT_EQ("deny proto 1 icmptypes 1,2,3,9,10,13", std::get<1>(result.rules[200].front()));
+	EXPECT_EQ("allow proto 58 icmp6types 133,134,135,136", std::get<1>(result.rules[300].front()));
 }
 
-TEST(ACL, 018_EmptyDst)
+TEST_F(ACLWithUnwind, 018_EmptyDst)
 {
-	auto fw = make_default_acl(R"IPFW(
+	unwind_and_compile_acl(R"IPFW(
 :BEGIN
 add 100 allow icmp from any to unknown.hostname.tld icmptypes 0,8
 add 200 deny ip from any to any
 )IPFW");
 
-	std::map<std::string, controlplane::base::acl_t> acls{{"acl0", std::move(fw)}};
+	ASSERT_EQ(unwind_result.size(), 1);
+	// we expect that after validation rule 100 will be omitted and only one rule will remain
+	EXPECT_EQ("deny", std::get<1>(result.rules[200].front()));
+}
+
+TEST_F(ACL, 019_CheckStateBasic)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add 100 check-state
+add 200 allow ip from { 1.2.3.4 } to any
+add 300 deny ip from any to any
+)IPFW");
 
-	auto ret = acl::unwind(acls, {{1, {{true, "vlan1"}}}}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {});
-	ASSERT_EQ(ret.size(), 1);
+	ASSERT_EQ(result.acl_total_table.size(), 2);
+}
 
-	acl::result_t result;
-	acl::compile(acls, {{1, {{true, "vlan1"}}}}, result);
-	// we expect that after validation rule 100 will be omitted and only one rule will remain
-	EXPECT_THAT(std::get<1>(result.rules[200].front()), ::testing::Eq("deny"));
+TEST_F(ACL, 020_ManyCheckStates)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add 100 check-state
+add 200 dump ring1 ip from { 1.2.3.4 } to any
+add 300 check-state
+add 400 deny ip from any to any
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 2);
+
+	// We're interested in second group, i.e the group where src ip is { 1.2.3.4 }
+	visit_action_group(1, [&](const auto& actions) {
+		if constexpr (is_with_check_state<decltype(actions)>())
+		{
+			// Check that the default path includes the actions after the first and second check-states
+			EXPECT_THAT(actions.default_path_size(), 2);
+			EXPECT_THAT(actions.default_path_raw_action(0), IsDumpAction());
+			EXPECT_THAT(actions.default_path_raw_action(1), IsFlowAction());
+		}
+	});
+}
+
+TEST_F(ACL, 021_CheckStateComplex)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add 100 dump ring1 ip from { 1.2.3.4 } to any
+add 200 check-state
+add 300 dump ring2 ip from { 1.2.3.4 } to any
+add 500 check-state
+add 500 deny ip from any to any
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 2);
+
+	// We're interested in second group, i.e the group where src ip is { 1.2.3.4 }
+	visit_action_group(1, [&](const auto& actions) {
+		if constexpr (is_with_check_state<decltype(actions)>())
+		{
+			// Check that the default path includes actions before and after the check-state
+			EXPECT_THAT(actions.default_path_size(), 3);
+			EXPECT_THAT(actions.default_path_raw_action(0), IsDumpAction());
+			EXPECT_THAT(actions.default_path_raw_action(1), IsDumpAction());
+			EXPECT_THAT(actions.default_path_raw_action(2), IsFlowAction());
+
+			// Check that the check-state path includes actions up to and including the check-state action
+			EXPECT_THAT(actions.check_state_path_size(), 2);
+			EXPECT_THAT(actions.check_state_path_raw_action(0), IsDumpAction());
+			EXPECT_THAT(actions.check_state_path_raw_action(1), IsCheckStateAction());
+		}
+	});
+}
+
+TEST_F(ACL, KeepState_Basic)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add allow ip from any to any keep-state
+add deny ip from any to any
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 1);
+}
+
+TEST_F(ACL, KeepState_MultipleRules)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add allow ip from { 1.2.3.4 } to any keep-state
+add allow ip from any to any 22 keep-state
+add deny ip from any to any
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 2);
+}
+
+TEST_F(ACL, KeepState_WithSkipTo)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add skipto :IN ip from { 1.2.3.4 } to any in
+add deny ip from any to any
+
+:IN
+add allow ip from any to any keep-state
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 2);
+}
+
+TEST_F(ACL, StateTimeout_Basic)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add state-timeout 5000 ip from any to any
+add allow ip from any to any keep-state
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 1);
+
+	visit_actions([&](const auto& actions) {
+		const auto& flow_action = std::get<common::FlowAction>(actions.default_path_last_raw_action());
+		EXPECT_EQ(flow_action.timeout, 5000);
+	});
+}
+
+TEST_F(ACL, StateTimeout_RestrictiveSubset)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add state-timeout 8000 ip from any to any
+add state-timeout 3000 ip from 192.168.1.0/24 to any
+add allow ip from any to any keep-state
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 2);
+
+	// First group, ip not in 192.168.1.0/24
+	visit_action_group(0, [&](const auto& actions) {
+		const auto& flow_action = std::get<common::FlowAction>(actions.default_path_last_raw_action());
+		EXPECT_EQ(flow_action.timeout, 8000);
+	});
+
+	// Second group, ip is in 192.168.1.0/24
+	visit_action_group(1, [&](const auto& actions) {
+		const auto& flow_action = std::get<common::FlowAction>(actions.default_path_last_raw_action());
+		EXPECT_EQ(flow_action.timeout, 3000); // Verify that the timeout for 192.168.1.0/24 is 3000
+	});
+}
+
+TEST_F(ACL, StateTimeout_NoTimeout)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add allow ip from any to any
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 1);
+
+	visit_actions([&](const auto& actions) {
+		const auto& flow_action = std::get<common::FlowAction>(actions.default_path_last_raw_action());
+		// Check that by default timeout in flow_action is std::nullopt
+		EXPECT_EQ(flow_action.timeout, std::nullopt);
+	});
+}
+
+TEST_F(ACL, HitCount_Basic)
+{
+	compile_acl(R"IPFW(
+:BEGIN
+add hitcount SomeRandomString123 ip from any to any
+)IPFW");
+
+	ASSERT_EQ(result.acl_total_table.size(), 1);
+
+	visit_actions([&](const auto& actions) {
+		const auto& raw_action = actions.default_path_raw_action(0);
+		EXPECT_THAT(raw_action, IsHitcountAction());
+
+		const auto& hitcount_action = std::get<common::HitCountAction>(raw_action);
+		EXPECT_EQ(hitcount_action.id, "SomeRandomString123");
+	});
 }
 
 } // namespace
diff --git a/controlplane/unittest/acl_flat.cpp b/controlplane/unittest/acl_flat.cpp
index 13fdd65b..5af4c81c 100644
--- a/controlplane/unittest/acl_flat.cpp
+++ b/controlplane/unittest/acl_flat.cpp
@@ -1,5 +1,3 @@
-#include <fstream>
-
 #include <gmock/gmock.h>
 #include <gtest/gtest.h>
 
@@ -8,21 +6,21 @@
 namespace
 {
 
-template<typename... args_T>
+template<typename... Args>
 void expect_group_ids_helper(std::vector<tAclGroupId>& vector,
                              const unsigned int group_id,
-                             const args_T... group_ids)
+                             const Args... group_ids)
 {
 	vector.emplace_back(group_id);
 
-	if constexpr (sizeof...(args_T) != 0)
+	if constexpr (sizeof...(Args) != 0)
 	{
 		expect_group_ids_helper(vector, group_ids...);
 	}
 }
 
-template<typename... args_T>
-std::vector<tAclGroupId> expect_group_ids(const args_T... group_ids)
+template<typename... Args>
+std::vector<tAclGroupId> expect_group_ids(const Args... group_ids)
 {
 	std::vector<tAclGroupId> result;
 	expect_group_ids_helper(result, group_ids...);
diff --git a/controlplane/unittest/acl_network.cpp b/controlplane/unittest/acl_network.cpp
index 71627e4f..4b70b732 100644
--- a/controlplane/unittest/acl_network.cpp
+++ b/controlplane/unittest/acl_network.cpp
@@ -13,21 +13,21 @@ uint128_t convert_to_uint128(const std::string& address)
 	return acl::network_t(address).addr;
 }
 
-template<typename... args_T>
+template<typename... Args>
 void make_filter_helper(acl::compiler::network_t<uint128_t>::filter& filter,
                         const std::string& prefix,
-                        const args_T&... prefixes)
+                        const Args&... prefixes)
 {
 	filter.emplace(prefix);
 
-	if constexpr (sizeof...(args_T) != 0)
+	if constexpr (sizeof...(Args) != 0)
 	{
 		make_filter_helper(filter, prefixes...);
 	}
 }
 
-template<typename... args_T>
-acl::compiler::network_t<uint128_t>::filter make_filter(const args_T&... prefixes)
+template<typename... Args>
+acl::compiler::network_t<uint128_t>::filter make_filter(const Args&... prefixes)
 {
 	acl::compiler::network_t<uint128_t>::filter result;
 	make_filter_helper(result, prefixes...);
@@ -49,21 +49,21 @@ tAclGroupId get_by_address(acl::compiler::network_t<type_t>& network,
 	return network.get_group_ids_by_address(convert_to_uint128(address));
 }
 
-template<typename... args_T>
+template<typename... Args>
 void expect_group_ids_helper(std::vector<tAclGroupId>& vector,
                              const unsigned int group_id,
-                             const args_T... group_ids)
+                             const Args... group_ids)
 {
 	vector.emplace_back(group_id);
 
-	if constexpr (sizeof...(args_T) != 0)
+	if constexpr (sizeof...(Args) != 0)
 	{
 		expect_group_ids_helper(vector, group_ids...);
 	}
 }
 
-template<typename... args_T>
-std::vector<tAclGroupId> expect_group_ids(const args_T... group_ids)
+template<typename... Args>
+std::vector<tAclGroupId> expect_group_ids(const Args... group_ids)
 {
 	std::vector<tAclGroupId> result;
 	expect_group_ids_helper(result, group_ids...);
diff --git a/controlplane/unittest/acl_table.cpp b/controlplane/unittest/acl_table.cpp
index c98fdb7d..99d37d4f 100644
--- a/controlplane/unittest/acl_table.cpp
+++ b/controlplane/unittest/acl_table.cpp
@@ -6,29 +6,29 @@
 namespace
 {
 
-template<typename... args_T>
+template<typename... Args>
 void expect_group_ids_helper(std::vector<tAclGroupId>& vector,
                              const unsigned int group_id,
-                             const args_T... group_ids)
+                             const Args... group_ids)
 {
 	vector.emplace_back(group_id);
 
-	if constexpr (sizeof...(args_T) != 0)
+	if constexpr (sizeof...(Args) != 0)
 	{
 		expect_group_ids_helper(vector, group_ids...);
 	}
 }
 
-template<typename... args_T>
-std::vector<tAclGroupId> expect_group_ids(const args_T... group_ids)
+template<typename... Args>
+std::vector<tAclGroupId> expect_group_ids(const Args... group_ids)
 {
 	std::vector<tAclGroupId> result;
 	expect_group_ids_helper(result, group_ids...);
 	return result;
 }
 
-template<typename... args_T>
-std::tuple<unsigned int, unsigned int, tAclGroupId> expect_result(const args_T... args)
+template<typename... Args>
+std::tuple<unsigned int, unsigned int, tAclGroupId> expect_result(const Args... args)
 {
 	return {args...};
 }
diff --git a/controlplane/unittest/meson.build b/controlplane/unittest/meson.build
index c419e7a0..fadbdf6d 100644
--- a/controlplane/unittest/meson.build
+++ b/controlplane/unittest/meson.build
@@ -23,6 +23,7 @@ sources = files('unittest.cpp',
                 'acl_tree.cpp',
                 'network.cpp',
                 'parser.cpp',
+                'segment_allocator.cpp',
                 'type.cpp')
 
 arch = 'corei7'
diff --git a/controlplane/unittest/network.cpp b/controlplane/unittest/network.cpp
index 927feb82..8c743054 100644
--- a/controlplane/unittest/network.cpp
+++ b/controlplane/unittest/network.cpp
@@ -74,8 +74,8 @@ TEST(network_t, IPv6MaskGapped)
 
 TEST(network_t, IPWithoutMaskAfterSlash)
 {
-	EXPECT_THROW(network_t("1.2.3.4/"), std::string); // todo: WUT? Make normal exception type.
-	EXPECT_THROW(network_t("::1/"), std::string);
+	EXPECT_THROW(network_t("1.2.3.4/"), std::runtime_error);
+	EXPECT_THROW(network_t("::1/"), std::runtime_error);
 }
 
 } // namespace
diff --git a/controlplane/unittest/parser.cpp b/controlplane/unittest/parser.cpp
index ae21e320..4a2e1c71 100644
--- a/controlplane/unittest/parser.cpp
+++ b/controlplane/unittest/parser.cpp
@@ -1,6 +1,5 @@
 #include <gtest/gtest.h>
 
-#include "common/type.h"
 #include "libfwparser/fw_parser.h"
 
 namespace
@@ -8,7 +7,7 @@ namespace
 
 auto parse_rules(const std::string& rules, bool validation = false)
 {
-	bool ret;
+	bool ret = false;
 
 	ipfw::fw_config_t firewall;
 	firewall.schedule_string(rules);
@@ -172,10 +171,10 @@ add allow udp from { _CNETS_ or _DNETS_ } dst-port 3784,4784 to { _CNETS_ or _DN
 	EXPECT_FALSE(parse_rules(rules));
 }
 
-TEST(Parser, 017_KeepStateOption)
+TEST(Parser, 017_RecordStateOption)
 {
 	const auto rules = R"IPFW(
-add allow icmp from me to any icmptypes 8 out keep-state
+add allow icmp from me to any icmptypes 8 out record-state
 )IPFW";
 	EXPECT_TRUE(parse_rules(rules));
 }
@@ -219,12 +218,10 @@ TEST(Parser, 020_IgnoredOptions)
 {
 	const auto rules = R"IPFW(
 # just ignore antispoof, diverted, logamount, tag, tagged,
-# check-state
 add allow tcp from 10.0.0.0/8 to 10.0.0.0/8 80 in antispoof
-add 65534 allow ip from any to any diverted keep-state
+add 65534 allow ip from any to any diverted record-state
 add deny log logamount 500 all from any to any
 add allow tag 653 ip4 from { 10.0.0.0/8 } to me
-add check-state
 add allow ip from any to any tagged 31000
 add skipto :HELP ip from any to any not tagged 63
 )IPFW";
diff --git a/controlplane/unittest/segment_allocator.cpp b/controlplane/unittest/segment_allocator.cpp
new file mode 100644
index 00000000..0e203663
--- /dev/null
+++ b/controlplane/unittest/segment_allocator.cpp
@@ -0,0 +1,232 @@
+#include <gtest/gtest.h>
+
+#include "controlplane/segment_allocator.h"
+
+static constexpr uint32_t error_result = 0;
+using Allocator = SegmentAllocator<15, 6 * 64, 2 * 64, 64, error_result>;
+using Errors = std::pair<uint64_t, uint64_t>;
+using BlockStat = std::tuple<uint32_t, uint32_t, uint32_t>;
+
+BlockStat Block(const Allocator& allocator, uint16_t size)
+{
+	const auto& info = allocator.GetBlocksStat()[size];
+	return {info.busy_blocks, info.used_blocks, info.used_segments};
+}
+
+TEST(SegmentAllocator, Simple)
+{
+
+	Errors no_errors(0, 0);
+
+	Allocator allocator;
+
+	// Interval [15, 384), BlockSize = 128.
+	// 3 intervals [15, 143), [143, 271), [271, 384) - length of the last block = 113 < 128.
+	// Blocks 0,2 - the blocks will be used for segments of length 23, block 1 - 27.
+	// Capacity of blocks: 0 => [128/23] = 5, 1 => [128/27] = 4, 2 => [113/23] = 4.
+
+	// --------------------------------------------------------------------------------------------
+	// STEP 1: - Allocate segments, we will get results:
+	// len=23: Block 0 (15, 38, 61, 84, 107), Block 2 (271, 294, 317, 340)
+	// len=27: Block 1 (143, 170, 197, 224)
+
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 3, 0));
+
+	EXPECT_EQ(allocator.Allocate(23), 15);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 2, 0)); // Block 0 for 23
+	EXPECT_EQ(Block(allocator, 23), BlockStat(0, 1, 1));
+
+	EXPECT_EQ(allocator.Allocate(27), 143); // Block 1 for 27
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 27), BlockStat(0, 1, 1));
+
+	EXPECT_EQ(allocator.Allocate(23), 38);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(0, 1, 2));
+
+	EXPECT_EQ(allocator.Allocate(23), 61);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(0, 1, 3));
+
+	EXPECT_EQ(allocator.Allocate(23), 84);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(0, 1, 4));
+
+	EXPECT_EQ(allocator.Allocate(23), 107);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 0, 5)); // Block 0 - busy
+
+	EXPECT_EQ(allocator.Allocate(27), 170);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 27), BlockStat(0, 1, 2));
+
+	EXPECT_EQ(allocator.Allocate(27), 197);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+	EXPECT_EQ(Block(allocator, 27), BlockStat(0, 1, 3));
+
+	EXPECT_EQ(allocator.Allocate(23), 271); // Block 2 for 23
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 0, 0));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 1, 6));
+
+	EXPECT_EQ(allocator.Allocate(23), 294);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 1, 7));
+
+	EXPECT_EQ(allocator.Allocate(27), 224);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 27), BlockStat(1, 0, 4)); // Block 1 - busy
+
+	EXPECT_EQ(allocator.Allocate(23), 317);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 1, 8));
+
+	EXPECT_EQ(allocator.Allocate(27), 0);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+
+	EXPECT_EQ(allocator.Allocate(23), 340);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 23), BlockStat(2, 0, 9)); // Block 2 - busy
+
+	EXPECT_EQ(allocator.Allocate(23), 0);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+
+	// Finish allocate:
+	// - no free blocks
+	// - len=23 (2 - busy blocks, 9 - segments)
+	// - len=27 (1 - busy block, 4 - segments)
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 0, 0));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(2, 0, 9));
+	EXPECT_EQ(Block(allocator, 27), BlockStat(1, 0, 4));
+
+	// --------------------------------------------------------------------------------------------
+	// STEP 2: - Release the length 23 segments (271, 294, 317, 340) from block 2 and then place
+	// the length 27 segments in it
+
+	EXPECT_TRUE(allocator.Free(271, 23));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 1, 8)); // Block 2 - in list 23
+	EXPECT_TRUE(allocator.Free(294, 23));
+	EXPECT_TRUE(allocator.Free(317, 23));
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 1, 6));
+
+	// release last segment of the length 23
+	EXPECT_TRUE(allocator.Free(340, 23));
+	EXPECT_EQ(Block(allocator, 23), BlockStat(1, 0, 5));
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0)); // Block 2 - free
+
+	// start allocate segments len=27
+	EXPECT_EQ(allocator.Allocate(27), 271);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 27), BlockStat(1, 1, 5)); // Block 2 for 27
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 0, 0));
+
+	// Allocate other segments
+	EXPECT_EQ(allocator.Allocate(27), 298);
+	EXPECT_EQ(allocator.Allocate(27), 325);
+	EXPECT_EQ(allocator.Allocate(27), 352);
+	EXPECT_EQ(allocator.Allocate(27), 0);
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 27), BlockStat(2, 0, 8));
+
+	// --------------------------------------------------------------------------------------------
+	// STEP 3: - Release all segments
+
+	// Block 2
+	EXPECT_TRUE(allocator.Free(298, 27));
+	EXPECT_TRUE(allocator.Free(352, 27));
+	EXPECT_TRUE(allocator.Free(325, 27));
+	EXPECT_TRUE(allocator.Free(271, 27));
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 27), BlockStat(1, 0, 4));
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 1, 0));
+
+	// Block 0
+	EXPECT_TRUE(allocator.Free(15, 23));
+	EXPECT_TRUE(allocator.Free(38, 23));
+	EXPECT_TRUE(allocator.Free(61, 23));
+	EXPECT_TRUE(allocator.Free(84, 23));
+	EXPECT_TRUE(allocator.Free(107, 23));
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 23), BlockStat(0, 0, 0));
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 2, 0));
+
+	// Block 1
+	EXPECT_TRUE(allocator.Free(143, 27));
+	EXPECT_TRUE(allocator.Free(170, 27));
+	EXPECT_TRUE(allocator.Free(197, 27));
+	EXPECT_TRUE(allocator.Free(224, 27));
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+	EXPECT_EQ(Block(allocator, 27), BlockStat(0, 0, 0));
+	EXPECT_EQ(Block(allocator, 0), BlockStat(0, 3, 0));
+	EXPECT_EQ(allocator.GetErrors(), no_errors);
+}
+
+TEST(SegmentAllocator, BigSize)
+{
+	static constexpr uint32_t index_begin = 128;
+	static constexpr uint32_t index_end = 8 * 1024 * 1024;
+	using AllocatorBig = SegmentAllocator<index_begin, index_end, 64 * 64, 64, error_result>;
+
+	uint8_t data[sizeof(AllocatorBig)];
+	memset((void*)data, -1, sizeof(AllocatorBig));
+	auto* allocator = new (data) AllocatorBig();
+
+	uint16_t size = 4;
+	uint32_t full_size = index_end - index_begin;
+	for (uint32_t index = index_begin; index < index_end; index += size)
+	{
+		EXPECT_EQ(allocator->Allocate(size), index);
+		full_size -= size;
+		EXPECT_EQ(allocator->Size(), full_size);
+	}
+
+	for (uint32_t index = index_begin; index < index_end; index += size)
+	{
+		EXPECT_TRUE(allocator->Free(index, size));
+		full_size += size;
+		EXPECT_EQ(allocator->Size(), full_size);
+	}
+
+	Errors no_errors(0, 0);
+	EXPECT_EQ(allocator->GetErrors(), no_errors);
+}
+
+TEST(SegmentAllocator, OnlyErrors)
+{
+	Allocator allocator;
+
+	EXPECT_EQ(allocator.Allocate(23), 15);
+
+	EXPECT_EQ(allocator.Allocate(0), 0); // size = 0
+	EXPECT_EQ(allocator.Allocate(65), 0); // size > 64
+	EXPECT_EQ(allocator.GetErrors(), Errors(2, 0));
+
+	// 4 errors for this case:
+	//  ((size == 0) || (size > MaxBufferSize) || (start >= IndexEnd) || (start < IndexBegin))
+	EXPECT_FALSE(allocator.Free(50, 0));
+	EXPECT_FALSE(allocator.Free(50, 65));
+	EXPECT_FALSE(allocator.Free(0, 10));
+	EXPECT_FALSE(allocator.Free(500, 0));
+	EXPECT_EQ(allocator.GetErrors(), Errors(6, 0));
+
+	EXPECT_FALSE(allocator.Free(15, 27)); // segment size 27 != 23
+	EXPECT_FALSE(allocator.Free(16, 23)); // segments starts at (15, 15+23, ...)
+	EXPECT_FALSE(allocator.Free(38, 23)); // segment free
+	EXPECT_EQ(allocator.GetErrors(), Errors(9, 0));
+}
+
+int main(int argc, char** argv)
+{
+	::testing::InitGoogleTest(&argc, argv);
+	return RUN_ALL_TESTS();
+}
diff --git a/dataplane/action_dispatcher.h b/dataplane/action_dispatcher.h
new file mode 100644
index 00000000..b3c3b771
--- /dev/null
+++ b/dataplane/action_dispatcher.h
@@ -0,0 +1,158 @@
+#pragma once
+
+#include "base.h"
+#include "metadata.h"
+#include "worker.h"
+
+namespace dataplane
+{
+
+struct ActionDispatcherArgs
+{
+	cWorker* worker;
+	rte_mbuf* mbuf;
+	metadata* meta;
+	const base::generation* base;
+};
+
+template<FlowDirection Direction>
+struct ActionDispatcher
+{
+	using Flow = common::globalBase::tFlow;
+	using FlowFlags = common::globalBase::eFlowFlags;
+
+	static void execute(const common::Actions& actions, const ActionDispatcherArgs& args)
+	{
+		std::visit([&](const auto& specific_actions) {
+			execute_impl(specific_actions, args);
+		},
+		           actions);
+	}
+
+	/**
+	 * Determine the correct path to execute based on the presence of a check-state action.
+	 *
+	 * If HasCheckState is true and the state check succeeds,
+	 * it executes the check_state_path_ and then returns.
+	 * Otherwise, it executes the default path. The egress/ingress flow
+	 * is handled by the CheckStateAction execute method.
+	 */
+	template<common::ActionsPath Path>
+	static void execute_impl(const common::BaseActions<Path>& actions, const ActionDispatcherArgs& args)
+	{
+		if constexpr (Path == common::ActionsPath::WithCheckState)
+		{
+			auto worker = args.worker;
+			auto mbuf = args.mbuf;
+			cWorker::FlowFromState flow;
+
+			if constexpr (Direction == FlowDirection::Egress)
+			{
+				flow = worker->acl_egress_checkstate(mbuf);
+			}
+			else
+			{
+				flow = worker->acl_checkstate(mbuf);
+			}
+
+			YANET_LOG_DEBUG("Check state was matched and state was%s found\n", flow ? "" : " not");
+
+			if (flow)
+			{
+				execute_path(actions.check_state_path(), flow.value(), args);
+				return;
+			}
+		}
+
+		// Execute default path
+		execute_path(actions.default_path(), actions.get_flow(), args);
+	}
+
+	static void execute_path(const std::vector<common::Action>& actions, const Flow& flow, const ActionDispatcherArgs& args)
+	{
+		for (const auto& action : actions)
+		{
+			std::visit([&](const auto& act) {
+				YANET_LOG_DEBUG("Executing action %s\n", act.to_string().c_str());
+				execute(act, flow, args);
+			},
+			           action.raw_action);
+		}
+	}
+
+	static void execute(const common::DumpAction& action, const Flow& flow, const ActionDispatcherArgs& args)
+	{
+		auto ring_id = args.base->globalBase->dump_id_to_tag[action.dump_id];
+		if (ring_id == -1)
+		{
+			return;
+		}
+
+		auto& ring = args.worker->dumpRings[ring_id];
+		ring.write(args.mbuf, flow.type);
+	}
+
+	static void execute(const common::StateTimeoutAction& action, const Flow& flow, const ActionDispatcherArgs& args)
+	{
+		YANET_LOG_DEBUG("Asked to execute StateTimeoutAction, which should not occur. Check value_t::compile()\n");
+	}
+
+	static void execute(const common::FlowAction& action, [[maybe_unused]] const Flow& flow, const ActionDispatcherArgs& args)
+	{
+		auto worker = args.worker;
+		auto mbuf = args.mbuf;
+
+		worker->aclCounters[action.flow.counter_id]++;
+
+		tAclId acl_id = 0;
+
+		if constexpr (Direction == FlowDirection::Egress)
+		{
+			acl_id = args.meta->aclId;
+		}
+		else
+		{
+			acl_id = args.meta->flow.data.aclId;
+		}
+
+		if (action.flow.flags & (uint8_t)FlowFlags::log)
+		{
+			worker->acl_log(mbuf, action.flow, acl_id);
+		}
+		if (action.flow.flags & (uint8_t)FlowFlags::recordstate)
+		{
+			worker->acl_create_state(mbuf, acl_id, action.flow, action.timeout);
+		}
+
+		if constexpr (Direction == FlowDirection::Egress)
+		{
+			worker->acl_egress_flow(mbuf, action.flow);
+		}
+		else
+		{
+			worker->acl_ingress_flow(mbuf, action.flow);
+		}
+	}
+
+	static void execute([[maybe_unused]] const common::CheckStateAction& action, const Flow& flow, const ActionDispatcherArgs& args)
+	{
+		if constexpr (Direction == FlowDirection::Egress)
+		{
+			args.worker->acl_egress_flow(args.mbuf, flow);
+		}
+		else
+		{
+			args.worker->acl_ingress_flow(args.mbuf, flow);
+		}
+	}
+
+	static void execute(const common::HitCountAction& action, const Flow& flow, const ActionDispatcherArgs& args)
+	{
+		auto worker = args.worker;
+		auto mbuf = args.mbuf;
+
+		worker->populate_hitcount_map(action.id, mbuf);
+	}
+};
+
+} // namespace dataplane
diff --git a/dataplane/base.h b/dataplane/base.h
index 6c077acd..0fc9934b 100644
--- a/dataplane/base.h
+++ b/dataplane/base.h
@@ -8,6 +8,8 @@
 #include <rte_tcp.h>
 #include <rte_udp.h>
 
+#include "common/static_vector.h"
+#include "dpdk.h"
 #include "neighbor.h"
 #include "type.h"
 
@@ -20,13 +22,33 @@ class PortMapper
 	uint16_t ports_count_ = 0;
 	tPortId dpdk_ports_[std::numeric_limits<tPortId>::max() + 1]; // logical to dpdk
 	tPortId logical_ports_[std::numeric_limits<tPortId>::max() + 1]; // dpdk to logical
+
 public:
 	PortMapper()
 	{
 		std::fill(std::begin(dpdk_ports_), std::end(dpdk_ports_), INVALID_PORT_ID);
 		std::fill(std::begin(logical_ports_), std::end(logical_ports_), INVALID_PORT_ID);
 	}
-	uint16_t size() const { return ports_count_; }
+
+	PortMapper(const PortMapper& other)
+	{
+		*this = other;
+	}
+
+	PortMapper& operator=(const PortMapper& other)
+	{
+		ports_count_ = other.ports_count_;
+		std::copy(std::begin(other.dpdk_ports_),
+		          std::end(other.dpdk_ports_),
+		          std::begin(dpdk_ports_));
+		std::copy(std::begin(other.logical_ports_),
+		          std::end(other.logical_ports_),
+		          std::begin(logical_ports_));
+		return *this;
+	}
+
+	[[nodiscard]] uint16_t size() const { return ports_count_; }
+
 	[[nodiscard]] std::optional<tPortId> Register(tPortId dpdk_port)
 	{
 		if (ports_count_ < CONFIG_YADECAP_PORTS_SIZE)
@@ -49,21 +71,17 @@ class PortMapper
 			return {};
 		}
 	}
-	tPortId ToDpdk(tPortId logical) const { return dpdk_ports_[logical]; }
-	tPortId ToLogical(tPortId dpdk) const { return logical_ports_[dpdk]; }
-	bool ValidDpdk(tPortId dpdk) const { return logical_ports_[dpdk] != INVALID_PORT_ID; }
-	bool ValidLogical(tPortId logical) const { return logical < INVALID_PORT_ID; }
+
+	[[nodiscard]] tPortId ToDpdk(tPortId logical) const { return dpdk_ports_[logical]; }
+	[[nodiscard]] tPortId ToLogical(tPortId dpdk) const { return logical_ports_[dpdk]; }
+	[[nodiscard]] bool ValidDpdk(tPortId dpdk) const { return logical_ports_[dpdk] != INVALID_PORT_ID; }
+	[[nodiscard]] bool ValidLogical(tPortId logical) const { return logical < INVALID_PORT_ID; }
 };
 
 class permanently
 {
 public:
-	permanently() :
-	        globalBaseAtomic(nullptr),
-	        workerPortsCount(0),
-	        nat64stateful_numa_mask(0xFFFFu),
-	        nat64stateful_numa_reverse_mask(0),
-	        nat64stateful_numa_id(0)
+	permanently()
 	{
 		memset(globalBaseAtomics, 0, sizeof(globalBaseAtomics));
 
@@ -79,30 +97,21 @@ class permanently
 	bool add_worker_port(const tPortId port_id,
 	                     tQueueId queue_id)
 	{
-		if (workerPortsCount >= CONFIG_YADECAP_WORKER_PORTS_SIZE)
+		if (rx_points.Full())
 		{
 			return false;
 		}
-
-		workerPorts[workerPortsCount].inPortId = port_id;
-		workerPorts[workerPortsCount].inQueueId = queue_id;
-		workerPortsCount++;
-
+		rx_points.emplace_back(port_id, queue_id);
 		return true;
 	}
 
-	dataplane::globalBase::atomic* globalBaseAtomic;
+	dataplane::globalBase::atomic* globalBaseAtomic{};
 	/// Pointers to all globalBaseAtomic for each CPU socket.
 	///
 	/// Used to distribute firewall states.
 	dataplane::globalBase::atomic* globalBaseAtomics[YANET_CONFIG_NUMA_SIZE];
 
-	unsigned int workerPortsCount;
-	struct
-	{
-		tPortId inPortId;
-		tQueueId inQueueId;
-	} workerPorts[CONFIG_YADECAP_WORKER_PORTS_SIZE];
+	utils::StaticVector<dpdk::Endpoint, CONFIG_YADECAP_WORKER_PORTS_SIZE> rx_points;
 
 	PortMapper ports;
 	tQueueId outQueueId;
@@ -110,22 +119,16 @@ class permanently
 	uint32_t SWNormalPriorityRateLimitPerWorker;
 	uint8_t transportSizes[256];
 
-	uint16_t nat64stateful_numa_mask;
-	uint16_t nat64stateful_numa_reverse_mask;
-	uint16_t nat64stateful_numa_id;
+	uint16_t nat64stateful_numa_mask{0xFFFFu};
+	uint16_t nat64stateful_numa_reverse_mask{};
+	uint16_t nat64stateful_numa_id{};
 };
 
 class generation
 {
 public:
-	generation() :
-	        globalBase(nullptr),
-	        neighbor_hashtable(nullptr)
-	{
-	}
-
-	dataplane::globalBase::generation* globalBase;
-	dataplane::neighbor::hashtable const* neighbor_hashtable;
+	dataplane::globalBase::generation* globalBase{};
+	dataplane::neighbor::hashtable const* neighbor_hashtable{};
 } __rte_aligned(2 * RTE_CACHE_LINE_SIZE);
 
 }
diff --git a/dataplane/bus.cpp b/dataplane/bus.cpp
index 2ba40c5b..081aae2a 100644
--- a/dataplane/bus.cpp
+++ b/dataplane/bus.cpp
@@ -15,13 +15,13 @@
 
 cBus::cBus(cDataPlane* dataPlane) :
         dataPlane(dataPlane),
-        controlPlane(dataPlane->controlPlane.get()),
         serverSocket(-1)
 {
 }
 
 eResult cBus::init()
 {
+	controlPlane = dataPlane->controlPlane.get();
 	serverSocket = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (serverSocket < 0)
 	{
@@ -55,6 +55,21 @@ void cBus::join()
 	}
 }
 
+uint64_t cBus::GetSizeForCounters()
+{
+	auto count_errors = static_cast<uint32_t>(common::idp::errorType::size);
+	auto count_requests = static_cast<uint32_t>(common::idp::requestType::size);
+	return (count_errors + 2 * count_requests) * sizeof(uint64_t);
+}
+
+void cBus::SetBufferForCounters(const common::sdp::DataPlaneInSharedMemory& sdp_data)
+{
+	auto [requests, errors, durations] = sdp_data.BuffersBus();
+	stats.requests = requests;
+	stats.errors = errors;
+	stats.durations = durations;
+}
+
 static bool recvAll(int clientSocket,
                     char* buffer,
                     uint64_t size)
@@ -145,7 +160,7 @@ void cBus::clientThread(int clientSocket)
 
 	for (;;)
 	{
-		uint64_t messageSize;
+		uint64_t messageSize = 0;
 		if (!recvAll(clientSocket, (char*)&messageSize, sizeof(messageSize)))
 		{
 			stats.errors[(uint32_t)common::idp::errorType::busRead]++;
@@ -212,7 +227,7 @@ void cBus::clientThread(int clientSocket)
 		}
 		else if (type == common::idp::requestType::getSlowWorkerStats)
 		{
-			response = callWithResponse(&cControlPlane::getSlowWorkerStats, request);
+			response = callWithResponse(&cControlPlane::SlowWorkerStatsResponse, request);
 		}
 		else if (type == common::idp::requestType::get_worker_gc_stats)
 		{
@@ -254,14 +269,6 @@ void cBus::clientThread(int clientSocket)
 		{
 			response = callWithResponse(&cControlPlane::clearFWState, request);
 		}
-		else if (type == common::idp::requestType::getCounters)
-		{
-			response = callWithResponse(&cControlPlane::getCounters, request);
-		}
-		else if (type == common::idp::requestType::getOtherStats)
-		{
-			response = callWithResponse(&cControlPlane::getOtherStats, request);
-		}
 		else if (type == common::idp::requestType::getConfig)
 		{
 			response = callWithResponse(&cControlPlane::getConfig, request);
@@ -286,10 +293,6 @@ void cBus::clientThread(int clientSocket)
 		{
 			response = callWithResponse(&cControlPlane::limits, request);
 		}
-		else if (type == common::idp::requestType::getAclCounters)
-		{
-			response = callWithResponse(&cControlPlane::getAclCounters, request);
-		}
 		else if (type == common::idp::requestType::balancer_connection)
 		{
 			response = callWithResponse(&cControlPlane::balancer_connection, request);
@@ -306,6 +309,10 @@ void cBus::clientThread(int clientSocket)
 		{
 			response = callWithResponse(&cControlPlane::samples, request);
 		}
+		else if (type == common::idp::requestType::hitcount_dump)
+		{
+			response = callWithResponse(&cControlPlane::hitcount_dump, request);
+		}
 		else if (type == common::idp::requestType::debug_latch_update)
 		{
 			response = callWithResponse(&cControlPlane::debug_latch_update, request);
@@ -322,10 +329,6 @@ void cBus::clientThread(int clientSocket)
 		{
 			response = callWithResponse(&cControlPlane::version, request);
 		}
-		else if (type == common::idp::requestType::get_counter_by_name)
-		{
-			response = callWithResponse(&cControlPlane::get_counter_by_name, request);
-		}
 		else if (type == common::idp::requestType::nat64stateful_state)
 		{
 			response = callWithResponse(&cControlPlane::nat64stateful_state, request);
@@ -406,6 +409,8 @@ void cBus::clientThread(int clientSocket)
 
 		std::chrono::duration<double> duration = std::chrono::system_clock::now() - startTime;
 
+		// The duration time is measured in milliseconds
+		stats.durations[(uint32_t)type] += static_cast<uint64_t>(1000 * duration.count());
 		YANET_LOG_DEBUG("request type %d processed - %.3f sec\n",
 		                (int)type,
 		                duration.count());
diff --git a/dataplane/bus.h b/dataplane/bus.h
index c52607e3..450b1c47 100644
--- a/dataplane/bus.h
+++ b/dataplane/bus.h
@@ -1,18 +1,7 @@
 #pragma once
 
-#include <arpa/inet.h>
-
-#include <array>
-#include <thread>
-#include <variant>
-#include <vector>
-
-#include <rte_ether.h>
-
-#include "common/idp.h"
-#include "common/result.h"
-
-#include "type.h"
+#include "common/sdpcommon.h"
+#include "controlplane.h"
 
 class cBus
 {
@@ -24,14 +13,16 @@ class cBus
 	void stop();
 	void join();
 
+	static uint64_t GetSizeForCounters();
+	void SetBufferForCounters(const common::sdp::DataPlaneInSharedMemory& sdp_data);
+
 protected:
 	void mainLoop();
 	void clientThread(int clientSocket);
 
 protected:
-	void call(void (cControlPlane::*function)(), const common::idp::request& request)
+	void call(void (cControlPlane::*function)(), [[maybe_unused]] const common::idp::request& request)
 	{
-		(void)request; ///< @todo: [[maybe_unused]]
 		(controlPlane->*function)();
 	}
 
@@ -42,16 +33,14 @@ class cBus
 	}
 
 	template<typename TResult>
-	TResult callWithResponse(TResult (cControlPlane::*function)(), const common::idp::request& request)
+	TResult callWithResponse(TResult (cControlPlane::*function)(), [[maybe_unused]] const common::idp::request& request)
 	{
-		(void)request; ///< @todo: [[maybe_unused]]
 		return (controlPlane->*function)();
 	}
 
 	template<typename TResult>
-	TResult callWithResponse(TResult (cControlPlane::*function)() const, const common::idp::request& request) const
+	TResult callWithResponse(TResult (cControlPlane::*function)() const, [[maybe_unused]] const common::idp::request& request) const
 	{
-		(void)request; ///< @todo: [[maybe_unused]]
 		return (controlPlane->*function)();
 	}
 
@@ -67,13 +56,9 @@ class cBus
 
 	struct sStats
 	{
-		sStats()
-		{
-			memset(this, 0, sizeof(*this));
-		}
-
-		uint64_t requests[(uint32_t)common::idp::requestType::size];
-		uint64_t errors[(uint32_t)common::idp::errorType::size];
+		uint64_t* requests; // common::idp::requestType::size
+		uint64_t* errors; // common::idp::errorType::size
+		uint64_t* durations; // common::idp::requestType::size
 	} stats;
 
 	cDataPlane* dataPlane;
diff --git a/dataplane/checksum.h b/dataplane/checksum.h
index caca7b9e..6ed34cec 100644
--- a/dataplane/checksum.h
+++ b/dataplane/checksum.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include <cinttypes>
-
 #include <rte_icmp.h>
 #include <rte_ip.h>
 #include <rte_tcp.h>
diff --git a/dataplane/common.h b/dataplane/common.h
index 2e0225eb..d38cb5e8 100644
--- a/dataplane/common.h
+++ b/dataplane/common.h
@@ -6,7 +6,7 @@
 #include <rte_ether.h>
 #include <rte_hash_crc.h>
 
-#include "common/config.h"
+#include "common/config.release.h"
 #include "common/define.h"
 
 #define YADECAP_UNUSED [[maybe_unused]]
@@ -99,4 +99,10 @@ namespace dataplane
 class memory_pointer;
 class memory_manager;
 
+enum class FlowDirection
+{
+	Ingress,
+	Egress
+};
+
 }
diff --git a/dataplane/config_values.h b/dataplane/config_values.h
index 0900038b..60103499 100644
--- a/dataplane/config_values.h
+++ b/dataplane/config_values.h
@@ -1,9 +1,16 @@
 #pragma once
 
+#include "common/config.release.h"
 #include <cstdint>
 #include <nlohmann/json.hpp>
 
-#include "common/config.h"
+struct FragmentationConfig
+{
+	uint64_t size = 1024;
+	uint64_t timeout_first = 32;
+	uint64_t timeout_last = 16;
+	uint64_t packets_per_flow = 64;
+};
 
 struct ConfigValues
 {
@@ -14,10 +21,7 @@ struct ConfigValues
 	uint64_t ring_lowPriority_size = 64;
 	uint64_t ring_toFreePackets_size = 64;
 	uint64_t ring_log_size = 1024;
-	uint64_t fragmentation_size = 1024;
-	uint64_t fragmentation_timeout_first = 32;
-	uint64_t fragmentation_timeout_last = 16;
-	uint64_t fragmentation_packets_per_flow = 64;
+	FragmentationConfig fragmentation;
 	uint64_t stateful_firewall_tcp_timeout = 120;
 	uint64_t stateful_firewall_tcp_syn_timeout = YANET_CONFIG_STATE_TIMEOUT_DEFAULT;
 	uint64_t stateful_firewall_tcp_syn_ack_timeout = YANET_CONFIG_STATE_TIMEOUT_DEFAULT;
@@ -51,10 +55,10 @@ inline void from_json(const nlohmann::json& j, ConfigValues& cfg)
 	cfg.ring_lowPriority_size = j.value("ring_lowPriority_size", cfg.ring_lowPriority_size);
 	cfg.ring_toFreePackets_size = j.value("ring_toFreePackets_size", cfg.ring_toFreePackets_size);
 	cfg.ring_log_size = j.value("ring_log_size", cfg.ring_log_size);
-	cfg.fragmentation_size = j.value("fragmentation_size", cfg.fragmentation_size);
-	cfg.fragmentation_timeout_first = j.value("fragmentation_timeout_first", cfg.fragmentation_timeout_first);
-	cfg.fragmentation_timeout_last = j.value("fragmentation_timeout_last", cfg.fragmentation_timeout_last);
-	cfg.fragmentation_packets_per_flow = j.value("fragmentation_packets_per_flow", cfg.fragmentation_packets_per_flow);
+	cfg.fragmentation.size = j.value("fragmentation_size", cfg.fragmentation.size);
+	cfg.fragmentation.timeout_first = j.value("fragmentation_timeout_first", cfg.fragmentation.timeout_first);
+	cfg.fragmentation.timeout_last = j.value("fragmentation_timeout_last", cfg.fragmentation.timeout_last);
+	cfg.fragmentation.packets_per_flow = j.value("fragmentation_packets_per_flow", cfg.fragmentation.packets_per_flow);
 
 	{
 		/*
diff --git a/dataplane/controlplane.cpp b/dataplane/controlplane.cpp
index 5e377fbf..1171b975 100644
--- a/dataplane/controlplane.cpp
+++ b/dataplane/controlplane.cpp
@@ -9,137 +9,28 @@
 #include <rte_lcore.h>
 #include <rte_malloc.h>
 
-#include "common/fallback.h"
-#include "common/idp.h"
-#include "common/version.h"
-
-#include "checksum.h"
 #include "common.h"
-#include "controlplane.h"
+#include "common/version.h"
 #include "dataplane.h"
+#include "dataplane/worker_gc.h"
 #include "debug_latch.h"
-#include "icmp.h"
-#include "metadata.h"
-#include "prepare.h"
-#include "worker.h"
 
 cControlPlane::cControlPlane(cDataPlane* dataPlane) :
         dataPlane(dataPlane),
-        fragmentation(this, dataPlane),
-        dregress(this, dataPlane),
-        mempool(nullptr),
-        use_kernel_interface(false),
-        slowWorker(nullptr),
-        prevTimePointForSWRateLimiter(std::chrono::high_resolution_clock::now())
+        use_kernel_interface(false)
 {
 	memset(&stats, 0, sizeof(stats));
 }
 
-cControlPlane::~cControlPlane()
-{
-	if (use_kernel_interface)
-	{
-		const auto& portmapper = slowWorker->basePermanently.ports;
-		for (tPortId i = 0; i < portmapper.size(); ++i)
-		{
-			const auto port_id = portmapper.ToDpdk(i);
-			remove_kernel_interface(port_id, kernel_interfaces[i].interface_name);
-			remove_kernel_interface(port_id, in_dump_kernel_interfaces[i].interface_name);
-			remove_kernel_interface(port_id, out_dump_kernel_interfaces[i].interface_name);
-			remove_kernel_interface(port_id, drop_dump_kernel_interfaces[i].interface_name);
-		}
-	}
-
-	if (mempool)
-	{
-		rte_mempool_free(mempool);
-	}
-}
-
 eResult cControlPlane::init(bool use_kernel_interface)
 {
 	this->use_kernel_interface = use_kernel_interface;
 
 	eResult result = eResult::success;
 
-	/// init mempool for kernel interfaces and slow worker
-	result = initMempool();
-	if (result != eResult::success)
-	{
-		return result;
-	}
-
-	gc_step = dataPlane->getConfigValues().gc_step;
-	dregress.gc_step = gc_step;
-
-	icmpOutRemainder = dataPlane->config.SWICMPOutRateLimit / dataPlane->config.rateLimitDivisor;
-
 	return result;
 }
 
-void cControlPlane::start()
-{
-	int rc = pthread_barrier_wait(&dataPlane->initPortBarrier);
-	if (rc == PTHREAD_BARRIER_SERIAL_THREAD)
-	{
-		pthread_barrier_destroy(&dataPlane->initPortBarrier);
-	}
-	else if (rc != 0)
-	{
-		YADECAP_LOG_ERROR("pthread_barrier_wait() = %d\n", rc);
-		/// @todo: stop
-		return;
-	}
-
-	/// start devices
-	for (const auto& portIter : dataPlane->ports)
-	{
-		const tPortId& portId = portIter.first;
-
-		int rc = rte_eth_dev_start(portId);
-		if (rc)
-		{
-			YADECAP_LOG_ERROR("can't start eth dev(%d, %d): %s\n",
-			                  rc,
-			                  rte_errno,
-			                  rte_strerror(rte_errno));
-			abort();
-		}
-
-		rte_eth_promiscuous_enable(portId);
-	}
-
-	if (use_kernel_interface)
-	{
-		if (init_kernel_interfaces() != eResult::success)
-		{
-			abort();
-		}
-	}
-
-	rc = pthread_barrier_wait(&dataPlane->runBarrier);
-	if (rc == PTHREAD_BARRIER_SERIAL_THREAD)
-	{
-		pthread_barrier_destroy(&dataPlane->runBarrier);
-	}
-	else if (rc != 0)
-	{
-		YADECAP_LOG_ERROR("pthread_barrier_wait() = %d\n", rc);
-		/// @todo: stop
-		return;
-	}
-
-	if (use_kernel_interface)
-	{
-		for (uint16_t i = 0; i < slowWorker->basePermanently.ports.size(); ++i)
-		{
-			set_kernel_interface_up(kernel_interfaces[i].interface_name);
-		}
-	}
-
-	mainThread();
-}
-
 common::idp::updateGlobalBase::response cControlPlane::updateGlobalBase(const common::idp::updateGlobalBase::request& request)
 {
 	std::lock_guard<std::mutex> guard(mutex);
@@ -274,82 +165,88 @@ common::idp::getGlobalBase::response cControlPlane::getGlobalBase(const common::
 	return response;
 }
 
-common::idp::getOtherStats::response cControlPlane::getOtherStats()
-{
-	common::idp::getOtherStats::response response;
-	auto& [response_workers] = response;
-
-	/// workers
-	{
-		for (const auto& iter : dataPlane->workers)
-		{
-			const tCoreId& coreId = iter.first;
-			const cWorker* worker = iter.second;
-
-			std::array<uint64_t, CONFIG_YADECAP_MBUFS_BURST_SIZE + 1> bursts;
-			memcpy(&bursts[0], worker->bursts, sizeof(worker->bursts));
-
-			response_workers[coreId] = {bursts};
-		}
-	}
-
-	return response;
-}
-
 common::idp::getWorkerStats::response cControlPlane::getWorkerStats(const common::idp::getWorkerStats::request& request)
 {
 	/// unsafe
 
 	common::idp::getWorkerStats::response response;
 
-	if (request.size())
-	{
-		for (const auto& coreId : request)
+	auto add_stats_to_response = [this, &response](tCoreId coreId, const cWorker* worker) {
+		std::map<tPortId, common::worker::stats::port> portsStats;
+		for (const auto& portIter : dataPlane->ports)
 		{
-			/// @todo: check coreId
+			portsStats[portIter.first] = worker->statsPorts[portIter.first];
+		}
 
-			const auto& worker = dataPlane->workers.find(coreId)->second;
+		response[coreId] = {worker->iteration,
+		                    *worker->stats,
+		                    portsStats};
+	};
 
-			std::map<tPortId, common::worker::stats::port> portsStats;
-			for (const auto& portIter : dataPlane->ports)
+	if (!request.empty())
+	{
+		for (const auto& coreId : request)
+		{
+			const cWorker* worker{};
+			if (auto it = dataPlane->workers.find(coreId); it != dataPlane->workers.end())
+			{
+				worker = it->second;
+			}
+			if (!worker)
+			{
+				if (auto slow = dataPlane->slow_workers.find(coreId); slow != dataPlane->slow_workers.end())
+				{
+					worker = slow->second->GetWorker();
+				}
+			}
+			if (!worker)
 			{
-				portsStats[portIter.first] = worker->statsPorts[portIter.first];
+				YANET_LOG_ERROR("Worker stats requested for non-worker core id (%d)\n", coreId);
+				continue;
 			}
 
-			response[coreId] = {worker->iteration,
-			                    worker->stats,
-			                    portsStats};
+			add_stats_to_response(coreId, worker);
 		}
 	}
 	else
 	{
 		/// all workers
 
-		for (const auto& [coreId, worker] : dataPlane->workers)
+		for (const cWorker* worker : dataPlane->workers_vector)
 		{
-			std::map<tPortId, common::worker::stats::port> portsStats;
-			for (const auto& portIter : dataPlane->ports)
-			{
-				portsStats[portIter.first] = worker->statsPorts[portIter.first];
-			}
-
-			response[coreId] = {worker->iteration,
-			                    worker->stats,
-			                    portsStats};
+			add_stats_to_response(worker->coreId, worker);
 		}
 	}
 
 	return response;
 }
 
-common::idp::getSlowWorkerStats::response cControlPlane::getSlowWorkerStats()
+const std::vector<cWorker*>& cControlPlane::workers_vector() const
+{
+	return dataPlane->workers_vector;
+}
+
+const std::map<tCoreId, dataplane::SlowWorker*>& cControlPlane::slow_workers() const
+{
+	return dataPlane->slow_workers;
+}
+
+common::slowworker::stats_t cControlPlane::SlowWorkerStats() const
+{
+	return accumulateSlowWorkerStats(
+	        [](dataplane::SlowWorker* worker) {
+		        return worker->Stats();
+	        });
+}
+
+common::idp::getSlowWorkerStats::response cControlPlane::SlowWorkerStatsResponse()
 {
 	/// unsafe
 
 	common::idp::getSlowWorkerStats::response response;
 	auto& [slowworker_stats, hashtable_gc_stats] = response;
 
-	slowworker_stats = stats;
+	slowworker_stats = SlowWorkerStats();
 	/// @todo
 	// hashtable_gc_stats.emplace_back(slowWorker->socketId,
 	//                                 "dregress",
@@ -365,7 +262,7 @@ common::idp::getSlowWorkerStats::response cControlPlane::getSlowWorkerStats()
 
 	for (const auto& [core_id, worker] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		hashtable_gc_stats.emplace_back(worker->socket_id,
 		                                "nat64stateful.lan.state.ht",
@@ -398,7 +295,7 @@ common::idp::get_worker_gc_stats::response cControlPlane::get_worker_gc_stats()
 	for (const auto& [core_id, worker] : dataPlane->worker_gcs)
 	{
 		response[core_id] = {worker->iteration,
-		                     worker->stats};
+		                     *worker->stats};
 	}
 
 	return response;
@@ -406,7 +303,21 @@ common::idp::get_worker_gc_stats::response cControlPlane::get_worker_gc_stats()
 
 common::idp::get_dregress_counters::response cControlPlane::get_dregress_counters()
 {
-	return dregress.get_dregress_counters();
+	common::dregress::counters_t counters_v4;
+	common::dregress::counters_t counters_v6;
+	for (auto& [core, slow] : dataPlane->slow_workers)
+	{
+		YANET_GCC_BUG_UNUSED(core);
+		dregress_t& dregress = slow->Dregress();
+		auto guard = dregress.LockCounters();
+		counters_v4.merge(dregress.Counters4());
+		counters_v6.merge(dregress.Counters6());
+		dregress.ClearCounters();
+	}
+	common::stream_out_t stream;
+	counters_v4.push(stream);
+	counters_v6.push(stream);
+	return stream.getBuffer();
 }
 
 common::idp::get_ports_stats::response cControlPlane::get_ports_stats()
@@ -415,7 +326,7 @@ common::idp::get_ports_stats::response cControlPlane::get_ports_stats()
 
 	for (const auto& [portId, port] : dataPlane->ports)
 	{
-		(void)port;
+		YANET_GCC_BUG_UNUSED(port);
 
 		rte_eth_stats stats;
 		{
@@ -423,13 +334,10 @@ common::idp::get_ports_stats::response cControlPlane::get_ports_stats()
 			rte_eth_stats_get(portId, &stats);
 		}
 
-		uint64_t physicalPort_egress_drops = 0;
-		for (const auto& [coreId, worker] : dataPlane->workers)
-		{
-			(void)coreId;
-
-			physicalPort_egress_drops += worker->statsPorts[portId].physicalPort_egress_drops;
-		}
+		uint64_t physicalPort_egress_drops = accumulateWorkerStats(
+		        [portId](cWorker* worker) {
+			        return worker->statsPorts[portId].physicalPort_egress_drops;
+		        });
 
 		response[portId] = {stats.ipackets,
 		                    stats.ibytes,
@@ -452,7 +360,7 @@ common::idp::get_ports_stats_extended::response cControlPlane::get_ports_stats_e
 
 	for (const auto& [portId, _] : dataPlane->ports)
 	{
-		(void)_;
+		YANET_GCC_BUG_UNUSED(_);
 
 		auto portStats = dataPlane->getPortStats(portId);
 		response[portId] = portStats;
@@ -467,36 +375,26 @@ common::idp::getControlPlanePortStats::response cControlPlane::getControlPlanePo
 
 	common::idp::getControlPlanePortStats::response response;
 
-	const auto& portmapper = slowWorker->basePermanently.ports;
+	if (!use_kernel_interface)
+	{
+		return response;
+	}
 
 	if (request.size())
 	{
 		for (const auto& portId : request)
 		{
-			if ((!use_kernel_interface) || (!portmapper.ValidDpdk(portId)))
+			const auto& maybe_stats = KniStats(portId);
+			if (!maybe_stats)
 			{
 				YANET_LOG_ERROR("Controlplane statistics requested for invalid port id ( %u )", portId);
 			}
-			const auto& stats = kernel_stats[portmapper.ToLogical(portId)];
-
-			uint64_t controlPlane_drops = 0;
-			for (const auto& [coreId, worker] : dataPlane->workers)
-			{
-				(void)coreId;
-
-				/* @todo This line assumes dpdk port id of a port is equal to logical id, and logical
-				 * ids of diferent workers are the same.
-				 * one can't just assume worker ports are enumerated identically.
-				 * Moreover indexing should be by logical id, inter worker communications
-				 * by dpdk portId's
-				 */
-				controlPlane_drops += worker->statsPorts[portId].controlPlane_drops;
-			}
+			const dataplane::sKniStats& stats = maybe_stats.value();
 
 			response[portId] = {stats.ipackets,
 			                    stats.ibytes,
 			                    0,
-			                    stats.idropped + controlPlane_drops,
+			                    stats.idropped,
 			                    stats.opackets,
 			                    stats.obytes,
 			                    0,
@@ -506,35 +404,22 @@ common::idp::getControlPlanePortStats::response cControlPlane::getControlPlanePo
 	else
 	{
 		/// all ports
-		if (use_kernel_interface)
+		for (auto& [core, slow] : dataPlane->slow_workers)
 		{
-			for (tPortId i = 0; i < portmapper.size(); ++i)
-			{
-				const auto& stats = kernel_stats[i];
-				const auto& portId = portmapper.ToDpdk(i);
-
-				uint64_t controlPlane_drops = 0;
-				for (const auto& [coreId, worker] : dataPlane->workers)
-				{
-					(void)coreId;
-
-					/* @todo This line assumes dpdk port id of a port is equal to logical id, and logical
-					 * ids of diferent workers are the same.
-					 * one can't just assume worker ports are enumerated identically.
-					 * Moreover indexing should be by logical id, inter worker communications
-					 * by dpdk portId's
-					 */
-					controlPlane_drops += worker->statsPorts[portId].controlPlane_drops;
-				}
+			YANET_GCC_BUG_UNUSED(core);
+			const auto& kni_worker = slow->KniWorker();
 
-				response[portId] = {stats.ipackets,
-				                    stats.ibytes,
-				                    0,
-				                    stats.idropped + controlPlane_drops,
-				                    stats.opackets,
-				                    stats.obytes,
-				                    0,
-				                    stats.odropped};
+			auto stats = kni_worker.PortsStats().first;
+			for (auto [current, end] = kni_worker.PortsIds(); current != end; ++current, ++stats)
+			{
+				response[*current] = {stats->ipackets,
+				                      stats->ibytes,
+				                      0,
+				                      stats->idropped,
+				                      stats->opackets,
+				                      stats->obytes,
+				                      0,
+				                      stats->odropped};
 			}
 		}
 	}
@@ -542,9 +427,50 @@ common::idp::getControlPlanePortStats::response cControlPlane::getControlPlanePo
 	return response;
 }
 
-common::idp::getFragmentationStats::response cControlPlane::getFragmentationStats()
+common::idp::getFragmentationStats::response cControlPlane::getFragmentationStats() const
+{
+	return accumulateSlowWorkerStats(
+	        [](dataplane::SlowWorker* worker) {
+		        return worker->Fragmentation().getStats();
+	        });
+}
+
+common::dregress::stats_t cControlPlane::DregressStats() const
+{
+	return accumulateSlowWorkerStats(
+	        [](dataplane::SlowWorker* worker) {
+		        return worker->Dregress().Stats();
+	        });
+}
+
+std::optional<std::reference_wrapper<const dataplane::sKniStats>> cControlPlane::KniStats(tPortId pid) const
+{
+	// Dumb iteration over slow workers and their assigned ports, should not be a bottleneck
+	for (auto& [core, slow] : dataPlane->slow_workers)
+	{
+		YANET_GCC_BUG_UNUSED(core);
+		if (const auto& stats = slow->KniWorker().PortStats(pid))
+		{
+			return stats;
+		}
+	}
+	return std::nullopt;
+}
+
+dataplane::hashtable_chain_spinlock_stats_t cControlPlane::DregressConnectionsStats() const
+{
+	return accumulateSlowWorkerStats(
+	        [](dataplane::SlowWorker* worker) {
+		        return worker->Dregress().Connections()->stats();
+	        });
+}
+
+dregress::LimitsStats cControlPlane::DregressLimitsStats() const
 {
-	return fragmentation.getStats();
+	return accumulateSlowWorkerStats(
+	        [](dataplane::SlowWorker* worker) {
+		        return worker->Dregress().limits();
+	        });
 }
 
 common::idp::getFWState::response cControlPlane::getFWState()
@@ -553,7 +479,7 @@ common::idp::getFWState::response cControlPlane::getFWState()
 
 	for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		worker_gc->fw_state_mutex.lock();
 		auto fw_state = worker_gc->fw_state;
@@ -598,7 +524,7 @@ common::idp::getFWStateStats::response cControlPlane::getFWStateStats() ///< @to
 
 	for (auto& [socket_id, globalbase_atomics] : dataPlane->globalBaseAtomics)
 	{
-		(void)socket_id;
+		YANET_GCC_BUG_UNUSED(socket_id);
 
 		stats.fwstate4_size = std::max(stats.fwstate4_size, (uint64_t)globalbase_atomics->updater.fw4_state.get_stats().keys_count);
 		stats.fwstate6_size = std::max(stats.fwstate6_size, (uint64_t)globalbase_atomics->updater.fw6_state.get_stats().keys_count);
@@ -611,7 +537,7 @@ eResult cControlPlane::clearFWState()
 {
 	for (auto& [socketId, globalBaseAtomic] : dataPlane->globalBaseAtomics)
 	{
-		(void)socketId;
+		YANET_GCC_BUG_UNUSED(socketId);
 
 		globalBaseAtomic->fw4_state->clear();
 		globalBaseAtomic->fw6_state->clear();
@@ -619,26 +545,6 @@ eResult cControlPlane::clearFWState()
 	return common::result_e::success;
 }
 
-common::idp::getAclCounters::response cControlPlane::getAclCounters()
-{
-	std::lock_guard<std::mutex> guard(mutex);
-
-	common::idp::getAclCounters::response response;
-
-	response.resize(YANET_CONFIG_ACL_COUNTERS_SIZE);
-	for (const auto& [coreId, worker] : dataPlane->workers)
-	{
-		(void)coreId;
-
-		for (size_t i = 0; i < YANET_CONFIG_ACL_COUNTERS_SIZE; i++)
-		{
-			response[i] += worker->aclCounters[i];
-		}
-	}
-
-	return response;
-}
-
 common::idp::getPortStatsEx::response cControlPlane::getPortStatsEx()
 {
 	common::idp::getPortStatsEx::response response;
@@ -674,37 +580,6 @@ common::idp::getPortStatsEx::response cControlPlane::getPortStatsEx()
 	return response;
 }
 
-common::idp::getCounters::response cControlPlane::getCounters(const common::idp::getCounters::request& request)
-{
-	common::idp::getCounters::response response;
-	response.resize(request.size());
-
-	for (size_t i = 0;
-	     i < request.size();
-	     i++)
-	{
-		const auto& counter_id = request[i];
-
-		if (counter_id >= YANET_CONFIG_COUNTERS_SIZE)
-		{
-			std::lock_guard<std::mutex> guard(mutex);
-			++errors["getCounters: invalid counterId"];
-			continue;
-		}
-
-		uint64_t counter = 0;
-		for (const auto& [core_id, worker] : dataPlane->workers)
-		{
-			(void)core_id;
-			counter += worker->counters[counter_id];
-		}
-
-		response[i] = counter;
-	}
-
-	return response;
-}
-
 common::idp::getConfig::response cControlPlane::getConfig() const
 {
 	common::idp::getConfig::response response;
@@ -713,9 +588,9 @@ common::idp::getConfig::response cControlPlane::getConfig() const
 	for (const auto& [port_id, port] : dataPlane->ports)
 	{
 		const auto& [interface_name, rx_queues, tx_queues_count, mac_address, pci, symmetric_mode] = port;
-		(void)rx_queues;
-		(void)tx_queues_count;
-		(void)symmetric_mode;
+		YANET_GCC_BUG_UNUSED(rx_queues);
+		YANET_GCC_BUG_UNUSED(tx_queues_count);
+		YANET_GCC_BUG_UNUSED(symmetric_mode);
 
 		response_ports[port_id] = {interface_name,
 		                           rte_eth_dev_socket_id(port_id),
@@ -723,19 +598,14 @@ common::idp::getConfig::response cControlPlane::getConfig() const
 		                           pci};
 	}
 
-	for (const auto& workerIter : dataPlane->workers)
+	for (const cWorker* worker : dataPlane->workers_vector)
 	{
-		const tCoreId& coreId = workerIter.first;
-		const cWorker* worker = workerIter.second;
-
-		for (unsigned int worker_port_i = 0;
-		     worker_port_i < worker->basePermanently.workerPortsCount;
-		     worker_port_i++)
+		for (const auto& endpoint : worker->basePermanently.rx_points)
 		{
-			std::get<0>(response_workers[coreId]).emplace_back(worker->basePermanently.workerPorts[worker_port_i].inPortId);
+			std::get<0>(response_workers[worker->coreId]).emplace_back(endpoint.port);
 		}
 
-		std::get<1>(response_workers[coreId]) = worker->socketId;
+		std::get<1>(response_workers[worker->coreId]) = worker->socketId;
 	}
 
 	/// @todo: worker_gcs
@@ -835,7 +705,7 @@ common::idp::lpm4LookupAddress::response cControlPlane::lpm4LookupAddress(const
 		const tSocketId& socketId = iter.first;
 		const auto* globalBase = iter.second[dataPlane->currentGlobalBaseId];
 
-		uint32_t valueId;
+		uint32_t valueId = 0;
 		if (globalBase->route_lpm4->lookup(ipAddress, &valueId))
 		{
 			response[socketId] = {true,
@@ -867,7 +737,7 @@ common::idp::lpm6LookupAddress::response cControlPlane::lpm6LookupAddress(const
 		const tSocketId& socketId = iter.first;
 		const auto* globalBase = iter.second[dataPlane->currentGlobalBaseId];
 
-		uint32_t valueId;
+		uint32_t valueId = 0;
 		if (globalBase->route_lpm6->lookup(request, &valueId))
 		{
 			response[socketId] = {true,
@@ -890,7 +760,7 @@ common::idp::samples::response cControlPlane::samples()
 	std::set<common::idp::samples::sample_t> samples;
 	for (auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		std::lock_guard<std::mutex> guard(worker_gc->samples_mutex);
 
@@ -908,6 +778,11 @@ common::idp::samples::response cControlPlane::samples()
 	return common::idp::samples::response(samples.begin(), samples.end());
 }
 
+common::idp::hitcount_dump::response cControlPlane::hitcount_dump()
+{
+	return dataPlane->getHitcountMap();
+}
+
 eResult cControlPlane::debug_latch_update(const common::idp::debug_latch_update::request& request)
 {
 	const auto& [latch_id, state] = request;
@@ -965,11 +840,20 @@ common::idp::limits::response cControlPlane::limits()
 
 	for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 		worker_gc->limits(response);
 	}
 
-	dregress.limits(response);
+	auto dregress = DregressLimitsStats();
+
+	limit_insert(response,
+	             "dregress.ht.keys",
+	             dregress.pairs,
+	             dregress.keysSize);
+	limit_insert(response,
+	             "dregress.ht.extended_chunks",
+	             dregress.extendedChunksCount,
+	             YANET_CONFIG_DREGRESS_HT_EXTENDED_SIZE);
 
 	return response;
 }
@@ -980,7 +864,7 @@ common::idp::balancer_connection::response cControlPlane::balancer_connection(co
 
 	for (auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		auto& response_connections = response[worker_gc->socket_id];
 
@@ -1044,7 +928,7 @@ common::idp::balancer_connection::response cControlPlane::balancer_connection(co
 					}
 
 					/// @todo: filter_real_port
-					(void)filter_real_port;
+					YANET_GCC_BUG_UNUSED(filter_real_port);
 
 					auto& connections = response_connections[{balancer_id,
 					                                          virtual_ip,
@@ -1078,7 +962,7 @@ common::idp::balancer_service_connections::response cControlPlane::balancer_serv
 
 	for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		auto current_guard = worker_gc->balancer_service_connections.current_lock_guard();
 		response[worker_gc->socket_id] = worker_gc->balancer_service_connections.current();
@@ -1093,7 +977,7 @@ common::idp::balancer_real_connections::response cControlPlane::balancer_real_co
 
 	for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		auto current_guard = worker_gc->balancer_real_connections.current_lock_guard();
 		response[worker_gc->socket_id] = worker_gc->balancer_real_connections.current();
@@ -1104,34 +988,32 @@ common::idp::balancer_real_connections::response cControlPlane::balancer_real_co
 
 eResult cControlPlane::unrdup_vip_to_balancers(const common::idp::unrdup_vip_to_balancers::request& request)
 {
-	std::lock_guard<std::mutex> guard(unrdup_mutex);
-
-	uint32_t balancer_id = std::get<0>(request);
+	return vip_to_balancers.apply([&](auto& vtb) {
+		uint32_t balancer_id = std::get<0>(request);
 
-	if (vip_to_balancers.size() <= balancer_id)
-	{
-		vip_to_balancers.resize(balancer_id + 1);
-	}
-
-	vip_to_balancers[balancer_id] = std::get<1>(request);
+		if (vtb.size() <= balancer_id)
+		{
+			vtb.resize(balancer_id + 1);
+		}
 
-	return eResult::success;
+		vtb[balancer_id] = std::get<1>(request);
+		return eResult::success;
+	});
 }
 
 eResult cControlPlane::update_vip_vport_proto(const common::idp::update_vip_vport_proto::request& request)
 {
-	std::lock_guard<std::mutex> guard(vip_vport_proto_mutex);
-
-	uint32_t balancer_id = std::get<0>(request);
-
-	if (vip_vport_proto.size() <= balancer_id)
-	{
-		vip_vport_proto.resize(balancer_id + 1);
-	}
+	return vip_vport_proto.apply([&](auto& vvp) {
+		uint32_t balancer_id = std::get<0>(request);
 
-	vip_vport_proto[balancer_id] = std::get<1>(request);
+		if (vvp.size() <= balancer_id)
+		{
+			vvp.resize(balancer_id + 1);
+		}
 
-	return eResult::success;
+		vvp[balancer_id] = std::get<1>(request);
+		return eResult::success;
+	});
 }
 
 common::idp::version::response cControlPlane::version()
@@ -1143,48 +1025,6 @@ common::idp::version::response cControlPlane::version()
 	        version_custom()};
 }
 
-common::idp::get_counter_by_name::response cControlPlane::get_counter_by_name(const common::idp::get_counter_by_name::request& request)
-{
-	common::idp::get_counter_by_name::response response;
-
-	const auto& [counter_name, optional_core_id] = request;
-
-	if (optional_core_id.has_value())
-	{
-		std::optional<uint64_t> counter_val = dataPlane->getCounterValueByName(counter_name, optional_core_id.value());
-		if (counter_val.has_value())
-		{
-			response[optional_core_id.value()] = counter_val.value();
-		}
-
-		// if counter with provided name does not exist, empty map will be returned, and its emptiness should be checked on another end
-		return response;
-	}
-
-	// core_id was not specified, return counter for each core_id
-	for (const auto& [core_id, worker] : dataPlane->workers)
-	{
-		(void)worker;
-		std::optional<uint64_t> counter_val = dataPlane->getCounterValueByName(counter_name, core_id);
-		if (counter_val.has_value())
-		{
-			response[core_id] = counter_val.value();
-		}
-	}
-
-	for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
-	{
-		(void)worker_gc;
-		std::optional<uint64_t> counter_val = dataPlane->getCounterValueByName(counter_name, core_id);
-		if (counter_val.has_value())
-		{
-			response[core_id] = counter_val.value();
-		}
-	}
-
-	return response;
-}
-
 common::idp::get_shm_info::response cControlPlane::get_shm_info()
 {
 	common::idp::get_shm_info::response response;
@@ -1240,7 +1080,7 @@ eResult cControlPlane::dump_physical_port(const common::idp::dump_physical_port:
 		/// start dump traffic to interface
 		for (auto& [socket_id, globalbase_atomic] : dataPlane->globalBaseAtomics)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 
 			__atomic_or_fetch(&globalbase_atomic->physicalPort_flags[*port_id],
 			                  (uint8_t)(flag),
@@ -1252,7 +1092,7 @@ eResult cControlPlane::dump_physical_port(const common::idp::dump_physical_port:
 		/// stop dump traffic to interface
 		for (auto& [socket_id, globalbase_atomic] : dataPlane->globalBaseAtomics)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 
 			__atomic_and_fetch(&globalbase_atomic->physicalPort_flags[*port_id],
 			                   (uint8_t)(~flag),
@@ -1267,7 +1107,7 @@ eResult cControlPlane::balancer_state_clear()
 {
 	for (auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 		worker_gc->balancer_state_clear();
 	}
 
@@ -1280,7 +1120,7 @@ common::idp::nat64stateful_state::response cControlPlane::nat64stateful_state(co
 
 	for (auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 		worker_gc->nat64stateful_state(request, response);
 	}
 
@@ -1291,10 +1131,8 @@ void cControlPlane::switchBase()
 {
 	YADECAP_MEMORY_BARRIER_COMPILE;
 
-	for (auto& iter : dataPlane->workers)
+	for (cWorker* worker : dataPlane->workers_vector)
 	{
-		auto* worker = iter.second;
-
 		worker->currentBaseId ^= 1;
 	}
 
@@ -1311,9 +1149,8 @@ void cControlPlane::switchBase()
 
 	YADECAP_MEMORY_BARRIER_COMPILE;
 
-	for (auto& iter : dataPlane->workers)
+	for (cWorker* worker : dataPlane->workers_vector)
 	{
-		auto* worker = iter.second;
 		auto& base = worker->bases[worker->currentBaseId];
 		auto& baseNext = worker->bases[worker->currentBaseId ^ 1];
 
@@ -1352,10 +1189,8 @@ void cControlPlane::waitAllWorkers()
 {
 	YADECAP_MEMORY_BARRIER_COMPILE;
 
-	for (const auto& [core_id, worker] : dataPlane->workers)
+	for (const cWorker* worker : dataPlane->workers_vector)
 	{
-		(void)core_id;
-
 		uint64_t startIteration = worker->iteration;
 		uint64_t nextIteration = startIteration;
 		while (nextIteration - startIteration <= (uint64_t)16)
@@ -1367,7 +1202,7 @@ void cControlPlane::waitAllWorkers()
 
 	for (const auto& [core_id, worker] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		uint64_t startIteration = worker->iteration;
 		uint64_t nextIteration = startIteration;
@@ -1381,1880 +1216,41 @@ void cControlPlane::waitAllWorkers()
 	YADECAP_MEMORY_BARRIER_COMPILE;
 }
 
-eResult cControlPlane::initMempool()
+void cControlPlane::flush_kernel_interface(KniPortData& port_data, sKniStats& stats)
 {
-	mempool = rte_mempool_create("cp",
-	                             CONFIG_YADECAP_MBUFS_COUNT + dataPlane->getConfigValues().fragmentation_size + dataPlane->getConfigValues().master_mempool_size + 4 * CONFIG_YADECAP_PORTS_SIZE * CONFIG_YADECAP_MBUFS_BURST_SIZE + 4 * dataPlane->ports.size() * dataPlane->getConfigValues().kernel_interface_queue_size,
-	                             CONFIG_YADECAP_MBUF_SIZE,
-	                             0,
-	                             sizeof(struct rte_pktmbuf_pool_private),
-	                             rte_pktmbuf_pool_init,
-	                             nullptr,
-	                             rte_pktmbuf_init,
-	                             nullptr,
-	                             rte_socket_id(),
-	                             0); ///< multi-producers, multi-consumers
-	if (!mempool)
-	{
-		YADECAP_LOG_ERROR("rte_mempool_create(): %s [%u]\n", rte_strerror(rte_errno), rte_errno);
-		return eResult::errorInitMempool;
-	}
 
-	return eResult::success;
-}
+	uint32_t packetsLength = 0;
 
-eResult cControlPlane::init_kernel_interfaces()
-{
-	const auto& portmapper = slowWorker->basePermanently.ports;
-	for (tPortId i = 0; i < portmapper.size(); ++i)
+	for (uint16_t mbuf_i = 0; mbuf_i < port_data.mbufs_count; mbuf_i++)
 	{
-		const auto port_id = portmapper.ToDpdk(i);
-		const auto& interface_name = std::get<0>(dataPlane->ports.at(port_id));
-
-		{
-			auto kernel_port_id = add_kernel_interface(port_id, interface_name);
-			if (!kernel_port_id)
-			{
-				return eResult::errorAllocatingKernelInterface;
-			}
-
-			kernel_interfaces[i] = {interface_name,
-			                        *kernel_port_id,
-			                        {},
-			                        {}};
-		}
-
-		{
-			auto kernel_port_id = add_kernel_interface(port_id, "in." + interface_name);
-			if (!kernel_port_id)
-			{
-				return eResult::errorAllocatingKernelInterface;
-			}
-
-			in_dump_kernel_interfaces[i] = {"in." + interface_name,
-			                                *kernel_port_id,
-			                                {},
-			                                {}};
-		}
-
-		{
-			auto kernel_port_id = add_kernel_interface(port_id, "out." + interface_name);
-			if (!kernel_port_id)
-			{
-				return eResult::errorAllocatingKernelInterface;
-			}
-
-			out_dump_kernel_interfaces[i] = {"out." + interface_name,
-			                                 *kernel_port_id,
-			                                 {},
-			                                 {}};
-		}
-
-		{
-			auto kernel_port_id = add_kernel_interface(port_id, "drop." + interface_name);
-			if (!kernel_port_id)
-			{
-				return eResult::errorAllocatingKernelInterface;
-			}
+		rte_mbuf* mbuf = port_data.mbufs[mbuf_i];
+		packetsLength += rte_pktmbuf_pkt_len(mbuf);
+	}
 
-			drop_dump_kernel_interfaces[i] = {"drop." + interface_name,
-			                                  *kernel_port_id,
-			                                  {},
-			                                  {}};
-		}
+	unsigned txSize = rte_eth_tx_burst(port_data.kernel_port_id, 0, port_data.mbufs, port_data.mbufs_count);
+	for (uint16_t mbuf_i = txSize; mbuf_i < port_data.mbufs_count; mbuf_i++)
+	{
+		rte_mbuf* mbuf = port_data.mbufs[mbuf_i];
+		packetsLength -= rte_pktmbuf_pkt_len(mbuf);
 	}
+	auto to_drop = port_data.mbufs_count - txSize;
+	rte_pktmbuf_free_bulk(&port_data.mbufs[txSize], to_drop);
 
-	return eResult::success;
+	stats.idropped += to_drop;
+	stats.ipackets += txSize;
+	stats.ibytes += packetsLength;
+	port_data.mbufs_count = 0;
 }
 
-std::optional<tPortId> cControlPlane::add_kernel_interface(const tPortId port_id,
-                                                           const std::string& interface_name)
+void cControlPlane::flush_kernel_interface(KniPortData& port_data)
 {
-	rte_ether_addr ether_addr;
-	rte_eth_macaddr_get(port_id, &ether_addr);
-
-	char vdev_name[RTE_DEV_NAME_MAX_LEN];
-	char vdev_args[256];
-
-	snprintf(vdev_name,
-	         sizeof(vdev_name),
-	         "virtio_user_%s_%u",
-	         interface_name.data(),
-	         port_id);
-
-	snprintf(vdev_args,
-	         sizeof(vdev_args),
-	         "path=/dev/vhost-net,queues=1,queue_size=%lu,iface=%s,mac=%s",
-	         dataPlane->getConfigValues().kernel_interface_queue_size,
-	         interface_name.data(),
-	         common::mac_address_t(ether_addr.addr_bytes).toString().data());
-
-	if (rte_eal_hotplug_add("vdev", vdev_name, vdev_args) != 0)
-	{
-		YADECAP_LOG_ERROR("failed to hotplug vdev interface '%s' with '%s'\n",
-		                  vdev_name,
-		                  vdev_args);
-		return std::nullopt;
-	}
-
-	uint16_t kernel_port_id;
-	if (rte_eth_dev_get_port_by_name(vdev_name, &kernel_port_id) != 0)
+	if (!port_data.mbufs_count)
 	{
-		YADECAP_LOG_ERROR("vdev interface '%s' not found\n", vdev_name);
-		rte_eal_hotplug_remove("vdev", vdev_name);
-		return std::nullopt;
+		return;
 	}
 
-	rte_eth_conf eth_conf;
-	memset(&eth_conf, 0, sizeof(eth_conf));
-
-	int ret = rte_eth_dev_configure(kernel_port_id,
-	                                1,
-	                                1,
-	                                &eth_conf);
-	if (ret < 0)
-	{
-		YADECAP_LOG_ERROR("rte_eth_dev_configure() = %d\n", ret);
-		rte_eal_hotplug_remove("vdev", vdev_name);
-		return std::nullopt;
-	}
-
-	uint16_t mtu;
-	if (rte_eth_dev_get_mtu(port_id, &mtu) == 0)
-	{
-		rte_eth_dev_set_mtu(kernel_port_id, mtu);
-	}
-
-	int rc = rte_eth_rx_queue_setup(kernel_port_id,
-	                                0,
-	                                dataPlane->getConfigValues().kernel_interface_queue_size,
-	                                0, ///< @todo: socket
-	                                nullptr,
-	                                mempool);
-	if (rc < 0)
-	{
-		YADECAP_LOG_ERROR("rte_eth_rx_queue_setup() = %d\n", rc);
-		rte_eal_hotplug_remove("vdev", vdev_name);
-		return std::nullopt;
-	}
-
-	rc = rte_eth_tx_queue_setup(kernel_port_id,
-	                            0,
-	                            dataPlane->getConfigValues().kernel_interface_queue_size,
-	                            0, ///< @todo: socket
-	                            nullptr);
-	if (rc < 0)
-	{
-		YADECAP_LOG_ERROR("rte_eth_tx_queue_setup(%u, %u) = %d\n", kernel_port_id, 0, ret);
-		rte_eal_hotplug_remove("vdev", vdev_name);
-		return std::nullopt;
-	}
-
-	rc = rte_eth_dev_start(kernel_port_id);
-	if (rc)
-	{
-		YADECAP_LOG_ERROR("can't start eth dev(%d, %d): %s\n",
-		                  rc,
-		                  rte_errno,
-		                  rte_strerror(rte_errno));
-		rte_eal_hotplug_remove("vdev", vdev_name);
-		return std::nullopt;
-	}
-
-	return kernel_port_id;
-}
-
-void cControlPlane::remove_kernel_interface(const tPortId port_id,
-                                            const std::string& interface_name)
-{
-	char vdev_name[RTE_DEV_NAME_MAX_LEN];
-
-	snprintf(vdev_name,
-	         sizeof(vdev_name),
-	         "virtio_user_%s_%u",
-	         interface_name.data(),
-	         port_id);
-
-	rte_eal_hotplug_remove("vdev", vdev_name);
-}
-
-void cControlPlane::set_kernel_interface_up(const std::string& interface_name)
-{
-	int socket = ::socket(AF_INET, SOCK_DGRAM, 0);
-	if (socket < 0)
-	{
-		return;
-	}
-
-	struct ifreq request;
-	memset(&request, 0, sizeof request);
-
-	strncpy(request.ifr_name, interface_name.data(), IFNAMSIZ);
-
-	request.ifr_flags |= IFF_UP;
-	ioctl(socket, SIOCSIFFLAGS, &request);
-}
-
-void cControlPlane::flush_kernel_interface(KniPortData& port_data, sKniStats& stats)
-{
-
-	uint32_t packetsLength = 0;
-
-	for (uint16_t mbuf_i = 0; mbuf_i < port_data.mbufs_count; mbuf_i++)
-	{
-		rte_mbuf* mbuf = port_data.mbufs[mbuf_i];
-		packetsLength += rte_pktmbuf_pkt_len(mbuf);
-	}
-
-	unsigned txSize = rte_eth_tx_burst(port_data.kernel_port_id, 0, port_data.mbufs, port_data.mbufs_count);
-	for (uint16_t mbuf_i = txSize; mbuf_i < port_data.mbufs_count; mbuf_i++)
-	{
-		rte_mbuf* mbuf = port_data.mbufs[mbuf_i];
-		packetsLength -= rte_pktmbuf_pkt_len(mbuf);
-	}
-	auto to_drop = port_data.mbufs_count - txSize;
-	rte_pktmbuf_free_bulk(&port_data.mbufs[txSize], to_drop);
-
-	stats.idropped += to_drop;
-	stats.ipackets += txSize;
-	stats.ibytes += packetsLength;
-	port_data.mbufs_count = 0;
-}
-
-void cControlPlane::flush_kernel_interface(KniPortData& port_data)
-{
-	if (!port_data.mbufs_count)
-	{
-		return;
-	}
-
-	unsigned txSize = rte_eth_tx_burst(port_data.kernel_port_id, 0, port_data.mbufs, port_data.mbufs_count);
-	rte_pktmbuf_free_bulk(&port_data.mbufs[txSize], port_data.mbufs_count - txSize);
+	unsigned txSize = rte_eth_tx_burst(port_data.kernel_port_id, 0, port_data.mbufs, port_data.mbufs_count);
+	rte_pktmbuf_free_bulk(&port_data.mbufs[txSize], port_data.mbufs_count - txSize);
 
 	port_data.mbufs_count = 0;
 }
-
-void cControlPlane::mainThread()
-{
-	rte_mbuf* operational[CONFIG_YADECAP_MBUFS_BURST_SIZE];
-
-	for (;;)
-	{
-		if (dataPlane->config.SWNormalPriorityRateLimitPerWorker || dataPlane->config.SWICMPOutRateLimit)
-		{
-			SWRateLimiterTimeTracker();
-		}
-
-		slowWorker->slowWorkerBeforeHandlePackets();
-
-		/// dequeue packets from worker's rings
-		for (unsigned nIter = 0; nIter < YANET_CONFIG_RING_PRIORITY_RATIO; nIter++)
-		{
-			for (unsigned hIter = 0; hIter < YANET_CONFIG_RING_PRIORITY_RATIO; hIter++)
-			{
-				unsigned hProcessed = 0;
-				for (const auto& iter : dataPlane->workers)
-				{
-					cWorker* worker = iter.second;
-					hProcessed += ring_handle(worker->ring_toFreePackets, worker->ring_highPriority);
-				}
-				if (!hProcessed)
-				{
-					break;
-				}
-			}
-
-			unsigned nProcessed = 0;
-			for (const auto& iter : dataPlane->workers)
-			{
-				cWorker* worker = iter.second;
-				nProcessed += ring_handle(worker->ring_toFreePackets, worker->ring_normalPriority);
-			}
-			if (!nProcessed)
-			{
-				break;
-			}
-		}
-		for (const auto& iter : dataPlane->workers)
-		{
-			cWorker* worker = iter.second;
-			ring_handle(worker->ring_toFreePackets, worker->ring_lowPriority);
-		}
-
-		if (use_kernel_interface)
-		{
-			for (int i = 0; i < slowWorker->basePermanently.ports.size(); ++i)
-			{
-				flush_kernel_interface(kernel_interfaces[i], kernel_stats[i]);
-				flush_kernel_interface(in_dump_kernel_interfaces[i]);
-				flush_kernel_interface(out_dump_kernel_interfaces[i]);
-				flush_kernel_interface(drop_dump_kernel_interfaces[i]);
-			}
-		}
-
-		/// dequeue packets from worker_gc's ring to slowworker
-		for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
-		{
-			(void)core_id;
-
-			rte_mbuf* mbufs[CONFIG_YADECAP_MBUFS_BURST_SIZE];
-
-			unsigned rxSize = rte_ring_sc_dequeue_burst(worker_gc->ring_to_slowworker,
-			                                            (void**)mbufs,
-			                                            CONFIG_YADECAP_MBUFS_BURST_SIZE,
-			                                            nullptr);
-
-			for (uint16_t mbuf_i = 0; mbuf_i < rxSize; mbuf_i++)
-			{
-				rte_mbuf* mbuf = convertMempool(worker_gc->ring_to_free_mbuf, mbufs[mbuf_i]);
-				if (!mbuf)
-				{
-					continue;
-				}
-
-				dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-				sendPacketToSlowWorker(mbuf, metadata->flow);
-			}
-		}
-
-		fragmentation.handle();
-		dregress.handle();
-
-		if (use_kernel_interface)
-		{
-			/// recv packets from kernel interface and send to physical port
-			for (int i = 0; i < slowWorker->basePermanently.ports.size(); ++i)
-			{
-				auto kernel_port_id = kernel_interfaces[i].kernel_port_id;
-
-				unsigned rxSize = rte_eth_rx_burst(kernel_port_id,
-				                                   0,
-				                                   operational,
-				                                   CONFIG_YADECAP_MBUFS_BURST_SIZE);
-				uint64_t bytes = 0;
-				for (uint16_t i = 0; i < rxSize; ++i)
-				{
-					bytes += rte_pktmbuf_pkt_len(operational[i]);
-				}
-				uint16_t txSize = rte_eth_tx_burst(slowWorker->basePermanently.ports.ToDpdk(i),
-				                                   0,
-				                                   operational,
-				                                   rxSize);
-				for (auto i = rxSize; i < txSize; ++i)
-				{
-					bytes -= rte_pktmbuf_pkt_len(operational[i]);
-				}
-				auto to_drop = rxSize - txSize;
-				rte_pktmbuf_free_bulk(operational + txSize, to_drop);
-				sKniStats& stats = kernel_stats[i];
-				stats.odropped += to_drop;
-				stats.opackets += txSize;
-				stats.obytes += bytes;
-			}
-
-			/// recv from in.X/out.X/drop.X interfaces and free packets
-			for (int i = 0; i < slowWorker->basePermanently.ports.size(); ++i)
-			{
-				unsigned rxSize;
-				rxSize = rte_eth_rx_burst(in_dump_kernel_interfaces[i].kernel_port_id,
-				                          0,
-				                          operational,
-				                          CONFIG_YADECAP_MBUFS_BURST_SIZE);
-				rte_pktmbuf_free_bulk(operational, rxSize);
-
-				rxSize = rte_eth_rx_burst(out_dump_kernel_interfaces[i].kernel_port_id,
-				                          0,
-				                          operational,
-				                          CONFIG_YADECAP_MBUFS_BURST_SIZE);
-				rte_pktmbuf_free_bulk(operational, rxSize);
-
-				rxSize = rte_eth_rx_burst(drop_dump_kernel_interfaces[i].kernel_port_id,
-				                          0,
-				                          operational,
-				                          CONFIG_YADECAP_MBUFS_BURST_SIZE);
-				rte_pktmbuf_free_bulk(operational, rxSize);
-			}
-		}
-
-		/// push packets to slow worker
-		while (!slowWorkerMbufs.empty())
-		{
-			for (unsigned int i = 0;
-			     i < CONFIG_YADECAP_MBUFS_BURST_SIZE;
-			     i++)
-			{
-				if (slowWorkerMbufs.empty())
-				{
-					break;
-				}
-
-				auto& tuple = slowWorkerMbufs.front();
-				slowWorker->slowWorkerFlow(std::get<0>(tuple), std::get<1>(tuple));
-
-				slowWorkerMbufs.pop();
-			}
-
-			slowWorker->slowWorkerHandlePackets();
-		}
-
-		slowWorker->slowWorkerAfterHandlePackets();
-
-		/// @todo: AUTOTEST_CONTROLPLANE
-
-		std::this_thread::yield();
-
-#ifdef CONFIG_YADECAP_AUTOTEST
-		std::this_thread::sleep_for(std::chrono::microseconds{1});
-#endif // CONFIG_YADECAP_AUTOTEST
-	}
-}
-
-unsigned cControlPlane::ring_handle(rte_ring* ring_to_free_mbuf,
-                                    rte_ring* ring)
-{
-	rte_mbuf* mbufs[CONFIG_YADECAP_MBUFS_BURST_SIZE];
-
-	unsigned rxSize = rte_ring_sc_dequeue_burst(ring,
-	                                            (void**)mbufs,
-	                                            CONFIG_YADECAP_MBUFS_BURST_SIZE,
-	                                            nullptr);
-
-#ifdef CONFIG_YADECAP_AUTOTEST
-	if (rxSize)
-	{
-		std::this_thread::sleep_for(std::chrono::microseconds{400});
-	}
-#endif // CONFIG_YADECAP_AUTOTEST
-
-	for (uint16_t mbuf_i = 0; mbuf_i < rxSize; mbuf_i++)
-	{
-		rte_mbuf* mbuf = convertMempool(ring_to_free_mbuf, mbufs[mbuf_i]);
-		if (!mbuf)
-		{
-			continue;
-		}
-
-		dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-		if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_ingress_icmp)
-		{
-			handlePacket_icmp_translate_v6_to_v4(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_ingress_fragmentation)
-		{
-			metadata->flow.type = common::globalBase::eFlowType::nat64stateless_ingress_checked;
-			handlePacket_fragment(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_egress_icmp)
-		{
-			handlePacket_icmp_translate_v4_to_v6(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_egress_fragmentation)
-		{
-			metadata->flow.type = common::globalBase::eFlowType::nat64stateless_egress_checked;
-			handlePacket_fragment(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_dregress)
-		{
-			handlePacket_dregress(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_egress_farm)
-		{
-			handlePacket_farm(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_dump)
-		{
-			handlePacket_dump(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_repeat)
-		{
-			handlePacket_repeat(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_fw_sync)
-		{
-			handlePacket_fw_state_sync(mbuf);
-		}
-		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_balancer_icmp_forward)
-		{
-			handlePacket_balancer_icmp_forward(mbuf);
-		}
-		else
-		{
-			handlePacketFromForwardingPlane(mbuf);
-		}
-	}
-	return rxSize;
-}
-
-void cControlPlane::handlePacketFromForwardingPlane(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	if (handlePacket_fw_state_sync_ingress(mbuf))
-	{
-		stats.fwsync_multicast_ingress_packets++;
-		rte_pktmbuf_free(mbuf);
-		return;
-	}
-
-#ifdef CONFIG_YADECAP_AUTOTEST
-	if (metadata->flow.type != common::globalBase::eFlowType::slowWorker_kni_local)
-	{
-		// drop by default in tests
-		stats.slowworker_drops++;
-		rte_pktmbuf_free(mbuf);
-		return;
-	}
-	rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, rte_ether_hdr*);
-	memset(ethernetHeader->dst_addr.addr_bytes,
-	       0x71,
-	       6);
-
-#endif
-
-	if (!use_kernel_interface)
-	{
-		// TODO stats
-		unsigned txSize = rte_eth_tx_burst(metadata->fromPortId, 0, &mbuf, 1);
-		if (!txSize)
-		{
-			rte_pktmbuf_free(mbuf);
-		}
-		return;
-	}
-	else
-	{
-		const auto& portmapper = slowWorker->basePermanently.ports;
-
-		auto& iface = kernel_interfaces[portmapper.ToLogical(metadata->fromPortId)];
-		if (iface.mbufs_count == CONFIG_YADECAP_MBUFS_BURST_SIZE)
-		{
-			flush_kernel_interface(iface, kernel_stats[portmapper.ToLogical(metadata->fromPortId)]);
-		}
-		iface.mbufs[iface.mbufs_count++] = mbuf;
-	}
-}
-
-static bool do_icmp_translate_v6_to_v4(rte_mbuf* mbuf,
-                                       const dataplane::globalBase::nat64stateless_translation_t& translation)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	rte_ipv4_hdr* ipv4ExtHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
-
-	if (ipv4ExtHeader->next_proto_id != IPPROTO_ICMP)
-	{
-		return false;
-	}
-
-	unsigned int payloadExtLen = rte_be_to_cpu_16(ipv4ExtHeader->total_length) - sizeof(rte_ipv4_hdr);
-
-	if (payloadExtLen < sizeof(icmp_header_t*) + sizeof(rte_ipv6_hdr))
-	{
-		return false;
-	}
-
-	icmp_header_t* icmpHeader = rte_pktmbuf_mtod_offset(mbuf, icmp_header_t*, metadata->network_headerOffset + sizeof(rte_ipv4_hdr));
-	uint8_t type = icmpHeader->type;
-	uint8_t code = icmpHeader->code;
-
-	if (type == ICMP6_DST_UNREACH)
-	{
-		type = ICMP_DEST_UNREACH;
-
-		if (code == ICMP6_DST_UNREACH_NOROUTE || code == ICMP6_DST_UNREACH_BEYONDSCOPE ||
-		    code == ICMP6_DST_UNREACH_ADDR)
-		{
-			code = ICMP_HOST_UNREACH;
-		}
-		else if (code == ICMP6_DST_UNREACH_ADMIN)
-		{
-			code = ICMP_HOST_ANO;
-		}
-		else if (code == ICMP6_DST_UNREACH_NOPORT)
-		{
-			code = ICMP_PORT_UNREACH;
-		}
-		else
-		{
-			return false;
-		}
-	}
-	else if (type == ICMP6_PACKET_TOO_BIG)
-	{
-		type = ICMP_DEST_UNREACH;
-		code = ICMP_FRAG_NEEDED;
-
-		uint32_t mtu = rte_be_to_cpu_32(icmpHeader->data32[0]) - 20;
-		icmpHeader->data32[0] = 0;
-		icmpHeader->data16[1] = rte_cpu_to_be_16(mtu);
-	}
-	else if (type == ICMP6_TIME_EXCEEDED)
-	{
-		type = ICMP_TIME_EXCEEDED;
-	}
-	else if (type == ICMP6_PARAM_PROB)
-	{
-
-		if (code == ICMP6_PARAMPROB_HEADER)
-		{
-			type = ICMP_PARAMETERPROB;
-			code = 0;
-			uint32_t ptr = rte_be_to_cpu_32(icmpHeader->data32[0]);
-			icmpHeader->data32[0] = 0;
-
-			if (ptr == 0 || ptr == 1)
-			{
-				/// unchanged
-			}
-			else if (ptr == 4 || ptr == 5)
-			{
-				ptr = 2;
-			}
-			else if (ptr == 6)
-			{
-				ptr = 9;
-			}
-			else if (ptr == 7)
-			{
-				ptr = 8;
-			}
-			else if (ptr >= 8 && ptr < 24)
-			{
-				ptr = 12;
-			}
-			else if (ptr >= 24 && ptr < 40)
-			{
-				ptr = 16;
-			}
-			else
-			{
-				return false;
-			}
-
-			icmpHeader->data8[0] = ptr;
-		}
-		else if (code == ICMP6_PARAMPROB_NEXTHEADER)
-		{
-			type = ICMP_DEST_UNREACH;
-			code = ICMP_PROT_UNREACH;
-			icmpHeader->data32[0] = 0;
-		}
-	}
-	else
-	{
-		return false;
-	}
-
-	icmpHeader->type = type;
-	icmpHeader->code = code;
-
-	rte_ipv6_hdr* ipv6PayloadHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset + sizeof(rte_ipv4_hdr) + sizeof(icmp_header_t));
-
-	/// @todo: think about it.
-	if (memcmp(ipv6PayloadHeader->dst_addr, translation.ipv6Address.bytes, 16))
-	{
-		return false;
-	}
-
-	if (memcmp(ipv6PayloadHeader->src_addr, translation.ipv6DestinationAddress.bytes, 12))
-	{
-		return false;
-	}
-
-	uint32_t addressSource = *(uint32_t*)&ipv6PayloadHeader->src_addr[12];
-
-	if (addressSource != ipv4ExtHeader->dst_addr)
-	{
-		return false;
-	}
-
-	uint32_t addressDestination = *(uint32_t*)&ipv6PayloadHeader->dst_addr[12];
-	addressDestination = translation.ipv4Address.address;
-
-	uint16_t checksum6 = yanet_checksum(&ipv6PayloadHeader->src_addr[0], 32);
-	uint16_t payloadLength = rte_be_to_cpu_16(ipv6PayloadHeader->payload_len);
-
-	unsigned int ipv6PayloadHeaderSize = sizeof(rte_ipv6_hdr);
-
-	uint16_t packet_id = 0x3421; ///< @todo: nat64statelessPacketId;
-	uint16_t fragment_offset = 0; ///< @todo: rte_cpu_to_be_16(RTE_IPV4_HDR_DF_FLAG);
-	uint8_t nextPayloadHeader = ipv6PayloadHeader->proto;
-
-	if (nextPayloadHeader == IPPROTO_FRAGMENT)
-	{
-		if (payloadExtLen < sizeof(icmp_header_t*) + sizeof(rte_ipv6_hdr) + sizeof(tIPv6ExtensionFragment*))
-		{
-			return false;
-		}
-		tIPv6ExtensionFragment* extension = (tIPv6ExtensionFragment*)(((char*)ipv6PayloadHeader) + ipv6PayloadHeaderSize);
-		packet_id = static_cast<uint16_t>(extension->identification >> 16);
-		fragment_offset = rte_cpu_to_be_16(rte_be_to_cpu_16(extension->offsetFlagM) >> 3);
-		fragment_offset |= (extension->offsetFlagM & 0x0100) >> 3;
-
-		nextPayloadHeader = extension->nextHeader;
-
-		ipv6PayloadHeaderSize += 8;
-	}
-
-	if (nextPayloadHeader == IPPROTO_HOPOPTS ||
-	    nextPayloadHeader == IPPROTO_ROUTING ||
-	    nextPayloadHeader == IPPROTO_FRAGMENT ||
-	    nextPayloadHeader == IPPROTO_NONE ||
-	    nextPayloadHeader == IPPROTO_DSTOPTS ||
-	    nextPayloadHeader == IPPROTO_MH)
-	{
-		/// @todo: ipv6 extensions
-
-		return false;
-	}
-
-	if (nextPayloadHeader == IPPROTO_ICMPV6)
-	{
-		nextPayloadHeader = IPPROTO_ICMP;
-	}
-
-	rte_ipv4_hdr* ipv4PayloadHeader = (rte_ipv4_hdr*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize - sizeof(rte_ipv4_hdr));
-
-	ipv4PayloadHeader->version_ihl = 0x45;
-	ipv4PayloadHeader->type_of_service = (rte_be_to_cpu_32(ipv6PayloadHeader->vtc_flow) >> 20) & 0xFF;
-	ipv4PayloadHeader->total_length = rte_cpu_to_be_16(payloadLength + 20 - (ipv6PayloadHeaderSize - 40));
-	ipv4PayloadHeader->packet_id = packet_id;
-	ipv4PayloadHeader->fragment_offset = fragment_offset;
-	ipv4PayloadHeader->time_to_live = ipv6PayloadHeader->hop_limits;
-	ipv4PayloadHeader->next_proto_id = nextPayloadHeader;
-	ipv4PayloadHeader->src_addr = addressSource;
-	ipv4PayloadHeader->dst_addr = addressDestination;
-
-	yanet_ipv4_checksum(ipv4PayloadHeader);
-
-	uint16_t checksum4 = yanet_checksum(&ipv4PayloadHeader->src_addr, 8);
-
-	{
-		unsigned int delta = ipv6PayloadHeaderSize - sizeof(rte_ipv4_hdr);
-
-		memcpy(rte_pktmbuf_mtod_offset(mbuf, char*, delta),
-		       rte_pktmbuf_mtod(mbuf, char*),
-		       metadata->network_headerOffset + sizeof(rte_ipv4_hdr) + sizeof(icmp_header_t));
-
-		rte_pktmbuf_adj(mbuf, delta);
-
-		icmpHeader = (icmp_header_t*)((char*)icmpHeader + delta);
-		ipv4ExtHeader = (rte_ipv4_hdr*)((char*)ipv4ExtHeader + delta);
-
-		uint16_t csum = ~ipv4ExtHeader->hdr_checksum;
-		csum = csum_minus(csum, ipv4ExtHeader->total_length);
-		ipv4ExtHeader->total_length = rte_cpu_to_be_16(rte_be_to_cpu_16(ipv4ExtHeader->total_length) - delta);
-		csum = csum_plus(csum, ipv4ExtHeader->total_length);
-		ipv4ExtHeader->hdr_checksum = (csum == 0xffff) ? csum : ~csum;
-	}
-
-	if ((fragment_offset & 0xFF1F) == 0)
-	{
-		if (nextPayloadHeader == IPPROTO_TCP)
-		{
-			/// @todo: check packet size
-
-			rte_tcp_hdr* tcpPayloadHeader = (rte_tcp_hdr*)((char*)ipv4PayloadHeader + sizeof(rte_ipv4_hdr));
-			yanet_tcp_checksum_v6_to_v4(tcpPayloadHeader, checksum6, checksum4);
-		}
-		else if (nextPayloadHeader == IPPROTO_UDP)
-		{
-			/// @todo: check packet size
-
-			rte_udp_hdr* udpPayloadHeader = (rte_udp_hdr*)((char*)ipv4PayloadHeader + sizeof(rte_ipv4_hdr));
-			yanet_udp_checksum_v6_to_v4(udpPayloadHeader, checksum6, checksum4);
-		}
-		else if (nextPayloadHeader == IPPROTO_ICMP)
-		{
-			/// @todo: check packet size
-
-			icmp_header_t* icmpPayloadHeader = (icmp_header_t*)((char*)ipv4PayloadHeader + sizeof(rte_ipv4_hdr));
-
-			if ((fragment_offset & 0xFF3F) != 0 ||
-			    !yanet_icmp_translate_v6_to_v4(icmpPayloadHeader,
-			                                   payloadLength,
-			                                   checksum6))
-			{
-				return false;
-			}
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	icmpHeader->checksum = 0;
-	uint32_t sum = __rte_raw_cksum(icmpHeader, sizeof(icmp_header_t) + sizeof(rte_ipv4_hdr) + payloadLength, 0);
-	icmpHeader->checksum = ~__rte_raw_cksum_reduce(sum);
-
-	return true;
-}
-
-void cControlPlane::handlePacket_icmp_translate_v6_to_v4(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-	const auto& nat64stateless = base.globalBase->nat64statelesses[metadata->flow.data.nat64stateless.id];
-	const auto& translation = base.globalBase->nat64statelessTranslations[metadata->flow.data.nat64stateless.translationId];
-
-	slowWorker->slowWorkerTranslation(mbuf, nat64stateless, translation, true);
-
-	if (do_icmp_translate_v6_to_v4(mbuf, translation))
-	{
-		slowWorker->stats.nat64stateless_ingressPackets++;
-		sendPacketToSlowWorker(mbuf, nat64stateless.flow);
-	}
-	else
-	{
-		slowWorker->stats.nat64stateless_ingressUnknownICMP++;
-		rte_pktmbuf_free(mbuf);
-	}
-}
-
-static bool do_icmp_translate_v4_to_v6(rte_mbuf* mbuf,
-                                       const dataplane::globalBase::nat64stateless_translation_t& translation)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	rte_ipv6_hdr* ipv6ExtHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
-
-	if (ipv6ExtHeader->proto != IPPROTO_ICMPV6)
-	{
-		return false;
-	}
-
-	unsigned int ipv6ExtHeaderSize = sizeof(rte_ipv6_hdr);
-
-	unsigned int payloadLen = rte_be_to_cpu_16(ipv6ExtHeader->payload_len);
-
-	if (payloadLen < sizeof(icmp_header_t) + sizeof(rte_ipv4_hdr))
-	{
-		return false;
-	}
-
-	icmp_header_t* icmpHeader = rte_pktmbuf_mtod_offset(mbuf, icmp_header_t*, metadata->network_headerOffset + ipv6ExtHeaderSize);
-	uint8_t type = icmpHeader->type;
-	uint8_t code = icmpHeader->code;
-
-	if (type == ICMP_DEST_UNREACH)
-	{
-		type = ICMP6_DST_UNREACH;
-
-		if (code == ICMP_NET_UNREACH || code == ICMP_HOST_UNREACH ||
-		    code == ICMP_SR_FAILED || code == ICMP_NET_UNKNOWN ||
-		    code == ICMP_HOST_UNKNOWN || code == ICMP_HOST_ISOLATED ||
-		    code == ICMP_NET_UNR_TOS || code == ICMP_HOST_UNR_TOS)
-		{
-			code = ICMP6_DST_UNREACH_NOROUTE;
-		}
-		else if (code == ICMP_PORT_UNREACH)
-		{
-			code = ICMP6_DST_UNREACH_NOPORT;
-		}
-		else if (code == ICMP_NET_ANO || code == ICMP_HOST_ANO ||
-		         code == ICMP_PKT_FILTERED || code == ICMP_PREC_CUTOFF)
-		{
-			code = ICMP6_DST_UNREACH_ADMIN;
-		}
-		else if (code == ICMP_PROT_UNREACH)
-		{
-			type = ICMP6_PARAM_PROB;
-			code = ICMP6_PARAMPROB_NEXTHEADER;
-
-			icmpHeader->data32[0] = rte_cpu_to_be_32(6);
-		}
-		else if (code == ICMP_FRAG_NEEDED)
-		{
-			type = ICMP6_PACKET_TOO_BIG;
-			code = 0;
-
-			uint32_t mtu = rte_be_to_cpu_16(icmpHeader->data16[1]) + 20;
-			if (mtu < 1280)
-			{
-				mtu = 1280;
-			}
-
-			icmpHeader->data32[0] = rte_cpu_to_be_32(mtu);
-		}
-		else
-		{
-			return false;
-		}
-	}
-	else if (type == ICMP_TIME_EXCEEDED)
-	{
-		type = ICMP6_TIME_EXCEEDED;
-	}
-	else if (type == ICMP_PARAMETERPROB)
-	{
-		if (code != 0 && code != 2)
-		{
-			return false;
-		}
-
-		uint8_t ptr = icmpHeader->data8[0];
-
-		if (ptr == 0 || ptr == 1)
-		{
-			/// unchanged
-		}
-		else if (ptr == 2 || ptr == 3)
-		{
-			ptr = 4;
-		}
-		else if (ptr == 8)
-		{
-			ptr = 7;
-		}
-		else if (ptr == 9)
-		{
-			ptr = 6;
-		}
-		else if (ptr >= 12 && ptr < 16)
-		{
-			ptr = 8;
-		}
-		else if (ptr >= 16 && ptr < 20)
-		{
-			ptr = 24;
-		}
-		else
-		{
-			return false;
-		}
-
-		type = ICMP6_PARAM_PROB;
-		code = ICMP6_PARAMPROB_HEADER;
-
-		icmpHeader->data32[0] = rte_cpu_to_be_32(ptr);
-	}
-	else
-	{
-		return false;
-	}
-
-	icmpHeader->type = type;
-	icmpHeader->code = code;
-
-	rte_ipv4_hdr* ipv4PayloadHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset + ipv6ExtHeaderSize + sizeof(icmp_header_t));
-
-	/// @todo: check ipv4 payload header length
-
-	if (ipv4PayloadHeader->src_addr != translation.ipv4Address.address)
-	{
-		return false;
-	}
-
-	unsigned int ipv6PayloadHeaderSize = sizeof(rte_ipv6_hdr);
-
-	if ((ipv4PayloadHeader->fragment_offset & 0xFF3F) != 0)
-	{
-		ipv6PayloadHeaderSize += 8;
-	}
-
-	{
-		unsigned int delta = ipv6PayloadHeaderSize - sizeof(rte_ipv4_hdr);
-
-		rte_pktmbuf_prepend(mbuf, delta);
-
-		memcpy(rte_pktmbuf_mtod(mbuf, char*),
-		       rte_pktmbuf_mtod_offset(mbuf, char*, delta),
-		       metadata->network_headerOffset + ipv6ExtHeaderSize + sizeof(icmp_header_t));
-
-		icmpHeader = (icmp_header_t*)((char*)icmpHeader - delta);
-		ipv6ExtHeader = (rte_ipv6_hdr*)((char*)ipv6ExtHeader - delta);
-		payloadLen += delta;
-		ipv6ExtHeader->payload_len = rte_cpu_to_be_16(payloadLen);
-	}
-
-	rte_ipv6_hdr* ipv6PayloadHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset + ipv6ExtHeaderSize + sizeof(icmp_header_t));
-
-	uint32_t addressDestination = ipv4PayloadHeader->dst_addr;
-	uint16_t checksum4 = yanet_checksum(&ipv4PayloadHeader->src_addr, 8);
-
-	uint16_t fragment_offset = ipv4PayloadHeader->fragment_offset;
-	uint8_t nextPayloadHeader = ipv4PayloadHeader->next_proto_id;
-
-	if (nextPayloadHeader == IPPROTO_ICMP)
-	{
-		nextPayloadHeader = IPPROTO_ICMPV6;
-	}
-
-	if ((fragment_offset & 0xFF3F) != 0)
-	{
-		tIPv6ExtensionFragment* extension = (tIPv6ExtensionFragment*)(((char*)ipv6PayloadHeader) + sizeof(rte_ipv6_hdr));
-		extension->nextHeader = nextPayloadHeader;
-		extension->reserved = 0;
-		extension->offsetFlagM = rte_cpu_to_be_16(rte_be_to_cpu_16(fragment_offset) << 3);
-		extension->offsetFlagM |= (fragment_offset & 0x0020) << 3;
-
-		/// @todo:  it is not original identification.
-		extension->identification = ipv4PayloadHeader->packet_id;
-
-		ipv6PayloadHeader->proto = IPPROTO_FRAGMENT;
-	}
-	else
-	{
-		ipv6PayloadHeader->proto = nextPayloadHeader;
-	}
-
-	ipv6PayloadHeader->vtc_flow = rte_cpu_to_be_32((0x6 << 28) | (ipv4PayloadHeader->type_of_service << 20));
-	ipv6PayloadHeader->payload_len = rte_cpu_to_be_16(rte_be_to_cpu_16(ipv4PayloadHeader->total_length) - 20 + (ipv6PayloadHeaderSize - 40));
-	ipv6PayloadHeader->hop_limits = ipv4PayloadHeader->time_to_live;
-	;
-
-	memcpy(ipv6PayloadHeader->src_addr, translation.ipv6Address.bytes, 16);
-
-	if (memcmp(ipv6PayloadHeader->src_addr, ipv6ExtHeader->dst_addr, 16))
-	{
-		return false;
-	}
-
-	memcpy(&ipv6PayloadHeader->dst_addr[0], translation.ipv6DestinationAddress.bytes, 12);
-	memcpy(&ipv6PayloadHeader->dst_addr[12], &addressDestination, 4);
-
-	uint16_t checksum6 = yanet_checksum(&ipv6PayloadHeader->src_addr[0], 32);
-
-	if ((fragment_offset & 0xFF1F) == 0)
-	{
-		if (nextPayloadHeader == IPPROTO_TCP)
-		{
-			/// @todo: check packet size
-
-			rte_tcp_hdr* tcpPayloadHeader = (rte_tcp_hdr*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize);
-			yanet_tcp_checksum_v4_to_v6(tcpPayloadHeader, checksum4, checksum6);
-		}
-		else if (nextPayloadHeader == IPPROTO_UDP)
-		{
-			/// @todo: check packet size
-
-			rte_udp_hdr* udpPayloadHeader = (rte_udp_hdr*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize);
-			yanet_udp_checksum_v4_to_v6(udpPayloadHeader, checksum4, checksum6);
-		}
-		else if (nextPayloadHeader == IPPROTO_ICMPV6)
-		{
-			/// @todo: check packet size
-
-			icmp_header_t* icmpPayloadHeader = (icmp_header_t*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize);
-
-			if ((fragment_offset & 0xFF3F) != 0 ||
-			    !yanet_icmp_translate_v4_to_v6(icmpPayloadHeader,
-			                                   rte_be_to_cpu_16(ipv6PayloadHeader->payload_len),
-			                                   checksum6))
-			{
-				return false;
-			}
-		}
-		else
-		{
-			return false;
-		}
-	}
-
-	icmpHeader->checksum = 0;
-	uint32_t sum = __rte_raw_cksum(ipv6ExtHeader->src_addr, 16, 0);
-	sum = __rte_raw_cksum(ipv6ExtHeader->dst_addr, 16, sum);
-
-	uint32_t tmp = ((uint32_t)rte_cpu_to_be_16(IPPROTO_ICMPV6) << 16) + rte_cpu_to_be_16(payloadLen);
-	sum = __rte_raw_cksum(&tmp, 4, sum);
-	sum = __rte_raw_cksum(icmpHeader, payloadLen, sum);
-
-	icmpHeader->checksum = ~__rte_raw_cksum_reduce(sum);
-
-	return true;
-}
-
-void cControlPlane::handlePacket_icmp_translate_v4_to_v6(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-	const auto& nat64stateless = base.globalBase->nat64statelesses[metadata->flow.data.nat64stateless.id];
-	const auto& translation = base.globalBase->nat64statelessTranslations[metadata->flow.data.nat64stateless.translationId];
-
-	slowWorker->slowWorkerTranslation(mbuf, nat64stateless, translation, false);
-
-	if (do_icmp_translate_v4_to_v6(mbuf, translation))
-	{
-		slowWorker->stats.nat64stateless_egressPackets++;
-		sendPacketToSlowWorker(mbuf, nat64stateless.flow);
-	}
-	else
-	{
-		slowWorker->stats.nat64stateless_egressUnknownICMP++;
-		rte_pktmbuf_free(mbuf);
-	}
-}
-
-void cControlPlane::handlePacket_dregress(rte_mbuf* mbuf)
-{
-	dregress.insert(mbuf);
-}
-
-void cControlPlane::handlePacket_repeat(rte_mbuf* mbuf)
-{
-	const rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, rte_ether_hdr*);
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	if (ethernetHeader->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
-	{
-		const rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf, rte_vlan_hdr*, sizeof(rte_ether_hdr));
-
-		metadata->flow.data.logicalPortId = CALCULATE_LOGICALPORT_ID(metadata->fromPortId, rte_be_to_cpu_16(vlanHeader->vlan_tci));
-	}
-	else
-	{
-		metadata->flow.data.logicalPortId = CALCULATE_LOGICALPORT_ID(metadata->fromPortId, 0);
-	}
-
-	/// @todo: opt
-	slowWorker->preparePacket(mbuf);
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-	const auto& logicalPort = base.globalBase->logicalPorts[metadata->flow.data.logicalPortId];
-
-	stats.repeat_packets++;
-	sendPacketToSlowWorker(mbuf, logicalPort.flow);
-}
-
-void cControlPlane::handlePacket_fragment(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-	const auto& nat64stateless = base.globalBase->nat64statelesses[metadata->flow.data.nat64stateless.id];
-
-	if (nat64stateless.defrag_farm_prefix.empty() || metadata->network_headerType != rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4) || nat64stateless.farm)
-	{
-		fragmentation.insert(mbuf);
-		return;
-	}
-
-	stats.tofarm_packets++;
-	slowWorker->slowWorkerHandleFragment(mbuf);
-	sendPacketToSlowWorker(mbuf, nat64stateless.flow);
-}
-
-void cControlPlane::handlePacket_farm(rte_mbuf* mbuf)
-{
-	stats.farm_packets++;
-	slowWorker->slowWorkerFarmHandleFragment(mbuf);
-}
-
-void cControlPlane::handlePacket_fw_state_sync(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-	const auto& fw_state_config = base.globalBase->fw_state_sync_configs[metadata->flow.data.aclId];
-
-	metadata->network_headerType = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
-	metadata->network_headerOffset = sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr);
-	metadata->transport_headerType = IPPROTO_UDP;
-	metadata->transport_headerOffset = metadata->network_headerOffset + sizeof(rte_ipv6_hdr);
-
-	generic_rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, generic_rte_ether_hdr*);
-	ethernetHeader->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN);
-	rte_ether_addr_copy(&fw_state_config.ether_address_destination, &ethernetHeader->dst_addr);
-
-	rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf, rte_vlan_hdr*, sizeof(rte_ether_hdr));
-	vlanHeader->eth_proto = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
-
-	rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
-	ipv6Header->vtc_flow = rte_cpu_to_be_32(0x6 << 28);
-	ipv6Header->payload_len = rte_cpu_to_be_16(sizeof(rte_udp_hdr) + sizeof(dataplane::globalBase::fw_state_sync_frame_t));
-	ipv6Header->proto = IPPROTO_UDP;
-	ipv6Header->hop_limits = 64;
-	memcpy(ipv6Header->src_addr, fw_state_config.ipv6_address_source.bytes, 16);
-	memcpy(ipv6Header->dst_addr, fw_state_config.ipv6_address_multicast.bytes, 16);
-
-	rte_udp_hdr* udpHeader = rte_pktmbuf_mtod_offset(mbuf, rte_udp_hdr*, metadata->network_headerOffset + sizeof(rte_ipv6_hdr));
-	udpHeader->src_port = fw_state_config.port_multicast; // IPFW reuses the same port for both src and dst.
-	udpHeader->dst_port = fw_state_config.port_multicast;
-	udpHeader->dgram_len = rte_cpu_to_be_16(sizeof(rte_udp_hdr) + sizeof(dataplane::globalBase::fw_state_sync_frame_t));
-	udpHeader->dgram_cksum = 0;
-	udpHeader->dgram_cksum = rte_ipv6_udptcp_cksum(ipv6Header, udpHeader);
-
-	// Iterate for all interested ports.
-	for (unsigned int port_id = 0; port_id < fw_state_config.flows_size; port_id++)
-	{
-		rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool);
-		if (mbuf_clone == nullptr)
-		{
-			slowWorker->stats.fwsync_multicast_egress_drops++;
-			continue;
-		}
-
-		*YADECAP_METADATA(mbuf_clone) = *YADECAP_METADATA(mbuf);
-
-		memcpy(rte_pktmbuf_mtod(mbuf_clone, char*),
-		       rte_pktmbuf_mtod(mbuf, char*),
-		       mbuf->data_len);
-		mbuf_clone->data_len = mbuf->data_len;
-		mbuf_clone->pkt_len = mbuf->pkt_len;
-
-		const auto& flow = fw_state_config.flows[port_id];
-		slowWorker->stats.fwsync_multicast_egress_packets++;
-		sendPacketToSlowWorker(mbuf_clone, flow);
-	}
-
-	if (!fw_state_config.ipv6_address_unicast.empty())
-	{
-		memcpy(ipv6Header->src_addr, fw_state_config.ipv6_address_unicast_source.bytes, 16);
-		memcpy(ipv6Header->dst_addr, fw_state_config.ipv6_address_unicast.bytes, 16);
-		udpHeader->src_port = fw_state_config.port_unicast;
-		udpHeader->dst_port = fw_state_config.port_unicast;
-		udpHeader->dgram_cksum = 0;
-		udpHeader->dgram_cksum = rte_ipv6_udptcp_cksum(ipv6Header, udpHeader);
-
-		rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool);
-		if (mbuf_clone == nullptr)
-		{
-			slowWorker->stats.fwsync_unicast_egress_drops++;
-		}
-		else
-		{
-			*YADECAP_METADATA(mbuf_clone) = *YADECAP_METADATA(mbuf);
-
-			memcpy(rte_pktmbuf_mtod(mbuf_clone, char*),
-			       rte_pktmbuf_mtod(mbuf, char*),
-			       mbuf->data_len);
-			mbuf_clone->data_len = mbuf->data_len;
-			mbuf_clone->pkt_len = mbuf->pkt_len;
-
-			slowWorker->stats.fwsync_unicast_egress_packets++;
-			sendPacketToSlowWorker(mbuf_clone, fw_state_config.ingress_flow);
-		}
-	}
-
-	rte_pktmbuf_free(mbuf);
-}
-
-bool cControlPlane::handlePacket_fw_state_sync_ingress(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	generic_rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, generic_rte_ether_hdr*);
-	if ((ethernetHeader->dst_addr.addr_bytes[0] & 1) == 0)
-	{
-		return false;
-	}
-
-	// Confirmed multicast packet.
-	// Try to match against our multicast groups.
-	if (ethernetHeader->ether_type != rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
-	{
-		return false;
-	}
-
-	rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf, rte_vlan_hdr*, sizeof(rte_ether_hdr));
-	if (vlanHeader->eth_proto != rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6))
-	{
-		return false;
-	}
-
-	rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr));
-	if (metadata->transport_headerType != IPPROTO_UDP)
-	{
-		return false;
-	}
-
-	const auto udp_payload_len = rte_be_to_cpu_16(ipv6Header->payload_len) - sizeof(rte_udp_hdr);
-	// Can contain multiple states per sync packet.
-	if (udp_payload_len % sizeof(dataplane::globalBase::fw_state_sync_frame_t) != 0)
-	{
-		return false;
-	}
-
-	tAclId aclId;
-	{
-		std::lock_guard<std::mutex> lock(fw_state_multicast_acl_ids_mutex);
-		auto it = fw_state_multicast_acl_ids.find(common::ipv6_address_t(ipv6Header->dst_addr));
-		if (it == std::end(fw_state_multicast_acl_ids))
-		{
-			return false;
-		}
-
-		aclId = it->second;
-	}
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-	const auto& fw_state_config = base.globalBase->fw_state_sync_configs[aclId];
-
-	if (memcmp(ipv6Header->src_addr, fw_state_config.ipv6_address_source.bytes, 16) == 0)
-	{
-		// Ignore self-generated packets.
-		return false;
-	}
-
-	rte_udp_hdr* udpHeader = rte_pktmbuf_mtod_offset(mbuf, rte_udp_hdr*, sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr) + sizeof(rte_ipv6_hdr));
-	if (udpHeader->dst_port != fw_state_config.port_multicast)
-	{
-		return false;
-	}
-
-	for (size_t idx = 0; idx < udp_payload_len / sizeof(dataplane::globalBase::fw_state_sync_frame_t); ++idx)
-	{
-		dataplane::globalBase::fw_state_sync_frame_t* payload = rte_pktmbuf_mtod_offset(
-		        mbuf,
-		        dataplane::globalBase::fw_state_sync_frame_t*,
-		        sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr) + sizeof(rte_ipv6_hdr) + sizeof(rte_udp_hdr) + idx * sizeof(dataplane::globalBase::fw_state_sync_frame_t));
-
-		if (payload->addr_type == 6)
-		{
-			dataplane::globalBase::fw6_state_key_t key;
-			key.proto = payload->proto;
-			key.__nap = 0;
-			// Swap src and dst addresses.
-			memcpy(key.dst_addr.bytes, payload->src_ip6.bytes, 16);
-			memcpy(key.src_addr.bytes, payload->dst_ip6.bytes, 16);
-
-			if (payload->proto == IPPROTO_TCP || payload->proto == IPPROTO_UDP)
-			{
-				// Swap src and dst ports.
-				key.dst_port = payload->src_port;
-				key.src_port = payload->dst_port;
-			}
-			else
-			{
-				key.dst_port = 0;
-				key.src_port = 0;
-			}
-
-			dataplane::globalBase::fw_state_value_t value;
-			value.type = static_cast<dataplane::globalBase::fw_state_type>(payload->proto);
-			value.owner = dataplane::globalBase::fw_state_owner_e::external;
-			value.last_seen = slowWorker->basePermanently.globalBaseAtomic->currentTime;
-			value.flow = fw_state_config.ingress_flow;
-			value.acl_id = aclId;
-			value.last_sync = slowWorker->basePermanently.globalBaseAtomic->currentTime;
-			value.packets_since_last_sync = 0;
-			value.packets_backward = 0;
-			value.packets_forward = 0;
-			value.tcp.unpack(payload->flags);
-
-			uint32_t state_timeout = dataPlane->getConfigValues().stateful_firewall_other_protocols_timeout;
-			if (payload->proto == IPPROTO_UDP)
-			{
-				state_timeout = dataPlane->getConfigValues().stateful_firewall_udp_timeout;
-			}
-			else if (payload->proto == IPPROTO_TCP)
-			{
-				state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_timeout;
-				uint8_t flags = value.tcp.src_flags | value.tcp.dst_flags;
-				if (flags & (uint8_t)common::fwstate::tcp_flags_e::ACK)
-				{
-					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_syn_ack_timeout;
-				}
-				else if (flags & (uint8_t)common::fwstate::tcp_flags_e::SYN)
-				{
-					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_syn_timeout;
-				}
-				if (flags & (uint8_t)common::fwstate::tcp_flags_e::FIN)
-				{
-					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_fin_timeout;
-				}
-			}
-			value.state_timeout = state_timeout;
-
-			for (auto& [socketId, globalBaseAtomic] : dataPlane->globalBaseAtomics)
-			{
-				(void)socketId;
-
-				dataplane::globalBase::fw_state_value_t* lookup_value;
-				dataplane::spinlock_nonrecursive_t* locker;
-				const uint32_t hash = globalBaseAtomic->fw6_state->lookup(key, lookup_value, locker);
-				if (lookup_value)
-				{
-					// Keep state alive for us even if there were no packets received.
-					// Do not reset other counters.
-					lookup_value->last_seen = slowWorker->basePermanently.globalBaseAtomic->currentTime;
-					lookup_value->tcp.src_flags |= value.tcp.src_flags;
-					lookup_value->tcp.dst_flags |= value.tcp.dst_flags;
-					lookup_value->state_timeout = std::max(lookup_value->state_timeout, value.state_timeout);
-				}
-				else
-				{
-					globalBaseAtomic->fw6_state->insert(hash, key, value);
-				}
-				locker->unlock();
-			}
-		}
-		else if (payload->addr_type == 4)
-		{
-			dataplane::globalBase::fw4_state_key_t key;
-			key.proto = payload->proto;
-			key.__nap = 0;
-			// Swap src and dst addresses.
-			key.dst_addr.address = payload->src_ip;
-			key.src_addr.address = payload->dst_ip;
-
-			if (payload->proto == IPPROTO_TCP || payload->proto == IPPROTO_UDP)
-			{
-				// Swap src and dst ports.
-				key.dst_port = payload->src_port;
-				key.src_port = payload->dst_port;
-			}
-			else
-			{
-				key.dst_port = 0;
-				key.src_port = 0;
-			}
-
-			dataplane::globalBase::fw_state_value_t value;
-			value.type = static_cast<dataplane::globalBase::fw_state_type>(payload->proto);
-			value.owner = dataplane::globalBase::fw_state_owner_e::external;
-			value.last_seen = slowWorker->basePermanently.globalBaseAtomic->currentTime;
-			value.flow = fw_state_config.ingress_flow;
-			value.acl_id = aclId;
-			value.last_sync = slowWorker->basePermanently.globalBaseAtomic->currentTime;
-			value.packets_since_last_sync = 0;
-			value.packets_backward = 0;
-			value.packets_forward = 0;
-			value.tcp.unpack(payload->flags);
-
-			uint32_t state_timeout = dataPlane->getConfigValues().stateful_firewall_other_protocols_timeout;
-			if (payload->proto == IPPROTO_UDP)
-			{
-				state_timeout = dataPlane->getConfigValues().stateful_firewall_udp_timeout;
-			}
-			else if (payload->proto == IPPROTO_TCP)
-			{
-				state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_timeout;
-				uint8_t flags = value.tcp.src_flags | value.tcp.dst_flags;
-				if (flags & (uint8_t)common::fwstate::tcp_flags_e::ACK)
-				{
-					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_syn_ack_timeout;
-				}
-				else if (flags & (uint8_t)common::fwstate::tcp_flags_e::SYN)
-				{
-					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_syn_timeout;
-				}
-				if (flags & (uint8_t)common::fwstate::tcp_flags_e::FIN)
-				{
-					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_fin_timeout;
-				}
-			}
-			value.state_timeout = state_timeout;
-
-			for (auto& [socketId, globalBaseAtomic] : dataPlane->globalBaseAtomics)
-			{
-				(void)socketId;
-
-				dataplane::globalBase::fw_state_value_t* lookup_value;
-				dataplane::spinlock_nonrecursive_t* locker;
-				const uint32_t hash = globalBaseAtomic->fw4_state->lookup(key, lookup_value, locker);
-				if (lookup_value)
-				{
-					// Keep state alive for us even if there were no packets received.
-					// Do not reset other counters.
-					lookup_value->last_seen = slowWorker->basePermanently.globalBaseAtomic->currentTime;
-					lookup_value->tcp.src_flags |= value.tcp.src_flags;
-					lookup_value->tcp.dst_flags |= value.tcp.dst_flags;
-					lookup_value->state_timeout = std::max(lookup_value->state_timeout, value.state_timeout);
-				}
-				else
-				{
-					globalBaseAtomic->fw4_state->insert(hash, key, value);
-				}
-				locker->unlock();
-			}
-		}
-	}
-
-	return true;
-}
-
-void cControlPlane::handlePacket_balancer_icmp_forward(rte_mbuf* mbuf)
-{
-	if (dataPlane->config.SWICMPOutRateLimit != 0)
-	{
-		if (icmpOutRemainder == 0)
-		{
-			slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_out_rate_limit_reached]++;
-			rte_pktmbuf_free(mbuf);
-			return;
-		}
-
-		--icmpOutRemainder;
-	}
-
-	std::lock_guard<std::mutex> unrdup_guard(unrdup_mutex);
-	std::lock_guard<std::mutex> interfaces_ips_guard(interfaces_ips_mutex);
-	std::lock_guard<std::mutex> services_guard(vip_vport_proto_mutex);
-
-	const auto& base = slowWorker->bases[slowWorker->localBaseId & 1];
-
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	common::ip_address_t original_src_from_icmp_payload;
-	common::ip_address_t src_from_ip_header;
-	uint16_t original_src_port_from_icmp_payload;
-
-	uint32_t balancer_id = metadata->flow.data.balancer.id;
-
-	dataplane::metadata inner_metadata;
-
-	if (metadata->transport_headerType == IPPROTO_ICMP)
-	{
-		rte_ipv4_hdr* ipv4Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
-		src_from_ip_header = common::ip_address_t(rte_be_to_cpu_32(ipv4Header->src_addr));
-
-		rte_ipv4_hdr* icmpPayloadIpv4Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->transport_headerOffset + sizeof(icmpv4_header_t));
-		original_src_from_icmp_payload = common::ip_address_t(rte_be_to_cpu_32(icmpPayloadIpv4Header->src_addr));
-
-		inner_metadata.network_headerType = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
-		inner_metadata.network_headerOffset = metadata->transport_headerOffset + sizeof(icmpv4_header_t);
-	}
-	else
-	{
-		rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
-		src_from_ip_header = common::ip_address_t(ipv6Header->src_addr);
-
-		rte_ipv6_hdr* icmpPayloadIpv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->transport_headerOffset + sizeof(icmpv6_header_t));
-		original_src_from_icmp_payload = common::ip_address_t(icmpPayloadIpv6Header->src_addr);
-
-		inner_metadata.network_headerType = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
-		inner_metadata.network_headerOffset = metadata->transport_headerOffset + sizeof(icmpv6_header_t);
-	}
-
-	if (!prepareL3(mbuf, &inner_metadata))
-	{
-		/* we are not suppossed to get in here anyway, same check was done earlier by balancer_icmp_forward_handle(),
-		   but we needed to call prepareL3() to determine icmp payload original packets transport header offset */
-		if (inner_metadata.network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
-		{
-			slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_ip]++;
-		}
-		else
-		{
-			slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_ip]++;
-		}
-
-		rte_pktmbuf_free(mbuf);
-		return;
-	}
-
-	if (inner_metadata.transport_headerType != IPPROTO_TCP && inner_metadata.transport_headerType != IPPROTO_UDP)
-	{
-		// not supported protocol for cloning and distributing, drop
-		rte_pktmbuf_free(mbuf);
-		slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_unexpected_transport_protocol]++;
-		return;
-	}
-
-	// check whether ICMP payload is too short to contain "offending" packet's IP header and ports is performed earlier by balancer_icmp_forward_handle()
-	void* icmpPayloadTransportHeader = rte_pktmbuf_mtod_offset(mbuf, void*, inner_metadata.transport_headerOffset);
-
-	// both TCP and UDP headers have src port (16 bits) as the first field
-	original_src_port_from_icmp_payload = rte_be_to_cpu_16(*(uint16_t*)icmpPayloadTransportHeader);
-
-	if (vip_to_balancers.size() <= balancer_id)
-	{
-		// no vip_to_balancers table for this balancer_id
-		rte_pktmbuf_free(mbuf);
-		slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_no_unrdup_table_for_balancer_id]++;
-		return;
-	}
-
-	if (!vip_to_balancers[balancer_id].count(original_src_from_icmp_payload))
-	{
-		// vip is not listed in unrdup config - neighbor balancers are unknown, drop
-		rte_pktmbuf_free(mbuf);
-		slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_unrdup_vip_not_found]++;
-		return;
-	}
-
-	if (vip_vport_proto.size() <= balancer_id)
-	{
-		// no vip_vport_proto table for this balancer_id
-		rte_pktmbuf_free(mbuf);
-		slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id]++;
-		return;
-	}
-
-	if (!vip_vport_proto[balancer_id].count({original_src_from_icmp_payload, original_src_port_from_icmp_payload, inner_metadata.transport_headerType}))
-	{
-		// such combination of vip-vport-protocol is absent, don't clone, drop
-		rte_pktmbuf_free(mbuf);
-		slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_unknown_service]++;
-		return;
-	}
-
-	const auto& neighbor_balancers = vip_to_balancers[balancer_id][original_src_from_icmp_payload];
-
-	for (const auto& neighbor_balancer : neighbor_balancers)
-	{
-		// will not send a cloned packet if source address in "balancer" section of controlplane.conf is absent
-		if (neighbor_balancer.is_ipv4() && !base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv4.address)
-		{
-			slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv4]++;
-			continue;
-		}
-
-		if (neighbor_balancer.is_ipv6() && base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv6.empty())
-		{
-			slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv6]++;
-			continue;
-		}
-
-		rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool);
-		if (mbuf_clone == nullptr)
-		{
-			slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_failed_to_clone]++;
-			continue;
-		}
-
-		*YADECAP_METADATA(mbuf_clone) = *YADECAP_METADATA(mbuf);
-		dataplane::metadata* clone_metadata = YADECAP_METADATA(mbuf_clone);
-
-		rte_memcpy(rte_pktmbuf_mtod(mbuf_clone, char*),
-		           rte_pktmbuf_mtod(mbuf, char*),
-		           mbuf->data_len);
-
-		if (neighbor_balancer.is_ipv4())
-		{
-			rte_pktmbuf_prepend(mbuf_clone, sizeof(rte_ipv4_hdr));
-			memmove(rte_pktmbuf_mtod(mbuf_clone, char*),
-			        rte_pktmbuf_mtod_offset(mbuf_clone, char*, sizeof(rte_ipv4_hdr)),
-			        clone_metadata->network_headerOffset);
-
-			rte_ipv4_hdr* outerIpv4Header = rte_pktmbuf_mtod_offset(mbuf_clone, rte_ipv4_hdr*, clone_metadata->network_headerOffset);
-
-			outerIpv4Header->src_addr = base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv4.address;
-			outerIpv4Header->dst_addr = rte_cpu_to_be_32(neighbor_balancer.get_ipv4());
-
-			outerIpv4Header->version_ihl = 0x45;
-			outerIpv4Header->type_of_service = 0x00;
-			outerIpv4Header->packet_id = rte_cpu_to_be_16(0x01);
-			outerIpv4Header->fragment_offset = 0;
-			outerIpv4Header->time_to_live = 64;
-
-			outerIpv4Header->total_length = rte_cpu_to_be_16((uint16_t)(mbuf->pkt_len - clone_metadata->network_headerOffset + sizeof(rte_ipv4_hdr)));
-
-			if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
-			{
-				outerIpv4Header->next_proto_id = IPPROTO_IPIP;
-			}
-			else
-			{
-				outerIpv4Header->next_proto_id = IPPROTO_IPV6;
-			}
-
-			yanet_ipv4_checksum(outerIpv4Header);
-
-			mbuf_clone->data_len = mbuf->data_len + sizeof(rte_ipv4_hdr);
-			mbuf_clone->pkt_len = mbuf->pkt_len + sizeof(rte_ipv4_hdr);
-
-			// might need to change next protocol type in ethernet/vlan header in cloned packet
-
-			rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf_clone, rte_ether_hdr*);
-			if (ethernetHeader->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
-			{
-				rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf_clone, rte_vlan_hdr*, sizeof(rte_ether_hdr));
-				vlanHeader->eth_proto = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
-			}
-			else
-			{
-				ethernetHeader->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
-			}
-		}
-		else if (neighbor_balancer.is_ipv6())
-		{
-			rte_pktmbuf_prepend(mbuf_clone, sizeof(rte_ipv6_hdr));
-			memmove(rte_pktmbuf_mtod(mbuf_clone, char*),
-			        rte_pktmbuf_mtod_offset(mbuf_clone, char*, sizeof(rte_ipv6_hdr)),
-			        clone_metadata->network_headerOffset);
-
-			rte_ipv6_hdr* outerIpv6Header = rte_pktmbuf_mtod_offset(mbuf_clone, rte_ipv6_hdr*, clone_metadata->network_headerOffset);
-
-			rte_memcpy(outerIpv6Header->src_addr, base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv6.bytes, sizeof(outerIpv6Header->src_addr));
-			if (src_from_ip_header.is_ipv6())
-			{
-				((uint32_t*)outerIpv6Header->src_addr)[2] = ((uint32_t*)src_from_ip_header.get_ipv6().data())[2] ^ ((uint32_t*)src_from_ip_header.get_ipv6().data())[3];
-			}
-			else
-			{
-				((uint32_t*)outerIpv6Header->src_addr)[2] = src_from_ip_header.get_ipv4();
-			}
-			rte_memcpy(outerIpv6Header->dst_addr, neighbor_balancer.get_ipv6().data(), sizeof(outerIpv6Header->dst_addr));
-
-			outerIpv6Header->vtc_flow = rte_cpu_to_be_32((0x6 << 28));
-			outerIpv6Header->payload_len = rte_cpu_to_be_16((uint16_t)(mbuf->pkt_len - clone_metadata->network_headerOffset));
-			outerIpv6Header->hop_limits = 64;
-
-			if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
-			{
-				outerIpv6Header->proto = IPPROTO_IPIP;
-			}
-			else
-			{
-				outerIpv6Header->proto = IPPROTO_IPV6;
-			}
-
-			mbuf_clone->data_len = mbuf->data_len + sizeof(rte_ipv6_hdr);
-			mbuf_clone->pkt_len = mbuf->pkt_len + sizeof(rte_ipv6_hdr);
-
-			// might need to change next protocol type in ethernet/vlan header in cloned packet
-
-			rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf_clone, rte_ether_hdr*);
-			if (ethernetHeader->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
-			{
-				rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf_clone, rte_vlan_hdr*, sizeof(rte_ether_hdr));
-				vlanHeader->eth_proto = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
-			}
-			else
-			{
-				ethernetHeader->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
-			}
-		}
-
-		slowWorker->counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_clone_forwarded]++;
-
-		const auto& flow = base.globalBase->balancers[metadata->flow.data.balancer.id].flow;
-
-		slowWorker->preparePacket(mbuf_clone);
-		sendPacketToSlowWorker(mbuf_clone, flow);
-	}
-
-	// packet itself is not going anywhere, only its clones with prepended header
-	rte_pktmbuf_free(mbuf);
-}
-
-void cControlPlane::handlePacket_dump(rte_mbuf* mbuf)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-
-	const auto& portmapper = slowWorker->basePermanently.ports;
-	if (!portmapper.ValidDpdk(metadata->flow.data.dump.id))
-	{
-		stats.unknown_dump_interface++;
-		rte_pktmbuf_free(mbuf);
-		return;
-	}
-	const auto local_port_id = portmapper.ToLogical(metadata->flow.data.dump.id);
-
-	auto push = [this, mbuf](KniPortData& iface) {
-		if (iface.mbufs_count == CONFIG_YADECAP_MBUFS_BURST_SIZE)
-		{
-			flush_kernel_interface(iface);
-		}
-		iface.mbufs[iface.mbufs_count++] = mbuf;
-	};
-
-	if (metadata->flow.data.dump.type == common::globalBase::dump_type_e::physicalPort_ingress)
-	{
-		push(in_dump_kernel_interfaces[local_port_id]);
-		return;
-	}
-	else if (metadata->flow.data.dump.type == common::globalBase::dump_type_e::physicalPort_egress)
-	{
-		push(out_dump_kernel_interfaces[local_port_id]);
-		return;
-	}
-	else if (metadata->flow.data.dump.type == common::globalBase::dump_type_e::physicalPort_drop)
-	{
-		push(drop_dump_kernel_interfaces[local_port_id]);
-		return;
-	}
-
-	stats.unknown_dump_interface++;
-	rte_pktmbuf_free(mbuf);
-}
-
-rte_mbuf* cControlPlane::convertMempool(rte_ring* ring_to_free_mbuf,
-                                        rte_mbuf* old_mbuf)
-{
-	/// we dont support attached mbufs
-
-	rte_mbuf* mbuf = rte_pktmbuf_alloc(mempool);
-	if (!mbuf)
-	{
-		stats.mempool_is_empty++;
-
-		freeWorkerPacket(ring_to_free_mbuf, old_mbuf);
-		return nullptr;
-	}
-
-	*YADECAP_METADATA(mbuf) = *YADECAP_METADATA(old_mbuf);
-
-	/// @todo: rte_pktmbuf_append() and check error
-
-	memcpy(rte_pktmbuf_mtod(mbuf, char*),
-	       rte_pktmbuf_mtod(old_mbuf, char*),
-	       old_mbuf->data_len);
-
-	mbuf->data_len = old_mbuf->data_len;
-	mbuf->pkt_len = old_mbuf->pkt_len;
-
-	freeWorkerPacket(ring_to_free_mbuf, old_mbuf);
-
-	if (rte_mbuf_refcnt_read(mbuf) != 1)
-	{
-		YADECAP_LOG_ERROR("something wrong\n");
-	}
-
-	return mbuf;
-}
-
-void cControlPlane::sendPacketToSlowWorker(rte_mbuf* mbuf,
-                                           const common::globalBase::tFlow& flow)
-{
-	/// we dont support attached mbufs
-
-	if (slowWorkerMbufs.size() >= 1024) ///< @todo: variable
-	{
-		stats.slowworker_drops++;
-		rte_pktmbuf_free(mbuf);
-		return;
-	}
-
-	stats.slowworker_packets++;
-	slowWorkerMbufs.emplace(mbuf, flow);
-}
-
-void cControlPlane::freeWorkerPacket(rte_ring* ring_to_free_mbuf,
-                                     rte_mbuf* mbuf)
-{
-	if (ring_to_free_mbuf == slowWorker->ring_toFreePackets)
-	{
-		rte_pktmbuf_free(mbuf);
-		return;
-	}
-
-	while (rte_ring_sp_enqueue(ring_to_free_mbuf, mbuf) != 0)
-	{
-		std::this_thread::yield();
-	}
-}
-
-void cControlPlane::SWRateLimiterTimeTracker()
-{
-	// seem to be sufficiently fast function for slowWorker whose threshold is 200'000 packets per second
-	std::chrono::high_resolution_clock::time_point curTimePointForSWRateLimiter = std::chrono::high_resolution_clock::now();
-
-	// is it time to reset icmpPacketsToSW counters?
-	if (std::chrono::duration_cast<std::chrono::milliseconds>(curTimePointForSWRateLimiter - prevTimePointForSWRateLimiter) >= std::chrono::milliseconds(1000 / dataPlane->config.rateLimitDivisor))
-	{
-		// the only place thread-shared variable icmpPacketsToSW is changed
-		for (auto& [coreId, worker] : dataPlane->workers)
-		{
-			(void)coreId;
-
-			if (slowWorker == worker)
-			{
-				continue;
-			}
-
-			__atomic_store_n(&worker->packetsToSWNPRemainder, dataPlane->config.SWNormalPriorityRateLimitPerWorker, __ATOMIC_RELAXED);
-		}
-
-		icmpOutRemainder = dataPlane->config.SWICMPOutRateLimit / dataPlane->config.rateLimitDivisor;
-
-		prevTimePointForSWRateLimiter = curTimePointForSWRateLimiter;
-	}
-}
diff --git a/dataplane/controlplane.h b/dataplane/controlplane.h
index c052f159..643830fa 100644
--- a/dataplane/controlplane.h
+++ b/dataplane/controlplane.h
@@ -15,20 +15,31 @@
 
 #include "common/idp.h"
 #include "common/result.h"
-#include "common/type.h"
 
-#include "dregress.h"
-#include "fragmentation.h"
+#include "dataplane/dregress.h"
+#include "dataplane/kernel_interface_handler.h"
+#include "kernel_interface_handle.h"
 #include "type.h"
+#include "utils.h"
 
 class cControlPlane ///< @todo: move to cDataPlane
 {
+protected:
+	struct sKniStats
+	{
+		uint64_t ipackets = 0;
+		uint64_t ibytes = 0;
+		uint64_t idropped = 0;
+		uint64_t opackets = 0;
+		uint64_t obytes = 0;
+		uint64_t odropped = 0;
+	};
+
 public:
 	cControlPlane(cDataPlane* dataPlane);
-	virtual ~cControlPlane();
+	virtual ~cControlPlane() = default;
 
 	eResult init(bool use_kernel_interface);
-	void start();
 	void stop();
 	void join();
 
@@ -36,27 +47,30 @@ class cControlPlane ///< @todo: move to cDataPlane
 	eResult updateGlobalBaseBalancer(const common::idp::updateGlobalBaseBalancer::request& request);
 	common::idp::getGlobalBase::response getGlobalBase(const common::idp::getGlobalBase::request& request);
 	common::idp::getWorkerStats::response getWorkerStats(const common::idp::getWorkerStats::request& request);
-	common::idp::getSlowWorkerStats::response getSlowWorkerStats();
+	[[nodiscard]] common::slowworker::stats_t SlowWorkerStats() const;
+	common::idp::getSlowWorkerStats::response SlowWorkerStatsResponse();
 	common::idp::get_worker_gc_stats::response get_worker_gc_stats();
 	common::idp::get_dregress_counters::response get_dregress_counters();
 	common::idp::get_ports_stats::response get_ports_stats();
 	common::idp::get_ports_stats_extended::response get_ports_stats_extended();
 	common::idp::getControlPlanePortStats::response getControlPlanePortStats(const common::idp::getControlPlanePortStats::request& request);
 	common::idp::getPortStatsEx::response getPortStatsEx();
-	common::idp::getFragmentationStats::response getFragmentationStats();
+	[[nodiscard]] common::idp::getFragmentationStats::response getFragmentationStats() const;
+	[[nodiscard]] common::dregress::stats_t DregressStats() const;
+	[[nodiscard]] std::optional<std::reference_wrapper<const dataplane::sKniStats>> KniStats(tPortId) const;
+	[[nodiscard]] dataplane::hashtable_chain_spinlock_stats_t DregressConnectionsStats() const;
+	[[nodiscard]] dregress::LimitsStats DregressLimitsStats() const;
 	common::idp::getFWState::response getFWState();
 	common::idp::getFWStateStats::response getFWStateStats();
 	eResult clearFWState();
-	common::idp::getAclCounters::response getAclCounters();
-	common::idp::getCounters::response getCounters(const common::idp::getCounters::request& request);
-	common::idp::getOtherStats::response getOtherStats();
-	common::idp::getConfig::response getConfig() const;
+	[[nodiscard]] common::idp::getConfig::response getConfig() const;
 	common::idp::getErrors::response getErrors();
 	common::idp::getReport::response getReport();
 	common::idp::lpm4LookupAddress::response lpm4LookupAddress(const common::idp::lpm4LookupAddress::request& request);
 	common::idp::lpm6LookupAddress::response lpm6LookupAddress(const common::idp::lpm6LookupAddress::request& request);
 	common::idp::limits::response limits();
 	common::idp::samples::response samples();
+	common::idp::hitcount_dump::response hitcount_dump();
 	common::idp::balancer_connection::response balancer_connection(const common::idp::balancer_connection::request& request);
 	common::idp::balancer_service_connections::response balancer_service_connections();
 	common::idp::balancer_real_connections::response balancer_real_connections();
@@ -64,7 +78,6 @@ class cControlPlane ///< @todo: move to cDataPlane
 	eResult unrdup_vip_to_balancers(const common::idp::unrdup_vip_to_balancers::request& request);
 	eResult update_vip_vport_proto(const common::idp::update_vip_vport_proto::request& request);
 	common::idp::version::response version();
-	common::idp::get_counter_by_name::response get_counter_by_name(const common::idp::get_counter_by_name::request& request);
 	common::idp::nat64stateful_state::response nat64stateful_state(const common::idp::nat64stateful_state::request& request);
 	common::idp::get_shm_info::response get_shm_info();
 	common::idp::get_shm_tsc_info::response get_shm_tsc_info();
@@ -75,34 +88,39 @@ class cControlPlane ///< @todo: move to cDataPlane
 	void switchGlobalBase();
 	virtual void waitAllWorkers();
 
-	void sendPacketToSlowWorker(rte_mbuf* mbuf, const common::globalBase::tFlow& flow); ///< @todo: remove flow
-	void freeWorkerPacket(rte_ring* ring_to_free_mbuf, rte_mbuf* mbuf);
+private:
+	[[nodiscard]] const std::vector<cWorker*>& workers_vector() const;
+	[[nodiscard]] const std::map<tCoreId, dataplane::SlowWorker*>& slow_workers() const;
 
-protected:
-	eResult initMempool();
-	eResult init_kernel_interfaces();
-	std::optional<tPortId> add_kernel_interface(const tPortId port_id, const std::string& interface_name);
-	void remove_kernel_interface(const tPortId port_id, const std::string& interface_name);
-	void set_kernel_interface_up(const std::string& interface_name);
-
-	void mainThread();
-	unsigned ring_handle(rte_ring* ring_to_free_mbuf, rte_ring* ring);
-
-	void handlePacketFromForwardingPlane(rte_mbuf* mbuf); ///< @todo: rename
-	void handlePacket_icmp_translate_v6_to_v4(rte_mbuf* mbuf);
-	void handlePacket_icmp_translate_v4_to_v6(rte_mbuf* mbuf);
-	void handlePacket_dregress(rte_mbuf* mbuf);
-	void handlePacket_repeat(rte_mbuf* mbuf);
-	void handlePacket_fragment(rte_mbuf* mbuf);
-	void handlePacket_farm(rte_mbuf* mbuf);
-	void handlePacket_fw_state_sync(rte_mbuf* mbuf);
-	bool handlePacket_fw_state_sync_ingress(rte_mbuf* mbuf);
-	void handlePacket_balancer_icmp_forward(rte_mbuf* mbuf);
-	void handlePacket_dump(rte_mbuf* mbuf);
-
-	void SWRateLimiterTimeTracker();
-
-	rte_mbuf* convertMempool(rte_ring* ring_to_free_mbuf, rte_mbuf* mbuf);
+	template<typename F>
+	// @brief returns sum of results of applying F to all cWorker*s
+	auto accumulateWorkerStats(F func) const
+	{
+		using R = std::invoke_result_t<F, cWorker*>;
+		return std::accumulate(
+		        workers_vector().begin(),
+		        workers_vector().end(),
+		        R{},
+		        [func](R total, cWorker* worker) {
+			        total += func(worker);
+			        return total;
+		        });
+	}
+
+	template<typename F>
+	// @brief returns sum of results of applying F to all SlowWorker*s
+	auto accumulateSlowWorkerStats(F func) const
+	{
+		using R = std::invoke_result_t<F, dataplane::SlowWorker*>;
+		return std::accumulate(
+		        slow_workers().begin(),
+		        slow_workers().end(),
+		        R{},
+		        [&func](R total, const auto& pair) {
+			        total += func(pair.second);
+			        return total;
+		        });
+	}
 
 protected:
 	friend class cReport;
@@ -110,28 +128,11 @@ class cControlPlane ///< @todo: move to cDataPlane
 	friend class dataplane::globalBase::generation;
 	friend class dregress_t;
 
-	struct sKniStats
-	{
-		uint64_t ipackets = 0;
-		uint64_t ibytes = 0;
-		uint64_t idropped = 0;
-		uint64_t opackets = 0;
-		uint64_t obytes = 0;
-		uint64_t odropped = 0;
-	};
-
 	cDataPlane* dataPlane;
 
-	fragmentation_t fragmentation;
-	dregress_t dregress;
-
 	std::mutex mutex;
 	std::mutex balancer_mutex;
-	std::mutex unrdup_mutex;
-	std::mutex interfaces_ips_mutex;
-	std::mutex vip_vport_proto_mutex;
 
-	rte_mempool* mempool;
 	bool use_kernel_interface;
 
 	struct KniPortData
@@ -154,20 +155,19 @@ class cControlPlane ///< @todo: move to cDataPlane
 	common::slowworker::stats_t stats;
 	common::idp::getErrors::response errors; ///< @todo: class errorsManager
 
-	cWorker* slowWorker;
 	std::queue<std::tuple<rte_mbuf*,
 	                      common::globalBase::tFlow>>
 	        slowWorkerMbufs;
-	std::mutex fw_state_multicast_acl_ids_mutex;
-	std::map<common::ipv6_address_t, tAclId> fw_state_multicast_acl_ids;
 
-	// provided by unrdup.cfg, used to clone some icmp packets to neighbor balancers, index is balancer_id
-	std::vector<std::unordered_map<common::ip_address_t, std::unordered_set<common::ip_address_t>>> vip_to_balancers;
+public:
+	using VipToBalancers = std::vector<std::unordered_map<common::ip_address_t, std::unordered_set<common::ip_address_t>>>;
+	utils::Sequential<VipToBalancers> vip_to_balancers;
+	using VipVportProto = std::vector<std::unordered_set<std::tuple<common::ip_address_t, std::optional<uint16_t>, uint8_t>>>;
 	// check presence prior to cloning
-	std::vector<std::unordered_set<std::tuple<common::ip_address_t, std::optional<uint16_t>, uint8_t>>> vip_vport_proto;
-
-	std::chrono::high_resolution_clock::time_point prevTimePointForSWRateLimiter;
+	utils::Sequential<VipVportProto> vip_vport_proto;
+	using FwStateMulticastAclIds = std::map<common::ipv6_address_t, tAclId>;
+	utils::Sequential<FwStateMulticastAclIds> fw_state_multicast_acl_ids;
 
-	uint32_t icmpOutRemainder;
+protected:
 	uint32_t gc_step;
 };
diff --git a/dataplane/dataplane.cpp b/dataplane/dataplane.cpp
index 73b4db70..0a0df910 100644
--- a/dataplane/dataplane.cpp
+++ b/dataplane/dataplane.cpp
@@ -1,6 +1,8 @@
 #include <arpa/inet.h>
+#include <bitset>
 #include <cstdint>
-#include <string.h>
+#include <cstring>
+#include <limits>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -23,29 +25,36 @@
 #include <sys/ipc.h>
 #include <sys/shm.h>
 
-#include <stdio.h>
-#include <stdlib.h>
+#include <cstdio>
+#include <cstdlib>
 #include <sys/mman.h>
 
 #include "common.h"
+#include "common/define.h"
 #include "common/idp.h"
 #include "common/result.h"
 #include "common/tsc_deltas.h"
 #include "dataplane.h"
-#include "debug_latch.h"
+#include "dataplane/sdpserver.h"
 #include "globalbase.h"
-#include "lpm.h"
-#include "report.h"
 #include "sock_dev.h"
+#include "work_runner.h"
 #include "worker.h"
+#include "worker_gc.h"
 
 common::log::LogPriority common::log::logPriority = common::log::TLOG_INFO;
 
+bool StartsWith(const std::string& str, const std::string& prefix)
+{
+	return str.compare(0, prefix.length(), prefix) == 0;
+}
+
 cDataPlane::cDataPlane() :
+        prevTimePointForSWRateLimiter(std::chrono::high_resolution_clock::now()),
         currentGlobalBaseId(0),
         globalBaseSerial(0),
         report(this),
-        controlPlane(new cControlPlane(this)),
+        controlPlane(std::make_unique<cControlPlane>(this)),
         bus(this),
         memory_manager(this)
 {
@@ -57,6 +66,11 @@ cDataPlane::~cDataPlane()
 	{
 		rte_mempool_free(mempool_log);
 	}
+	for (auto& [socket_id, rte_mempool] : socket_cplane_mempools)
+	{
+		YANET_GCC_BUG_UNUSED(socket_id);
+		rte_mempool_free(rte_mempool);
+	}
 }
 
 eResult cDataPlane::init(const std::string& binaryPath,
@@ -108,7 +122,16 @@ eResult cDataPlane::init(const std::string& binaryPath,
 		return result;
 	}
 
-	mempool_log = rte_mempool_create("log", YANET_CONFIG_SAMPLES_SIZE, sizeof(samples::sample_t), 0, 0, NULL, NULL, NULL, NULL, SOCKET_ID_ANY, MEMPOOL_F_NO_IOVA_CONTIG);
+	if (config.use_kernel_interface)
+	{
+		result = init_kernel_interfaces();
+		if (result != eResult::success)
+		{
+			return result;
+		}
+	}
+
+	mempool_log = rte_mempool_create("log", YANET_CONFIG_SAMPLES_SIZE, sizeof(samples::sample_t), 0, 0, nullptr, nullptr, nullptr, nullptr, SOCKET_ID_ANY, MEMPOOL_F_NO_IOVA_CONTIG);
 
 	result = initGlobalBases();
 	if (result != eResult::success)
@@ -116,12 +139,71 @@ eResult cDataPlane::init(const std::string& binaryPath,
 		return result;
 	}
 
+	std::set<tSocketId> slow_sockets;
+	for (const auto& [core, serviced] : config.controlplane_workers)
+	{
+		auto ifaces = config.WorkersInterfaces(serviced);
+		for (const auto& iface : ifaces)
+		{
+			std::string device_name = std::get<0>(config.ports.at(iface));
+			if (StartsWith(device_name, SOCK_DEV_PREFIX))
+			{
+				device_name = iface;
+			}
+			auto port = dpdk::GetPortByName(device_name);
+			if (!port)
+			{
+				YANET_LOG_ERROR("No port!\n");
+				std::abort();
+			}
+			slow_sockets.insert(rte_eth_dev_socket_id(port.value()));
+		}
+		slow_sockets.insert(rte_lcore_to_socket_id(core));
+	}
+
+	for (auto socket : slow_sockets)
+	{
+		auto pool = rte_mempool_create(("cp-" + std::to_string(socket)).c_str(),
+		                               CONFIG_YADECAP_MBUFS_COUNT +
+		                                       config_values_.fragmentation.size +
+		                                       config_values_.master_mempool_size +
+		                                       4 * CONFIG_YADECAP_PORTS_SIZE * CONFIG_YADECAP_MBUFS_BURST_SIZE +
+		                                       4 * ports.size() * config_values_.kernel_interface_queue_size,
+		                               CONFIG_YADECAP_MBUF_SIZE,
+		                               0,
+		                               sizeof(struct rte_pktmbuf_pool_private),
+		                               rte_pktmbuf_pool_init,
+		                               nullptr,
+		                               rte_pktmbuf_init,
+		                               nullptr,
+		                               socket,
+		                               0); ///< multi-producers, multi-consumers
+		if (!pool)
+		{
+			YADECAP_LOG_ERROR("rte_mempool_create(): %s [%u]\n", rte_strerror(rte_errno), rte_errno);
+			return eResult::errorAllocatingMemory;
+		}
+		socket_cplane_mempools.emplace(socket, pool);
+	}
+
+	result = initSharedMemory();
+	if (result != eResult::success)
+	{
+		return result;
+	}
+
 	result = initWorkers();
 	if (result != eResult::success)
 	{
 		return result;
 	}
 
+	result = InitSlowWorkers();
+	if (result != eResult::success)
+	{
+		return result;
+	}
+
 	result = splitSharedMemoryPerWorkers();
 	if (result != eResult::success)
 	{
@@ -129,11 +211,13 @@ eResult cDataPlane::init(const std::string& binaryPath,
 	}
 
 	/// sanity check
-	if (rte_lcore_count() != workers.size() + worker_gcs.size())
+	if (rte_lcore_count() != workers.size() + worker_gcs.size() + slow_workers.size())
 	{
-		YADECAP_LOG_ERROR("invalid cores count: %u != %lu\n",
+		YADECAP_LOG_ERROR("invalid cores count: %u != %luwork + %lugc + %luslow\n",
 		                  rte_lcore_count(),
-		                  workers.size());
+		                  workers.size(),
+		                  worker_gcs.size(),
+		                  slow_workers.size());
 		return eResult::invalidCoresCount;
 	}
 
@@ -142,15 +226,14 @@ eResult cDataPlane::init(const std::string& binaryPath,
 		std::set<tSocketId> worker_sockets_used;
 		std::set<tSocketId> gc_sockets_used;
 
-		for (const auto& [core_id, worker] : workers)
+		for (const cWorker* const worker : workers_vector)
 		{
-			(void)core_id;
 			worker_sockets_used.emplace(worker->socketId);
 		}
 
 		for (const auto& [core_id, worker_gc] : worker_gcs)
 		{
-			(void)core_id;
+			YANET_GCC_BUG_UNUSED(core_id);
 			gc_sockets_used.emplace(worker_gc->socket_id);
 		}
 
@@ -168,48 +251,45 @@ eResult cDataPlane::init(const std::string& binaryPath,
 	}
 	numaNodesInUse = worker_gcs.size();
 
-	result = initQueues();
+	result = InitTxQueues();
 	if (result != eResult::success)
 	{
 		return result;
 	}
 
-	result = controlPlane->init(config.use_kernel_interface);
+	result = InitRxQueues();
 	if (result != eResult::success)
 	{
 		return result;
 	}
 
-	result = bus.init();
+	result = initKniQueues();
 	if (result != eResult::success)
 	{
 		return result;
 	}
 
-	result = neighbor.init(this);
+	result = controlPlane->init(config.use_kernel_interface);
 	if (result != eResult::success)
 	{
 		return result;
 	}
 
-	init_worker_base();
-
-	/// init sync barrier
-	int rc = pthread_barrier_init(&initPortBarrier, nullptr, workers.size());
-	if (rc != 0)
+	result = bus.init();
+	if (result != eResult::success)
 	{
-		YADECAP_LOG_ERROR("pthread_barrier_init() = %d\n", rc);
-		return eResult::errorInitBarrier;
+		return result;
 	}
+	bus.SetBufferForCounters(sdp_data);
 
-	/// init run sync barrier
-	rc = pthread_barrier_init(&runBarrier, nullptr, workers.size() + worker_gcs.size());
-	if (rc != 0)
+	result = neighbor.init(this);
+	if (result != eResult::success)
 	{
-		YADECAP_LOG_ERROR("pthread_barrier_init() = %d\n", rc);
-		return eResult::errorInitBarrier;
+		return result;
 	}
 
+	init_worker_base();
+
 	return result;
 }
 
@@ -405,12 +485,15 @@ eResult cDataPlane::initPorts()
 	{
 		const std::string& interfaceName = configPortIter.first;
 		const auto& [pci, name, symmetric_mode, rss_flags] = configPortIter.second;
-		(void)pci;
+		YANET_GCC_BUG_UNUSED(pci);
+
+		tPortId portId = 0;
 
-		tPortId portId;
-		if (strncmp(name.data(), SOCK_DEV_PREFIX, strlen(SOCK_DEV_PREFIX)) == 0)
+		if (StartsWith(name, SOCK_DEV_PREFIX))
 		{
-			portId = sock_dev_create(name.data(), 0);
+			std::string name_part = name.substr(SOCK_DEV_PREFIX.length());
+			YANET_LOG_INFO("Opening sockdev with path %s\n", name_part.data());
+			portId = sock_dev_create(name_part.c_str(), interfaceName.c_str(), 0);
 		}
 		else if (rte_eth_dev_get_port_by_name(name.data(), &portId))
 		{
@@ -470,7 +553,7 @@ eResult cDataPlane::initPorts()
 		std::map<tCoreId, tQueueId> rx_queues;
 
 		uint16_t rxQueuesCount = 0;
-		uint16_t txQueuesCount = config.workers.size() + 1; ///< tx queue '0' for control plane
+		uint16_t txQueuesCount = config.workers.size() + config.controlplane_workers.size(); ///< last tx queue for control plane
 		for (const auto& configWorkerIter : config.workers)
 		{
 			const tCoreId& coreId = configWorkerIter.first;
@@ -528,12 +611,111 @@ eResult cDataPlane::initPorts()
 
 	for (const auto& interface_name : remove_keys)
 	{
+		YANET_LOG_ERROR("Failed to init interface '%s'\n", std::get<0>(config.ports.at(interface_name.c_str())).c_str());
 		config.ports.erase(interface_name);
 	}
 
+	if (config.interfaces_required && config.ports.empty())
+	{
+		YANET_LOG_ERROR("Failed to configure at least one interface\n");
+		return eResult::errorInitEthernetDevice;
+	}
+
 	return eResult::success;
 }
 
+void cDataPlane::StartInterfaces()
+{
+	/// start devices
+	for (const auto& portIter : ports)
+	{
+		const tPortId& portId = portIter.first;
+
+		int rc = rte_eth_dev_start(portId);
+		if (rc)
+		{
+			YADECAP_LOG_ERROR("can't start eth dev(%d, %d): %s\n",
+			                  rc,
+			                  rte_errno,
+			                  rte_strerror(rte_errno));
+			std::abort();
+		}
+
+		rte_eth_promiscuous_enable(portId);
+	}
+
+	if (config.use_kernel_interface)
+	{
+		for (auto& [portid, handles] : kni_interface_handles)
+		{
+			if (!handles.Start())
+			{
+				YANET_LOG_ERROR("Failed to start kni interfaces");
+				std::abort();
+			}
+			if (!handles.forward.SetUp())
+			{
+				YANET_LOG_ERROR("Failed to set kni interface belonging to %s up", std::get<0>(ports.at(portid)).c_str());
+				std::abort();
+			}
+		}
+	}
+}
+
+eResult cDataPlane::init_kernel_interfaces()
+{
+	const uint16_t queue_size = getConfigValues().kernel_interface_queue_size;
+	auto vdev_queues = config.VdevQueues();
+	for (const auto& [port_id, info] : ports)
+	{
+		const auto& interface_name = std::get<0>(info);
+		if (vdev_queues.find(interface_name) == vdev_queues.end())
+		{
+			YANET_LOG_INFO("Not creating kernel interface for '%s'", interface_name.c_str());
+			continue;
+		}
+		const auto& queues = vdev_queues.at(interface_name);
+
+		auto forward = dataplane::KernelInterfaceHandle::MakeKernelInterfaceHandle(interface_name, port_id, queues, queue_size);
+		auto in = dataplane::KernelInterfaceHandle::MakeKernelInterfaceHandle("in." + interface_name, port_id, queues, queue_size);
+		auto out = dataplane::KernelInterfaceHandle::MakeKernelInterfaceHandle("out." + interface_name, port_id, queues, queue_size);
+		auto drop = dataplane::KernelInterfaceHandle::MakeKernelInterfaceHandle("drop." + interface_name, port_id, queues, queue_size);
+
+		if (!forward || !in || !out || !drop)
+		{
+			return eResult::errorAllocatingKernelInterface;
+		}
+
+		forward->CloneMTU(port_id);
+		in->CloneMTU(port_id);
+		out->CloneMTU(port_id);
+		drop->CloneMTU(port_id);
+
+		kni_interface_handles.emplace(port_id, KniHandleBundle{0, std::move(forward.value()), std::move(in.value()), std::move(out.value()), std::move(drop.value())});
+	}
+
+	return eResult::success;
+}
+
+bool cDataPlane::KNIAddTxQueue(KniHandleBundle& bundle, tQueueId queue, tSocketId socket)
+{
+	auto& [_, fwd, in, out, drop] = bundle;
+	(void)_;
+	return fwd.SetupTxQueue(queue, socket) &&
+	       in.SetupTxQueue(queue, socket) &&
+	       out.SetupTxQueue(queue, socket) &&
+	       drop.SetupTxQueue(queue, socket);
+}
+bool cDataPlane::KNIAddRxQueue(KniHandleBundle& bundle, tQueueId queue, tSocketId socket, rte_mempool* mempool)
+{
+	auto& [_, fwd, in, out, drop] = bundle;
+	(void)_;
+	return fwd.SetupRxQueue(queue, socket, mempool) &&
+	       in.SetupRxQueue(queue, socket, mempool) &&
+	       out.SetupRxQueue(queue, socket, mempool) &&
+	       drop.SetupRxQueue(queue, socket, mempool);
+}
+
 eResult cDataPlane::initGlobalBases()
 {
 	eResult result = eResult::success;
@@ -653,8 +835,10 @@ eResult cDataPlane::initGlobalBases()
 	};
 
 	/// slow worker
+	for (const auto& [core, _] : config.controlplane_workers)
 	{
-		tSocketId socketId = rte_lcore_to_socket_id(config.controlPlaneCoreId);
+		(void)_;
+		tSocketId socketId = rte_lcore_to_socket_id(core);
 
 		result = create_globalbase_atomics(socketId);
 		if (result != eResult::success)
@@ -675,7 +859,6 @@ eResult cDataPlane::initGlobalBases()
 	{
 		const tCoreId& coreId = configWorkerIter.first;
 		tSocketId socketId = rte_lcore_to_socket_id(coreId);
-
 		result = create_globalbase_atomics(socketId);
 		if (result != eResult::success)
 		{
@@ -696,54 +879,6 @@ eResult cDataPlane::initGlobalBases()
 
 eResult cDataPlane::initWorkers()
 {
-	tQueueId outQueueId = 0;
-
-	/// slow worker
-	{
-		const tCoreId& coreId = config.controlPlaneCoreId;
-		const tSocketId socket_id = rte_lcore_to_socket_id(coreId);
-
-		YADECAP_LOG_INFO("initWorker. coreId: %u [slow worker]\n", coreId);
-
-		auto* worker = memory_manager.create_static<cWorker>("worker",
-		                                                     socket_id,
-		                                                     this);
-		if (!worker)
-		{
-			return eResult::errorAllocatingMemory;
-		}
-
-		dataplane::base::permanently basePermanently;
-		basePermanently.globalBaseAtomic = globalBaseAtomics[socket_id];
-		basePermanently.outQueueId = outQueueId; ///< 0
-		for (const auto& portIter : ports)
-		{
-			if (!basePermanently.ports.Register(portIter.first))
-				return eResult::invalidPortsCount;
-		}
-
-		basePermanently.SWNormalPriorityRateLimitPerWorker = config.SWNormalPriorityRateLimitPerWorker;
-
-		dataplane::base::generation base;
-		base.globalBase = globalBases[socket_id][currentGlobalBaseId];
-
-		eResult result = worker->init(coreId,
-		                              basePermanently,
-		                              base);
-		if (result != eResult::success)
-		{
-			return result;
-		}
-
-		worker->fillStatsNamesToAddrsTable(coreId_to_stats_tables[coreId]);
-
-		workers[coreId] = worker;
-		controlPlane->slowWorker = worker;
-		workers_vector.emplace_back(worker);
-
-		outQueueId++;
-	}
-
 	for (const auto& configWorkerIter : config.workers)
 	{
 		const tCoreId& coreId = configWorkerIter.first;
@@ -759,6 +894,8 @@ eResult cDataPlane::initWorkers()
 			return eResult::errorAllocatingMemory;
 		}
 
+		worker->SetBufferForCounters(sdp_data.workers[coreId].buffer, sdp_data.metadata_worker);
+
 		dataplane::base::permanently basePermanently;
 		{
 			auto iter = globalBaseAtomics.find(socket_id);
@@ -801,8 +938,8 @@ eResult cDataPlane::initWorkers()
 		for (const auto& [port_id, port] : ports)
 		{
 			const auto& [interface_name, rx_queues, tx_queues_count, mac_address, pci, symmetric_mode] = port;
-			(void)mac_address;
-			(void)pci;
+			YANET_GCC_BUG_UNUSED(mac_address);
+			YANET_GCC_BUG_UNUSED(pci);
 
 			if (!basePermanently.ports.Register(port_id))
 				return eResult::invalidPortsCount;
@@ -870,7 +1007,7 @@ eResult cDataPlane::initWorkers()
 			}
 		}
 
-		basePermanently.outQueueId = outQueueId;
+		basePermanently.outQueueId = tx_queues_;
 
 		dataplane::base::generation base;
 		{
@@ -891,11 +1028,17 @@ eResult cDataPlane::initWorkers()
 			return result;
 		}
 
-		worker->fillStatsNamesToAddrsTable(coreId_to_stats_tables[coreId]);
 		workers[coreId] = worker;
 		workers_vector.emplace_back(worker);
 
-		outQueueId++;
+		tx_queues_++;
+	}
+
+	worker_gc_t::PortToSocketArray port_to_socket;
+	for (const auto& [port_id, port] : ports)
+	{
+		YANET_GCC_BUG_UNUSED(port);
+		port_to_socket[port_id] = rte_eth_dev_socket_id(port_id);
 	}
 
 	/// worker_gc
@@ -905,14 +1048,27 @@ eResult cDataPlane::initWorkers()
 
 		YADECAP_LOG_INFO("initWorker. coreId: %u [worker_gc]\n", core_id);
 
+		worker_gc_t::SamplersVector samplers;
+		for (cWorker* worker : workers_vector)
+		{
+			if (worker->socketId != socket_id)
+				continue;
+
+			samplers.push_back(&worker->sampler);
+		}
+
 		auto* worker = memory_manager.create_static<worker_gc_t>("worker_gc",
 		                                                         socket_id,
-		                                                         this);
+		                                                         config_values_,
+		                                                         port_to_socket,
+		                                                         std::move(samplers));
 		if (!worker)
 		{
 			return eResult::errorAllocatingMemory;
 		}
 
+		worker->SetBufferForCounters(sdp_data.workers_gc[core_id].buffer, sdp_data.metadata_worker_gc);
+
 		dataplane::base::permanently basePermanently;
 		{
 			auto iter = globalBaseAtomics.find(socket_id);
@@ -972,7 +1128,6 @@ eResult cDataPlane::initWorkers()
 			return result;
 		}
 
-		worker->fillStatsNamesToAddrsTable(coreId_to_stats_tables[core_id]);
 		worker_gcs[core_id] = worker;
 		socket_worker_gcs[socket_id] = worker;
 	}
@@ -980,32 +1135,161 @@ eResult cDataPlane::initWorkers()
 	return eResult::success;
 }
 
-std::optional<uint64_t> cDataPlane::getCounterValueByName(const std::string& counter_name, uint32_t coreId)
+eResult cDataPlane::InitSlowWorker(tCoreId core, const std::set<tCoreId>& worker_cores, tQueueId phy_queue)
 {
-	if (coreId_to_stats_tables.count(coreId) == 0)
+	const tSocketId socket_id = rte_lcore_to_socket_id(core);
+
+	YADECAP_LOG_INFO("initWorker. coreId: %u [controlplane worker]\n", core);
+
+	auto* worker = memory_manager.create_static<cWorker>("worker",
+	                                                     socket_id,
+	                                                     this);
+	if (!worker)
 	{
-		return std::optional<uint64_t>();
+		return eResult::errorAllocatingMemory;
 	}
 
-	const auto& specific_core_table = coreId_to_stats_tables[coreId];
+	worker->SetBufferForCounters(sdp_data.workers[core].buffer, sdp_data.metadata_worker);
+
+	dataplane::base::permanently basePermanently;
+	basePermanently.globalBaseAtomic = globalBaseAtomics[socket_id];
+	basePermanently.outQueueId = phy_queue;
+	for (const auto& port : ports)
+	{
+		if (!basePermanently.ports.Register(port.first))
+			return eResult::invalidPortsCount;
+	}
 
-	if (specific_core_table.count(counter_name) == 0)
+	basePermanently.SWNormalPriorityRateLimitPerWorker = config.SWNormalPriorityRateLimitPerWorker;
+
+	dataplane::base::generation base;
+	base.globalBase = globalBases[socket_id][currentGlobalBaseId];
+
+	eResult result = worker->init(core,
+	                              basePermanently,
+	                              base);
+	if (result != eResult::success)
+	{
+		return result;
+	}
+
+	workers_vector.emplace_back(worker);
+
+	std::vector<dataplane::KernelInterfaceBundleConfig> kni_bundleconf;
+
+	std::vector<tPortId> ports_to_service;
+	if (config.use_kernel_interface)
+	{
+		std::set<std::string> interfaces = config.WorkersInterfaces(worker_cores);
+		for (auto& iface : interfaces)
+		{
+			const auto name = std::get<0>(config.ports.at(iface.data())).c_str();
+			auto port = dpdk::GetPortByName(name);
+			if (!port)
+			{
+				YANET_LOG_ERROR("No port\n");
+				std::terminate();
+			}
+			ports_to_service.push_back(port.value());
+			auto& [kni_queue, fwd, in, out, drop] = kni_interface_handles.at(port.value());
+			kni_bundleconf.emplace_back(
+			        dataplane::KernelInterfaceBundleConfig{
+			                {port.value(), phy_queue},
+			                {fwd.Id(), kni_queue},
+			                {in.Id(), kni_queue},
+			                {out.Id(), kni_queue},
+			                {drop.Id(), kni_queue}});
+			++kni_queue;
+		}
+		std::stringstream ss;
+		for (auto p : ports_to_service)
+		{
+			ss << p << ' ';
+		}
+		YANET_LOG_INFO("controlplane worker on core %d, serving [%s]\n", core, ss.str().c_str());
+	}
+
+	std::vector<cWorker*> workers_to_service;
+	for (auto& core : worker_cores)
+	{
+		workers_to_service.push_back(cDataPlane::workers.at(core));
+	}
+
+	std::vector<tCoreId> gcs_to_service;
+	if (config.controlplane_workers.size() == 1)
+	{
+		for (auto gc : config.workerGCs)
+		{
+			gcs_to_service.push_back(gc);
+		}
+	}
+	else
+	{
+		for (auto gc : config.workerGCs)
+		{
+			if (rte_lcore_to_socket_id(gc) == rte_lcore_to_socket_id(core))
+			{
+				gcs_to_service.push_back(gc);
+			}
+		}
+	}
+
+	std::vector<dpdk::RingConn<rte_mbuf*>> rings_from_gcs;
+	for (auto& gccore : gcs_to_service)
+	{
+		auto r = worker_gcs.at(gccore)->RegisterSlowWorker("cw" + std::to_string(core),
+		                                                   config_values_.ring_normalPriority_size,
+		                                                   config_values_.ring_toFreePackets_size);
+		if (r)
+		{
+			rings_from_gcs.push_back(r.value());
+		}
+		else
+		{
+			abort();
+		}
+	}
+
+	auto slow = new dataplane::SlowWorker(worker,
+	                                      std::move(ports_to_service),
+	                                      std::move(workers_to_service),
+	                                      std::move(rings_from_gcs),
+	                                      dataplane::KernelInterfaceWorker{kni_bundleconf},
+	                                      socket_cplane_mempools.at(socket_id),
+	                                      config.use_kernel_interface,
+	                                      config.SWICMPOutRateLimit);
+	if (!slow)
+	{
+		return eResult::dataplaneIsBroken;
+	}
+	slow_workers.emplace(core, slow);
+	++tx_queues_;
+	return eResult::success;
+}
+
+eResult cDataPlane::InitSlowWorkers()
+{
+	auto q = tx_queues_;
+	for (auto& [core, cfg] : config.controlplane_workers)
 	{
-		return std::optional<uint64_t>();
+		if (auto res = InitSlowWorker(core, cfg, q--); res != eResult::success)
+		{
+			return res;
+		}
 	}
+	YANET_LOG_INFO("slow workers size is %lu\n", slow_workers.size());
 
-	uint64_t counter_value = *(specific_core_table.at(counter_name));
-	return std::optional<uint64_t>(counter_value);
+	return eResult::success;
 }
 
-eResult cDataPlane::initQueues()
+eResult cDataPlane::InitTxQueues()
 {
 	for (const auto& portIter : ports)
 	{
 		const tPortId& portId = portIter.first;
 
 		for (tQueueId queueId = 0;
-		     queueId < workers.size();
+		     queueId < tx_queues_;
 		     queueId++)
 		{
 			int ret = rte_eth_tx_queue_setup(portId,
@@ -1024,21 +1308,77 @@ eResult cDataPlane::initQueues()
 	return eResult::success;
 }
 
+eResult cDataPlane::InitRxQueues()
+{
+	for (const cWorker* worker : workers_vector)
+	{
+		for (const auto& [port, queue] : worker->basePermanently.rx_points)
+		{
+			int ret = rte_eth_rx_queue_setup(port,
+			                                 queue,
+			                                 getConfigValues().port_rx_queue_size,
+			                                 worker->socketId,
+			                                 nullptr,
+			                                 worker->mempool);
+			if (ret < 0)
+			{
+				YADECAP_LOG_ERROR("rte_eth_rx_queue_setup(%u, %u) = %d\n", port, queue, ret);
+				return eResult::errorInitQueue;
+			}
+		}
+	}
+
+	return eResult::success;
+}
+
+eResult cDataPlane::initKniQueues()
+{
+	for (auto& [port_id, bundle] : kni_interface_handles)
+	{
+		const auto& socket_id = rte_eth_dev_socket_id(port_id);
+		for (tQueueId q = 0; q < bundle.queues; ++q)
+		{
+			if (!KNIAddTxQueue(bundle, q, socket_id))
+			{
+				return eResult::errorInitQueue;
+			}
+		}
+
+		for (tQueueId q = 0; q < bundle.queues; ++q)
+		{
+			if (!KNIAddRxQueue(bundle, q, socket_id, socket_cplane_mempools.at(socket_id)))
+			{
+				return eResult::errorInitQueue;
+			}
+		}
+	}
+	return eResult::success;
+}
+
 void cDataPlane::init_worker_base()
 {
 	std::vector<std::tuple<tSocketId, dataplane::base::generation*>> base_nexts;
-	for (auto& [core_id, worker] : workers)
+	for (cWorker* worker : workers_vector)
+	{
+		auto* base = &worker->bases[worker->currentBaseId];
+		auto* base_next = &worker->bases[worker->currentBaseId ^ 1];
+		base_nexts.emplace_back(worker->socketId, base);
+		base_nexts.emplace_back(worker->socketId, base_next);
+	}
+
+	for (auto& iter : slow_workers)
 	{
-		(void)core_id;
+		cWorker* worker = iter.second->GetWorker();
 
 		auto* base = &worker->bases[worker->currentBaseId];
 		auto* base_next = &worker->bases[worker->currentBaseId ^ 1];
 		base_nexts.emplace_back(worker->socketId, base);
 		base_nexts.emplace_back(worker->socketId, base_next);
 	}
+
 	for (auto& [core_id, worker] : worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		auto* base = &worker->bases[worker->current_base_id];
 		auto* base_next = &worker->bases[worker->current_base_id ^ 1];
@@ -1049,33 +1389,6 @@ void cDataPlane::init_worker_base()
 	neighbor.update_worker_base(base_nexts);
 }
 
-int cDataPlane::lcoreThread(void* args)
-{
-	cDataPlane* dataPlane = (cDataPlane*)args;
-
-	if (rte_lcore_id() == dataPlane->config.controlPlaneCoreId)
-	{
-		dataPlane->controlPlane->start();
-		return 0;
-	}
-
-	if (exist(dataPlane->workers, rte_lcore_id()))
-	{
-		dataPlane->workers[rte_lcore_id()]->start();
-	}
-	else if (exist(dataPlane->worker_gcs, rte_lcore_id()))
-	{
-		dataPlane->worker_gcs[rte_lcore_id()]->start();
-	}
-	else
-	{
-		YADECAP_LOG_ERROR("invalid core id: '%u'\n", rte_lcore_id());
-		/// @todo: stop
-	}
-
-	return 0;
-}
-
 void cDataPlane::timestamp_thread()
 {
 	uint32_t prev_time = 0;
@@ -1088,7 +1401,7 @@ void cDataPlane::timestamp_thread()
 		{
 			for (const auto& [socket_id, globalbase_atomic] : globalBaseAtomics)
 			{
-				(void)socket_id;
+				YANET_GCC_BUG_UNUSED(socket_id);
 				globalbase_atomic->currentTime = current_time;
 			}
 
@@ -1099,16 +1412,107 @@ void cDataPlane::timestamp_thread()
 	}
 }
 
+void cDataPlane::SWRateLimiterTimeTracker()
+{
+	for (;;)
+	{
+		using namespace std::chrono_literals;
+		// seem to be sufficiently fast function for slowWorker whose threshold is 200'000 packets per second
+		std::chrono::high_resolution_clock::time_point curTimePointForSWRateLimiter = std::chrono::high_resolution_clock::now();
+
+		// is it time to reset icmpPacketsToSW counters?
+		if (std::chrono::duration_cast<std::chrono::milliseconds>(
+		            curTimePointForSWRateLimiter - prevTimePointForSWRateLimiter) >= 1000ms / config.rateLimitDivisor)
+		{
+			// the only place thread-shared variable icmpPacketsToSW is changed
+			for (cWorker* worker : workers_vector)
+			{
+
+				__atomic_store_n(&worker->packetsToSWNPRemainder, config.SWNormalPriorityRateLimitPerWorker, __ATOMIC_RELAXED);
+			}
+
+			for (auto& [core, slow] : slow_workers)
+			{
+				YANET_GCC_BUG_UNUSED(core);
+				slow->ResetIcmpOutRemainder(config.SWICMPOutRateLimit / config.rateLimitDivisor);
+			}
+
+			prevTimePointForSWRateLimiter = curTimePointForSWRateLimiter;
+		}
+		std::this_thread::sleep_for(100ms / config.rateLimitDivisor);
+	}
+}
+
+int cDataPlane::LcoreFunc(void* args)
+{
+	const auto& workloads = *reinterpret_cast<std::map<tCoreId, std::function<void()>>*>(args);
+	if (auto it = workloads.find(rte_lcore_id()); it != workloads.end())
+	{
+		it->second();
+		return 0;
+	}
+	else
+	{
+		YADECAP_LOG_ERROR("invalid core id: '%u'\n", rte_lcore_id());
+		return -1;
+	}
+}
+
 void cDataPlane::start()
 {
 	threads.emplace_back([this]() {
 		timestamp_thread();
 	});
 
+	threads.emplace_back([this]() {
+		YANET_LOG_INFO("Rate limiter started\n");
+		SWRateLimiterTimeTracker();
+	});
+
 	bus.run();
 
-	/// run forwarding plane and control plane
-	rte_eal_mp_remote_launch(lcoreThread, this, CALL_MAIN);
+	/// run forwarding plane
+	for (auto& [core, worker] : workers)
+	{
+		if (coreFunctions_.find(core) != coreFunctions_.end())
+		{
+			YANET_LOG_ERROR("Multiple workloads assigned to core %d\n", core);
+		}
+		coreFunctions_.emplace(core, [worker]() {
+			worker->start();
+		});
+	}
+
+	for (auto& [core, garbage_collector] : worker_gcs)
+	{
+		if (coreFunctions_.find(core) != coreFunctions_.end())
+		{
+			YANET_LOG_ERROR("Multiple workloads assigned to core %d\n", core);
+		}
+		coreFunctions_.emplace(core, [garbage_collector]() {
+			garbage_collector->start();
+		});
+	}
+
+	for (auto& [core, slow] : slow_workers)
+	{
+		if (coreFunctions_.find(core) != coreFunctions_.end())
+		{
+			YANET_LOG_ERROR("Multiple workloads assigned to core %d\n", core);
+		}
+		coreFunctions_.emplace(core, [slow]() {
+			auto work_runner = dpdk::WorkRunner{slow, dpdk::Yielder{}};
+			work_runner.Run();
+		});
+	}
+
+	StartInterfaces();
+
+	if (rte_eal_mp_remote_launch(LcoreFunc, this, CALL_MAIN))
+	{
+		YANET_LOG_ERROR("Failed to launch workers: some of assigned lcores busy\n");
+		abort();
+	}
 }
 
 void cDataPlane::join()
@@ -1134,6 +1538,34 @@ void cDataPlane::run_on_worker_gc(const tSocketId socket_id,
 	socket_worker_gcs.find(socket_id)->second->run_on_this_thread(callback);
 }
 
+eResult cDataPlane::initSharedMemory()
+{
+	std::vector<tCoreId> workers_id;
+	std::vector<tCoreId> workers_gc_id;
+
+	// workers
+	for (const auto& worker : config.workers)
+	{
+		workers_id.push_back(worker.first);
+	}
+	// slow workers
+	for (const auto& worker : config.controlplane_workers)
+	{
+		workers_id.push_back(worker.first);
+	}
+	// workers gc
+	for (const auto& coreId : config.workerGCs)
+	{
+		workers_gc_id.push_back(coreId);
+	}
+
+	cWorker::FillMetadataWorkerCounters(sdp_data.metadata_worker);
+	worker_gc_t::FillMetadataWorkerCounters(sdp_data.metadata_worker_gc);
+	sdp_data.size_bus_section = cBus::GetSizeForCounters();
+
+	return common::sdp::SdrSever::PrepareSharedMemoryData(sdp_data, workers_id, workers_gc_id, config.useHugeMem);
+}
+
 eResult cDataPlane::allocateSharedMemory()
 {
 	/// precalculation of shared memory size for each numa
@@ -1160,8 +1592,9 @@ eResult cDataPlane::allocateSharedMemory()
 	}
 
 	/// slow worker
+	for (const auto& [coreId, _] : config.controlplane_workers)
 	{
-		const int coreId = config.controlPlaneCoreId;
+		(void)_;
 
 		auto socket_id = numa_node_of_cpu(coreId);
 		if (socket_id == -1)
@@ -1212,7 +1645,7 @@ eResult cDataPlane::allocateSharedMemory()
 			it = shm_size_per_socket.emplace_hint(it, socket_id, 0);
 		}
 
-		it->second += sizeof(dataplane::perf::tsc_deltas) * (num + ((int)socket_id == numa_node_of_cpu(config.controlPlaneCoreId)));
+		it->second += sizeof(dataplane::perf::tsc_deltas) * (num + 1);
 	}
 
 	/// allocating IPC shared memory
@@ -1228,9 +1661,9 @@ eResult cDataPlane::allocateSharedMemory()
 		int shmid = shmget(key, 0, 0);
 		if (shmid != -1)
 		{
-			if (shmctl(shmid, IPC_RMID, NULL) < 0)
+			if (shmctl(shmid, IPC_RMID, nullptr) < 0)
 			{
-				YADECAP_LOG_ERROR("shmctl(%d, IPC_RMID, NULL): %s\n", shmid, strerror(errno));
+				YADECAP_LOG_ERROR("shmctl(%d, IPC_RMID, nullptr): %s\n", shmid, strerror(errno));
 				return eResult::errorInitSharedMemory;
 			}
 		}
@@ -1248,10 +1681,10 @@ eResult cDataPlane::allocateSharedMemory()
 			return eResult::errorInitSharedMemory;
 		}
 
-		void* shmaddr = shmat(shmid, NULL, 0);
+		void* shmaddr = shmat(shmid, nullptr, 0);
 		if (shmaddr == (void*)-1)
 		{
-			YADECAP_LOG_ERROR("shmat(%d, NULL, %d): %s\n", shmid, 0, strerror(errno));
+			YADECAP_LOG_ERROR("shmat(%d, nullptr, %d): %s\n", shmid, 0, strerror(errno));
 			return eResult::errorInitSharedMemory;
 		}
 
@@ -1273,7 +1706,7 @@ eResult cDataPlane::splitSharedMemoryPerWorkers()
 	}
 
 	/// split memory per worker
-	for (auto& [core_id, worker] : workers)
+	for (cWorker* worker : workers_vector)
 	{
 		const auto& socket_id = worker->socketId;
 		const auto& it = shm_by_socket_id.find(socket_id);
@@ -1301,7 +1734,7 @@ eResult cDataPlane::splitSharedMemoryPerWorkers()
 				size += RTE_CACHE_LINE_SIZE - size % RTE_CACHE_LINE_SIZE; /// round up
 			}
 
-			auto name = "shm_" + std::to_string(core_id) + "_" + std::to_string(ring_id);
+			auto name = "shm_" + std::to_string(worker->coreId) + "_" + std::to_string(ring_id);
 
 			auto offset = offsets[shm];
 
@@ -1315,7 +1748,7 @@ eResult cDataPlane::splitSharedMemoryPerWorkers()
 
 			worker->dumpRings[ring_id] = ring;
 
-			auto meta = common::idp::get_shm_info::dump_meta(name, tag, unit_size, units_number, core_id, socket_id, key, offset);
+			auto meta = common::idp::get_shm_info::dump_meta(name, tag, unit_size, units_number, worker->coreId, socket_id, key, offset);
 			dumps_meta.emplace_back(meta);
 
 			tag_to_id[tag] = ring_id;
@@ -1324,7 +1757,7 @@ eResult cDataPlane::splitSharedMemoryPerWorkers()
 		}
 	}
 
-	for (auto& [core_id, worker] : workers)
+	for (cWorker* worker : workers_vector)
 	{
 		const auto& socket_id = worker->socketId;
 		const auto& it = shm_by_socket_id.find(socket_id);
@@ -1335,11 +1768,12 @@ eResult cDataPlane::splitSharedMemoryPerWorkers()
 		const auto& [key, shm] = it->second;
 
 		auto offset = offsets[shm];
-		worker->tsc_deltas = (dataplane::perf::tsc_deltas*)((intptr_t)shm + offset);
-		memset(worker->tsc_deltas, 0, sizeof(dataplane::perf::tsc_deltas));
+		worker->tsc_deltas = reinterpret_cast<dataplane::perf::tsc_deltas*>(reinterpret_cast<intptr_t>(shm) + offset);
+		// Use value-initialization to reset the object
+		*worker->tsc_deltas = {};
 		offsets[shm] += sizeof(dataplane::perf::tsc_deltas);
 
-		auto meta = common::idp::get_shm_tsc_info::tsc_meta(core_id, socket_id, key, offset);
+		auto meta = common::idp::get_shm_tsc_info::tsc_meta(worker->coreId, socket_id, key, offset);
 		tscs_meta.emplace_back(meta);
 	}
 
@@ -1366,6 +1800,11 @@ common::idp::get_shm_tsc_info::response cDataPlane::getShmTscInfo()
 	return result;
 }
 
+const common::idp::hitcount_dump::response& cDataPlane::getHitcountMap()
+{
+	return hitcount_map_;
+}
+
 std::map<std::string, common::uint64> cDataPlane::getPortStats(const tPortId& portId) const
 {
 	/// unsafe
@@ -1458,16 +1897,15 @@ void cDataPlane::switch_worker_base()
 
 	/// collect all base_next
 	std::vector<std::tuple<tSocketId, dataplane::base::generation*>> base_nexts;
-	for (auto& [core_id, worker] : workers)
+	for (cWorker* worker : workers_vector)
 	{
-		(void)core_id;
-
 		auto* base_next = &worker->bases[worker->currentBaseId ^ 1];
 		base_nexts.emplace_back(worker->socketId, base_next);
 	}
+
 	for (auto& [core_id, worker] : worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 
 		auto* base_next = &worker->bases[worker->current_base_id ^ 1];
 		base_nexts.emplace_back(worker->socket_id, base_next);
@@ -1544,6 +1982,13 @@ eResult cDataPlane::parseConfig(const std::string& configFilePath)
 		}
 	}
 
+	auto cp_workers = parseControlPlaneWorkers(rootJson);
+	if (!cp_workers)
+	{
+		return eResult::invalidConfigurationFile;
+	}
+	config.controlplane_workers = std::move(cp_workers.value());
+
 	if (rootJson.find("hugeMem") != rootJson.end())
 	{
 		config.useHugeMem = rootJson.find("hugeMem").value();
@@ -1558,6 +2003,8 @@ eResult cDataPlane::parseConfig(const std::string& configFilePath)
 		config.use_kernel_interface = rootJson.find("use_kernel_interface").value();
 	}
 
+	config.interfaces_required = rootJson.value("interfacesRequired", config.interfaces_required);
+
 	if (rootJson.find("rateLimits") != rootJson.end())
 	{
 		result = parseRateLimits(rootJson.find("rateLimits").value());
@@ -1667,9 +2114,121 @@ eResult cDataPlane::parseJsonPorts(const nlohmann::json& json)
 	return eResult::success;
 }
 
+std::optional<std::map<tCoreId, std::set<tCoreId>>> cDataPlane::parseControlPlaneWorkers(const nlohmann::json& root)
+{
+	nlohmann::json dflt;
+	auto cpw = root.find("controlPlaneWorkers");
+	if (cpw == root.end())
+	{
+		dflt = makeLegacyControlPlaneWorkerConfig();
+		YADECAP_LOG_WARNING("no config for control plane workers provided, using default legacy config\"%s\"\n",
+		                    dflt.dump().c_str());
+		cpw = dflt.find("controlPlaneWorkers");
+	}
+
+	std::map<tCoreId, std::set<tCoreId>> result;
+
+	auto add_worker = [&](const nlohmann::json& j) {
+		auto worker = parseControlPlaneWorker(j);
+		if (!worker)
+		{
+			YADECAP_LOG_ERROR("invalid control plane worker config \"%s\"\n", j.dump().c_str());
+			return false;
+		}
+		result[worker->first] = worker->second;
+		return true;
+	};
+
+	if (!cpw->is_array())
+	{
+		if (!add_worker(cpw.value()))
+		{
+			return std::nullopt;
+		}
+	}
+	else
+	{
+		for (auto j : cpw.value())
+		{
+			if (!add_worker(j))
+			{
+				return std::nullopt;
+			}
+		}
+	}
+
+	return std::optional{std::move(result)};
+}
+
+nlohmann::json cDataPlane::makeLegacyControlPlaneWorkerConfig()
+{
+	nlohmann::json j;
+	j["core"] = config.controlPlaneCoreId;
+	j["serviced_cores"] = FastWorkerCores();
+	return nlohmann::json{{"controlPlaneWorkers", j}};
+}
+
+const std::set<tCoreId> cDataPlane::FastWorkerCores() const
+{
+	std::set<tCoreId> cores;
+	for (auto& [core, workers] : config.workers)
+	{
+		YANET_GCC_BUG_UNUSED(workers);
+		if (!cores.insert(core).second)
+		{
+			YANET_LOG_ERROR("Same core specified in config for multiple workers\n");
+		}
+	}
+	return cores;
+}
+
+std::optional<std::pair<tCoreId, std::set<tCoreId>>> cDataPlane::parseControlPlaneWorker(const nlohmann::json& cpwj)
+{
+	auto jcore = cpwj.find("core");
+	if (jcore == cpwj.end())
+	{
+		YADECAP_LOG_ERROR("controlPlaneWorker entry has no \"core\" field\n");
+		return std::nullopt;
+	}
+	if (!jcore.value().is_number_unsigned())
+	{
+		YADECAP_LOG_ERROR("controlPlaneWorker entry \"core\" field is not an unsigned integer\n");
+		return std::nullopt;
+	}
+	tCoreId core = jcore.value();
+	std::set<tCoreId> worker_cores;
+
+	auto jworkers = cpwj.find("serviced_cores");
+	if (!jworkers.value().is_array())
+	{
+		YADECAP_LOG_ERROR("controlPlaneWorker entry \"workers\" has invalid type.\n");
+		return std::nullopt;
+	}
+
+	for (auto& j : jworkers.value())
+	{
+		if (!j.is_number_unsigned())
+		{
+			YANET_LOG_ERROR("controlPlaneWorker entry in \"serviced_cores\" is not an unsigned integer\n");
+			return std::nullopt;
+		}
+		tCoreId id = j;
+		if (config.workers.find(id) == config.workers.end())
+		{
+			YANET_LOG_ERROR("controlPlaneWorker entry %d in \"serviced_cores\" is not a valid worker core id\n", id);
+		}
+		if (!worker_cores.insert(id).second)
+		{
+			YANET_LOG_ERROR("controlPlaneWorker entry %d in \"serviced_cores\" is duplicate\n", id);
+		}
+	}
+
+	return std::make_pair(core, std::move(worker_cores));
+}
+
 eResult cDataPlane::parseConfigValues(const nlohmann::json& json)
 {
-	configValues = json;
+	config_values_ = json;
 	return eResult::success;
 }
 
@@ -1722,10 +2281,14 @@ eResult cDataPlane::checkConfig()
 		return eResult::invalidConfigurationFile;
 	}
 
-	if (config.controlPlaneCoreId >= std::thread::hardware_concurrency())
+	for (auto& [core, _] : config.controlplane_workers)
 	{
-		YADECAP_LOG_ERROR("invalid coreId: '%u'\n", config.controlPlaneCoreId);
-		return eResult::invalidConfigurationFile;
+		(void)_;
+		if (core >= std::thread::hardware_concurrency())
+		{
+			YADECAP_LOG_ERROR("invalid coreId: '%u'\n", core);
+			return eResult::invalidConfigurationFile;
+		}
 	}
 
 	{
@@ -1733,9 +2296,9 @@ eResult cDataPlane::checkConfig()
 		for (const auto& portIter : config.ports)
 		{
 			const auto& [pci, name, symmetric_mode, rss_flags] = portIter.second;
-			(void)pci;
-			(void)symmetric_mode;
-			(void)rss_flags;
+			YANET_GCC_BUG_UNUSED(pci);
+			YANET_GCC_BUG_UNUSED(symmetric_mode);
+			YANET_GCC_BUG_UNUSED(rss_flags);
 
 			if (exist(names, name))
 			{
@@ -1752,7 +2315,7 @@ eResult cDataPlane::checkConfig()
 		const tCoreId& coreId = workerIter.first;
 
 		if (coreId >= std::thread::hardware_concurrency() ||
-		    coreId == config.controlPlaneCoreId)
+		    config.controlplane_workers.find(coreId) != config.controlplane_workers.end())
 		{
 			YADECAP_LOG_ERROR("invalid coreId: '%u'\n", coreId);
 			return eResult::invalidConfigurationFile;
@@ -1797,18 +2360,23 @@ eResult cDataPlane::initEal(const std::string& binaryPath,
 
 	insert_eal_arg("-c");
 
-	uint64_t coresMask = 0;
-	coresMask |= (((uint64_t)1) << (uint64_t)config.controlPlaneCoreId);
+	std::bitset<std::numeric_limits<uint_least64_t>::digits> cores_mask;
+	cores_mask[config.controlPlaneCoreId] = true;
+	for (const auto& iter : config.controlplane_workers)
+	{
+		const tCoreId& coreId = iter.first;
+		cores_mask[coreId] = true;
+	}
 	for (const auto& coreId : config.workerGCs)
 	{
-		coresMask |= (((uint64_t)1) << (uint64_t)coreId);
+		cores_mask[coreId] = true;
 	}
 	for (const auto& iter : config.workers)
 	{
 		const tCoreId& coreId = iter.first;
-		coresMask |= (((uint64_t)1) << (uint64_t)coreId);
+		cores_mask[coreId] = true;
 	}
-	insert_eal_arg("0x%" PRIx64, coresMask);
+	insert_eal_arg("0x%" PRIx64, static_cast<uint_least64_t>(cores_mask.to_ullong()));
 
 #if RTE_VERSION >= RTE_VERSION_NUM(20, 11, 0, 0)
 	insert_eal_arg("--main-lcore");
@@ -1828,12 +2396,12 @@ eResult cDataPlane::initEal(const std::string& binaryPath,
 	for (const auto& port : config.ports)
 	{
 		const auto& [pci, name, symmetric_mode, rss_flags] = port.second;
-		(void)name;
-		(void)symmetric_mode;
-		(void)rss_flags;
+		YANET_GCC_BUG_UNUSED(name);
+		YANET_GCC_BUG_UNUSED(symmetric_mode);
+		YANET_GCC_BUG_UNUSED(rss_flags);
 
 		// Do not whitelist sock dev virtual devices
-		if (strncmp(pci.data(), SOCK_DEV_PREFIX, strlen(SOCK_DEV_PREFIX)) == 0)
+		if (StartsWith(name, SOCK_DEV_PREFIX))
 		{
 			continue;
 		}
diff --git a/dataplane/dataplane.h b/dataplane/dataplane.h
index 1671bdac..9e75d108 100644
--- a/dataplane/dataplane.h
+++ b/dataplane/dataplane.h
@@ -22,11 +22,14 @@
 #include "config_values.h"
 #include "controlplane.h"
 #include "globalbase.h"
+#include "kernel_interface_handler.h"
 #include "memory_manager.h"
 #include "neighbor.h"
 #include "report.h"
+#include "slow_worker.h"
 #include "type.h"
-#include "worker_gc.h"
+
+using InterfaceName = std::string;
 
 struct tDataPlaneConfig
 {
@@ -36,7 +39,7 @@ struct tDataPlaneConfig
 	   and an identifier (typically pci id) used to lookup the port within
 	   DPDK.
 	*/
-	std::map<std::string, ///< interfaceName
+	std::map<InterfaceName,
 	         std::tuple<std::string, ///< pci
 	                    std::string, ///< name
 	                    bool, ///< symmetric_mode
@@ -46,9 +49,11 @@ struct tDataPlaneConfig
 
 	std::set<tCoreId> workerGCs;
 	tCoreId controlPlaneCoreId;
-	std::map<tCoreId, std::vector<std::string>> workers;
+	std::map<tCoreId, std::set<tCoreId>> controlplane_workers;
+	std::map<tCoreId, std::vector<InterfaceName>> workers;
 	bool useHugeMem = true;
 	bool use_kernel_interface = true;
+	bool interfaces_required = true;
 	uint64_t rssFlags = RTE_ETH_RSS_IP;
 	uint32_t SWNormalPriorityRateLimitPerWorker = 0;
 	uint32_t SWICMPOutRateLimit = 0;
@@ -57,6 +62,35 @@ struct tDataPlaneConfig
 	std::map<std::string, std::tuple<unsigned int, unsigned int>> shared_memory;
 
 	std::vector<std::string> ealArgs;
+	std::set<InterfaceName> WorkersInterfaces(std::set<tCoreId> cores)
+	{
+		std::set<InterfaceName> ifaces;
+		for (auto core : cores)
+		{
+			auto worker = workers.at(core);
+			ifaces.insert(worker.begin(), worker.end());
+		}
+		return ifaces;
+	}
+	std::map<InterfaceName, tQueueId> VdevQueues()
+	{
+		std::map<InterfaceName, tQueueId> total;
+		for (auto& [_, cores] : controlplane_workers)
+		{
+			(void)_;
+			std::set<InterfaceName> ifaces;
+			for (auto core : cores)
+			{
+				const auto& w = workers.at(core);
+				ifaces.insert(w.begin(), w.end());
+			}
+			for (auto& iface : ifaces)
+			{
+				++total[iface];
+			}
+		}
+		return total;
+	}
 };
 
 class hugepage_pointer
@@ -91,10 +125,11 @@ class cDataPlane
 	void start();
 	void join();
 
-	const ConfigValues& getConfigValues() const { return configValues; }
+	const ConfigValues& getConfigValues() const { return config_values_; }
 	std::map<std::string, common::uint64> getPortStats(const tPortId& portId) const;
 	std::optional<tPortId> interface_name_to_port_id(const std::string& interface_name);
 	const std::set<tSocketId>& get_socket_ids() const;
+	const std::set<tCoreId> FastWorkerCores() const;
 	const std::vector<cWorker*>& get_workers() const;
 	void run_on_worker_gc(const tSocketId socket_id, const std::function<bool()>& callback);
 
@@ -104,10 +139,14 @@ class cDataPlane
 	{
 		return current_time;
 	}
+	std::string InterfaceNameFromPort(tPortId id) { return std::get<0>(ports[id]); };
 
 protected:
 	eResult parseConfig(const std::string& configFilePath);
 	eResult parseJsonPorts(const nlohmann::json& json);
+	std::optional<std::map<tCoreId, std::set<tCoreId>>> parseControlPlaneWorkers(const nlohmann::json& config);
+	std::optional<std::pair<tCoreId, std::set<tCoreId>>> parseControlPlaneWorker(const nlohmann::json& cpwj);
+	nlohmann::json makeLegacyControlPlaneWorkerConfig();
 	eResult parseConfigValues(const nlohmann::json& json);
 	eResult parseRateLimits(const nlohmann::json& json);
 	eResult parseSharedMemory(const nlohmann::json& json);
@@ -115,34 +154,68 @@ class cDataPlane
 
 	eResult initEal(const std::string& binaryPath, const std::string& filePrefix);
 	eResult initPorts();
-	eResult initRingPorts();
+
+	std::map<tCoreId, std::function<void()>> coreFunctions_;
+	static int LcoreFunc(void* args);
+
+	struct KniHandleBundle
+	{
+		tQueueId queues = 0;
+		dataplane::KernelInterfaceHandle forward;
+		dataplane::KernelInterfaceHandle in_dump;
+		dataplane::KernelInterfaceHandle out_dump;
+		dataplane::KernelInterfaceHandle drop_dump;
+		bool Start()
+		{
+			return forward.Start() &&
+			       in_dump.Start() &&
+			       out_dump.Start() &&
+			       drop_dump.Start();
+		}
+	};
+
+public:
+	void StartInterfaces();
+
+protected:
+	eResult init_kernel_interfaces();
+	bool KNIAddTxQueue(KniHandleBundle& bundle, tQueueId queue, tSocketId socket);
+	bool KNIAddRxQueue(KniHandleBundle& bundle, tQueueId queue, tSocketId socket, rte_mempool* mempool);
 	eResult initGlobalBases();
 	eResult initWorkers();
-	eResult initQueues();
+	eResult InitSlowWorker(tCoreId core, const std::set<tCoreId>& workers, tQueueId phy_queue);
+	eResult InitSlowWorkers();
+	eResult initKniQueues();
+	eResult InitTxQueues();
+	eResult InitRxQueues();
+	eResult initSharedMemory();
 	void init_worker_base();
 
 	eResult allocateSharedMemory();
 	eResult splitSharedMemoryPerWorkers();
 
-	std::optional<uint64_t> getCounterValueByName(const std::string& counter_name, uint32_t coreId);
 	common::idp::get_shm_info::response getShmInfo();
 	common::idp::get_shm_tsc_info::response getShmTscInfo();
+	const common::idp::hitcount_dump::response& getHitcountMap();
 
-	static int lcoreThread(void* args);
 	void timestamp_thread();
+	void SWRateLimiterTimeTracker();
+	std::chrono::high_resolution_clock::time_point prevTimePointForSWRateLimiter;
 
 protected:
 	friend class cWorker;
 	friend class cReport;
 	friend class cControlPlane;
-	friend class cBus;
 	friend class dataplane::globalBase::generation;
 	friend class worker_gc_t;
 
 	tDataPlaneConfig config;
+	ConfigValues config_values_;
+
+	std::map<tPortId, KniHandleBundle> kni_interface_handles;
 
 	std::map<tPortId,
-	         std::tuple<std::string, ///< interface_name
+	         std::tuple<InterfaceName,
 	                    std::map<tCoreId, tQueueId>, ///< rx_queues
 	                    unsigned int, ///< tx_queues_count
 	                    common::mac_address_t, ///< mac_address
@@ -150,27 +223,29 @@ class cDataPlane
 	                    bool ///< symmetric_mode
 	                    >>
 	        ports;
+	tQueueId tx_queues_ = 0;
 	std::map<tCoreId, cWorker*> workers;
 	std::map<tCoreId, worker_gc_t*> worker_gcs;
+	std::map<tCoreId, dataplane::SlowWorker*> slow_workers;
+	std::map<tCoreId, dataplane::KernelInterfaceWorker*> kni_workers;
 
 	std::mutex currentGlobalBaseId_mutex;
 	uint8_t currentGlobalBaseId;
+
+public:
 	std::map<tSocketId, dataplane::globalBase::atomic*> globalBaseAtomics;
+
+protected:
 	size_t numaNodesInUse;
 	std::map<tSocketId, std::array<dataplane::globalBase::generation*, 2>> globalBases;
 	uint32_t globalBaseSerial;
 
-	ConfigValues configValues;
-
 	std::map<std::string,
 	         std::tuple<int, ///< socket
 	                    rte_ring*,
 	                    rte_ring*>>
 	        ringPorts;
 
-	pthread_barrier_t initPortBarrier;
-	pthread_barrier_t runBarrier;
-
 	rte_mempool* mempool_log;
 
 	common::idp::get_shm_info::response dumps_meta;
@@ -178,13 +253,14 @@ class cDataPlane
 
 	common::idp::get_shm_tsc_info::response tscs_meta;
 
-	// array instead of the table - how many coreIds can be there?
-	std::unordered_map<uint32_t, std::unordered_map<std::string, uint64_t*>> coreId_to_stats_tables;
+	common::idp::hitcount_dump::response hitcount_map_;
 
 	std::map<tSocketId, std::tuple<key_t, void*>> shm_by_socket_id;
 
 	std::set<tSocketId> socket_ids;
 	std::map<tSocketId, worker_gc_t*> socket_worker_gcs;
+	std::map<tSocketId, rte_mempool*> socket_cplane_mempools;
+
 	std::vector<cWorker*> workers_vector;
 
 	std::mutex switch_worker_base_mutex;
@@ -194,6 +270,8 @@ class cDataPlane
 
 	mutable std::mutex dpdk_mutex;
 
+	common::sdp::DataPlaneInSharedMemory sdp_data;
+
 public: ///< modules
 	cReport report;
 	std::unique_ptr<cControlPlane> controlPlane;
diff --git a/dataplane/dpdk.cpp b/dataplane/dpdk.cpp
new file mode 100644
index 00000000..c799536d
--- /dev/null
+++ b/dataplane/dpdk.cpp
@@ -0,0 +1,39 @@
+#include <dpdk.h>
+
+namespace dpdk
+{
+
+std::optional<std::string> GetNameByPort(tPortId pid)
+{
+	char cname[256];
+	if (int res = rte_eth_dev_get_name_by_port(pid, cname); res)
+	{
+		YANET_LOG_ERROR("Failed to get name for port %d (%s)\n", pid, strerror(res));
+		return std::nullopt;
+	}
+	return std::optional<std::string>{cname};
+}
+
+std::optional<tPortId> GetPortByName(const std::string& name)
+{
+	tPortId port = 0;
+	if (int res = rte_eth_dev_get_port_by_name(name.c_str(), &port); res)
+	{
+		YANET_LOG_ERROR("Failed to get port for name %s (%s)\n", name.c_str(), strerror(res));
+		return std::nullopt;
+	}
+	return port;
+}
+
+std::optional<common::mac_address_t> GetMacAddress(tPortId pid)
+{
+	rte_ether_addr ether_addr;
+	if (int res = rte_eth_macaddr_get(pid, &ether_addr))
+	{
+		YANET_LOG_ERROR("Failed to get MAC for port %d (%s)\n", pid, strerror(res));
+		return std::nullopt;
+	}
+	return std::optional<common::mac_address_t>{ether_addr.addr_bytes};
+}
+
+}
diff --git a/dataplane/dpdk.h b/dataplane/dpdk.h
new file mode 100644
index 00000000..ca8dec2f
--- /dev/null
+++ b/dataplane/dpdk.h
@@ -0,0 +1,90 @@
+#pragma once
+#include <optional>
+#include <string>
+
+#include <rte_ethdev.h>
+#include <rte_mbuf.h>
+#include <rte_ring.h>
+
+#include "common/type.h"
+
+namespace dpdk
+{
+template<typename T>
+class Ring
+{
+	rte_ring* ring_;
+	Ring(rte_ring* ring) :
+	        ring_{ring} {}
+
+public:
+	Ring(const Ring& other) :
+	        ring_{other.ring_}
+	{
+	}
+	static std::optional<Ring<T>> Make(const std::string& name,
+	                                   unsigned int count,
+	                                   int socket_id,
+	                                   unsigned int flags)
+	{
+		return Wrap(rte_ring_create(name.c_str(),
+		                            count,
+		                            socket_id,
+		                            flags));
+	}
+	static std::optional<Ring<T>> Wrap(rte_ring* r)
+	{
+		if (!r)
+		{
+			return std::nullopt;
+		}
+		else
+		{
+			return std::optional{std::move(Ring<T>{r})};
+		}
+	}
+	int EnqueueSP(T obj)
+	{
+		return rte_ring_sp_enqueue(ring_, reinterpret_cast<void*>(obj));
+	}
+
+	template<int MAX_COUNT>
+	int DequeueBurstSC(rte_mbuf* (&mbufs)[MAX_COUNT])
+	{
+		return rte_ring_sc_dequeue_burst(ring_,
+		                                 (void**)mbufs,
+		                                 MAX_COUNT,
+		                                 nullptr);
+	}
+
+	void Destroy()
+	{
+		rte_ring_free(ring_);
+	}
+
+	rte_ring* _Underlying() { return ring_; }
+};
+
+template<typename T>
+struct RingConn
+{
+	Ring<T> process;
+	Ring<T> free;
+};
+
+struct Endpoint
+{
+	tPortId port;
+	tQueueId queue;
+	Endpoint() :
+	        Endpoint(-1, -1) {}
+	Endpoint(tPortId port, tQueueId queue) :
+	        port{port}, queue{queue} {}
+};
+
+std::optional<std::string> GetNameByPort(tPortId pid);
+std::optional<tPortId> GetPortByName(const std::string& name);
+
+std::optional<common::mac_address_t> GetMacAddress(tPortId pid);
+
+} // namespace dpdk
diff --git a/dataplane/dregress.cpp b/dataplane/dregress.cpp
index 70835f11..c833aa01 100644
--- a/dataplane/dregress.cpp
+++ b/dataplane/dregress.cpp
@@ -1,22 +1,46 @@
 #include <rte_tcp.h>
 #include <rte_udp.h>
 
-#include "common/fallback.h"
-
 #include "checksum.h"
-#include "controlplane.h"
 #include "dataplane.h"
 #include "dregress.h"
 #include "metadata.h"
-#include "worker.h"
+#include "slow_worker.h"
+
+dregress_t::dregress_t(dataplane::SlowWorker* slow, cDataPlane* dataplane, uint32_t gc_step) :
+        slow_worker_{slow},
+        dataplane{dataplane},
+        stats{},
+        connections{new dregress::ConnTable},
+        gc_step{gc_step}
+{}
+dregress_t::dregress_t(dregress_t&& other) :
+        connections{nullptr}
+{
+	*this = std::move(other);
+
+	other.connections = nullptr;
+}
 
-dregress_t::dregress_t(cControlPlane* controlplane,
-                       cDataPlane* dataplane) :
-        controlplane(controlplane),
-        dataplane(dataplane)
+dregress_t& dregress_t::operator=(dregress_t&& other)
 {
-	memset(&stats, 0, sizeof(stats));
-	connections = new dataplane::hashtable_chain_spinlock_t<dregress::connection_key_t, dregress::connection_value_t, YANET_CONFIG_DREGRESS_HT_SIZE, YANET_CONFIG_DREGRESS_HT_EXTENDED_SIZE, 4, 4>();
+	slow_worker_ = other.slow_worker_;
+	dataplane = other.dataplane;
+	stats = other.stats;
+	std::swap(connections, other.connections);
+
+	auto pre_guard = std::lock_guard(other.prefixes_mutex);
+	std::swap(local_prefixes_v4, other.local_prefixes_v4);
+	std::swap(local_prefixes_v6, other.local_prefixes_v6);
+	std::swap(prefixes, other.prefixes);
+	std::swap(values, other.values);
+
+	auto count_guard = std::lock_guard(other.counters_mutex);
+	std::swap(counters_v4, other.counters_v4);
+	std::swap(counters_v6, other.counters_v6);
+
+	gc_step = other.gc_step;
+	return *this;
 }
 
 dregress_t::~dregress_t()
@@ -28,14 +52,14 @@ void dregress_t::insert(rte_mbuf* mbuf)
 {
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
-	const auto& base = controlplane->slowWorker->bases[controlplane->slowWorker->localBaseId & 1];
+	const auto& base = slow_worker_->current_base();
 	const auto& dregress = base.globalBase->dregresses[metadata->flow.data.dregressId];
 
 	if (metadata->network_flags & YANET_NETWORK_FLAG_FRAGMENT)
 	{
 		stats.fragment++;
 
-		controlplane->sendPacketToSlowWorker(mbuf, dregress.flow);
+		slow_worker_->SendToSlowWorker(mbuf, dregress.flow);
 		return;
 	}
 
@@ -43,7 +67,7 @@ void dregress_t::insert(rte_mbuf* mbuf)
 	{
 		stats.bad_transport++;
 
-		controlplane->sendPacketToSlowWorker(mbuf, dregress.flow);
+		slow_worker_->SendToSlowWorker(mbuf, dregress.flow);
 		return;
 	}
 
@@ -84,16 +108,16 @@ void dregress_t::insert(rte_mbuf* mbuf)
 		{
 			stats.lookup_miss++;
 
-			controlplane->sendPacketToSlowWorker(mbuf, dregress.flow);
+			slow_worker_->SendToSlowWorker(mbuf, dregress.flow);
 			return;
 		}
 
 		const auto& [prefix, nexthop, is_best, label, community, peer_as, origin_as] = *direction;
-		(void)prefix;
-		(void)is_best;
-		(void)community;
-		(void)peer_as;
-		(void)origin_as;
+		YANET_GCC_BUG_UNUSED(prefix);
+		YANET_GCC_BUG_UNUSED(is_best);
+		YANET_GCC_BUG_UNUSED(community);
+		YANET_GCC_BUG_UNUSED(peer_as);
+		YANET_GCC_BUG_UNUSED(origin_as);
 
 		labelled_nexthop = ipv6_address_t::convert(nexthop);
 		labelled_label = label;
@@ -102,13 +126,13 @@ void dregress_t::insert(rte_mbuf* mbuf)
 	}
 	else
 	{
-		dregress::connection_value_t* value;
-		dataplane::spinlock_t* locker;
+		dregress::connection_value_t* value = nullptr;
+		dataplane::spinlock_t* locker = nullptr;
 
 		connections->lookup(key, value, locker);
 
-		uint32_t loss_count;
-		uint32_t ack_count;
+		uint32_t loss_count = 0;
+		uint32_t ack_count = 0;
 
 		int32_t ack_diff = 0;
 		int32_t loss_diff = 0;
@@ -122,7 +146,7 @@ void dregress_t::insert(rte_mbuf* mbuf)
 			{
 				stats.lookup_miss++;
 
-				controlplane->sendPacketToSlowWorker(mbuf, dregress.flow);
+				slow_worker_->SendToSlowWorker(mbuf, dregress.flow);
 				return;
 			}
 
@@ -132,7 +156,7 @@ void dregress_t::insert(rte_mbuf* mbuf)
 			labelled_label = label;
 
 			ipv6_address_t prefix_address;
-			uint8_t prefix_mask;
+			uint8_t prefix_mask = 0;
 			if (prefix.is_ipv4())
 			{
 				prefix_address = ipv6_address_t::convert(prefix.get_ipv4().address());
@@ -308,7 +332,7 @@ void dregress_t::insert(rte_mbuf* mbuf)
 		}
 	}
 
-	uint16_t payload_length;
+	uint16_t payload_length = 0;
 	if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
 	{
 		rte_ipv4_hdr* ipv4HeaderInner = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
@@ -388,8 +412,8 @@ void dregress_t::insert(rte_mbuf* mbuf)
 	}
 
 	/// @todo: opt
-	controlplane->slowWorker->preparePacket(mbuf);
-	controlplane->sendPacketToSlowWorker(mbuf, dregress.flow);
+	slow_worker_->PreparePacket(mbuf);
+	slow_worker_->SendToSlowWorker(mbuf, dregress.flow);
 }
 
 void dregress_t::handle()
@@ -430,7 +454,7 @@ void dregress_t::handle()
 std::optional<dregress::direction_t> dregress_t::lookup(rte_mbuf* mbuf)
 {
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-	const auto& base = controlplane->slowWorker->bases[controlplane->slowWorker->localBaseId & 1];
+	const auto& base = slow_worker_->current_base();
 	const auto& dregress = base.globalBase->dregresses[metadata->flow.data.dregressId];
 
 	std::map<std::tuple<common::ip_address_t, ///< nexthop
@@ -519,11 +543,11 @@ std::optional<dregress::direction_t> dregress_t::lookup(rte_mbuf* mbuf)
 	auto direction = (*std::next(directions.begin(), rand() % directions.size())).second;
 	{
 		auto& [prefix, nexthop, is_best, label, community, peer_as, origin_as] = direction;
-		(void)nexthop;
-		(void)label;
-		(void)community;
-		(void)peer_as;
-		(void)origin_as;
+		YANET_GCC_BUG_UNUSED(nexthop);
+		YANET_GCC_BUG_UNUSED(label);
+		YANET_GCC_BUG_UNUSED(community);
+		YANET_GCC_BUG_UNUSED(peer_as);
+		YANET_GCC_BUG_UNUSED(origin_as);
 
 		if (prefix.mask() != mask_max)
 		{
@@ -622,34 +646,11 @@ bool dregress_t::tcp_parse(rte_mbuf* mbuf,
 	return false;
 }
 
-common::idp::get_dregress_counters::response dregress_t::get_dregress_counters()
-{
-	common::idp::get_dregress_counters::response response;
-
-	{
-		std::lock_guard<std::mutex> guard(counters_mutex); ///< @todo: free lock
-		common::stream_out_t stream;
-		counters_v4.push(stream);
-		counters_v6.push(stream);
-		response = stream.getBuffer();
-
-		YANET_MEMORY_BARRIER_COMPILE;
-
-		counters_v4.clear(); ///< @todo: swap
-		counters_v6.clear(); ///< @todo: swap
-	}
-
-	return response;
-}
-
-void dregress_t::limits(common::idp::limits::response& response)
+dregress::LimitsStats dregress_t::limits() const
 {
-	limit_insert(response,
-	             "dregress.ht.keys",
-	             connections->getStats().pairs,
-	             connections->keysSize);
-	limit_insert(response,
-	             "dregress.ht.extended_chunks",
-	             connections->getStats().extendedChunksCount,
-	             YANET_CONFIG_DREGRESS_HT_EXTENDED_SIZE);
+	return {
+	        connections->stats().pairs,
+	        connections->keysSize,
+	        connections->stats().extendedChunksCount,
+	};
 }
diff --git a/dataplane/dregress.h b/dataplane/dregress.h
index bb35ae4a..956f8aca 100644
--- a/dataplane/dregress.h
+++ b/dataplane/dregress.h
@@ -3,7 +3,6 @@
 #include <mutex>
 
 #include "common/btree.h"
-#include "common/idp.h"
 #include "common/type.h"
 
 #include "hashtable.h"
@@ -43,36 +42,68 @@ using direction_t = std::tuple<common::ip_prefix_t, ///< prefix
                                uint32_t, ///< peer_as
                                uint32_t>; ///< origin_as
 
-}
+using ConnTable = dataplane::hashtable_chain_spinlock_t<dregress::connection_key_t,
+                                                        dregress::connection_value_t,
+                                                        YANET_CONFIG_DREGRESS_HT_SIZE,
+                                                        YANET_CONFIG_DREGRESS_HT_EXTENDED_SIZE,
+                                                        4,
+                                                        4>;
+
+struct LimitsStats
+{
+	uint64_t pairs;
+	uint64_t keysSize;
+	uint64_t extendedChunksCount;
+	LimitsStats& operator+=(const LimitsStats& other)
+	{
+		pairs += other.pairs;
+		keysSize += other.keysSize;
+		extendedChunksCount += other.extendedChunksCount;
+		return *this;
+	}
+};
+
+} // namespace dregress
+
+namespace dataplane
+{
+class SlowWorker;
+} // namespace dataplane
 
 class dregress_t
 {
 public:
-	dregress_t(cControlPlane* controlplane, cDataPlane* dataplane);
+	dregress_t(dataplane::SlowWorker* slow, cDataPlane* dataplane, uint32_t gc_step);
+	dregress_t(dregress_t&& other);
 	~dregress_t();
 
+	dregress_t& operator=(dregress_t&& other);
+
 	void insert(rte_mbuf* mbuf);
 	void handle();
 
 	std::optional<dregress::direction_t> lookup(rte_mbuf* mbuf);
 	bool tcp_parse(rte_mbuf* mbuf, uint16_t& rtt, uint32_t& loss_count, uint32_t& ack_count);
-
-	common::idp::get_dregress_counters::response get_dregress_counters();
-	void limits(common::idp::limits::response& response);
+	dregress::LimitsStats limits() const;
+	const common::dregress::stats_t& Stats() const { return stats; }
+	const dregress::ConnTable* Connections() const { return connections; }
+	[[nodiscard]] std::lock_guard<std::mutex> LockCounters() { return std::lock_guard{counters_mutex}; }
+	const common::dregress::counters_t& Counters4() const { return counters_v4; }
+	const common::dregress::counters_t& Counters6() const { return counters_v6; }
+	void ClearCounters()
+	{
+		counters_v4.clear();
+		counters_v6.clear();
+	}
 
 public:
-	cControlPlane* controlplane;
+	dataplane::SlowWorker* slow_worker_;
 	cDataPlane* dataplane;
 
 	constexpr static double median_multiplier = 0.01;
 
 	common::dregress::stats_t stats;
-	dataplane::hashtable_chain_spinlock_t<dregress::connection_key_t,
-	                                      dregress::connection_value_t,
-	                                      YANET_CONFIG_DREGRESS_HT_SIZE,
-	                                      YANET_CONFIG_DREGRESS_HT_EXTENDED_SIZE,
-	                                      4,
-	                                      4>* connections;
+	dregress::ConnTable* connections;
 
 	std::mutex prefixes_mutex;
 	std::set<common::ipv4_prefix_t> local_prefixes_v4; ///< @todo: set<ip_prefix_t>
@@ -80,7 +111,7 @@ class dregress_t
 	common::btree<common::ip_address_t, uint32_t> prefixes;
 	std::map<uint32_t, std::set<common::dregress::value_t>> values;
 
-	std::mutex counters_mutex;
+	mutable std::mutex counters_mutex;
 	common::dregress::counters_t counters_v4;
 	common::dregress::counters_t counters_v6;
 
diff --git a/dataplane/dynamic_table.h b/dataplane/dynamic_table.h
index 5bfb1e01..ce2e50e5 100644
--- a/dataplane/dynamic_table.h
+++ b/dataplane/dynamic_table.h
@@ -1,8 +1,6 @@
 #pragma once
 
-#include <cinttypes>
-
-#include "common/config.h"
+#include "common/config.release.h"
 #include "common/define.h"
 #include "common/result.h"
 
@@ -35,10 +33,7 @@ class dynamic_table
 	}
 
 public:
-	dynamic_table() :
-	        width_bits(0)
-	{
-	}
+	dynamic_table() = default;
 
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
 	inline void lookup(const uint32_t (&k1s)[burst_size],
@@ -97,7 +92,7 @@ class dynamic_table
 	}
 
 protected:
-	uint32_t width_bits;
+	uint32_t width_bits{};
 	value_t values[];
 };
 
diff --git a/dataplane/flat.h b/dataplane/flat.h
index 5ff7c373..42f8c2ea 100644
--- a/dataplane/flat.h
+++ b/dataplane/flat.h
@@ -1,7 +1,5 @@
 #pragma once
 
-#include <cinttypes>
-
 #include <vector>
 
 #include "common/define.h"
diff --git a/dataplane/fragmentation.cpp b/dataplane/fragmentation.cpp
index b38c7a8b..8cf1ec65 100644
--- a/dataplane/fragmentation.cpp
+++ b/dataplane/fragmentation.cpp
@@ -1,44 +1,55 @@
 #include "fragmentation.h"
 #include "common.h"
-#include "controlplane.h"
-#include "dataplane.h"
+#include "metadata.h"
 
-fragmentation_t::fragmentation_t(cControlPlane* controlPlane,
-                                 cDataPlane* dataPlane) :
-        controlPlane(controlPlane),
-        dataPlane(dataPlane)
+namespace fragmentation
 {
-	memset(&stats, 0, sizeof(stats));
+
+Fragmentation::Fragmentation(OnCollected callback) :
+        callback_{std::move(callback)}
+{}
+
+Fragmentation::Fragmentation(OnCollected callback, const FragmentationConfig& cfg) :
+        callback_{std::move(callback)},
+        config_{cfg}
+{
+	memset(&stats_, 0, sizeof(stats_));
+}
+
+Fragmentation::Fragmentation(Fragmentation&& other)
+{
+	*this = std::move(other);
 }
 
-fragmentation_t::~fragmentation_t()
+Fragmentation::~Fragmentation()
 {
-	for (const auto& [key, value] : fragments)
+	for (const auto& [key, value] : fragments_)
 	{
-		(void)key;
+		YANET_GCC_BUG_UNUSED(key);
 
 		for (const auto& [range_from, range_value] : std::get<0>(value))
 		{
-			(void)range_from;
+			YANET_GCC_BUG_UNUSED(range_from);
 
 			const auto& [range_to, mbuf] = range_value;
-			(void)range_to;
+			YANET_GCC_BUG_UNUSED(range_to);
 
 			rte_pktmbuf_free(mbuf);
 		}
 	}
 }
 
-common::fragmentation::stats_t fragmentation_t::getStats()
+common::fragmentation::stats_t Fragmentation::getStats() const
 {
-	return stats;
+	return stats_;
 }
 
-void fragmentation_t::insert(rte_mbuf* mbuf)
+void Fragmentation::insert(rte_mbuf* mbuf)
 {
-	if (stats.current_count_packets > dataPlane->getConfigValues().fragmentation_size)
+	if (stats_.current_count_packets > config_.size)
 	{
-		stats.total_overflow_packets++;
+		YANET_LOG_DEBUG("Frag limit exceeded\n");
+		stats_.total_overflow_packets++;
 		rte_pktmbuf_free(mbuf);
 		return;
 	}
@@ -48,7 +59,7 @@ void fragmentation_t::insert(rte_mbuf* mbuf)
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 	if (!(metadata->network_flags & YANET_NETWORK_FLAG_FRAGMENT))
 	{
-		stats.not_fragment_packets++;
+		stats_.not_fragment_packets++;
 		rte_pktmbuf_free(mbuf);
 		return;
 	}
@@ -67,7 +78,7 @@ void fragmentation_t::insert(rte_mbuf* mbuf)
 
 		if (range_from == range_to)
 		{
-			stats.empty_packets++;
+			stats_.empty_packets++;
 			rte_pktmbuf_free(mbuf);
 			return;
 		}
@@ -98,7 +109,7 @@ void fragmentation_t::insert(rte_mbuf* mbuf)
 
 		if (range_from == range_to)
 		{
-			stats.empty_packets++;
+			stats_.empty_packets++;
 			rte_pktmbuf_free(mbuf);
 			return;
 		}
@@ -120,33 +131,33 @@ void fragmentation_t::insert(rte_mbuf* mbuf)
 	}
 	else
 	{
-		stats.unknown_network_type_packets++;
+		stats_.unknown_network_type_packets++;
 		rte_pktmbuf_free(mbuf);
 		return;
 	}
 
-	if (!exist(fragments, key))
+	if (!exist(fragments_, key))
 	{
-		fragments[key] = {{{range_from,
-		                    {range_to,
-		                     mbuf}}},
-		                  currentTime,
-		                  currentTime};
+		fragments_[key] = {{{range_from,
+		                     {range_to,
+		                      mbuf}}},
+		                   currentTime,
+		                   currentTime};
 	}
 	else
 	{
-		auto& value = fragments[key];
+		auto& value = fragments_[key];
 
-		if (std::get<0>(value).size() > dataPlane->getConfigValues().fragmentation_packets_per_flow)
+		if (std::get<0>(value).size() > config_.packets_per_flow)
 		{
-			stats.flow_overflow_packets++;
+			stats_.flow_overflow_packets++;
 			rte_pktmbuf_free(mbuf);
 			return;
 		}
 
 		if (isIntersect(value, range_from, range_to))
 		{
-			stats.intersect_packets++;
+			stats_.intersect_packets++;
 			rte_pktmbuf_free(mbuf);
 			return;
 		}
@@ -155,14 +166,14 @@ void fragmentation_t::insert(rte_mbuf* mbuf)
 		std::get<2>(value) = currentTime;
 	}
 
-	stats.current_count_packets++;
+	stats_.current_count_packets++;
 }
 
-void fragmentation_t::handle()
+void Fragmentation::handle()
 {
 	std::vector<fragmentation::key_t> gc_keys;
 
-	for (auto& [key, value] : fragments)
+	for (auto& [key, value] : fragments_)
 	{
 		if (isTimeout(value))
 		{
@@ -206,16 +217,16 @@ void fragmentation_t::handle()
 
 			for (auto& [range_from, range_value] : std::get<0>(value))
 			{
-				(void)range_from;
+				YANET_GCC_BUG_UNUSED(range_from);
 
 				const auto& [range_to, mbuf] = range_value;
-				(void)range_to;
+				YANET_GCC_BUG_UNUSED(range_to);
 
 				dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 				metadata->flow.data = firstPacket_metadata->flow.data;
 
-				controlPlane->sendPacketToSlowWorker(mbuf, metadata->flow);
-				stats.current_count_packets--;
+				callback_(mbuf, metadata->flow);
+				stats_.current_count_packets--;
 			}
 
 			std::get<0>(value).clear();
@@ -225,33 +236,33 @@ void fragmentation_t::handle()
 
 	for (const auto& key : gc_keys)
 	{
-		for (auto& [range_from, range_value] : std::get<0>(fragments[key]))
+		for (auto& [range_from, range_value] : std::get<0>(fragments_[key]))
 		{
-			(void)range_from;
+			YANET_GCC_BUG_UNUSED(range_from);
 
 			const auto& [range_to, mbuf] = range_value;
-			(void)range_to;
+			YANET_GCC_BUG_UNUSED(range_to);
 
-			stats.timeout_packets++;
+			stats_.timeout_packets++;
 			rte_pktmbuf_free(mbuf);
 
-			stats.current_count_packets--;
+			stats_.current_count_packets--;
 		}
 
-		fragments.erase(key);
+		fragments_.erase(key);
 	}
 }
 
-bool fragmentation_t::isTimeout(const fragmentation::value_t& value)
+bool Fragmentation::isTimeout(const fragmentation::value_t& value) const
 {
 	uint16_t currentTime = time(nullptr);
 
-	if ((uint16_t)(currentTime - std::get<1>(value)) >= dataPlane->getConfigValues().fragmentation_timeout_first)
+	if ((uint16_t)(currentTime - std::get<1>(value)) >= config_.timeout_first)
 	{
 		return true;
 	}
 
-	if ((uint16_t)(currentTime - std::get<2>(value)) >= dataPlane->getConfigValues().fragmentation_timeout_last)
+	if ((uint16_t)(currentTime - std::get<2>(value)) >= config_.timeout_last)
 	{
 		return true;
 	}
@@ -259,13 +270,13 @@ bool fragmentation_t::isTimeout(const fragmentation::value_t& value)
 	return false;
 }
 
-bool fragmentation_t::isCollected(const fragmentation::value_t& value)
+bool Fragmentation::isCollected(const fragmentation::value_t& value) const
 {
 	uint32_t next_range_from = 0;
 	for (const auto& [range_from, range_value] : std::get<0>(value))
 	{
 		const auto& [range_to, mbuf] = range_value;
-		(void)mbuf;
+		YANET_GCC_BUG_UNUSED(mbuf);
 
 		if (range_from != next_range_from)
 		{
@@ -283,14 +294,14 @@ bool fragmentation_t::isCollected(const fragmentation::value_t& value)
 	return false;
 }
 
-bool fragmentation_t::isIntersect(const fragmentation::value_t& value,
-                                  const uint32_t& second_range_from,
-                                  const uint32_t& second_range_to)
+bool Fragmentation::isIntersect(const fragmentation::value_t& value,
+                                const uint32_t& second_range_from,
+                                const uint32_t& second_range_to) const
 {
 	for (const auto& [range_from, range_value] : std::get<0>(value))
 	{
 		const auto& [range_to, mbuf] = range_value;
-		(void)mbuf;
+		YANET_GCC_BUG_UNUSED(mbuf);
 
 		if (second_range_to < range_from)
 		{
@@ -306,3 +317,4 @@ bool fragmentation_t::isIntersect(const fragmentation::value_t& value,
 
 	return false;
 }
+} // namespace fragmentation
\ No newline at end of file
diff --git a/dataplane/fragmentation.h b/dataplane/fragmentation.h
index da1bc659..ec4459bd 100644
--- a/dataplane/fragmentation.h
+++ b/dataplane/fragmentation.h
@@ -1,9 +1,5 @@
 #pragma once
 
-#include <cinttypes>
-
-#include <atomic>
-#include <map>
 #include <tuple>
 #include <variant>
 
@@ -11,6 +7,7 @@
 
 #include "common/type.h"
 
+#include "config_values.h"
 #include "type.h"
 
 namespace fragmentation
@@ -37,30 +34,38 @@ using value_t = std::tuple<std::map<uint32_t, ///< range_from
                            uint16_t, ///< first packet time
                            uint16_t>; ///< last packet time
 
-}
-
-class fragmentation_t
+class Fragmentation
 {
 public:
-	fragmentation_t(cControlPlane* controlPlane, cDataPlane* dataPlane);
-	~fragmentation_t();
+	using OnCollected = std::function<void(rte_mbuf*, const common::globalBase::tFlow&)>;
+	Fragmentation(OnCollected callback);
+	Fragmentation(OnCollected callback, const FragmentationConfig& cfg);
+	Fragmentation(Fragmentation&& other);
+	~Fragmentation();
+
+	Fragmentation& operator=(Fragmentation&& other) = default;
 
 public:
-	common::fragmentation::stats_t getStats();
+	[[nodiscard]] common::fragmentation::stats_t getStats() const;
+	OnCollected& Callback() { return callback_; }
+	void Configure(const FragmentationConfig& cfg) { config_ = cfg; }
 
 	void insert(rte_mbuf* mbuf);
 	void handle();
 
 protected:
-	bool isTimeout(const fragmentation::value_t& value);
-	bool isCollected(const fragmentation::value_t& value);
-	bool isIntersect(const fragmentation::value_t& value, const uint32_t& range_from, const uint32_t& range_to);
+	[[nodiscard]] bool isTimeout(const value_t& value) const;
+	[[nodiscard]] bool isCollected(const value_t& value) const;
+	[[nodiscard]] bool isIntersect(const value_t& value, const uint32_t& range_from, const uint32_t& range_to) const;
 
 protected:
-	cControlPlane* controlPlane;
-	cDataPlane* dataPlane;
+	OnCollected callback_;
 
-	common::fragmentation::stats_t stats;
+	FragmentationConfig config_;
 
-	std::map<fragmentation::key_t, fragmentation::value_t> fragments;
+	common::fragmentation::stats_t stats_;
+
+	std::map<key_t, value_t> fragments_;
 };
+
+} // namespace fragmentation
diff --git a/dataplane/globalbase.cpp b/dataplane/globalbase.cpp
index e2327ff1..ffdc1424 100644
--- a/dataplane/globalbase.cpp
+++ b/dataplane/globalbase.cpp
@@ -6,6 +6,7 @@
 #include "dataplane.h"
 #include "globalbase.h"
 #include "worker.h"
+#include "worker_gc.h"
 
 #include "common/counters.h"
 #include "common/define.h"
@@ -17,7 +18,7 @@ using namespace dataplane::globalBase;
 atomic::atomic(cDataPlane* dataPlane,
                const tSocketId& socketId) :
         dataPlane(dataPlane),
-        socketId(socketId)
+        socketId(socketId), tsc_active_state(dataPlane->getConfigValues().tsc_active_state)
 {
 	fw_state_config.tcp_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_timeout;
 	fw_state_config.udp_timeout = dataPlane->getConfigValues().stateful_firewall_udp_timeout;
@@ -27,12 +28,6 @@ atomic::atomic(cDataPlane* dataPlane,
 	memset(physicalPort_flags, 0, sizeof(physicalPort_flags));
 	memset(counter_shifts, 0, sizeof(counter_shifts));
 	memset(gc_counter_shifts, 0, sizeof(gc_counter_shifts));
-
-	tsc_active_state = dataPlane->getConfigValues().tsc_active_state;
-}
-
-atomic::~atomic()
-{
 }
 
 generation::generation(cDataPlane* dataPlane,
@@ -49,10 +44,6 @@ generation::generation(cDataPlane* dataPlane,
 	          balancer_real_state_t());
 }
 
-generation::~generation()
-{
-}
-
 eResult generation::init()
 {
 	eResult result = eResult::success;
@@ -199,7 +190,7 @@ eResult generation::init()
 			return result;
 		}
 
-		route_lpm4 = updater.route_lpm4->pointer;
+		route_lpm4 = updater.route_lpm4->pointer();
 	}
 
 	{
@@ -212,7 +203,7 @@ eResult generation::init()
 			return result;
 		}
 
-		route_lpm6 = updater.route_lpm6->pointer;
+		route_lpm6 = updater.route_lpm6->pointer();
 	}
 
 	{
@@ -225,7 +216,7 @@ eResult generation::init()
 			return result;
 		}
 
-		route_tunnel_lpm4 = updater.route_tunnel_lpm4->pointer;
+		route_tunnel_lpm4 = updater.route_tunnel_lpm4->pointer();
 	}
 
 	{
@@ -238,7 +229,7 @@ eResult generation::init()
 			return result;
 		}
 
-		route_tunnel_lpm6 = updater.route_tunnel_lpm6->pointer;
+		route_tunnel_lpm6 = updater.route_tunnel_lpm6->pointer();
 	}
 
 	return result;
@@ -550,53 +541,39 @@ eResult generation::get(const common::idp::getGlobalBase::request& request,
 
 eResult generation::clear()
 {
-	for (unsigned int logicalPortId = 0;
-	     logicalPortId < CONFIG_YADECAP_LOGICALPORTS_SIZE;
-	     logicalPortId++)
+	for (auto& logicalPort : logicalPorts)
 	{
-		logicalPorts[logicalPortId] = dataplane::globalBase::tLogicalPort();
+		logicalPort = dataplane::globalBase::tLogicalPort();
 	}
 
-	for (tun64_id_t tun64Id = 0;
-	     tun64Id < CONFIG_YADECAP_TUN64_SIZE;
-	     tun64Id++)
+	for (auto& tun64tunnel : tun64tunnels)
 	{
-		tun64tunnels[tun64Id] = dataplane::globalBase::tun64_t();
+		tun64tunnel = dataplane::globalBase::tun64_t();
 	}
 
-	for (unsigned int decapId = 0;
-	     decapId < CONFIG_YADECAP_DECAPS_SIZE;
-	     decapId++)
+	for (auto& decap : decaps)
 	{
-		decaps[decapId] = dataplane::globalBase::tDecap();
+		decap = dataplane::globalBase::tDecap();
 	}
 
-	for (unsigned int interfaceId = 0;
-	     interfaceId < CONFIG_YADECAP_INTERFACES_SIZE;
-	     interfaceId++)
+	for (auto& interface : interfaces)
 	{
-		interfaces[interfaceId] = dataplane::globalBase::tInterface();
+		interface = dataplane::globalBase::tInterface();
 	}
 
-	for (unsigned int nat64statefulId = 0;
-	     nat64statefulId < YANET_CONFIG_NAT64STATEFULS_SIZE;
-	     nat64statefulId++)
+	for (auto& nat64stateful : nat64statefuls)
 	{
-		nat64statefuls[nat64statefulId] = dataplane::globalBase::nat64stateful_t();
+		nat64stateful = dataplane::globalBase::nat64stateful_t();
 	}
 
-	for (unsigned int nat64statelessId = 0;
-	     nat64statelessId < CONFIG_YADECAP_NAT64STATELESSES_SIZE;
-	     nat64statelessId++)
+	for (auto& nat64statelesse : nat64statelesses)
 	{
-		nat64statelesses[nat64statelessId] = dataplane::globalBase::tNat64stateless();
+		nat64statelesse = dataplane::globalBase::tNat64stateless();
 	}
 
-	for (unsigned int balancer_id = 0;
-	     balancer_id < YANET_CONFIG_BALANCERS_SIZE;
-	     balancer_id++)
+	for (auto& balancer : balancers)
 	{
-		balancers[balancer_id] = dataplane::globalBase::balancer_t();
+		balancer = dataplane::globalBase::balancer_t();
 	}
 
 	tun64_enabled = 0;
@@ -611,13 +588,13 @@ eResult generation::clear()
 
 	tun64mappingsTable.clear();
 
-	for (unsigned int fw_state_sync_config_id = 0;
-	     fw_state_sync_config_id < CONFIG_YADECAP_ACLS_SIZE;
-	     fw_state_sync_config_id++)
+	for (auto& fw_state_sync_config : fw_state_sync_configs)
 	{
-		fw_state_sync_configs[fw_state_sync_config_id] = fw_state_sync_config_t{};
+		fw_state_sync_config = fw_state_sync_config_t{};
 	}
 
+	dataPlane->hitcount_map_.clear();
+
 	// NOTE: we don't explicitly clear current fw states, as there might be responding packets.
 	// Eventually the state-table will be flushed even if the a ruleset forbids
 	// opening packets.
@@ -1537,14 +1514,13 @@ eResult generation::update_balancer_services(const common::idp::updateGlobalBase
 			for (tCounterId i = 0; i < (tCounterId)::balancer::real_counter::size; ++i)
 			{
 				uint64_t sum_worker = 0, sum_gc = 0;
-				for (const auto& [core_id, worker] : dataPlane->workers)
+				for (const cWorker* worker : dataPlane->workers_vector)
 				{
-					(void)core_id;
 					sum_worker += worker->counters[counter_id + i];
 				}
 				for (const auto& [core_id, worker_gc] : dataPlane->worker_gcs)
 				{
-					(void)core_id;
+					YANET_GCC_BUG_UNUSED(core_id);
 					sum_gc += worker_gc->counters[counter_id + i];
 				}
 				for (const auto& item : dataPlane->globalBaseAtomics)
@@ -1624,9 +1600,8 @@ inline uint64_t generation::count_real_connections(uint32_t counter_id)
 {
 	uint64_t sessions_created = 0;
 	uint64_t sessions_destroyed = 0;
-	for (const auto& [core_id, worker] : dataPlane->workers)
+	for (const cWorker* worker : dataPlane->workers_vector)
 	{
-		(void)core_id;
 		sessions_created += worker->counters[counter_id + (tCounterId)::balancer::real_counter::sessions_created];
 		sessions_destroyed += worker->counters[counter_id + (tCounterId)::balancer::real_counter::sessions_destroyed];
 	}
@@ -1637,7 +1612,7 @@ inline uint64_t generation::count_real_connections(uint32_t counter_id)
 	uint64_t sessions_destroyed_gc = 0;
 	for (const auto& [node_id, worker_gc] : dataPlane->worker_gcs)
 	{
-		(void)node_id;
+		YANET_GCC_BUG_UNUSED(node_id);
 		sessions_created_gc += worker_gc->counters[counter_id + (tCounterId)::balancer::gc_real_counter::sessions_created];
 		sessions_destroyed_gc += worker_gc->counters[counter_id + (tCounterId)::balancer::gc_real_counter::sessions_destroyed];
 	}
@@ -1775,22 +1750,15 @@ eResult generation::route_lpm_update(const common::idp::updateGlobalBase::route_
 		{
 			YADECAP_LOG_DEBUG("route lpm clear\n");
 
-			result = updater.route_lpm4->clear();
-			if (result != eResult::success)
-			{
-				return result;
-			}
+			updater.route_lpm4->clear();
+			updater.route_lpm6->clear();
 
-			result = updater.route_lpm6->clear();
-			if (result != eResult::success)
-			{
-				return result;
-			}
+			return eResult::success;
 		}
 	}
 
-	route_lpm4 = updater.route_lpm4->pointer;
-	route_lpm6 = updater.route_lpm6->pointer;
+	route_lpm4 = updater.route_lpm4->pointer();
+	route_lpm6 = updater.route_lpm6->pointer();
 
 	return result;
 }
@@ -1832,7 +1800,7 @@ eResult generation::route_value_update(const common::idp::updateGlobalBase::rout
 		     ecmp_i < request_interface.size();
 		     ecmp_i++)
 		{
-			const auto& [interface_id, labels, neighbor_address, nexthop_flags] = request_interface[ecmp_i];
+			const auto& [interface_id, counter_id, labels, neighbor_address, nexthop_flags] = request_interface[ecmp_i];
 
 			if (interface_id >= CONFIG_YADECAP_INTERFACES_SIZE)
 			{
@@ -1842,6 +1810,7 @@ eResult generation::route_value_update(const common::idp::updateGlobalBase::rout
 
 			route_value.interface.nexthops[ecmp_i].interfaceId = interface_id;
 			route_value.interface.nexthops[ecmp_i].flags = nexthop_flags;
+			route_value.interface.nexthops[ecmp_i].counter_id = counter_id;
 			route_value.interface.nexthops[ecmp_i].neighbor_address = ipv6_address_t::convert(neighbor_address);
 			route_value.interface.nexthops[ecmp_i].is_ipv6 = neighbor_address.is_ipv6();
 
@@ -1947,22 +1916,15 @@ eResult generation::route_tunnel_lpm_update(const common::idp::updateGlobalBase:
 		{
 			YADECAP_LOG_DEBUG("route_tunnel lpm clear\n");
 
-			result = updater.route_tunnel_lpm4->clear();
-			if (result != eResult::success)
-			{
-				return result;
-			}
+			updater.route_tunnel_lpm4->clear();
+			updater.route_tunnel_lpm6->clear();
 
-			result = updater.route_tunnel_lpm6->clear();
-			if (result != eResult::success)
-			{
-				return result;
-			}
+			return eResult::success;
 		}
 	}
 
-	route_tunnel_lpm4 = updater.route_tunnel_lpm4->pointer;
-	route_tunnel_lpm6 = updater.route_tunnel_lpm6->pointer;
+	route_tunnel_lpm4 = updater.route_tunnel_lpm4->pointer();
+	route_tunnel_lpm6 = updater.route_tunnel_lpm6->pointer();
 
 	return result;
 }
@@ -2356,10 +2318,15 @@ eResult generation::dregress_prefix_update(const common::idp::updateGlobalBase::
 {
 	eResult result = eResult::success;
 
-	for (const auto& [prefix, value_id] : request)
+	for (auto& [core, slow] : dataPlane->slow_workers)
 	{
-		std::lock_guard<std::mutex> guard(dataPlane->controlPlane->dregress.prefixes_mutex);
-		dataPlane->controlPlane->dregress.prefixes.insert(prefix, value_id);
+		YANET_GCC_BUG_UNUSED(core);
+		::dregress_t& dregress = slow->Dregress();
+		for (const auto& [prefix, value_id] : request)
+		{
+			std::lock_guard<std::mutex> guard(dregress.prefixes_mutex);
+			dregress.prefixes.insert(prefix, value_id);
+		}
 	}
 
 	return result;
@@ -2369,12 +2336,16 @@ eResult generation::dregress_prefix_remove(const common::idp::updateGlobalBase::
 {
 	eResult result = eResult::success;
 
-	for (const auto& prefix : request)
+	for (auto& [core, slow] : dataPlane->slow_workers)
 	{
-		std::lock_guard<std::mutex> guard(dataPlane->controlPlane->dregress.prefixes_mutex);
-		dataPlane->controlPlane->dregress.prefixes.remove(prefix);
+		YANET_GCC_BUG_UNUSED(core);
+		::dregress_t& dregress = slow->Dregress();
+		for (const auto& prefix : request)
+		{
+			std::lock_guard<std::mutex> guard(dregress.prefixes_mutex);
+			dregress.prefixes.remove(prefix);
+		}
 	}
-
 	return result;
 }
 
@@ -2382,8 +2353,13 @@ eResult generation::dregress_prefix_clear()
 {
 	eResult result = eResult::success;
 
-	std::lock_guard<std::mutex> guard(dataPlane->controlPlane->dregress.prefixes_mutex);
-	dataPlane->controlPlane->dregress.prefixes.clear();
+	for (auto& [core, slow] : dataPlane->slow_workers)
+	{
+		YANET_GCC_BUG_UNUSED(core);
+		::dregress_t& dregress = slow->Dregress();
+		std::lock_guard<std::mutex> guard(dregress.prefixes_mutex);
+		dregress.prefixes.clear();
+	}
 
 	return result;
 }
@@ -2392,23 +2368,27 @@ eResult generation::dregress_local_prefix_update(const common::idp::updateGlobal
 {
 	eResult result = eResult::success;
 
-	std::lock_guard<std::mutex> guard(dataPlane->controlPlane->dregress.prefixes_mutex);
+	for (auto& [core, slow] : dataPlane->slow_workers)
+	{
+		YANET_GCC_BUG_UNUSED(core);
+		::dregress_t& dregress = slow->Dregress();
+		std::lock_guard<std::mutex> guard(dregress.prefixes_mutex);
 
-	dataPlane->controlPlane->dregress.local_prefixes_v4.clear();
-	dataPlane->controlPlane->dregress.local_prefixes_v6.clear();
+		dregress.local_prefixes_v4.clear();
+		dregress.local_prefixes_v6.clear();
 
-	for (const auto& prefix : request)
-	{
-		if (prefix.is_ipv4())
+		for (const auto& prefix : request)
 		{
-			dataPlane->controlPlane->dregress.local_prefixes_v4.emplace(prefix.get_ipv4());
-		}
-		else
-		{
-			dataPlane->controlPlane->dregress.local_prefixes_v6.emplace(prefix.get_ipv6());
+			if (prefix.is_ipv4())
+			{
+				dregress.local_prefixes_v4.insert(prefix.get_ipv4());
+			}
+			else
+			{
+				dregress.local_prefixes_v6.insert(prefix.get_ipv6());
+			}
 		}
 	}
-
 	return result;
 }
 
@@ -2416,15 +2396,19 @@ eResult generation::dregress_value_update(const common::idp::updateGlobalBase::d
 {
 	eResult result = eResult::success;
 
-	std::lock_guard<std::mutex> guard(dataPlane->controlPlane->dregress.prefixes_mutex);
-
-	for (const auto& [value_id, value] : request)
+	for (auto& [core, slow] : dataPlane->slow_workers)
 	{
-		/// @todo: check value_id
+		YANET_GCC_BUG_UNUSED(core);
+		::dregress_t& dregress = slow->Dregress();
+		std::lock_guard<std::mutex> guard(dregress.prefixes_mutex);
 
-		dataPlane->controlPlane->dregress.values[value_id] = value;
-	}
+		for (const auto& [value_id, value] : request)
+		{
+			/// @todo: check value_id
 
+			dregress.values[value_id] = value;
+		}
+	}
 	return result;
 }
 
@@ -2469,8 +2453,9 @@ eResult generation::fwstate_synchronization_update(const common::idp::updateGlob
 		fw_state_multicast_acl_ids.emplace(multicastIpv6Address, aclId);
 	}
 
-	std::lock_guard<std::mutex> lock(dataPlane->controlPlane->fw_state_multicast_acl_ids_mutex);
-	std::swap(dataPlane->controlPlane->fw_state_multicast_acl_ids, fw_state_multicast_acl_ids);
+	dataPlane->controlPlane->fw_state_multicast_acl_ids.apply([&](auto& fsm_ids) {
+		std::swap(fsm_ids, fw_state_multicast_acl_ids);
+	});
 
 	return eResult::success;
 }
diff --git a/dataplane/globalbase.h b/dataplane/globalbase.h
index a8f6584c..fbb38538 100644
--- a/dataplane/globalbase.h
+++ b/dataplane/globalbase.h
@@ -70,7 +70,7 @@ using network_table = dataplane::updater_dynamic_table<uint32_t>;
 using transport_layers = dataplane::updater_array<transport_layer_t>;
 using transport_table = dataplane::updater_hashtable_mod_id32<common::acl::transport_key_t, 16>;
 using total_table = dataplane::updater_hashtable_mod_id32<common::acl::total_key_t, 16>;
-using values = dataplane::updater_array<common::acl::value_t>;
+using values = dataplane::updater_array<common::Actions>;
 }
 
 namespace nat64stateful
@@ -88,7 +88,7 @@ class atomic
 {
 public:
 	atomic(cDataPlane* dataPlane, const tSocketId& socketId);
-	~atomic();
+	~atomic() = default;
 
 public: ///< @todo
 	cDataPlane* dataPlane;
@@ -134,7 +134,7 @@ class generation
 {
 public:
 	generation(cDataPlane* dataPlane, const tSocketId& socketId);
-	~generation();
+	~generation() = default;
 
 public:
 	eResult init();
diff --git a/dataplane/hashtable.h b/dataplane/hashtable.h
index 2ddfece8..a41de272 100644
--- a/dataplane/hashtable.h
+++ b/dataplane/hashtable.h
@@ -62,7 +62,7 @@ inline uint32_t calculate_hash_crc(const key_t& key)
 template<typename key_t>
 inline uint32_t calculate_hash_murmur3(const key_t& key)
 {
-	uint32_t result;
+	uint32_t result = 0;
 	MurmurHash3_x86_32(&key, sizeof(key), 19, &result);
 	return result;
 }
@@ -82,14 +82,14 @@ class spinlock_t final
 	}
 
 public:
-	inline void lock()
+	void lock()
 	{
 		YADECAP_MEMORY_BARRIER_COMPILE;
 		rte_spinlock_recursive_lock(&locker);
 		YADECAP_MEMORY_BARRIER_COMPILE;
 	}
 
-	inline void unlock()
+	void unlock()
 	{
 		YADECAP_MEMORY_BARRIER_COMPILE;
 		rte_spinlock_recursive_unlock(&locker);
@@ -111,12 +111,12 @@ class spinlock_nonrecursive_t final
 	}
 
 public:
-	inline void lock()
+	void lock()
 	{
 		rte_spinlock_lock(&locker);
 	}
 
-	inline void unlock()
+	void unlock()
 	{
 		rte_spinlock_unlock(&locker);
 	}
@@ -129,16 +129,9 @@ class spinlock_nonrecursive_t final
 
 struct hashtable_gc_t
 {
-	hashtable_gc_t() :
-	        offset(0),
-	        valid_keys(0),
-	        iterations(0)
-	{
-	}
-
-	uint32_t offset;
-	uint64_t valid_keys;
-	uint64_t iterations;
+	uint32_t offset{};
+	uint64_t valid_keys{};
+	uint64_t iterations{};
 };
 
 template<typename TKey,
@@ -166,9 +159,9 @@ class hashtable_chain_t
 	constexpr static uint64_t keysSize = size_T * pairsPerChunk_T + extendedSize_T * pairsPerExtendedChunk_T;
 
 public:
-	inline void lookup(const TKey* keys,
-	                   TValue** values,
-	                   const unsigned int& count)
+	void lookup(const TKey* keys,
+	            TValue** values,
+	            const unsigned int& count)
 	{
 		for (unsigned int key_i = 0;
 		     key_i < count;
@@ -229,8 +222,8 @@ class hashtable_chain_t
 		}
 	}
 
-	inline bool lookup(const TKey& key,
-	                   TValue*& value) const
+	bool lookup(const TKey& key,
+	            TValue*& value) const
 	{
 		lookup(&key, &value, 1);
 		return (value != nullptr);
@@ -416,7 +409,7 @@ class hashtable_chain_t
 		}
 
 	public:
-		inline uint32_t getNextExtendedChunkId() const
+		[[nodiscard]] uint32_t getNextExtendedChunkId() const
 		{
 			return nextExtendedChunkId & 0x00FFFFFFu;
 		}
@@ -426,7 +419,7 @@ class hashtable_chain_t
 			nextExtendedChunkId = (nextExtendedChunkId & 0xFF000000u) | (extendedChunkId & 0x00FFFFFFu);
 		}
 
-		inline bool isValid(const unsigned int& key_i) const
+		[[nodiscard]] bool isValid(const unsigned int& key_i) const
 		{
 			return keyValids & (1 << key_i);
 		}
@@ -443,22 +436,22 @@ class hashtable_chain_t
 			YADECAP_MEMORY_BARRIER_COMPILE;
 		}
 
-		inline const TKey& getKey(unsigned int key_i) const
+		const TKey& getKey(unsigned int key_i) const
 		{
 			return pairs[key_i].key;
 		}
 
-		inline TKey& getKey(unsigned int key_i)
+		TKey& getKey(unsigned int key_i)
 		{
 			return pairs[key_i].key;
 		}
 
-		inline const TValue& getValue(unsigned int key_i) const
+		const TValue& getValue(unsigned int key_i) const
 		{
 			return pairs[key_i].value;
 		}
 
-		inline TValue& getValue(unsigned int key_i)
+		TValue& getValue(unsigned int key_i)
 		{
 			return pairs[key_i].value;
 		}
@@ -492,7 +485,7 @@ class hashtable_chain_t
 		}
 
 	public:
-		inline uint32_t getNextExtendedChunkId() const
+		[[nodiscard]] uint32_t getNextExtendedChunkId() const
 		{
 			return nextExtendedChunkId & 0x00FFFFFFu;
 		}
@@ -502,7 +495,7 @@ class hashtable_chain_t
 			nextExtendedChunkId = (nextExtendedChunkId & 0xFF000000u) | (extendedChunkId & 0x00FFFFFFu);
 		}
 
-		inline bool isValid(const unsigned int& key_i) const
+		[[nodiscard]] bool isValid(const unsigned int& key_i) const
 		{
 			return keyValids & (1 << key_i);
 		}
@@ -519,22 +512,22 @@ class hashtable_chain_t
 			YADECAP_MEMORY_BARRIER_COMPILE;
 		}
 
-		inline const TKey& getKey(unsigned int key_i) const
+		const TKey& getKey(unsigned int key_i) const
 		{
 			return pairs[key_i].key;
 		}
 
-		inline TKey& getKey(unsigned int key_i)
+		TKey& getKey(unsigned int key_i)
 		{
 			return pairs[key_i].key;
 		}
 
-		inline const TValue& getValue(unsigned int key_i) const
+		const TValue& getValue(unsigned int key_i) const
 		{
 			return pairs[key_i].value;
 		}
 
-		inline TValue& getValue(unsigned int key_i)
+		TValue& getValue(unsigned int key_i)
 		{
 			return pairs[key_i].value;
 		}
@@ -559,8 +552,8 @@ class hashtable_chain_t
 	};
 
 protected:
-	static inline bool compareKeys(const TKey& first,
-	                               const TKey& second)
+	static bool compareKeys(const TKey& first,
+	                        const TKey& second)
 	{
 		return !memcmp(&first, &second, sizeof(TKey));
 	}
@@ -621,6 +614,22 @@ class hashtable_chain_t
 	static_assert(pairsPerExtendedChunk_T <= 7);
 } __rte_aligned(RTE_CACHE_LINE_SIZE);
 
+struct hashtable_chain_spinlock_stats_t
+{
+	uint64_t extendedChunksCount;
+	uint64_t longestChain;
+	uint64_t pairs;
+	uint64_t insertFailed;
+	hashtable_chain_spinlock_stats_t& operator+=(const hashtable_chain_spinlock_stats_t& other)
+	{
+		extendedChunksCount += other.extendedChunksCount;
+		longestChain += other.longestChain;
+		pairs += other.pairs;
+		insertFailed += other.insertFailed;
+		return *this;
+	}
+};
+
 template<typename key_T,
          typename value_T,
          uint32_t size_T,
@@ -633,8 +642,7 @@ class hashtable_chain_spinlock_t
 	using hashtable_t = hashtable_chain_spinlock_t<key_T, value_T, size_T, extendedSize_T, pairsPerChunk_T, pairsPerExtendedChunk_T>;
 
 public:
-	hashtable_chain_spinlock_t() :
-	        gcIndex(0)
+	hashtable_chain_spinlock_t()
 	{
 		for (uint32_t id = 0; id < extendedSize_T - 1; ++id)
 		{
@@ -645,15 +653,15 @@ class hashtable_chain_spinlock_t
 		extendedChunk.setNextExtendedChunkId(extendedChunkIdUnknown);
 
 		freeExtendedChunkId = 0;
-		memset(&stats, 0, sizeof(stats));
+		memset(&stats_, 0, sizeof(stats_));
 	}
 
 	constexpr static uint64_t keysSize = size_T * pairsPerChunk_T + extendedSize_T * pairsPerExtendedChunk_T;
 
 public:
-	inline void lookup(const key_T& key,
-	                   value_T*& value,
-	                   spinlock_t*& locker)
+	void lookup(const key_T& key,
+	            value_T*& value,
+	            spinlock_t*& locker)
 	{
 		const uint32_t hash = rte_hash_crc(&key, sizeof(key_T), 0);
 		auto& chunk = chunks[hash & (size_T - 1)];
@@ -701,8 +709,8 @@ class hashtable_chain_spinlock_t
 		locker->unlock();
 	}
 
-	inline bool insert(const key_T& key,
-	                   const value_T& value)
+	bool insert(const key_T& key,
+	            const value_T& value)
 	{
 		value_T* chunk_value{nullptr};
 		spinlock_t* locker{nullptr};
@@ -726,7 +734,7 @@ class hashtable_chain_spinlock_t
 	///
 	/// Returns "false" when the table is full, in this case the lock is
 	/// automatically unlocked.
-	inline eResult get(const key_T& key, value_T*& value, spinlock_t*& locker)
+	eResult get(const key_T& key, value_T*& value, spinlock_t*& locker)
 
 	{
 		const uint32_t hash = rte_hash_crc(&key, sizeof(key_T), 0);
@@ -792,8 +800,8 @@ class hashtable_chain_spinlock_t
 
 					chunk.setValid(chunk_key_i);
 
-					__atomic_add_fetch(&stats.pairs, 1, __ATOMIC_RELAXED);
-					stats.longestChain = RTE_MAX(stats.longestChain, longestChain);
+					__atomic_add_fetch(&stats_.pairs, 1, __ATOMIC_RELAXED);
+					stats_.longestChain = RTE_MAX(stats_.longestChain, longestChain);
 
 					return eResult::success;
 				}
@@ -826,8 +834,8 @@ class hashtable_chain_spinlock_t
 
 						extendedChunk.setValid(extended_chunk_key_i);
 
-						__atomic_add_fetch(&stats.pairs, 1, __ATOMIC_RELAXED);
-						stats.longestChain = RTE_MAX(stats.longestChain, longestChain);
+						__atomic_add_fetch(&stats_.pairs, 1, __ATOMIC_RELAXED);
+						stats_.longestChain = RTE_MAX(stats_.longestChain, longestChain);
 
 						return eResult::success;
 					}
@@ -837,13 +845,13 @@ class hashtable_chain_spinlock_t
 
 		/// chain is full
 
-		__atomic_add_fetch(&stats.insertFailed, 1, __ATOMIC_RELAXED);
+		__atomic_add_fetch(&stats_.insertFailed, 1, __ATOMIC_RELAXED);
 
 		chunk.locker.unlock();
 		return eResult::isFull;
 	}
 
-	inline bool remove(const key_T& key)
+	bool remove(const key_T& key)
 	{
 		const uint32_t hash = rte_hash_crc(&key, sizeof(key_T), 0);
 		auto& chunk = chunks[hash & (size_T - 1)];
@@ -863,7 +871,7 @@ class hashtable_chain_spinlock_t
 
 					chunk.unsetValid(chunk_key_i);
 
-					__atomic_sub_fetch(&stats.pairs, 1, __ATOMIC_RELAXED);
+					__atomic_sub_fetch(&stats_.pairs, 1, __ATOMIC_RELAXED);
 
 					chunk.locker.unlock();
 					return true;
@@ -887,7 +895,7 @@ class hashtable_chain_spinlock_t
 
 						/// use gc for remove extended chunk
 
-						__atomic_sub_fetch(&stats.pairs, 1, __ATOMIC_RELAXED);
+						__atomic_sub_fetch(&stats_.pairs, 1, __ATOMIC_RELAXED);
 
 						chunk.locker.unlock();
 						return true;
@@ -921,7 +929,7 @@ class hashtable_chain_spinlock_t
 					{
 						chunk.unsetValid(chunk_key_i);
 
-						__atomic_sub_fetch(&stats.pairs, 1, __ATOMIC_RELAXED);
+						__atomic_sub_fetch(&stats_.pairs, 1, __ATOMIC_RELAXED);
 					}
 				}
 
@@ -937,7 +945,7 @@ class hashtable_chain_spinlock_t
 						{
 							extendedChunk.unsetValid(extended_chunk_key_i);
 
-							__atomic_sub_fetch(&stats.pairs, 1, __ATOMIC_RELAXED);
+							__atomic_sub_fetch(&stats_.pairs, 1, __ATOMIC_RELAXED);
 						}
 					}
 
@@ -1036,7 +1044,7 @@ class hashtable_chain_spinlock_t
 				{
 					chunk.unsetValid(key_i);
 
-					__atomic_sub_fetch(&hashtable->stats.pairs, 1, __ATOMIC_RELAXED);
+					__atomic_sub_fetch(&hashtable->stats_.pairs, 1, __ATOMIC_RELAXED);
 				}
 				else if (chunk.getNextExtendedChunkId() != extendedChunkIdUnknown)
 				{
@@ -1044,7 +1052,7 @@ class hashtable_chain_spinlock_t
 
 					extendedChunk.unsetValid(key_i - pairsPerChunk_T);
 
-					__atomic_sub_fetch(&hashtable->stats.pairs, 1, __ATOMIC_RELAXED);
+					__atomic_sub_fetch(&hashtable->stats_.pairs, 1, __ATOMIC_RELAXED);
 				}
 			}
 
@@ -1150,8 +1158,7 @@ class hashtable_chain_spinlock_t
 			iterator_t(hashtable_t* hashtable,
 			           const uint32_t& chunk_i) :
 			        hashtable(hashtable),
-			        chunk_i(chunk_i),
-			        key_i(0)
+			        chunk_i(chunk_i)
 			{
 			}
 
@@ -1159,7 +1166,7 @@ class hashtable_chain_spinlock_t
 			hashtable_t* hashtable;
 
 			uint32_t chunk_i;
-			uint32_t key_i;
+			uint32_t key_i{};
 		};
 
 		iterator_t begin() const
@@ -1209,11 +1216,6 @@ class hashtable_chain_spinlock_t
 		return range(gcIndex, steps);
 	}
 
-	const auto& getStats() const
-	{
-		return stats;
-	}
-
 protected:
 	constexpr static uint8_t flagExtendedChunkOccupied = 1 << 7;
 	constexpr static uint32_t extendedChunkIdUnknown = 0x00FFFFFF;
@@ -1234,27 +1236,27 @@ class hashtable_chain_spinlock_t
 		}
 
 	public:
-		inline uint32_t getNextExtendedChunkId() const
+		[[nodiscard]] uint32_t getNextExtendedChunkId() const
 		{
 			return nextExtendedChunkId & 0x00FFFFFFu;
 		}
 
-		inline void setNextExtendedChunkId(const uint32_t& extendedChunkId)
+		void setNextExtendedChunkId(const uint32_t& extendedChunkId)
 		{
 			nextExtendedChunkId = (nextExtendedChunkId & 0xFF000000u) | (extendedChunkId & 0x00FFFFFFu);
 		}
 
-		inline bool isValid(const unsigned int& key_i) const
+		[[nodiscard]] bool isValid(const unsigned int& key_i) const
 		{
 			return keyValids & (1u << key_i);
 		}
 
-		inline void setValid(const unsigned int& key_i)
+		void setValid(const unsigned int& key_i)
 		{
 			keyValids |= (1u << key_i);
 		}
 
-		inline void unsetValid(const unsigned int& key_i)
+		void unsetValid(const unsigned int& key_i)
 		{
 			keyValids &= ~(1u << key_i);
 		}
@@ -1266,22 +1268,22 @@ class hashtable_chain_spinlock_t
 			YADECAP_MEMORY_BARRIER_COMPILE;
 		}
 
-		inline const key_T& getKey(unsigned int key_i) const
+		const key_T& getKey(unsigned int key_i) const
 		{
 			return pairs[key_i].key;
 		}
 
-		inline key_T& getKey(unsigned int key_i)
+		key_T& getKey(unsigned int key_i)
 		{
 			return pairs[key_i].key;
 		}
 
-		inline const value_T& getValue(unsigned int key_i) const
+		const value_T& getValue(unsigned int key_i) const
 		{
 			return pairs[key_i].value;
 		}
 
-		inline value_T& getValue(unsigned int key_i)
+		value_T& getValue(unsigned int key_i)
 		{
 			return pairs[key_i].value;
 		}
@@ -1315,27 +1317,27 @@ class hashtable_chain_spinlock_t
 		}
 
 	public:
-		inline uint32_t getNextExtendedChunkId() const
+		[[nodiscard]] uint32_t getNextExtendedChunkId() const
 		{
 			return nextExtendedChunkId & 0x00FFFFFFu;
 		}
 
-		inline void setNextExtendedChunkId(const uint32_t& extendedChunkId)
+		void setNextExtendedChunkId(const uint32_t& extendedChunkId)
 		{
 			nextExtendedChunkId = (nextExtendedChunkId & 0xFF000000u) | (extendedChunkId & 0x00FFFFFFu);
 		}
 
-		inline bool isValid(const unsigned int& key_i) const
+		[[nodiscard]] bool isValid(const unsigned int& key_i) const
 		{
 			return keyValids & (1u << key_i);
 		}
 
-		inline void setValid(const unsigned int& key_i)
+		void setValid(const unsigned int& key_i)
 		{
 			keyValids |= (1u << key_i);
 		}
 
-		inline void unsetValid(const unsigned int& key_i)
+		void unsetValid(const unsigned int& key_i)
 		{
 			keyValids &= ~(1u << key_i);
 		}
@@ -1347,22 +1349,22 @@ class hashtable_chain_spinlock_t
 			YADECAP_MEMORY_BARRIER_COMPILE;
 		}
 
-		inline const key_T& getKey(unsigned int key_i) const
+		const key_T& getKey(unsigned int key_i) const
 		{
 			return pairs[key_i].key;
 		}
 
-		inline key_T& getKey(unsigned int key_i)
+		key_T& getKey(unsigned int key_i)
 		{
 			return pairs[key_i].key;
 		}
 
-		inline const value_T& getValue(unsigned int key_i) const
+		const value_T& getValue(unsigned int key_i) const
 		{
 			return pairs[key_i].value;
 		}
 
-		inline value_T& getValue(unsigned int key_i)
+		value_T& getValue(unsigned int key_i)
 		{
 			return pairs[key_i].value;
 		}
@@ -1387,8 +1389,8 @@ class hashtable_chain_spinlock_t
 	};
 
 protected:
-	static inline bool compareKeys(const key_T& first,
-	                               const key_T& second)
+	static bool compareKeys(const key_T& first,
+	                        const key_T& second)
 	{
 		return !memcmp(&first, &second, sizeof(key_T));
 	}
@@ -1408,7 +1410,7 @@ class hashtable_chain_spinlock_t
 		freeExtendedChunkId = extendedChunk.getNextExtendedChunkId();
 		extendedChunk.setNextExtendedChunkId(extendedChunkIdUnknown);
 
-		stats.extendedChunksCount++;
+		stats_.extendedChunksCount++;
 		extendedChunkLocker.unlock();
 
 		return chunkId;
@@ -1428,21 +1430,21 @@ class hashtable_chain_spinlock_t
 		extendedChunk.setNextExtendedChunkId(freeExtendedChunkId);
 		freeExtendedChunkId = extendedChunkId;
 
-		stats.extendedChunksCount--;
+		stats_.extendedChunksCount--;
 		extendedChunkLocker.unlock();
 	}
 
-protected:
-	struct
+	hashtable_chain_spinlock_stats_t stats_;
+
+public:
+	[[nodiscard]] const hashtable_chain_spinlock_stats_t& stats() const
 	{
-		uint64_t extendedChunksCount;
-		uint64_t longestChain;
-		uint64_t pairs;
-		uint64_t insertFailed;
-	} stats;
+		return stats_;
+	}
 
+protected:
 	spinlock_t extendedChunkLocker;
-	uint32_t gcIndex;
+	uint32_t gcIndex{};
 	uint32_t freeExtendedChunkId;
 
 	YADECAP_CACHE_ALIGNED(align1);
@@ -1559,10 +1561,10 @@ class hashtable_mod_id32
 	/// & 1VV	& 0VV		& VVV
 	/// ^ 100	^ 100		^ 100
 	/// = 0VV	= 1VV		= 1VV
-	inline uint32_t lookup(uint32_t (&hashes)[burst_size],
-	                       const key_t (&keys)[burst_size],
-	                       uint32_t (&values)[burst_size],
-	                       const unsigned int count) const
+	uint32_t lookup(uint32_t (&hashes)[burst_size],
+	                const key_t (&keys)[burst_size],
+	                uint32_t (&values)[burst_size],
+	                const unsigned int count) const
 	{
 		uint32_t mask = mask_full;
 
@@ -1643,7 +1645,7 @@ class hashtable_mod_id32
 
 		for (const auto& [key, value] : keys)
 		{
-			eResult insert_result;
+			eResult insert_result = eResult::success;
 			if constexpr (std::is_same_v<update_key_t, key_t>)
 			{
 				insert_result = insert(updater, key, value);
@@ -1743,17 +1745,17 @@ class hashtable_mod_id32
 	} pairs[total_size];
 
 protected:
-	inline bool is_valid(const uint32_t index) const
+	[[nodiscard]] bool is_valid(const uint32_t index) const
 	{
 		return (pairs[index].value >> shift_valid) & 1;
 	}
 
-	inline bool is_equal(const uint32_t index, const key_t& key) const
+	bool is_equal(const uint32_t index, const key_t& key) const
 	{
 		return !memcmp(&pairs[index].key, &key, sizeof(key_t));
 	}
 
-	inline bool is_valid_and_equal(const uint32_t index, const key_t& key) const
+	bool is_valid_and_equal(const uint32_t index, const key_t& key) const
 	{
 		return is_valid(index) && is_equal(index, key);
 	}
@@ -1819,10 +1821,10 @@ class hashtable_mod_id32_dynamic
 	/// valid	invalid
 	/// = 0VV	= 1VV
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline uint32_t lookup(uint32_t (&hashes)[burst_size],
-	                       const key_t (&keys)[burst_size],
-	                       uint32_t (&values)[burst_size],
-	                       const unsigned int count) const
+	uint32_t lookup(uint32_t (&hashes)[burst_size],
+	                const key_t (&keys)[burst_size],
+	                uint32_t (&values)[burst_size],
+	                const unsigned int count) const
 	{
 		uint32_t mask = mask_full;
 
@@ -1980,17 +1982,17 @@ class hashtable_mod_id32_dynamic
 	}
 
 protected:
-	inline bool is_valid(const uint32_t index) const
+	[[nodiscard]] bool is_valid(const uint32_t index) const
 	{
 		return (pairs[index].value >> shift_valid) & 1;
 	}
 
-	inline bool is_equal(const uint32_t index, const key_t& key) const
+	bool is_equal(const uint32_t index, const key_t& key) const
 	{
 		return !memcmp(&pairs[index].key, &key, sizeof(key_t));
 	}
 
-	inline bool is_valid_and_equal(const uint32_t index, const key_t& key) const
+	bool is_valid_and_equal(const uint32_t index, const key_t& key) const
 	{
 		return is_valid(index) && is_equal(index, key);
 	}
@@ -2068,9 +2070,9 @@ class hashtable_mod_spinlock
 	}
 
 public:
-	inline uint32_t lookup(const key_t& key,
-	                       value_t*& value,
-	                       spinlock_nonrecursive_t*& locker)
+	uint32_t lookup(const key_t& key,
+	                value_t*& value,
+	                spinlock_nonrecursive_t*& locker)
 	{
 		uint32_t hash = calculate_hash(key);
 		auto& chunk = chunks[hash & (total_size / chunk_size - 1)];
@@ -2111,9 +2113,9 @@ class hashtable_mod_spinlock
 		return hash;
 	}
 
-	inline bool insert(const uint32_t hash,
-	                   const key_t& key,
-	                   const value_t& value)
+	bool insert(const uint32_t hash,
+	            const key_t& key,
+	            const value_t& value)
 	{
 		auto& chunk = chunks[hash & (total_size / chunk_size - 1)];
 
@@ -2166,13 +2168,13 @@ class hashtable_mod_spinlock
 		return false;
 	}
 
-	inline bool insert_or_update(const key_t& key,
-	                             const value_t& value)
+	bool insert_or_update(const key_t& key,
+	                      const value_t& value)
 	{
 		bool result = true;
 
-		value_t* ht_value;
-		spinlock_nonrecursive_t* locker;
+		value_t* ht_value = nullptr;
+		spinlock_nonrecursive_t* locker = nullptr;
 
 		uint32_t hash = lookup(key, ht_value, locker);
 		if (ht_value)
@@ -2342,17 +2344,17 @@ class hashtable_mod_spinlock
 		} pairs[chunk_size];
 	} chunks[total_size / chunk_size];
 
-	inline bool is_valid(const chunk_t& chunk, const uint32_t pair_index) const
+	bool is_valid(const chunk_t& chunk, const uint32_t pair_index) const
 	{
 		return (chunk.valid_mask >> pair_index) & 1;
 	}
 
-	inline bool is_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
+	bool is_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
 	{
 		return !memcmp(&chunk.pairs[pair_index].key, &key, sizeof(key_t));
 	}
 
-	inline bool is_valid_and_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
+	bool is_valid_and_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
 	{
 		return is_valid(chunk, pair_index) && is_equal(chunk, pair_index, key);
 	}
@@ -2545,9 +2547,9 @@ class hashtable_mod_spinlock_dynamic
 	}
 
 public:
-	inline uint32_t lookup(const key_t& key,
-	                       value_t*& value,
-	                       spinlock_nonrecursive_t*& locker)
+	uint32_t lookup(const key_t& key,
+	                value_t*& value,
+	                spinlock_nonrecursive_t*& locker)
 	{
 		uint32_t hash = calculate_hash(key);
 		auto& chunk = chunks[hash & total_mask];
@@ -2588,9 +2590,9 @@ class hashtable_mod_spinlock_dynamic
 		return hash;
 	}
 
-	inline bool insert(const uint32_t hash,
-	                   const key_t& key,
-	                   const value_t& value)
+	bool insert(const uint32_t hash,
+	            const key_t& key,
+	            const value_t& value)
 	{
 		auto& chunk = chunks[hash & total_mask];
 
@@ -2643,13 +2645,13 @@ class hashtable_mod_spinlock_dynamic
 		return false;
 	}
 
-	inline bool insert_or_update(const key_t& key,
-	                             const value_t& value)
+	bool insert_or_update(const key_t& key,
+	                      const value_t& value)
 	{
 		bool result = true;
 
-		value_t* ht_value;
-		spinlock_nonrecursive_t* locker;
+		value_t* ht_value = nullptr;
+		spinlock_nonrecursive_t* locker = nullptr;
 
 		uint32_t hash = lookup(key, ht_value, locker);
 		if (ht_value)
@@ -2665,7 +2667,7 @@ class hashtable_mod_spinlock_dynamic
 		return result;
 	}
 
-	inline void remove(const key_t& key)
+	void remove(const key_t& key)
 	{
 		uint32_t hash = calculate_hash(key);
 		auto& chunk = chunks[hash & total_mask];
@@ -2856,17 +2858,17 @@ class hashtable_mod_spinlock_dynamic
 		} pairs[chunk_size];
 	} chunks[];
 
-	inline bool is_valid(const chunk_t& chunk, const uint32_t pair_index) const
+	bool is_valid(const chunk_t& chunk, const uint32_t pair_index) const
 	{
 		return (chunk.valid_mask >> pair_index) & 1;
 	}
 
-	inline bool is_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
+	bool is_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
 	{
 		return !memcmp(&chunk.pairs[pair_index].key, &key, sizeof(key_t));
 	}
 
-	inline bool is_valid_and_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
+	bool is_valid_and_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
 	{
 		return is_valid(chunk, pair_index) && is_equal(chunk, pair_index, key);
 	}
@@ -3095,8 +3097,8 @@ class hashtable_mod_dynamic
 	}
 
 public:
-	inline uint32_t lookup(const key_t& key,
-	                       value_t*& value)
+	uint32_t lookup(const key_t& key,
+	                value_t*& value)
 	{
 		uint32_t hash = calculate_hash(key);
 		auto& chunk = chunks[hash & total_mask];
@@ -3134,8 +3136,8 @@ class hashtable_mod_dynamic
 		return hash;
 	}
 
-	inline uint32_t lookup(const key_t& key,
-	                       value_t const*& value) const
+	uint32_t lookup(const key_t& key,
+	                value_t const*& value) const
 	{
 		uint32_t hash = calculate_hash(key);
 		auto& chunk = chunks[hash & total_mask];
@@ -3173,9 +3175,9 @@ class hashtable_mod_dynamic
 		return hash;
 	}
 
-	inline bool insert(const uint32_t hash,
-	                   const key_t& key,
-	                   const value_t& value)
+	bool insert(const uint32_t hash,
+	            const key_t& key,
+	            const value_t& value)
 	{
 		auto& chunk = chunks[hash & total_mask];
 
@@ -3228,12 +3230,12 @@ class hashtable_mod_dynamic
 		return false;
 	}
 
-	inline bool insert_or_update(const key_t& key,
-	                             const value_t& value)
+	bool insert_or_update(const key_t& key,
+	                      const value_t& value)
 	{
 		bool result = true;
 
-		value_t* ht_value;
+		value_t* ht_value = nullptr;
 
 		uint32_t hash = lookup(key, ht_value);
 		if (ht_value)
@@ -3248,7 +3250,7 @@ class hashtable_mod_dynamic
 		return result;
 	}
 
-	inline bool remove(const key_t& key)
+	bool remove(const key_t& key)
 	{
 		uint32_t hash = calculate_hash(key);
 		auto& chunk = chunks[hash & total_mask];
@@ -3421,17 +3423,17 @@ class hashtable_mod_dynamic
 		} pairs[chunk_size];
 	} chunks[];
 
-	inline bool is_valid(const chunk_t& chunk, const uint32_t pair_index) const
+	bool is_valid(const chunk_t& chunk, const uint32_t pair_index) const
 	{
 		return (chunk.valid_mask >> pair_index) & 1;
 	}
 
-	inline bool is_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
+	bool is_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
 	{
 		return !memcmp(&chunk.pairs[pair_index].key, &key, sizeof(key_t));
 	}
 
-	inline bool is_valid_and_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
+	bool is_valid_and_equal(const chunk_t& chunk, const uint32_t pair_index, const key_t& key) const
 	{
 		return is_valid(chunk, pair_index) && is_equal(chunk, pair_index, key);
 	}
diff --git a/dataplane/icmp.h b/dataplane/icmp.h
index 84a2a692..b6f9faa7 100644
--- a/dataplane/icmp.h
+++ b/dataplane/icmp.h
@@ -10,7 +10,7 @@ inline bool yanet_icmp_translate_v6_to_v4(icmp_header_t* icmpHeader,
                                           uint16_t length,
                                           uint16_t checksum6)
 {
-	uint8_t type;
+	uint8_t type = 0;
 
 	if (icmpHeader->type == ICMP6_ECHO_REQUEST)
 	{
@@ -46,7 +46,7 @@ inline bool yanet_icmp_translate_v4_to_v6(icmp_header_t* icmpHeader,
                                           uint16_t length,
                                           uint16_t checksum6)
 {
-	uint8_t type;
+	uint8_t type = 0;
 
 	if (icmpHeader->type == ICMP_ECHO)
 	{
diff --git a/dataplane/icmp_translations.cpp b/dataplane/icmp_translations.cpp
new file mode 100644
index 00000000..7151a525
--- /dev/null
+++ b/dataplane/icmp_translations.cpp
@@ -0,0 +1,519 @@
+#include "icmp_translations.h"
+#include "checksum.h"
+#include "dataplane/icmp.h"
+#include "metadata.h"
+
+namespace dataplane
+{
+
+bool do_icmp_translate_v6_to_v4(rte_mbuf* mbuf,
+                                const dataplane::globalBase::nat64stateless_translation_t& translation)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	rte_ipv4_hdr* ipv4ExtHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
+
+	if (ipv4ExtHeader->next_proto_id != IPPROTO_ICMP)
+	{
+		return false;
+	}
+
+	unsigned int payloadExtLen = rte_be_to_cpu_16(ipv4ExtHeader->total_length) - sizeof(rte_ipv4_hdr);
+
+	if (payloadExtLen < sizeof(icmp_header_t*) + sizeof(rte_ipv6_hdr))
+	{
+		return false;
+	}
+
+	icmp_header_t* icmpHeader = rte_pktmbuf_mtod_offset(mbuf, icmp_header_t*, metadata->network_headerOffset + sizeof(rte_ipv4_hdr));
+	uint8_t type = icmpHeader->type;
+	uint8_t code = icmpHeader->code;
+
+	if (type == ICMP6_DST_UNREACH)
+	{
+		type = ICMP_DEST_UNREACH;
+
+		if (code == ICMP6_DST_UNREACH_NOROUTE || code == ICMP6_DST_UNREACH_BEYONDSCOPE ||
+		    code == ICMP6_DST_UNREACH_ADDR)
+		{
+			code = ICMP_HOST_UNREACH;
+		}
+		else if (code == ICMP6_DST_UNREACH_ADMIN)
+		{
+			code = ICMP_HOST_ANO;
+		}
+		else if (code == ICMP6_DST_UNREACH_NOPORT)
+		{
+			code = ICMP_PORT_UNREACH;
+		}
+		else
+		{
+			return false;
+		}
+	}
+	else if (type == ICMP6_PACKET_TOO_BIG)
+	{
+		type = ICMP_DEST_UNREACH;
+		code = ICMP_FRAG_NEEDED;
+
+		uint32_t mtu = rte_be_to_cpu_32(icmpHeader->data32[0]) - 20;
+		icmpHeader->data32[0] = 0;
+		icmpHeader->data16[1] = rte_cpu_to_be_16(mtu);
+	}
+	else if (type == ICMP6_TIME_EXCEEDED)
+	{
+		type = ICMP_TIME_EXCEEDED;
+	}
+	else if (type == ICMP6_PARAM_PROB)
+	{
+
+		if (code == ICMP6_PARAMPROB_HEADER)
+		{
+			type = ICMP_PARAMETERPROB;
+			code = 0;
+			uint32_t ptr = rte_be_to_cpu_32(icmpHeader->data32[0]);
+			icmpHeader->data32[0] = 0;
+
+			if (ptr == 0 || ptr == 1)
+			{
+				/// unchanged
+			}
+			else if (ptr == 4 || ptr == 5)
+			{
+				ptr = 2;
+			}
+			else if (ptr == 6)
+			{
+				ptr = 9;
+			}
+			else if (ptr == 7)
+			{
+				ptr = 8;
+			}
+			else if (ptr >= 8 && ptr < 24)
+			{
+				ptr = 12;
+			}
+			else if (ptr >= 24 && ptr < 40)
+			{
+				ptr = 16;
+			}
+			else
+			{
+				return false;
+			}
+
+			icmpHeader->data8[0] = ptr;
+		}
+		else if (code == ICMP6_PARAMPROB_NEXTHEADER)
+		{
+			type = ICMP_DEST_UNREACH;
+			code = ICMP_PROT_UNREACH;
+			icmpHeader->data32[0] = 0;
+		}
+	}
+	else
+	{
+		return false;
+	}
+
+	icmpHeader->type = type;
+	icmpHeader->code = code;
+
+	rte_ipv6_hdr* ipv6PayloadHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset + sizeof(rte_ipv4_hdr) + sizeof(icmp_header_t));
+
+	/// @todo: think about it.
+	if (memcmp(ipv6PayloadHeader->dst_addr, translation.ipv6Address.bytes, 16))
+	{
+		return false;
+	}
+
+	if (memcmp(ipv6PayloadHeader->src_addr, translation.ipv6DestinationAddress.bytes, 12))
+	{
+		return false;
+	}
+
+	uint32_t addressSource = *(uint32_t*)&ipv6PayloadHeader->src_addr[12];
+
+	if (addressSource != ipv4ExtHeader->dst_addr)
+	{
+		return false;
+	}
+
+	uint32_t addressDestination = *(uint32_t*)&ipv6PayloadHeader->dst_addr[12];
+	addressDestination = translation.ipv4Address.address;
+
+	uint16_t checksum6 = yanet_checksum(&ipv6PayloadHeader->src_addr[0], 32);
+	uint16_t payloadLength = rte_be_to_cpu_16(ipv6PayloadHeader->payload_len);
+
+	unsigned int ipv6PayloadHeaderSize = sizeof(rte_ipv6_hdr);
+
+	uint16_t packet_id = 0x3421; ///< @todo: nat64statelessPacketId;
+	uint16_t fragment_offset = 0; ///< @todo: rte_cpu_to_be_16(RTE_IPV4_HDR_DF_FLAG);
+	uint8_t nextPayloadHeader = ipv6PayloadHeader->proto;
+
+	if (nextPayloadHeader == IPPROTO_FRAGMENT)
+	{
+		if (payloadExtLen < sizeof(icmp_header_t*) + sizeof(rte_ipv6_hdr) + sizeof(tIPv6ExtensionFragment*))
+		{
+			return false;
+		}
+		auto* extension = (tIPv6ExtensionFragment*)(((char*)ipv6PayloadHeader) + ipv6PayloadHeaderSize);
+		packet_id = static_cast<uint16_t>(extension->identification >> 16);
+		fragment_offset = rte_cpu_to_be_16(rte_be_to_cpu_16(extension->offsetFlagM) >> 3);
+		fragment_offset |= (extension->offsetFlagM & 0x0100) >> 3;
+
+		nextPayloadHeader = extension->nextHeader;
+
+		ipv6PayloadHeaderSize += 8;
+	}
+
+	if (nextPayloadHeader == IPPROTO_HOPOPTS ||
+	    nextPayloadHeader == IPPROTO_ROUTING ||
+	    nextPayloadHeader == IPPROTO_FRAGMENT ||
+	    nextPayloadHeader == IPPROTO_NONE ||
+	    nextPayloadHeader == IPPROTO_DSTOPTS ||
+	    nextPayloadHeader == IPPROTO_MH)
+	{
+		/// @todo: ipv6 extensions
+
+		return false;
+	}
+
+	if (nextPayloadHeader == IPPROTO_ICMPV6)
+	{
+		nextPayloadHeader = IPPROTO_ICMP;
+	}
+
+	auto* ipv4PayloadHeader = (rte_ipv4_hdr*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize - sizeof(rte_ipv4_hdr));
+
+	ipv4PayloadHeader->version_ihl = 0x45;
+	ipv4PayloadHeader->type_of_service = (rte_be_to_cpu_32(ipv6PayloadHeader->vtc_flow) >> 20) & 0xFF;
+	ipv4PayloadHeader->total_length = rte_cpu_to_be_16(payloadLength + 20 - (ipv6PayloadHeaderSize - 40));
+	ipv4PayloadHeader->packet_id = packet_id;
+	ipv4PayloadHeader->fragment_offset = fragment_offset;
+	ipv4PayloadHeader->time_to_live = ipv6PayloadHeader->hop_limits;
+	ipv4PayloadHeader->next_proto_id = nextPayloadHeader;
+	ipv4PayloadHeader->src_addr = addressSource;
+	ipv4PayloadHeader->dst_addr = addressDestination;
+
+	yanet_ipv4_checksum(ipv4PayloadHeader);
+
+	uint16_t checksum4 = yanet_checksum(&ipv4PayloadHeader->src_addr, 8);
+
+	{
+		unsigned int delta = ipv6PayloadHeaderSize - sizeof(rte_ipv4_hdr);
+
+		memcpy(rte_pktmbuf_mtod_offset(mbuf, char*, delta),
+		       rte_pktmbuf_mtod(mbuf, char*),
+		       metadata->network_headerOffset + sizeof(rte_ipv4_hdr) + sizeof(icmp_header_t));
+
+		rte_pktmbuf_adj(mbuf, delta);
+
+		icmpHeader = (icmp_header_t*)((char*)icmpHeader + delta);
+		ipv4ExtHeader = (rte_ipv4_hdr*)((char*)ipv4ExtHeader + delta);
+
+		uint16_t csum = ~ipv4ExtHeader->hdr_checksum;
+		csum = csum_minus(csum, ipv4ExtHeader->total_length);
+		ipv4ExtHeader->total_length = rte_cpu_to_be_16(rte_be_to_cpu_16(ipv4ExtHeader->total_length) - delta);
+		csum = csum_plus(csum, ipv4ExtHeader->total_length);
+		ipv4ExtHeader->hdr_checksum = (csum == 0xffff) ? csum : ~csum;
+	}
+
+	if ((fragment_offset & 0xFF1F) == 0)
+	{
+		if (nextPayloadHeader == IPPROTO_TCP)
+		{
+			/// @todo: check packet size
+
+			auto* tcpPayloadHeader = (rte_tcp_hdr*)((char*)ipv4PayloadHeader + sizeof(rte_ipv4_hdr));
+			yanet_tcp_checksum_v6_to_v4(tcpPayloadHeader, checksum6, checksum4);
+		}
+		else if (nextPayloadHeader == IPPROTO_UDP)
+		{
+			/// @todo: check packet size
+
+			auto* udpPayloadHeader = (rte_udp_hdr*)((char*)ipv4PayloadHeader + sizeof(rte_ipv4_hdr));
+			yanet_udp_checksum_v6_to_v4(udpPayloadHeader, checksum6, checksum4);
+		}
+		else if (nextPayloadHeader == IPPROTO_ICMP)
+		{
+			/// @todo: check packet size
+
+			auto* icmpPayloadHeader = (icmp_header_t*)((char*)ipv4PayloadHeader + sizeof(rte_ipv4_hdr));
+
+			if ((fragment_offset & 0xFF3F) != 0 ||
+			    !yanet_icmp_translate_v6_to_v4(icmpPayloadHeader,
+			                                   payloadLength,
+			                                   checksum6))
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	icmpHeader->checksum = 0;
+	uint32_t sum = __rte_raw_cksum(icmpHeader, sizeof(icmp_header_t) + sizeof(rte_ipv4_hdr) + payloadLength, 0);
+	icmpHeader->checksum = ~__rte_raw_cksum_reduce(sum);
+
+	return true;
+}
+
+bool do_icmp_translate_v4_to_v6(rte_mbuf* mbuf,
+                                const dataplane::globalBase::nat64stateless_translation_t& translation)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	rte_ipv6_hdr* ipv6ExtHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
+
+	if (ipv6ExtHeader->proto != IPPROTO_ICMPV6)
+	{
+		return false;
+	}
+
+	unsigned int ipv6ExtHeaderSize = sizeof(rte_ipv6_hdr);
+
+	unsigned int payloadLen = rte_be_to_cpu_16(ipv6ExtHeader->payload_len);
+
+	if (payloadLen < sizeof(icmp_header_t) + sizeof(rte_ipv4_hdr))
+	{
+		return false;
+	}
+
+	icmp_header_t* icmpHeader = rte_pktmbuf_mtod_offset(mbuf, icmp_header_t*, metadata->network_headerOffset + ipv6ExtHeaderSize);
+	uint8_t type = icmpHeader->type;
+	uint8_t code = icmpHeader->code;
+
+	if (type == ICMP_DEST_UNREACH)
+	{
+		type = ICMP6_DST_UNREACH;
+
+		if (code == ICMP_NET_UNREACH || code == ICMP_HOST_UNREACH ||
+		    code == ICMP_SR_FAILED || code == ICMP_NET_UNKNOWN ||
+		    code == ICMP_HOST_UNKNOWN || code == ICMP_HOST_ISOLATED ||
+		    code == ICMP_NET_UNR_TOS || code == ICMP_HOST_UNR_TOS)
+		{
+			code = ICMP6_DST_UNREACH_NOROUTE;
+		}
+		else if (code == ICMP_PORT_UNREACH)
+		{
+			code = ICMP6_DST_UNREACH_NOPORT;
+		}
+		else if (code == ICMP_NET_ANO || code == ICMP_HOST_ANO ||
+		         code == ICMP_PKT_FILTERED || code == ICMP_PREC_CUTOFF)
+		{
+			code = ICMP6_DST_UNREACH_ADMIN;
+		}
+		else if (code == ICMP_PROT_UNREACH)
+		{
+			type = ICMP6_PARAM_PROB;
+			code = ICMP6_PARAMPROB_NEXTHEADER;
+
+			icmpHeader->data32[0] = rte_cpu_to_be_32(6);
+		}
+		else if (code == ICMP_FRAG_NEEDED)
+		{
+			type = ICMP6_PACKET_TOO_BIG;
+			code = 0;
+
+			uint32_t mtu = rte_be_to_cpu_16(icmpHeader->data16[1]) + 20;
+			if (mtu < 1280)
+			{
+				mtu = 1280;
+			}
+
+			icmpHeader->data32[0] = rte_cpu_to_be_32(mtu);
+		}
+		else
+		{
+			return false;
+		}
+	}
+	else if (type == ICMP_TIME_EXCEEDED)
+	{
+		type = ICMP6_TIME_EXCEEDED;
+	}
+	else if (type == ICMP_PARAMETERPROB)
+	{
+		if (code != 0 && code != 2)
+		{
+			return false;
+		}
+
+		uint8_t ptr = icmpHeader->data8[0];
+
+		if (ptr == 0 || ptr == 1)
+		{
+			/// unchanged
+		}
+		else if (ptr == 2 || ptr == 3)
+		{
+			ptr = 4;
+		}
+		else if (ptr == 8)
+		{
+			ptr = 7;
+		}
+		else if (ptr == 9)
+		{
+			ptr = 6;
+		}
+		else if (ptr >= 12 && ptr < 16)
+		{
+			ptr = 8;
+		}
+		else if (ptr >= 16 && ptr < 20)
+		{
+			ptr = 24;
+		}
+		else
+		{
+			return false;
+		}
+
+		type = ICMP6_PARAM_PROB;
+		code = ICMP6_PARAMPROB_HEADER;
+
+		icmpHeader->data32[0] = rte_cpu_to_be_32(ptr);
+	}
+	else
+	{
+		return false;
+	}
+
+	icmpHeader->type = type;
+	icmpHeader->code = code;
+
+	rte_ipv4_hdr* ipv4PayloadHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset + ipv6ExtHeaderSize + sizeof(icmp_header_t));
+
+	/// @todo: check ipv4 payload header length
+
+	if (ipv4PayloadHeader->src_addr != translation.ipv4Address.address)
+	{
+		return false;
+	}
+
+	unsigned int ipv6PayloadHeaderSize = sizeof(rte_ipv6_hdr);
+
+	if ((ipv4PayloadHeader->fragment_offset & 0xFF3F) != 0)
+	{
+		ipv6PayloadHeaderSize += 8;
+	}
+
+	{
+		unsigned int delta = ipv6PayloadHeaderSize - sizeof(rte_ipv4_hdr);
+
+		rte_pktmbuf_prepend(mbuf, delta);
+
+		memcpy(rte_pktmbuf_mtod(mbuf, char*),
+		       rte_pktmbuf_mtod_offset(mbuf, char*, delta),
+		       metadata->network_headerOffset + ipv6ExtHeaderSize + sizeof(icmp_header_t));
+
+		icmpHeader = (icmp_header_t*)((char*)icmpHeader - delta);
+		ipv6ExtHeader = (rte_ipv6_hdr*)((char*)ipv6ExtHeader - delta);
+		payloadLen += delta;
+		ipv6ExtHeader->payload_len = rte_cpu_to_be_16(payloadLen);
+	}
+
+	rte_ipv6_hdr* ipv6PayloadHeader = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset + ipv6ExtHeaderSize + sizeof(icmp_header_t));
+
+	uint32_t addressDestination = ipv4PayloadHeader->dst_addr;
+	uint16_t checksum4 = yanet_checksum(&ipv4PayloadHeader->src_addr, 8);
+
+	uint16_t fragment_offset = ipv4PayloadHeader->fragment_offset;
+	uint8_t nextPayloadHeader = ipv4PayloadHeader->next_proto_id;
+
+	if (nextPayloadHeader == IPPROTO_ICMP)
+	{
+		nextPayloadHeader = IPPROTO_ICMPV6;
+	}
+
+	if ((fragment_offset & 0xFF3F) != 0)
+	{
+		auto* extension = (tIPv6ExtensionFragment*)(((char*)ipv6PayloadHeader) + sizeof(rte_ipv6_hdr));
+		extension->nextHeader = nextPayloadHeader;
+		extension->reserved = 0;
+		extension->offsetFlagM = rte_cpu_to_be_16(rte_be_to_cpu_16(fragment_offset) << 3);
+		extension->offsetFlagM |= (fragment_offset & 0x0020) << 3;
+
+		/// @todo:  it is not original identification.
+		extension->identification = ipv4PayloadHeader->packet_id;
+
+		ipv6PayloadHeader->proto = IPPROTO_FRAGMENT;
+	}
+	else
+	{
+		ipv6PayloadHeader->proto = nextPayloadHeader;
+	}
+
+	ipv6PayloadHeader->vtc_flow = rte_cpu_to_be_32((0x6 << 28) | (ipv4PayloadHeader->type_of_service << 20));
+	ipv6PayloadHeader->payload_len = rte_cpu_to_be_16(rte_be_to_cpu_16(ipv4PayloadHeader->total_length) - 20 + (ipv6PayloadHeaderSize - 40));
+	ipv6PayloadHeader->hop_limits = ipv4PayloadHeader->time_to_live;
+	;
+
+	memcpy(ipv6PayloadHeader->src_addr, translation.ipv6Address.bytes, 16);
+
+	if (memcmp(ipv6PayloadHeader->src_addr, ipv6ExtHeader->dst_addr, 16))
+	{
+		return false;
+	}
+
+	memcpy(&ipv6PayloadHeader->dst_addr[0], translation.ipv6DestinationAddress.bytes, 12);
+	memcpy(&ipv6PayloadHeader->dst_addr[12], &addressDestination, 4);
+
+	uint16_t checksum6 = yanet_checksum(&ipv6PayloadHeader->src_addr[0], 32);
+
+	if ((fragment_offset & 0xFF1F) == 0)
+	{
+		if (nextPayloadHeader == IPPROTO_TCP)
+		{
+			/// @todo: check packet size
+
+			auto* tcpPayloadHeader = (rte_tcp_hdr*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize);
+			yanet_tcp_checksum_v4_to_v6(tcpPayloadHeader, checksum4, checksum6);
+		}
+		else if (nextPayloadHeader == IPPROTO_UDP)
+		{
+			/// @todo: check packet size
+
+			auto* udpPayloadHeader = (rte_udp_hdr*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize);
+			yanet_udp_checksum_v4_to_v6(udpPayloadHeader, checksum4, checksum6);
+		}
+		else if (nextPayloadHeader == IPPROTO_ICMPV6)
+		{
+			/// @todo: check packet size
+
+			auto* icmpPayloadHeader = (icmp_header_t*)((char*)ipv6PayloadHeader + ipv6PayloadHeaderSize);
+
+			if ((fragment_offset & 0xFF3F) != 0 ||
+			    !yanet_icmp_translate_v4_to_v6(icmpPayloadHeader,
+			                                   rte_be_to_cpu_16(ipv6PayloadHeader->payload_len),
+			                                   checksum6))
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
+
+	icmpHeader->checksum = 0;
+	uint32_t sum = __rte_raw_cksum(ipv6ExtHeader->src_addr, 16, 0);
+	sum = __rte_raw_cksum(ipv6ExtHeader->dst_addr, 16, sum);
+
+	uint32_t tmp = ((uint32_t)rte_cpu_to_be_16(IPPROTO_ICMPV6) << 16) + rte_cpu_to_be_16(payloadLen);
+	sum = __rte_raw_cksum(&tmp, 4, sum);
+	sum = __rte_raw_cksum(icmpHeader, payloadLen, sum);
+
+	icmpHeader->checksum = ~__rte_raw_cksum_reduce(sum);
+
+	return true;
+}
+
+} // namespace dataplane
diff --git a/dataplane/icmp_translations.h b/dataplane/icmp_translations.h
new file mode 100644
index 00000000..f696d284
--- /dev/null
+++ b/dataplane/icmp_translations.h
@@ -0,0 +1,12 @@
+#include <rte_mbuf.h>
+
+#include "type.h"
+
+namespace dataplane
+{
+bool do_icmp_translate_v6_to_v4(rte_mbuf* mbuf,
+                                const dataplane::globalBase::nat64stateless_translation_t& translation);
+bool do_icmp_translate_v4_to_v6(rte_mbuf* mbuf,
+                                const dataplane::globalBase::nat64stateless_translation_t& translation);
+
+} // namespace dataplane
diff --git a/dataplane/kernel_interface_handle.cpp b/dataplane/kernel_interface_handle.cpp
new file mode 100644
index 00000000..34a10d89
--- /dev/null
+++ b/dataplane/kernel_interface_handle.cpp
@@ -0,0 +1,198 @@
+#include <linux/if.h>
+#include <sys/ioctl.h>
+#include <sys/un.h>
+
+#include <rte_ethdev.h>
+
+#include "common.h"
+#include "kernel_interface_handle.h"
+namespace dataplane
+{
+
+bool KernelInterfaceHandle::SetUp() const noexcept
+{
+	int socket = ::socket(AF_INET, SOCK_DGRAM, 0);
+	if (socket < 0)
+	{
+		return false;
+	}
+
+	struct ifreq request;
+	memset(&request, 0, sizeof request);
+
+	strncpy(request.ifr_name, name_.data(), IFNAMSIZ);
+
+	request.ifr_flags |= IFF_UP;
+	if (auto res = ioctl(socket, SIOCSIFFLAGS, &request))
+	{
+		YANET_LOG_ERROR("failed to set interface %s up, ioctl returned (%d)", name_.data(), res);
+		return false;
+	}
+	return true;
+}
+
+KernelInterfaceHandle::~KernelInterfaceHandle()
+{
+	if (Valid())
+		Remove();
+}
+
+KernelInterfaceHandle::KernelInterfaceHandle(KernelInterfaceHandle&& other) noexcept
+{
+	*this = std::move(other);
+}
+
+bool KernelInterfaceHandle::Start() const noexcept
+{
+	auto rc = rte_eth_dev_start(kni_port_);
+	if (rc)
+	{
+		YADECAP_LOG_ERROR("can't start eth dev(%d, %d): %s\n",
+		                  rc,
+		                  rte_errno,
+		                  rte_strerror(rte_errno));
+		return false;
+	}
+	return true;
+}
+
+KernelInterfaceHandle& KernelInterfaceHandle::operator=(KernelInterfaceHandle&& other) noexcept
+{
+	if (this != &other)
+	{
+		std::swap(kni_port_, other.kni_port_);
+		std::swap(name_, other.name_);
+		std::swap(vdev_name_, other.vdev_name_);
+		std::swap(queue_size_, other.queue_size_);
+	}
+	return *this;
+}
+
+std::optional<KernelInterfaceHandle>
+KernelInterfaceHandle::MakeKernelInterfaceHandle(
+        std::string_view name,
+        tPortId port,
+        tQueueId queue_count,
+        uint16_t queue_size) noexcept
+{
+	KernelInterfaceHandle kni;
+	kni.queue_size_ = queue_size;
+	kni.name_ = name;
+	kni.vdev_name_ = VdevName(name, port);
+	std::string vdev_args = VdevArgs(name, port, queue_count, queue_size);
+	if (!kni.Add(kni.vdev_name_, vdev_args) ||
+	    !kni.Configure(DefaultConfig(), queue_count))
+	{
+		return std::nullopt;
+	}
+	return std::optional<KernelInterfaceHandle>{std::move(kni)};
+}
+
+std::string KernelInterfaceHandle::VdevName(std::string_view name, tPortId port_id)
+{
+	std::stringstream ss;
+	ss << "virtio_user_" << name << "_" << port_id;
+	return ss.str();
+}
+
+std::string KernelInterfaceHandle::VdevArgs(std::string_view name, tPortId port_id, tQueueId queues, uint64_t queue_size)
+{
+	rte_ether_addr ether_addr;
+	rte_eth_macaddr_get(port_id, &ether_addr);
+	std::stringstream ss;
+	ss << "path=/dev/vhost-net"
+	   << ",queues=" << static_cast<int>(queues)
+	   << ",queue_size=" << queue_size
+	   << ",iface=" << name
+	   << ",mac=" << common::mac_address_t(ether_addr.addr_bytes).toString();
+	return ss.str();
+}
+
+bool KernelInterfaceHandle::Add(const std::string& vdev_name, const std::string& args) noexcept
+{
+	if (rte_eal_hotplug_add("vdev", vdev_name.data(), args.data()) != 0)
+	{
+		YADECAP_LOG_ERROR("failed to hotplug vdev interface '%s' with '%s'\n",
+		                  vdev_name.data(),
+		                  args.data());
+		return false;
+	}
+
+	if (rte_eth_dev_get_port_by_name(vdev_name.data(), &kni_port_) != 0)
+	{
+		YADECAP_LOG_ERROR("vdev interface '%s' not found\n", vdev_name.data());
+		return false;
+	}
+	YANET_LOG_INFO("vdev '%s' with portId %d (%s)\n", vdev_name.data(), kni_port_, args.data());
+	return true;
+}
+
+void KernelInterfaceHandle::Remove() noexcept
+{
+	rte_eal_hotplug_remove("vdev", vdev_name_.data());
+	MarkInvalid();
+}
+
+rte_eth_conf KernelInterfaceHandle::DefaultConfig() noexcept
+{
+	return rte_eth_conf{};
+}
+
+bool KernelInterfaceHandle::Configure(const rte_eth_conf& eth_conf, tQueueId queue_count) noexcept
+{
+	int ret = rte_eth_dev_configure(kni_port_,
+	                                queue_count,
+	                                queue_count,
+	                                &eth_conf);
+	if (ret < 0)
+	{
+		YADECAP_LOG_ERROR("rte_eth_dev_configure() = %d\n", ret);
+		return false;
+	}
+	return true;
+}
+
+bool KernelInterfaceHandle::CloneMTU(const uint16_t port_id) noexcept
+{
+	uint16_t mtu = 0;
+	if (rte_eth_dev_get_mtu(port_id, &mtu))
+	{
+		return (rte_eth_dev_set_mtu(kni_port_, mtu) == 0);
+	}
+	return false;
+}
+
+bool KernelInterfaceHandle::SetupRxQueue(tQueueId queue, tSocketId socket, rte_mempool* mempool) noexcept
+{
+	int rc = rte_eth_rx_queue_setup(kni_port_,
+	                                queue,
+	                                queue_size_,
+	                                socket,
+	                                nullptr,
+	                                mempool);
+	if (rc < 0)
+	{
+		YADECAP_LOG_ERROR("rte_eth_rx_queue_setup(%u, %u) = %d\n", kni_port_, queue, rc);
+		return false;
+	}
+
+	return true;
+}
+
+bool KernelInterfaceHandle::SetupTxQueue(tQueueId queue, tSocketId socket) noexcept
+{
+	int rc = rte_eth_tx_queue_setup(kni_port_,
+	                                queue,
+	                                queue_size_,
+	                                socket,
+	                                nullptr);
+	if (rc < 0)
+	{
+		YADECAP_LOG_ERROR("rte_eth_tx_queue_setup(%u, %u) = %d\n", kni_port_, queue, rc);
+		return false;
+	}
+
+	return true;
+}
+
+} // namespace dataplane
diff --git a/dataplane/kernel_interface_handle.h b/dataplane/kernel_interface_handle.h
new file mode 100644
index 00000000..bad5ef26
--- /dev/null
+++ b/dataplane/kernel_interface_handle.h
@@ -0,0 +1,48 @@
+#pragma once
+
+#include <rte_ethdev.h>
+
+#include "common/type.h"
+
+namespace dataplane
+{
+
+class KernelInterfaceHandle
+{
+	tPortId kni_port_ = INVALID_PORT_ID;
+	std::string name_;
+	std::string vdev_name_;
+	uint16_t queue_size_ = 0;
+
+	KernelInterfaceHandle() noexcept = default;
+
+public:
+	~KernelInterfaceHandle();
+	KernelInterfaceHandle(const KernelInterfaceHandle&) = delete;
+	KernelInterfaceHandle(KernelInterfaceHandle&& other) noexcept;
+	KernelInterfaceHandle& operator=(const KernelInterfaceHandle&) = delete;
+	KernelInterfaceHandle& operator=(KernelInterfaceHandle&& other) noexcept;
+	[[nodiscard]] static std::optional<KernelInterfaceHandle>
+	MakeKernelInterfaceHandle(std::string_view name,
+	                          tPortId port,
+	                          tQueueId queue_count,
+	                          uint16_t queue_size) noexcept;
+	[[nodiscard]] const tPortId& Id() const noexcept { return kni_port_; }
+	[[nodiscard]] bool Start() const noexcept;
+	[[nodiscard]] bool SetUp() const noexcept;
+	bool SetupRxQueue(tQueueId queue, tSocketId socket, rte_mempool* mempool) noexcept;
+	bool SetupTxQueue(tQueueId queue, tSocketId socket) noexcept;
+	bool CloneMTU(const uint16_t) noexcept;
+
+private:
+	static std::string VdevName(std::string_view name, tPortId port_id);
+	static std::string VdevArgs(std::string_view name, tPortId port_id, tQueueId queues_count, uint64_t queue_size);
+	bool Add(const std::string& vdev_name, const std::string& args) noexcept;
+	void Remove() noexcept;
+	static rte_eth_conf DefaultConfig() noexcept;
+	bool Configure(const rte_eth_conf& eth_conf, tQueueId queue_count) noexcept;
+	void MarkInvalid() noexcept { kni_port_ = INVALID_PORT_ID; }
+	[[nodiscard]] bool Valid() const { return kni_port_ != INVALID_PORT_ID; }
+};
+
+} // namespace dataplane
diff --git a/dataplane/kernel_interface_handler.cpp b/dataplane/kernel_interface_handler.cpp
new file mode 100644
index 00000000..980f39a5
--- /dev/null
+++ b/dataplane/kernel_interface_handler.cpp
@@ -0,0 +1,255 @@
+#include "kernel_interface_handler.h"
+#include "metadata.h"
+
+namespace dataplane
+{
+KernelInterface::KernelInterface(tPortId port, tQueueId queue) :
+        endpoint_{port, queue}
+{
+}
+
+KernelInterface::KernelInterface(const dpdk::Endpoint& e) :
+        endpoint_{e}
+{
+}
+
+void KernelInterface::Flush()
+{
+	auto sent = rte_eth_tx_burst(endpoint_.port, endpoint_.queue, burst_, burst_length_);
+	const auto remain = burst_length_ - sent;
+	if (remain)
+	{
+		rte_pktmbuf_free_bulk(burst_ + sent, remain);
+	}
+	burst_length_ = 0;
+}
+
+KernelInterface::DirectionStats KernelInterface::FlushTracked()
+{
+	DirectionStats stats;
+	stats.bytes = std::accumulate(burst_, burst_ + burst_length_, 0, [](uint64_t total, rte_mbuf* mbuf) {
+		return total + rte_pktmbuf_pkt_len(mbuf);
+	});
+	stats.packets = rte_eth_tx_burst(endpoint_.port, endpoint_.queue, burst_, burst_length_);
+
+	stats.dropped = burst_length_ - stats.packets;
+	if (stats.dropped)
+	{
+		stats.bytes = std::accumulate(burst_ + stats.packets, burst_ + burst_length_, stats.bytes, [](uint64_t total, rte_mbuf* mbuf) {
+			return total - rte_pktmbuf_pkt_len(mbuf);
+		});
+		rte_pktmbuf_free_bulk(burst_ + stats.packets, stats.dropped);
+	}
+	burst_length_ = 0;
+
+	return stats;
+}
+
+void KernelInterface::Push(rte_mbuf* mbuf)
+{
+	if (burst_length_ == YANET_CONFIG_BURST_SIZE)
+	{
+		Flush();
+	}
+	burst_[burst_length_++] = mbuf;
+}
+
+KernelInterface::DirectionStats KernelInterface::PushTracked(rte_mbuf* mbuf)
+{
+	DirectionStats res;
+	if (burst_length_ == YANET_CONFIG_BURST_SIZE)
+	{
+		res = FlushTracked();
+	}
+	burst_[burst_length_++] = mbuf;
+	return res;
+}
+
+const tPortId& KernelInterface::port() const
+{
+	return endpoint_.port;
+}
+
+const tQueueId& KernelInterface::queue() const
+{
+	return endpoint_.queue;
+}
+
+void KernelInterfaceWorker::RecvFree(const KernelInterface& iface)
+{
+	rte_mbuf* burst[CONFIG_YADECAP_MBUFS_BURST_SIZE];
+	auto len = rte_eth_rx_burst(iface.port(), iface.queue(), burst, CONFIG_YADECAP_MBUFS_BURST_SIZE);
+	rte_pktmbuf_free_bulk(burst, len);
+}
+
+KernelInterfaceWorker::KernelInterfaceWorker(std::vector<KernelInterfaceBundleConfig>& interfaces)
+{
+	for (const auto& iface : interfaces)
+	{
+		auto mapped = port_mapper_.Register(iface.phy.port);
+		if (!mapped || mapped != size_)
+		{
+			YANET_LOG_ERROR("Failed to register port with kernel interface worker (%d)\n", iface.phy.port);
+			abort();
+		}
+		phy_ports_[size_] = iface.phy.port;
+		phy_queues_[size_] = iface.phy.queue;
+		forward_[size_] = KernelInterface{iface.forward};
+		in_dump_[size_] = KernelInterface{iface.in_dump};
+		out_dump_[size_] = KernelInterface{iface.out_dump};
+		drop_dump_[size_] = KernelInterface{iface.drop_dump};
+		++size_;
+	}
+}
+
+KernelInterfaceWorker::KernelInterfaceWorker(KernelInterfaceWorker&& other)
+{
+	*this = std::move(other);
+}
+
+KernelInterfaceWorker& KernelInterfaceWorker::operator=(KernelInterfaceWorker&& other)
+{
+	size_ = std::exchange(other.size_, 0);
+	for (std::size_t i = 0; i < size_; ++i)
+	{
+		phy_ports_[i] = other.phy_ports_[i];
+		phy_queues_[i] = other.phy_queues_[i];
+		forward_[i] = other.forward_[i];
+		in_dump_[i] = other.in_dump_[i];
+		out_dump_[i] = other.out_dump_[i];
+		drop_dump_[i] = other.drop_dump_[i];
+	}
+	port_mapper_ = std::move(other.port_mapper_);
+	return *this;
+}
+
+KernelInterfaceWorker::ConstPortArrayRange<tPortId>
+KernelInterfaceWorker::PortsIds() const
+{
+	return {phy_ports_.begin(), phy_ports_.begin() + size_};
+}
+
+KernelInterfaceWorker::ConstPortArrayRange<sKniStats>
+KernelInterfaceWorker::PortsStats() const
+{
+	return {stats_.begin(), stats_.begin() + size_};
+}
+
+std::optional<std::reference_wrapper<const sKniStats>>
+KernelInterfaceWorker::PortStats(tPortId pid) const
+{
+	for (std::size_t i = 0; i < size_; ++i)
+	{
+		if (phy_ports_[i] == pid)
+		{
+			return stats_[i];
+		}
+	}
+	return std::nullopt;
+}
+
+/// @brief Transmit accumulated packets. Those that could not be sent are freed
+void KernelInterfaceWorker::Flush()
+{
+	for (std::size_t i = 0; i < size_; ++i)
+	{
+		const auto& delta = forward_[i].FlushTracked();
+		stats_[i].opackets += delta.packets;
+		stats_[i].obytes += delta.bytes;
+		stats_[i].odropped += delta.dropped;
+		in_dump_[i].Flush();
+		out_dump_[i].Flush();
+		drop_dump_[i].Flush();
+	}
+}
+
+/// @brief Receive from in.X/out.X/drop.X interfaces and free packets
+void KernelInterfaceWorker::RecvFree()
+{
+	for (std::size_t i = 0; i < size_; ++i)
+	{
+		RecvFree(in_dump_[i]);
+		RecvFree(out_dump_[i]);
+		RecvFree(drop_dump_[i]);
+	}
+}
+
+/// @brief Receive packets from kernel interface and send to physical port
+void KernelInterfaceWorker::ForwardToPhy()
+{
+	for (std::size_t i = 0; i < size_; ++i)
+	{
+		rte_mbuf* burst[CONFIG_YADECAP_MBUFS_BURST_SIZE];
+		auto packets = rte_eth_rx_burst(forward_[i].port(), forward_[i].queue(), burst, CONFIG_YADECAP_MBUFS_BURST_SIZE);
+		uint64_t bytes = std::accumulate(burst, burst + packets, 0, [](uint64_t total, rte_mbuf* mbuf) {
+			return total + rte_pktmbuf_pkt_len(mbuf);
+		});
+		auto transmitted = rte_eth_tx_burst(phy_ports_[i], phy_queues_[i], burst, packets);
+		const auto remain = packets - transmitted;
+
+		if (remain)
+		{
+			bytes = std::accumulate(burst, burst + packets, bytes, [](uint64_t total, rte_mbuf* mbuf) {
+				return total - rte_pktmbuf_pkt_len(mbuf);
+			});
+			rte_pktmbuf_free_bulk(burst + transmitted, remain);
+		}
+
+		auto& stats = stats_[i];
+		stats.ipackets += transmitted;
+		stats.ibytes += bytes;
+		stats.idropped += remain;
+	}
+}
+
+void KernelInterfaceWorker::HandlePacketDump(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	if (!port_mapper_.ValidDpdk(metadata->flow.data.dump.id))
+	{
+		unknown_dump_interface_++;
+		rte_pktmbuf_free(mbuf);
+		return;
+	}
+	const auto local_port_id = port_mapper_.ToLogical(metadata->flow.data.dump.id);
+
+	using dumpType = common::globalBase::dump_type_e;
+	switch (metadata->flow.data.dump.type)
+	{
+		case dumpType::physicalPort_ingress:
+			in_dump_[local_port_id].Push(mbuf);
+			break;
+		case dumpType::physicalPort_egress:
+			out_dump_[local_port_id].Push(mbuf);
+			break;
+		case dumpType::physicalPort_drop:
+			drop_dump_[local_port_id].Push(mbuf);
+			break;
+		default:
+			unknown_dump_interface_++;
+			rte_pktmbuf_free(mbuf);
+	}
+}
+
+void KernelInterfaceWorker::HandlePacketFromForwardingPlane(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+	if (!port_mapper_.ValidDpdk(metadata->fromPortId))
+	{
+		if (unknown_forward_interface_ < 100 || unknown_forward_interface_ % 100 == 0)
+		{
+			YANET_LOG_ERROR("Failed to map dpdk port %d while handling packet from forwarding plane (occurance %ld)\n", metadata->fromPortId, unknown_forward_interface_);
+		}
+		++unknown_forward_interface_;
+		rte_pktmbuf_free(mbuf);
+		return;
+	}
+	const auto i = port_mapper_.ToLogical(metadata->fromPortId);
+	const auto& delta = forward_[i].PushTracked(mbuf);
+	stats_[i].opackets += delta.packets;
+	stats_[i].obytes += delta.bytes;
+	stats_[i].odropped += delta.dropped;
+}
+
+} // namespace dataplane
diff --git a/dataplane/kernel_interface_handler.h b/dataplane/kernel_interface_handler.h
new file mode 100644
index 00000000..c473983d
--- /dev/null
+++ b/dataplane/kernel_interface_handler.h
@@ -0,0 +1,99 @@
+#pragma once
+#include <vector>
+
+#include <rte_ethdev.h>
+
+#include "base.h"
+#include "dpdk.h"
+
+namespace dataplane
+{
+
+struct sKniStats
+{
+	uint64_t ipackets = 0;
+	uint64_t ibytes = 0;
+	uint64_t idropped = 0;
+	uint64_t opackets = 0;
+	uint64_t obytes = 0;
+	uint64_t odropped = 0;
+};
+
+class KernelInterface
+{
+	dpdk::Endpoint endpoint_;
+	rte_mbuf* burst_[CONFIG_YADECAP_MBUFS_BURST_SIZE];
+	uint16_t burst_length_ = 0;
+
+public:
+	KernelInterface() = default;
+	KernelInterface(tPortId port, tQueueId queue);
+	KernelInterface(const dpdk::Endpoint& e);
+	struct DirectionStats
+	{
+		uint64_t bytes = 0;
+		uint64_t packets = 0;
+		uint64_t dropped = 0;
+	};
+	void Flush();
+	DirectionStats FlushTracked();
+	void Push(rte_mbuf* mbuf);
+	DirectionStats PushTracked(rte_mbuf* mbuf);
+	[[nodiscard]] const tPortId& port() const;
+	[[nodiscard]] const tQueueId& queue() const;
+};
+
+struct KernelInterfaceBundleConfig
+{
+	dpdk::Endpoint phy;
+	dpdk::Endpoint forward;
+	dpdk::Endpoint in_dump;
+	dpdk::Endpoint out_dump;
+	dpdk::Endpoint drop_dump;
+};
+
+class KernelInterfaceWorker
+{
+public:
+	template<typename T>
+	using PortArray = std::array<T, CONFIG_YADECAP_PORTS_SIZE>;
+	template<typename T>
+	using ConstPortArrayRange = std::pair<typename PortArray<T>::const_iterator, typename PortArray<T>::const_iterator>;
+
+private:
+	std::size_t size_ = 0;
+	PortArray<tPortId> phy_ports_;
+	PortArray<tQueueId> phy_queues_;
+	PortArray<sKniStats> stats_;
+	PortArray<KernelInterface> forward_;
+	PortArray<KernelInterface> in_dump_;
+	PortArray<KernelInterface> out_dump_;
+	PortArray<KernelInterface> drop_dump_;
+	dataplane::base::PortMapper port_mapper_;
+	uint64_t unknown_dump_interface_ = 0;
+	uint64_t unknown_forward_interface_ = 0;
+
+	/**
+	 * @brief Receive packets from interface and free them.
+	 * @param iface Interface to receive packets from.
+	 */
+	void RecvFree(const KernelInterface& iface);
+
+public:
+	KernelInterfaceWorker(std::vector<KernelInterfaceBundleConfig>& config);
+	KernelInterfaceWorker(KernelInterfaceWorker&& other);
+	KernelInterfaceWorker& operator=(KernelInterfaceWorker&& other);
+	[[nodiscard]] ConstPortArrayRange<tPortId> PortsIds() const;
+	[[nodiscard]] ConstPortArrayRange<sKniStats> PortsStats() const;
+	[[nodiscard]] std::optional<std::reference_wrapper<const sKniStats>> PortStats(tPortId pid) const;
+
+	/// @brief Transmit accumulated packets. Those that could not be sent are freed
+	void Flush();
+	/// @brief Receive from in.X/out.X/drop.X interfaces and free packets
+	void RecvFree();
+	/// @brief Receive packets from kernel interface and send to physical port
+	void ForwardToPhy();
+	void HandlePacketDump(rte_mbuf* mbuf);
+	void HandlePacketFromForwardingPlane(rte_mbuf* mbuf);
+};
+} // namespace dataplane
diff --git a/dataplane/lpm.h b/dataplane/lpm.h
index 51c82ce1..51f5090d 100644
--- a/dataplane/lpm.h
+++ b/dataplane/lpm.h
@@ -1,9 +1,6 @@
 #pragma once
 
 #include <memory.h>
-#include <unordered_map>
-#include <unordered_set>
-
 #include <rte_byteorder.h>
 #include <rte_common.h>
 #include <rte_ip.h>
@@ -48,6 +45,12 @@ class lpm4_24bit_8bit_atomic
 		uint64_t extended_chunks_size;
 		uint32_t max_used_chunk_id;
 		tEntry free_chunk_cache;
+		void clear()
+		{
+			extended_chunks_count = 0;
+			max_used_chunk_id = 0;
+			free_chunk_cache.flags = 0;
+		}
 	};
 
 	static uint64_t calculate_sizeof(const uint64_t extended_chunks_size)
@@ -62,9 +65,7 @@ class lpm4_24bit_8bit_atomic
 	}
 
 public:
-	lpm4_24bit_8bit_atomic()
-	{
-	}
+	lpm4_24bit_8bit_atomic() = default;
 
 	eResult insert(stats_t& stats,
 	               const uint32_t& ipAddress,
@@ -132,9 +133,9 @@ class lpm4_24bit_8bit_atomic
 		return copy_root_chunk(stats, remap_chunks, second);
 	}
 
-	inline void lookup(const uint32_t* ipAddresses,
-	                   uint32_t* valueIds,
-	                   const unsigned int& count) const
+	void lookup(const uint32_t* ipAddresses,
+	            uint32_t* valueIds,
+	            const unsigned int& count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -169,9 +170,9 @@ class lpm4_24bit_8bit_atomic
 	}
 
 	template<unsigned int TOffset>
-	inline void lookup(rte_mbuf** mbufs,
-	                   uint32_t* valueIds,
-	                   const unsigned int& count) const
+	void lookup(rte_mbuf** mbufs,
+	            uint32_t* valueIds,
+	            const unsigned int& count) const
 	{
 		uint32_t ipAddresses[CONFIG_YADECAP_MBUFS_BURST_SIZE];
 
@@ -188,10 +189,10 @@ class lpm4_24bit_8bit_atomic
 		lookup(ipAddresses, valueIds, count);
 	}
 
-	inline bool lookup(const uint32_t& ipAddress,
-	                   uint32_t* valueId = nullptr) const
+	bool lookup(const uint32_t& ipAddress,
+	            uint32_t* valueId = nullptr) const
 	{
-		uint32_t lvalueId;
+		uint32_t lvalueId = 0;
 
 		lookup(&ipAddress, &lvalueId, 1);
 
@@ -300,11 +301,9 @@ class lpm4_24bit_8bit_atomic
 
 		YADECAP_MEMORY_BARRIER_COMPILE;
 
-		for (unsigned int entry_i = 0;
-		     entry_i < 256;
-		     entry_i++)
+		for (auto& entrie : chunk.entries)
 		{
-			chunk.entries[entry_i].atomic = newEntry.atomic;
+			entrie.atomic = newEntry.atomic;
 		}
 
 		chunk.entries[0].flags |= flag;
@@ -342,12 +341,10 @@ class lpm4_24bit_8bit_atomic
 				}
 
 				bool merge = true;
-				for (unsigned int next_entry_i = 0;
-				     next_entry_i < 256;
-				     next_entry_i++)
+				for (auto& entrie : extendedChunks[extendedChunkId].entries)
 				{
-					if (!(extendedChunks[extendedChunkId].entries[next_entry_i].flags & flagValid &&
-					      extendedChunks[extendedChunkId].entries[next_entry_i].valueId == valueId))
+					if (!(entrie.flags & flagValid &&
+					      entrie.valueId == valueId))
 					{
 						merge = false;
 						break;
@@ -379,7 +376,7 @@ class lpm4_24bit_8bit_atomic
 					return eResult::success;
 				}
 
-				uint32_t extendedChunkId;
+				uint32_t extendedChunkId = 0;
 				if (!newExtendedChunk(stats, extendedChunkId))
 				{
 					return eResult::isFull;
@@ -453,8 +450,8 @@ class lpm4_24bit_8bit_atomic
 	                    const unsigned int& step,
 	                    tChunk8& chunk)
 	{
-		(void)needWait;
-		(void)step;
+		YANET_GCC_BUG_UNUSED(needWait);
+		YANET_GCC_BUG_UNUSED(step);
 
 		for (unsigned int mask_i = 0;
 		     mask_i < (((unsigned int)1) << (8 - mask));
@@ -498,11 +495,9 @@ class lpm4_24bit_8bit_atomic
 				}
 
 				bool isEmpty = true;
-				for (unsigned int next_entry_i = 0;
-				     next_entry_i < 256;
-				     next_entry_i++)
+				for (auto& entrie : extendedChunks[extendedChunkId].entries)
 				{
-					if (extendedChunks[extendedChunkId].entries[next_entry_i].flags & (flagExtended | flagValid))
+					if (entrie.flags & (flagExtended | flagValid))
 					{
 						isEmpty = false;
 						break;
@@ -528,7 +523,7 @@ class lpm4_24bit_8bit_atomic
 			{
 				/// valid
 
-				uint32_t extendedChunkId;
+				uint32_t extendedChunkId = 0;
 				if (!newExtendedChunk(stats, extendedChunkId))
 				{
 					return eResult::isFull;
@@ -607,8 +602,8 @@ class lpm4_24bit_8bit_atomic
 	                    const unsigned int& step,
 	                    tChunk8& chunk)
 	{
-		(void)needWait;
-		(void)step;
+		YANET_GCC_BUG_UNUSED(needWait);
+		YANET_GCC_BUG_UNUSED(step);
 
 		for (unsigned int mask_i = 0;
 		     mask_i < (((unsigned int)1) << (8 - mask));
@@ -633,12 +628,8 @@ class lpm4_24bit_8bit_atomic
 		memcpy(rootChunk.entries, from_chunk.entries, sizeof(from_chunk.entries));
 		std::vector<std::tuple<unsigned int, unsigned int>> nexts;
 
-		for (uint32_t i = 0;
-		     i < (1u << 24);
-		     i++)
+		for (auto& chunk_value : rootChunk.entries)
 		{
-			auto& chunk_value = rootChunk.entries[i];
-
 			if (chunk_value.flags & flagExtended)
 			{
 				auto& chunk_id = remap_chunks[chunk_value.extendedChunkId];
@@ -715,6 +706,12 @@ class lpm6_8x16bit_atomic
 		uint64_t extended_chunks_size;
 		uint32_t max_used_chunk_id;
 		tEntry free_chunk_cache;
+		void clear()
+		{
+			extended_chunks_count = 0;
+			max_used_chunk_id = 0;
+			free_chunk_cache.flags = 0;
+		}
 	};
 
 	static uint64_t calculate_sizeof(const uint64_t extended_chunks_size)
@@ -729,9 +726,7 @@ class lpm6_8x16bit_atomic
 	}
 
 public:
-	lpm6_8x16bit_atomic()
-	{
-	}
+	lpm6_8x16bit_atomic() = default;
 
 	static std::array<uint8_t, 16> createMask(uint8_t ones)
 	{
@@ -819,9 +814,9 @@ class lpm6_8x16bit_atomic
 		return copy_root_chunk(stats, remap_chunks, second);
 	}
 
-	inline void lookup(const ipv6_address_t* ipv6Addresses,
-	                   uint32_t* valueIds,
-	                   const unsigned int& count) const
+	void lookup(const ipv6_address_t* ipv6Addresses,
+	            uint32_t* valueIds,
+	            const unsigned int& count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -864,10 +859,10 @@ class lpm6_8x16bit_atomic
 
 	constexpr static uint32_t mask_full = 0xFFFFFFFFu;
 
-	inline void lookup(const uint32_t mask,
-	                   const ipv6_address_t* ipv6Addresses,
-	                   uint32_t* valueIds,
-	                   const unsigned int& count) const
+	void lookup(const uint32_t mask,
+	            const ipv6_address_t* ipv6Addresses,
+	            uint32_t* valueIds,
+	            const unsigned int& count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -919,9 +914,9 @@ class lpm6_8x16bit_atomic
 	}
 
 	template<unsigned int TOffset>
-	inline void lookup(rte_mbuf** mbufs,
-	                   uint32_t* valueIds,
-	                   const unsigned int& count) const
+	void lookup(rte_mbuf** mbufs,
+	            uint32_t* valueIds,
+	            const unsigned int& count) const
 	{
 		ipv6_address_t ipv6Addresses[CONFIG_YADECAP_MBUFS_BURST_SIZE];
 
@@ -940,11 +935,11 @@ class lpm6_8x16bit_atomic
 		lookup(ipv6Addresses, valueIds, count);
 	}
 
-	inline bool lookup(const std::array<uint8_t, 16>& ipv6Address,
-	                   uint32_t* valueId = nullptr) const
+	bool lookup(const std::array<uint8_t, 16>& ipv6Address,
+	            uint32_t* valueId = nullptr) const
 	{
 		ipv6_address_t lipv6Address;
-		uint32_t lvalueId;
+		uint32_t lvalueId = 0;
 
 		memcpy(lipv6Address.bytes, ipv6Address.data(), 16);
 		lookup(&lipv6Address, &lvalueId, 1);
@@ -962,11 +957,11 @@ class lpm6_8x16bit_atomic
 		return false;
 	}
 
-	inline bool lookup(const uint8_t* ipv6_address,
-	                   uint32_t* value_id = nullptr) const
+	bool lookup(const uint8_t* ipv6_address,
+	            uint32_t* value_id = nullptr) const
 	{
 		ipv6_address_t lipv6Address;
-		uint32_t lvalueId;
+		uint32_t lvalueId = 0;
 
 		memcpy(lipv6Address.bytes, ipv6_address, 16);
 		lookup(&lipv6Address, &lvalueId, 1);
@@ -1035,13 +1030,11 @@ class lpm6_8x16bit_atomic
 			return;
 		}
 
-		for (unsigned int entry_i = 0;
-		     entry_i < 256 * 256;
-		     entry_i++)
+		for (auto& entrie : extendedChunk.entries)
 		{
-			if (extendedChunk.entries[entry_i].flags & flagExtended)
+			if (entrie.flags & flagExtended)
 			{
-				freeExtendedChunk(stats, extendedChunk.entries[entry_i].extendedChunkId);
+				freeExtendedChunk(stats, entrie.extendedChunkId);
 			}
 		}
 
@@ -1080,11 +1073,9 @@ class lpm6_8x16bit_atomic
 
 		YADECAP_MEMORY_BARRIER_COMPILE;
 
-		for (unsigned int entry_i = 0;
-		     entry_i < 256 * 256;
-		     entry_i++)
+		for (auto& entrie : chunk.entries)
 		{
-			chunk.entries[entry_i].atomic = newEntry.atomic;
+			entrie.atomic = newEntry.atomic;
 		}
 
 		chunk.entries[0].flags |= flag;
@@ -1145,12 +1136,10 @@ class lpm6_8x16bit_atomic
 				}
 
 				bool merge = true;
-				for (unsigned int next_entry_i = 0;
-				     next_entry_i < 256 * 256;
-				     next_entry_i++)
+				for (auto& entrie : extendedChunks[extendedChunkId].entries)
 				{
-					if (!(extendedChunks[extendedChunkId].entries[next_entry_i].flags & flagValid &&
-					      extendedChunks[extendedChunkId].entries[next_entry_i].valueId == valueId))
+					if (!(entrie.flags & flagValid &&
+					      entrie.valueId == valueId))
 					{
 						merge = false;
 						break;
@@ -1182,7 +1171,7 @@ class lpm6_8x16bit_atomic
 					return eResult::success;
 				}
 
-				uint32_t extendedChunkId;
+				uint32_t extendedChunkId = 0;
 				if (!newExtendedChunk(stats, extendedChunkId))
 				{
 					YADECAP_LOG_WARNING("lpm6 is full\n");
@@ -1280,11 +1269,9 @@ class lpm6_8x16bit_atomic
 				}
 
 				bool isEmpty = true;
-				for (unsigned int next_entry_i = 0;
-				     next_entry_i < 256 * 256;
-				     next_entry_i++)
+				for (auto& entrie : extendedChunks[extendedChunkId].entries)
 				{
-					if (extendedChunks[extendedChunkId].entries[next_entry_i].flags & (flagExtended | flagValid))
+					if (entrie.flags & (flagExtended | flagValid))
 					{
 						isEmpty = false;
 						break;
@@ -1310,7 +1297,7 @@ class lpm6_8x16bit_atomic
 			{
 				/// valid
 
-				uint32_t extendedChunkId;
+				uint32_t extendedChunkId = 0;
 				if (!newExtendedChunk(stats, extendedChunkId))
 				{
 					YADECAP_LOG_WARNING("lpm6 is full\n");
@@ -1394,12 +1381,8 @@ class lpm6_8x16bit_atomic
 		memcpy(rootChunk.entries, from_chunk.entries, sizeof(from_chunk.entries));
 		std::vector<std::tuple<unsigned int, unsigned int>> nexts;
 
-		for (uint32_t i = 0;
-		     i < (1u << 16);
-		     i++)
+		for (auto& chunk_value : rootChunk.entries)
 		{
-			auto& chunk_value = rootChunk.entries[i];
-
 			if (chunk_value.flags & flagExtended)
 			{
 				auto& chunk_id = remap_chunks[chunk_value.extendedChunkId];
@@ -1441,12 +1424,8 @@ class lpm6_8x16bit_atomic
 		memcpy(chunk.entries, from_chunk.entries, sizeof(from_chunk.entries));
 		std::vector<std::tuple<unsigned int, unsigned int>> nexts;
 
-		for (uint32_t i = 0;
-		     i < (1u << 16);
-		     i++)
+		for (auto& chunk_value : chunk.entries)
 		{
-			auto& chunk_value = chunk.entries[i];
-
 			if (chunk_value.flags & flagExtended)
 			{
 				auto& chunk_id = remap_chunks[chunk_value.extendedChunkId];
@@ -1490,10 +1469,7 @@ class lpm4_24bit_8bit_id32
 	class updater
 	{
 	public:
-		updater() :
-		        extended_chunks_count(1)
-		{
-		}
+		updater() = default;
 
 		void clear(const unsigned int tree_size)
 		{
@@ -1502,7 +1478,7 @@ class lpm4_24bit_8bit_id32
 			remap_chunks.resize(tree_size, 0);
 		}
 
-		inline unsigned int allocate_extended_chunk()
+		unsigned int allocate_extended_chunk()
 		{
 			if (extended_chunks_count >= extended_chunks_size)
 			{
@@ -1515,23 +1491,23 @@ class lpm4_24bit_8bit_id32
 			return new_chunk_id;
 		}
 
-		inline unsigned int& remap(const unsigned int from_chunk_id)
+		unsigned int& remap(const unsigned int from_chunk_id)
 		{
 			return remap_chunks[from_chunk_id];
 		}
 
-		unsigned int get_extended_chunks_count() const
+		[[nodiscard]] unsigned int get_extended_chunks_count() const
 		{
 			return extended_chunks_count;
 		}
 
-		unsigned int get_extended_chunks_size() const
+		[[nodiscard]] unsigned int get_extended_chunks_size() const
 		{
 			return extended_chunks_size;
 		}
 
 	public:
-		unsigned int extended_chunks_count;
+		unsigned int extended_chunks_count{1};
 		std::vector<unsigned int> remap_chunks;
 	};
 
@@ -1564,9 +1540,9 @@ class lpm4_24bit_8bit_id32
 
 public:
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const ipv4_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const ipv4_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -1604,12 +1580,9 @@ class lpm4_24bit_8bit_id32
 
 	struct value_t
 	{
-		value_t() :
-		        id(0)
-		{
-		}
+		value_t() = default;
 
-		uint32_t id;
+		uint32_t id{};
 	};
 
 	struct chunk_step1_t
@@ -1714,7 +1687,7 @@ class lpm4_24bit_8bit_id32
 	                              const unsigned int from_chunk_id,
 	                              const unsigned int extended_chunk_id)
 	{
-		(void)updater;
+		YANET_GCC_BUG_UNUSED(updater);
 
 		const auto& from_chunk = from_chunks[from_chunk_id];
 		auto& extended_chunk = extended_chunks[extended_chunk_id];
@@ -1776,9 +1749,9 @@ class lpm4_24bit_8bit_id32_dynamic
 	}
 
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const ipv4_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const ipv4_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -1973,10 +1946,7 @@ class lpm6_8x16bit_id32
 	class updater
 	{
 	public:
-		updater() :
-		        chunks_count(1) ///< 0 is root chunk
-		{
-		}
+		updater() = default;
 
 		void clear(const unsigned int tree_size)
 		{
@@ -1985,7 +1955,7 @@ class lpm6_8x16bit_id32
 			remap_chunks.resize(tree_size, 0);
 		}
 
-		inline unsigned int allocate_chunk()
+		unsigned int allocate_chunk()
 		{
 			if (chunks_count >= chunks_size)
 			{
@@ -1998,13 +1968,13 @@ class lpm6_8x16bit_id32
 			return new_chunk_id;
 		}
 
-		inline unsigned int& remap(const unsigned int from_chunk_id)
+		unsigned int& remap(const unsigned int from_chunk_id)
 		{
 			return remap_chunks[from_chunk_id];
 		}
 
 	public:
-		unsigned int chunks_count;
+		unsigned int chunks_count{1}; ///< 0 is root chunk
 		std::vector<unsigned int> remap_chunks;
 	};
 
@@ -2037,9 +2007,9 @@ class lpm6_8x16bit_id32
 
 public:
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const ipv6_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const ipv6_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -2072,10 +2042,10 @@ class lpm6_8x16bit_id32
 	}
 
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const uint32_t mask,
-	                   const ipv6_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const uint32_t mask,
+	            const ipv6_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -2131,12 +2101,9 @@ class lpm6_8x16bit_id32
 
 	struct value_t
 	{
-		value_t() :
-		        id(0)
-		{
-		}
+		value_t() = default;
 
-		uint32_t id;
+		uint32_t id{};
 	};
 
 	struct chunk_t
@@ -2226,11 +2193,7 @@ class lpm6_8x16bit_id32_dynamic
 	class updater
 	{
 	public:
-		updater() :
-		        lpm(nullptr),
-		        chunks_size(0)
-		{
-		}
+		updater() = default;
 
 		void update_pointer(lpm6_8x16bit_id32_dynamic* lpm,
 		                    const tSocketId socket_id,
@@ -2267,7 +2230,7 @@ class lpm6_8x16bit_id32_dynamic
 		}
 
 	protected:
-		inline unsigned int allocate_chunk()
+		unsigned int allocate_chunk()
 		{
 			if (chunks_count >= chunks_size)
 			{
@@ -2313,12 +2276,8 @@ class lpm6_8x16bit_id32_dynamic
 
 			std::vector<std::tuple<unsigned int, unsigned int>> nexts;
 
-			for (uint32_t i = 0;
-			     i < (1u << bits);
-			     i++)
+			for (auto& chunk_value : chunk.values)
 			{
-				auto& chunk_value = chunk.values[i];
-
 				if (chunk_value.id & 0x80000000u) ///< is_chunk_id
 				{
 					auto& chunk_id = remap_chunks[chunk_value.id ^ 0x80000000u];
@@ -2350,9 +2309,9 @@ class lpm6_8x16bit_id32_dynamic
 		}
 
 	public:
-		lpm6_8x16bit_id32_dynamic* lpm;
+		lpm6_8x16bit_id32_dynamic* lpm{};
 		tSocketId socket_id;
-		unsigned int chunks_size;
+		unsigned int chunks_size{};
 		unsigned int chunks_count;
 		std::vector<unsigned int> remap_chunks;
 	};
@@ -2371,9 +2330,9 @@ class lpm6_8x16bit_id32_dynamic
 
 public:
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const ipv6_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const ipv6_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -2406,10 +2365,10 @@ class lpm6_8x16bit_id32_dynamic
 	}
 
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const uint32_t mask,
-	                   const ipv6_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const uint32_t mask,
+	            const ipv6_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -2458,12 +2417,9 @@ class lpm6_8x16bit_id32_dynamic
 
 	struct value_t
 	{
-		value_t() :
-		        id(0)
-		{
-		}
+		value_t() = default;
 
-		uint32_t id;
+		uint32_t id{};
 	};
 
 	struct chunk_t
@@ -2507,9 +2463,9 @@ class lpm6_16x8bit_id32_dynamic
 	}
 
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const ipv6_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const ipv6_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -2542,10 +2498,10 @@ class lpm6_16x8bit_id32_dynamic
 	}
 
 	template<unsigned int burst_size = YANET_CONFIG_BURST_SIZE>
-	inline void lookup(const uint32_t mask,
-	                   const ipv6_address_t (&addresses)[burst_size],
-	                   uint32_t (&group_ids)[burst_size],
-	                   const unsigned int count) const
+	void lookup(const uint32_t mask,
+	            const ipv6_address_t (&addresses)[burst_size],
+	            uint32_t (&group_ids)[burst_size],
+	            const unsigned int count) const
 	{
 		/// @todo: OPT: le -> be
 
@@ -2606,7 +2562,7 @@ class lpm6_16x8bit_id32_dynamic
 	constexpr static unsigned int root_chunk_id = 0;
 	constexpr static uint32_t mask_full = 0xFFFFFFFFu;
 
-	inline unsigned int allocate_extended_chunk(stats_t& stats)
+	unsigned int allocate_extended_chunk(stats_t& stats)
 	{
 		if (stats.extended_chunks_count >= stats.extended_chunks_size)
 		{
@@ -2633,12 +2589,8 @@ class lpm6_16x8bit_id32_dynamic
 
 		std::vector<std::tuple<unsigned int, unsigned int>> nexts;
 
-		for (uint32_t i = 0;
-		     i < (1u << bits);
-		     i++)
+		for (auto& chunk_value : chunk.values)
 		{
-			auto& chunk_value = chunk.values[i];
-
 			if (chunk_value.id & 0x80000000u) ///< is_chunk_id
 			{
 				auto& chunk_id = stats.remap_chunks[chunk_value.id ^ 0x80000000u];
@@ -2672,12 +2624,9 @@ class lpm6_16x8bit_id32_dynamic
 protected:
 	struct value_t
 	{
-		value_t() :
-		        id(0)
-		{
-		}
+		value_t() = default;
 
-		uint32_t id;
+		uint32_t id{};
 	};
 
 	struct chunk_t
diff --git a/dataplane/main.cpp b/dataplane/main.cpp
index aeec9503..4bb0e26f 100644
--- a/dataplane/main.cpp
+++ b/dataplane/main.cpp
@@ -1,5 +1,5 @@
-#include <signal.h>
-//#include <systemd/sd-daemon.h>
+#include <csignal>
+#include <systemd/sd-daemon.h>
 
 #include <iostream>
 
@@ -58,7 +58,7 @@ int main(int argc,
 	/** @todo
 	if (signal(SIGINT, handleSignal) == SIG_ERR)
 	{
-		return 3;
+	        return 3;
 	}
 	*/
 
diff --git a/dataplane/memory_manager.cpp b/dataplane/memory_manager.cpp
index f7c35b25..f59ffc45 100644
--- a/dataplane/memory_manager.cpp
+++ b/dataplane/memory_manager.cpp
@@ -68,7 +68,7 @@ common::idp::memory_manager_stats::response memory_manager::memory_manager_stats
 		response_memory_group = root_memory_group;
 		for (const auto& [pointer, memory_pointer] : pointers)
 		{
-			(void)pointer;
+			YANET_GCC_BUG_UNUSED(pointer);
 			response_objects.emplace_back(memory_pointer.name,
 			                              memory_pointer.socket_id,
 			                              memory_pointer.size);
@@ -169,7 +169,7 @@ bool memory_manager::check_memory_limit(const std::string& name,
 
 	for (const auto& [pointer, memory_pointer] : pointers)
 	{
-		(void)pointer;
+		YANET_GCC_BUG_UNUSED(pointer);
 
 		uint64_t object_size = memory_pointer.size;
 		if (memory_pointer.name == name)
@@ -218,7 +218,6 @@ bool memory_manager::check_memory_limit(const std::string& name,
 	return result;
 }
 
-void memory_manager::limits(common::idp::limits::response& response)
+void memory_manager::limits([[maybe_unused]] common::idp::limits::response& response)
 {
-	(void)response;
 }
diff --git a/dataplane/memory_manager.h b/dataplane/memory_manager.h
index 78e006c0..ccbd1c39 100644
--- a/dataplane/memory_manager.h
+++ b/dataplane/memory_manager.h
@@ -42,12 +42,51 @@ class memory_manager
 	        const uint64_t size,
 	        const std::function<void(void*)>& destructor = [](void*) {});
 
+	class Deleter
+	{
+		memory_manager* manager_;
+
+	public:
+		Deleter(memory_manager* const manager) :
+		        manager_{manager} {}
+		Deleter(Deleter&& other) = default;
+		Deleter(const Deleter& other) = default;
+		Deleter& operator=(Deleter&& other) = default;
+		Deleter& operator=(const Deleter& other) = default;
+		template<typename T>
+		void operator()(T* ptr)
+		{
+			manager_->destroy(ptr);
+		}
+	};
+
+	template<typename T>
+	using unique_ptr = std::unique_ptr<T, Deleter>;
+
+	template<typename T,
+	         typename... Args>
+	unique_ptr<T> create_unique(const char* name,
+	                            const tSocketId socket_id,
+	                            const uint64_t size,
+	                            Args&&... args)
+	{
+		void* pointer = alloc(name,
+		                      socket_id,
+		                      size,
+		                      [](void* pointer) {
+			                      reinterpret_cast<T*>(pointer)->~T();
+		                      });
+		return std::unique_ptr<T, Deleter>{
+		        new (pointer) T(std::forward<Args>(args)...),
+		        Deleter{this}};
+	}
+
 	template<typename type,
-	         typename... args_t>
+	         typename... Args>
 	type* create(const char* name,
 	             const tSocketId socket_id,
 	             const uint64_t size,
-	             const args_t&... args)
+	             Args&&... args)
 	{
 		void* pointer = alloc(name, socket_id, size, [](void* pointer) {
 			reinterpret_cast<type*>(pointer)->~type();
@@ -58,14 +97,14 @@ class memory_manager
 			return nullptr;
 		}
 
-		return new (reinterpret_cast<type*>(pointer)) type(args...);
+		return new (reinterpret_cast<type*>(pointer)) type(std::forward<Args>(args)...);
 	}
 
 	template<typename type,
-	         typename... args_t>
+	         typename... Args>
 	type* create_static(const char* name,
 	                    const tSocketId socket_id,
-	                    const args_t&... args)
+	                    Args&&... args)
 	{
 		void* pointer = alloc(name, socket_id, sizeof(type), [](void* pointer) {
 			reinterpret_cast<type*>(pointer)->~type();
@@ -76,15 +115,15 @@ class memory_manager
 			return nullptr;
 		}
 
-		return new (reinterpret_cast<type*>(pointer)) type(args...);
+		return new (reinterpret_cast<type*>(pointer)) type(std::forward<Args>(args)...);
 	}
 
 	template<typename type,
-	         typename... args_t>
+	         typename... Args>
 	type* create_static_array(const char* name,
 	                          const uint64_t count,
 	                          const tSocketId socket_id,
-	                          const args_t&... args)
+	                          Args&&... args)
 	{
 		void* pointer = alloc(name, socket_id, count * sizeof(type), [count](void* pointer) {
 			for (uint64_t i = 0;
@@ -105,7 +144,7 @@ class memory_manager
 		     i < count;
 		     i++)
 		{
-			new ((reinterpret_cast<type*>(pointer)) + i) type(args...);
+			new ((reinterpret_cast<type*>(pointer)) + i) type(std::forward<Args>(args)...);
 		}
 
 		return reinterpret_cast<type*>(pointer);
@@ -114,6 +153,7 @@ class memory_manager
 	void destroy(void* pointer);
 	void debug(tSocketId socket_id);
 	bool check_memory_limit(const std::string& name, const uint64_t size);
+	Deleter deleter() { return Deleter{this}; }
 
 protected:
 	cDataPlane* dataplane;
diff --git a/dataplane/meson.build b/dataplane/meson.build
index af1ba5d0..43a2fa2f 100644
--- a/dataplane/meson.build
+++ b/dataplane/meson.build
@@ -8,14 +8,19 @@ sources = files('bus.cpp',
                 'controlplane.cpp',
                 'dataplane.cpp',
                 'debug_latch.cpp',
+                'dpdk.cpp',
                 'dregress.cpp',
                 'fragmentation.cpp',
+                'icmp_translations.cpp',
+                'kernel_interface_handle.cpp',
+                'kernel_interface_handler.cpp',
                 'globalbase.cpp',
                 'main.cpp',
                 'memory_manager.cpp',
                 'neighbor.cpp',
                 'report.cpp',
                 'sharedmemory.cpp',
+                'slow_worker.cpp',
                 'sock_dev.cpp',
                 'worker.cpp',
                 'worker_gc.cpp')
diff --git a/dataplane/neighbor.cpp b/dataplane/neighbor.cpp
index c27856f6..d0b857b3 100644
--- a/dataplane/neighbor.cpp
+++ b/dataplane/neighbor.cpp
@@ -51,7 +51,7 @@ static void netlink_parse(const std::function<void(const std::string&, const com
 	unsigned int offset = 0;
 	while (offset + sizeof(nlmsghdr) <= buffer_length)
 	{
-		nlmsghdr* nl_message_header = (nlmsghdr*)(buffer + offset);
+		auto* nl_message_header = (nlmsghdr*)(buffer + offset);
 		uint32_t length = nl_message_header->nlmsg_len;
 
 		if (nl_message_header->nlmsg_type == NLMSG_DONE ||
@@ -63,7 +63,7 @@ static void netlink_parse(const std::function<void(const std::string&, const com
 		if (nl_message_header->nlmsg_type == RTM_NEWNEIGH ||
 		    nl_message_header->nlmsg_type == RTM_GETNEIGH)
 		{
-			ndmsg* nl_message = (ndmsg*)NLMSG_DATA(nl_message_header);
+			auto* nl_message = (ndmsg*)NLMSG_DATA(nl_message_header);
 			parse_rt_attributes(rt_attributes,
 			                    NDA_MAX,
 			                    (rtattr*)(((char*)(nl_message)) + NLMSG_ALIGN(sizeof(ndmsg))),
@@ -193,8 +193,7 @@ static void netlink_neighbor_dump(const std::function<void(const std::string&, c
 	close(nl_socket);
 }
 
-module::module() :
-        dataplane(nullptr)
+module::module() :dataplane(nullptr)
 {
 	memset(&stats, 0, sizeof(stats));
 }
@@ -286,7 +285,7 @@ common::idp::neighbor_show::response module::neighbor_show() const
 eResult module::neighbor_insert(const common::idp::neighbor_insert::request& request)
 {
 	const auto& [route_name, interface_name, ip_address, mac_address] = request;
-	(void)route_name; ///< @todo
+	YANET_GCC_BUG_UNUSED(route_name); ///< @todo
 
 	tInterfaceId interface_id = 0;
 	{
@@ -327,7 +326,7 @@ eResult module::neighbor_insert(const common::idp::neighbor_insert::request& req
 		eResult result = eResult::success;
 		for (auto& [socket_id, hashtable_updater] : hashtable.hashtable_updater)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 			if (!hashtable_updater.get_pointer()->insert_or_update(key, value))
 			{
 				result = eResult::isFull;
@@ -347,7 +346,7 @@ eResult module::neighbor_insert(const common::idp::neighbor_insert::request& req
 eResult module::neighbor_remove(const common::idp::neighbor_remove::request& request)
 {
 	const auto& [route_name, interface_name, ip_address] = request;
-	(void)route_name; ///< @todo
+	YANET_GCC_BUG_UNUSED(route_name); ///< @todo
 
 	tInterfaceId interface_id = 0;
 	{
@@ -382,7 +381,7 @@ eResult module::neighbor_remove(const common::idp::neighbor_remove::request& req
 		eResult result = eResult::success;
 		for (auto& [socket_id, hashtable_updater] : hashtable.hashtable_updater)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 			if (!hashtable_updater.get_pointer()->remove(key))
 			{
 				result = eResult::invalidArguments;
@@ -404,7 +403,7 @@ eResult module::neighbor_clear()
 	auto response = generation_hashtable.update([](neighbor::generation_hashtable& hashtable) {
 		for (auto& [socket_id, hashtable_updater] : hashtable.hashtable_updater)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 			hashtable_updater.get_pointer()->clear();
 		}
 		return eResult::success;
@@ -483,7 +482,7 @@ eResult module::neighbor_update_interfaces(const common::idp::neighbor_update_in
 		generation_hashtable.update([this, key, value](neighbor::generation_hashtable& hashtable) {
 			for (auto& [socket_id, hashtable_updater] : hashtable.hashtable_updater)
 			{
-				(void)socket_id;
+				YANET_GCC_BUG_UNUSED(socket_id);
 				if (!hashtable_updater.get_pointer()->insert_or_update(key, value))
 				{
 					stats.hashtable_insert_error++;
@@ -614,7 +613,7 @@ void module::netlink_thread()
 			generation_hashtable.update([this, key, value](neighbor::generation_hashtable& hashtable) {
 				for (auto& [socket_id, hashtable_updater] : hashtable.hashtable_updater)
 				{
-					(void)socket_id;
+					YANET_GCC_BUG_UNUSED(socket_id);
 					if (!hashtable_updater.get_pointer()->insert_or_update(key, value))
 					{
 						stats.hashtable_insert_error++;
@@ -652,7 +651,7 @@ void module::resolve(const dataplane::neighbor::key& key)
 		}
 
 		const auto& [it_route_name, it_interface_name] = it->second;
-		(void)it_route_name;
+		YANET_GCC_BUG_UNUSED(it_route_name);
 
 		interface_name = it_interface_name;
 	}
@@ -677,7 +676,7 @@ void module::resolve(const dataplane::neighbor::key& key)
 	generation_hashtable.update([this, key, value](neighbor::generation_hashtable& hashtable) {
 		for (auto& [socket_id, hashtable_updater] : hashtable.hashtable_updater)
 		{
-			(void)socket_id;
+			YANET_GCC_BUG_UNUSED(socket_id);
 			if (!hashtable_updater.get_pointer()->insert_or_update(key, value))
 			{
 				stats.hashtable_insert_error++;
diff --git a/dataplane/neighbor.h b/dataplane/neighbor.h
index e163862b..554cda23 100644
--- a/dataplane/neighbor.h
+++ b/dataplane/neighbor.h
@@ -1,7 +1,6 @@
 #pragma once
 
 #include <map>
-#include <mutex>
 #include <thread>
 #include <unordered_map>
 
diff --git a/dataplane/prepare.h b/dataplane/prepare.h
index 42aed03a..57630cbb 100644
--- a/dataplane/prepare.h
+++ b/dataplane/prepare.h
@@ -64,7 +64,7 @@ inline bool prepareL3(rte_mbuf* mbuf, dataplane::metadata* metadata)
 		uint8_t transport_headerType = ipv6Header->proto;
 		uint16_t transport_headerOffset = metadata->network_headerOffset + sizeof(rte_ipv6_hdr);
 
-		unsigned int extension_i;
+		unsigned int extension_i = 0;
 		for (extension_i = 0;
 		     extension_i < CONFIG_YADECAP_IPV6_EXTENSIONS_MAX + 1;
 		     extension_i++)
diff --git a/dataplane/report.cpp b/dataplane/report.cpp
index ca8917bf..3339c625 100644
--- a/dataplane/report.cpp
+++ b/dataplane/report.cpp
@@ -6,25 +6,11 @@
 #include "dataplane.h"
 #include "report.h"
 #include "worker.h"
+#include "worker_gc.h"
 
 namespace
 {
 
-template<typename hashtable_chain_T>
-nlohmann::json convertHashtable(const hashtable_chain_T& hashtable)
-{
-	nlohmann::json json;
-
-	const auto& stats = hashtable.getStats();
-
-	json["extendedChunksCount"] = stats.extendedChunksCount;
-	json["longestChain"] = stats.longestChain;
-	json["pairs"] = stats.pairs;
-	json["insertFailed"] = stats.insertFailed;
-
-	return json;
-}
-
 template<typename hashtable_mod_T,
          typename stats_T>
 nlohmann::json convertHashtable(const hashtable_mod_T& hashtable, const stats_T& stats_generation)
@@ -49,6 +35,28 @@ nlohmann::json convertHashtable(const hashtable_mod_T& hashtable, const stats_T&
 
 } // namespace
 
+namespace common::dregress
+{
+void to_json(nlohmann::json& j, const stats_t& stats)
+{
+	j = nlohmann::json{
+	        {"bad_decap_transport", stats.bad_decap_transport},
+	        {"fragment", stats.fragment},
+	        {"bad_transport", stats.bad_transport},
+	        {"lookup_miss", stats.lookup_miss},
+	        {"local", stats.local},
+	        {"tcp_syn", stats.tcp_syn},
+	        {"tcp_unknown_option", stats.tcp_unknown_option},
+	        {"tcp_no_option", stats.tcp_no_option},
+	        {"tcp_insert_sessions", stats.tcp_insert_sessions},
+	        {"tcp_close_sessions", stats.tcp_close_sessions},
+	        {"tcp_retransmission", stats.tcp_retransmission},
+	        {"tcp_ok", stats.tcp_ok},
+	        {"tcp_timeout_sessions", stats.tcp_timeout_sessions},
+	        {"tcp_unknown_sessions", stats.tcp_unknown_sessions}};
+}
+} // namespace common::dregress
+
 cReport::cReport(cDataPlane* dataPlane) :
         dataPlane(dataPlane)
 {
@@ -58,15 +66,14 @@ nlohmann::json cReport::getReport()
 {
 	nlohmann::json jsonReport;
 
-	for (const auto& iter : dataPlane->workers)
+	for (const cWorker* worker : dataPlane->workers_vector)
 	{
-		const cWorker* worker = iter.second;
 		jsonReport["workers"].emplace_back(convertWorker(worker));
 	}
 
 	for (const auto& [core_id, worker] : dataPlane->worker_gcs)
 	{
-		(void)core_id;
+		YANET_GCC_BUG_UNUSED(core_id);
 		jsonReport["worker_gcs"].emplace_back(convertWorkerGC(worker));
 	}
 
@@ -129,37 +136,37 @@ nlohmann::json cReport::convertWorker(const cWorker* worker)
 	json["mempool"] = convertMempool(worker->mempool);
 	json["iteration"] = worker->iteration;
 
-	json["stats"]["brokenPackets"] = worker->stats.brokenPackets;
-	json["stats"]["dropPackets"] = worker->stats.dropPackets;
-	json["stats"]["ring_highPriority_drops"] = worker->stats.ring_highPriority_drops;
-	json["stats"]["ring_normalPriority_drops"] = worker->stats.ring_normalPriority_drops;
-	json["stats"]["ring_lowPriority_drops"] = worker->stats.ring_lowPriority_drops;
-	json["stats"]["decap_packets"] = worker->stats.decap_packets;
-	json["stats"]["decap_fragments"] = worker->stats.decap_fragments;
-	json["stats"]["decap_unknownExtensions"] = worker->stats.decap_unknownExtensions;
-	json["stats"]["interface_lookupMisses"] = worker->stats.interface_lookupMisses;
-	json["stats"]["interface_hopLimits"] = worker->stats.interface_hopLimits;
-	json["stats"]["interface_neighbor_invalid"] = worker->stats.interface_neighbor_invalid;
-	json["stats"]["nat64stateless_ingressPackets"] = worker->stats.nat64stateless_ingressPackets;
-	json["stats"]["nat64stateless_ingressFragments"] = worker->stats.nat64stateless_ingressFragments;
-	json["stats"]["nat64stateless_ingressUnknownICMP"] = worker->stats.nat64stateless_ingressUnknownICMP;
-	json["stats"]["nat64stateless_egressPackets"] = worker->stats.nat64stateless_egressPackets;
-	json["stats"]["nat64stateless_egressFragments"] = worker->stats.nat64stateless_egressFragments;
-	json["stats"]["nat64stateless_egressUnknownICMP"] = worker->stats.nat64stateless_egressUnknownICMP;
-	json["stats"]["balancer_invalid_reals_count"] = worker->stats.balancer_invalid_reals_count;
-	json["stats"]["fwsync_multicast_egress_drops"] = worker->stats.fwsync_multicast_egress_drops;
-	json["stats"]["fwsync_multicast_egress_packets"] = worker->stats.fwsync_multicast_egress_packets;
-	json["stats"]["fwsync_unicast_egress_drops"] = worker->stats.fwsync_unicast_egress_drops;
-	json["stats"]["fwsync_unicast_egress_packets"] = worker->stats.fwsync_unicast_egress_packets;
-	json["stats"]["fwsync_multicast_egress_imm_packets"] = worker->stats.fwsync_multicast_egress_imm_packets;
-	json["stats"]["fwsync_no_config_drops"] = worker->stats.fwsync_no_config_drops;
-	json["stats"]["acl_ingress_dropPackets"] = worker->stats.acl_ingress_dropPackets;
-	json["stats"]["acl_egress_dropPackets"] = worker->stats.acl_egress_dropPackets;
-	json["stats"]["repeat_ttl"] = worker->stats.repeat_ttl;
-	json["stats"]["leakedMbufs"] = worker->stats.leakedMbufs;
+	json["stats"]["brokenPackets"] = worker->stats->brokenPackets;
+	json["stats"]["dropPackets"] = worker->stats->dropPackets;
+	json["stats"]["ring_highPriority_drops"] = worker->stats->ring_highPriority_drops;
+	json["stats"]["ring_normalPriority_drops"] = worker->stats->ring_normalPriority_drops;
+	json["stats"]["ring_lowPriority_drops"] = worker->stats->ring_lowPriority_drops;
+	json["stats"]["decap_packets"] = worker->stats->decap_packets;
+	json["stats"]["decap_fragments"] = worker->stats->decap_fragments;
+	json["stats"]["decap_unknownExtensions"] = worker->stats->decap_unknownExtensions;
+	json["stats"]["interface_lookupMisses"] = worker->stats->interface_lookupMisses;
+	json["stats"]["interface_hopLimits"] = worker->stats->interface_hopLimits;
+	json["stats"]["interface_neighbor_invalid"] = worker->stats->interface_neighbor_invalid;
+	json["stats"]["nat64stateless_ingressPackets"] = worker->stats->nat64stateless_ingressPackets;
+	json["stats"]["nat64stateless_ingressFragments"] = worker->stats->nat64stateless_ingressFragments;
+	json["stats"]["nat64stateless_ingressUnknownICMP"] = worker->stats->nat64stateless_ingressUnknownICMP;
+	json["stats"]["nat64stateless_egressPackets"] = worker->stats->nat64stateless_egressPackets;
+	json["stats"]["nat64stateless_egressFragments"] = worker->stats->nat64stateless_egressFragments;
+	json["stats"]["nat64stateless_egressUnknownICMP"] = worker->stats->nat64stateless_egressUnknownICMP;
+	json["stats"]["balancer_invalid_reals_count"] = worker->stats->balancer_invalid_reals_count;
+	json["stats"]["fwsync_multicast_egress_drops"] = worker->stats->fwsync_multicast_egress_drops;
+	json["stats"]["fwsync_multicast_egress_packets"] = worker->stats->fwsync_multicast_egress_packets;
+	json["stats"]["fwsync_unicast_egress_drops"] = worker->stats->fwsync_unicast_egress_drops;
+	json["stats"]["fwsync_unicast_egress_packets"] = worker->stats->fwsync_unicast_egress_packets;
+	json["stats"]["fwsync_multicast_egress_imm_packets"] = worker->stats->fwsync_multicast_egress_imm_packets;
+	json["stats"]["fwsync_no_config_drops"] = worker->stats->fwsync_no_config_drops;
+	json["stats"]["acl_ingress_dropPackets"] = worker->stats->acl_ingress_dropPackets;
+	json["stats"]["acl_egress_dropPackets"] = worker->stats->acl_egress_dropPackets;
+	json["stats"]["repeat_ttl"] = worker->stats->repeat_ttl;
+	json["stats"]["leakedMbufs"] = worker->stats->leakedMbufs;
 	json["stats"]["samples_drops"] = worker->sampler.get_drops();
-	json["stats"]["logs_packets"] = worker->stats.logs_packets;
-	json["stats"]["logs_drops"] = worker->stats.logs_drops;
+	json["stats"]["logs_packets"] = worker->stats->logs_packets;
+	json["stats"]["logs_drops"] = worker->stats->logs_drops;
 
 	for (tPortId portId = 0;
 	     portId < dataPlane->ports.size();
@@ -169,7 +176,7 @@ nlohmann::json cReport::convertWorker(const cWorker* worker)
 
 		jsonPort["portId"] = portId;
 		jsonPort["physicalPort_egress_drops"] = worker->statsPorts[portId].physicalPort_egress_drops;
-		jsonPort["controlPlane_drops"] = worker->statsPorts[portId].controlPlane_drops;
+		jsonPort["controlPlane_drops"] = 0; // @todo: DELETE
 
 		json["statsPorts"].emplace_back(jsonPort);
 	}
@@ -192,16 +199,15 @@ nlohmann::json cReport::convertWorker(const cWorker* worker)
 
 	/// permanently base
 	json["permanentlyBase"]["globalBaseAtomic"]["pointer"] = pointerToHex(worker->basePermanently.globalBaseAtomic);
-	json["permanentlyBase"]["workerPortsCount"] = worker->basePermanently.workerPortsCount;
-	for (unsigned int worker_port_i = 0;
-	     worker_port_i < worker->basePermanently.workerPortsCount;
-	     worker_port_i++)
+	json["permanentlyBase"]["workerPortsCount"] = worker->basePermanently.rx_points.size();
+	std::size_t idx{};
+	for (const auto& [port, queue] : worker->basePermanently.rx_points)
 	{
 		nlohmann::json jsonPort;
 
-		jsonPort["worker_port_i"] = worker_port_i;
-		jsonPort["inPortId"] = worker->basePermanently.workerPorts[worker_port_i].inPortId;
-		jsonPort["inQueueId"] = worker->basePermanently.workerPorts[worker_port_i].inQueueId;
+		jsonPort["worker_port_i"] = idx++;
+		jsonPort["inPortId"] = port;
+		jsonPort["inQueueId"] = queue;
 
 		json["permanentlyBase"]["workerPorts"].emplace_back(jsonPort);
 	}
@@ -258,28 +264,27 @@ nlohmann::json cReport::convertWorkerGC(const worker_gc_t* worker)
 	json["iteration"] = worker->iteration;
 	json["samples"] = worker->samples.size();
 
-	json["stats"]["broken_packets"] = worker->stats.broken_packets;
-	json["stats"]["drop_packets"] = worker->stats.drop_packets;
-	json["stats"]["drop_samples"] = worker->stats.drop_samples;
-	json["stats"]["fwsync_multicast_egress_packets"] = worker->stats.fwsync_multicast_egress_packets;
-	json["stats"]["fwsync_multicast_egress_drops"] = worker->stats.fwsync_multicast_egress_drops;
-	json["stats"]["fwsync_unicast_egress_packets"] = worker->stats.fwsync_unicast_egress_packets;
-	json["stats"]["fwsync_unicast_egress_drops"] = worker->stats.fwsync_unicast_egress_drops;
-	json["stats"]["balancer_state_insert_failed"] = worker->stats.balancer_state_insert_failed;
-	json["stats"]["balancer_state_insert_done"] = worker->stats.balancer_state_insert_done;
+	json["stats"]["broken_packets"] = worker->stats->broken_packets;
+	json["stats"]["drop_packets"] = worker->stats->drop_packets;
+	json["stats"]["drop_samples"] = worker->stats->drop_samples;
+	json["stats"]["fwsync_multicast_egress_packets"] = worker->stats->fwsync_multicast_egress_packets;
+	json["stats"]["fwsync_multicast_egress_drops"] = worker->stats->fwsync_multicast_egress_drops;
+	json["stats"]["fwsync_unicast_egress_packets"] = worker->stats->fwsync_unicast_egress_packets;
+	json["stats"]["fwsync_unicast_egress_drops"] = worker->stats->fwsync_unicast_egress_drops;
+	json["stats"]["balancer_state_insert_failed"] = worker->stats->balancer_state_insert_failed;
+	json["stats"]["balancer_state_insert_done"] = worker->stats->balancer_state_insert_done;
 
 	/// permanently base
 	json["permanentlyBase"]["globalBaseAtomic"]["pointer"] = pointerToHex(worker->base_permanently.globalBaseAtomic);
-	json["permanentlyBase"]["workerPortsCount"] = worker->base_permanently.workerPortsCount;
-	for (unsigned int worker_port_i = 0;
-	     worker_port_i < worker->base_permanently.workerPortsCount;
-	     worker_port_i++)
+	json["permanentlyBase"]["workerPortsCount"] = worker->base_permanently.rx_points.size();
+	std::size_t idx{};
+	for (const auto& [port, queue] : worker->base_permanently.rx_points)
 	{
 		nlohmann::json jsonPort;
 
-		jsonPort["worker_port_i"] = worker_port_i;
-		jsonPort["inPortId"] = worker->base_permanently.workerPorts[worker_port_i].inPortId;
-		jsonPort["inQueueId"] = worker->base_permanently.workerPorts[worker_port_i].inQueueId;
+		jsonPort["worker_port_i"] = idx++;
+		jsonPort["inPortId"] = port;
+		jsonPort["inQueueId"] = queue;
 
 		json["permanentlyBase"]["workerPorts"].emplace_back(jsonPort);
 	}
@@ -352,55 +357,62 @@ nlohmann::json cReport::convertPort(const tPortId& portId)
 	return json;
 }
 
+namespace dataplane
+{
+void to_json(nlohmann::json& j, const hashtable_chain_spinlock_stats_t& stats)
+{
+	j = nlohmann::json{
+	        {"extendedChunksCount", stats.extendedChunksCount},
+	        {"longestChain", stats.longestChain},
+	        {"pairs", stats.pairs},
+	        {"insertFailed", stats.insertFailed}};
+}
+} // namespace dataplane
+
 nlohmann::json cReport::convertControlPlane(const cControlPlane* controlPlane)
 {
 	nlohmann::json json;
 
-	json["mempool"] = convertMempool(controlPlane->mempool);
-
-	auto& portmapper = controlPlane->slowWorker->basePermanently.ports;
-	for (int i = 0; i < portmapper.size(); ++i)
-	{
-		nlohmann::json jsonKni;
-
-		const auto& port = controlPlane->kernel_interfaces[i];
-		const auto& stats = controlPlane->kernel_stats[i];
-
-		jsonKni["portId"] = portmapper.ToDpdk(i);
-		jsonKni["interfaceName"] = port.interface_name;
-		jsonKni["stats"]["ipackets"] = stats.ipackets;
-		jsonKni["stats"]["ibytes"] = stats.ibytes;
-		jsonKni["stats"]["idropped"] = stats.idropped;
-		jsonKni["stats"]["opackets"] = stats.opackets;
-		jsonKni["stats"]["obytes"] = stats.obytes;
-		jsonKni["stats"]["odropped"] = stats.odropped;
-
-		json["knis"].emplace_back(jsonKni);
-	}
-
-	json["repeat_packets"] = controlPlane->stats.repeat_packets;
-	json["tofarm_packets"] = controlPlane->stats.tofarm_packets;
-	json["farm_packets"] = controlPlane->stats.farm_packets;
-	json["fwsync_multicast_ingress_packets"] = controlPlane->stats.fwsync_multicast_ingress_packets;
-	json["slowworker_drops"] = controlPlane->stats.slowworker_drops;
-	json["slowworker_packets"] = controlPlane->stats.slowworker_packets;
-	json["mempool_is_empty"] = controlPlane->stats.mempool_is_empty;
-
-	json["dregress"]["bad_decap_transport"] = controlPlane->dregress.stats.bad_decap_transport;
-	json["dregress"]["fragment"] = controlPlane->dregress.stats.fragment;
-	json["dregress"]["bad_transport"] = controlPlane->dregress.stats.bad_transport;
-	json["dregress"]["lookup_miss"] = controlPlane->dregress.stats.lookup_miss;
-	json["dregress"]["local"] = controlPlane->dregress.stats.local;
-	json["dregress"]["tcp_syn"] = controlPlane->dregress.stats.tcp_syn;
-	json["dregress"]["tcp_unknown_option"] = controlPlane->dregress.stats.tcp_unknown_option;
-	json["dregress"]["tcp_no_option"] = controlPlane->dregress.stats.tcp_no_option;
-	json["dregress"]["tcp_insert_sessions"] = controlPlane->dregress.stats.tcp_insert_sessions;
-	json["dregress"]["tcp_close_sessions"] = controlPlane->dregress.stats.tcp_close_sessions;
-	json["dregress"]["tcp_retransmission"] = controlPlane->dregress.stats.tcp_retransmission;
-	json["dregress"]["tcp_ok"] = controlPlane->dregress.stats.tcp_ok;
-	json["dregress"]["tcp_timeout_sessions"] = controlPlane->dregress.stats.tcp_timeout_sessions;
-	json["dregress"]["tcp_unknown_sessions"] = controlPlane->dregress.stats.tcp_unknown_sessions;
-	json["dregress"]["connections"] = convertHashtable(*controlPlane->dregress.connections);
+	json["mempool"] = convertMempool(dataPlane->slow_workers.begin()->second->Mempool());
+	for (const auto& it : dataPlane->slow_workers)
+	{
+		json["mempools"].emplace_back(convertMempool(it.second->Mempool()));
+	}
+
+	for (const auto it : dataPlane->slow_workers)
+	{
+		const dataplane::KernelInterfaceWorker& worker = it.second->KniWorker();
+
+		auto stats_it = worker.PortsStats().first;
+
+		for (auto [current, end] = worker.PortsIds(); current != end; ++current, ++stats_it)
+		{
+			nlohmann::json jsonKni;
+			jsonKni["portId"] = *current;
+			jsonKni["interfaceName"] = dataPlane->InterfaceNameFromPort(*current);
+			jsonKni["stats"]["ipackets"] = stats_it->ipackets;
+			jsonKni["stats"]["ibytes"] = stats_it->ibytes;
+			jsonKni["stats"]["idropped"] = stats_it->idropped;
+			jsonKni["stats"]["opackets"] = stats_it->opackets;
+			jsonKni["stats"]["obytes"] = stats_it->obytes;
+			jsonKni["stats"]["odropped"] = stats_it->odropped;
+
+			json["knis"].emplace_back(std::move(jsonKni));
+		}
+	}
+
+	const auto& slow_stats = controlPlane->SlowWorkerStats();
+
+	json["repeat_packets"] = slow_stats.repeat_packets;
+	json["tofarm_packets"] = slow_stats.tofarm_packets;
+	json["farm_packets"] = slow_stats.farm_packets;
+	json["fwsync_multicast_ingress_packets"] = slow_stats.fwsync_multicast_ingress_packets;
+	json["slowworker_drops"] = slow_stats.slowworker_drops;
+	json["slowworker_packets"] = slow_stats.slowworker_packets;
+	json["mempool_is_empty"] = slow_stats.mempool_is_empty;
+
+	json["dregress"] = controlPlane->DregressStats();
+	json["dregress"]["connections"] = controlPlane->DregressConnectionsStats();
 
 	return json;
 }
diff --git a/dataplane/samples.h b/dataplane/samples.h
index 8fbf09d7..dcb05a50 100644
--- a/dataplane/samples.h
+++ b/dataplane/samples.h
@@ -97,7 +97,7 @@ class Sampler
 			return;
 		}
 
-		sample_base_t* sample;
+		sample_base_t* sample = nullptr;
 
 		if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
 		{
@@ -160,7 +160,7 @@ class Sampler
 		free4 = samples4 + sample4_size - 1;
 	}
 
-	uint64_t get_drops() const
+	[[nodiscard]] uint64_t get_drops() const
 	{
 		return drops;
 	}
@@ -209,7 +209,7 @@ class Sampler
 		return (tcpHeader->tcp_flags & (RTE_TCP_SYN_FLAG | RTE_TCP_ACK_FLAG | RTE_TCP_FIN_FLAG | RTE_TCP_RST_FLAG)) == RTE_TCP_SYN_FLAG;
 	}
 
-	bool is_full() const
+	[[nodiscard]] bool is_full() const
 	{
 		return (void*)(free6 + 1) > (void*)free4;
 	}
@@ -238,4 +238,4 @@ class Sampler
 	};
 };
 
-} //namespace samples
+} // namespace samples
diff --git a/dataplane/sdpserver.h b/dataplane/sdpserver.h
new file mode 100644
index 00000000..bebb8efa
--- /dev/null
+++ b/dataplane/sdpserver.h
@@ -0,0 +1,222 @@
+#pragma once
+
+#include <rte_byteorder.h>
+
+#include "common/result.h"
+#include "common/sdpcommon.h"
+#include "common/shared_memory.h"
+
+namespace common::sdp
+{
+
+class SdrSever
+{
+public:
+	static eResult PrepareSharedMemoryData(DataPlaneInSharedMemory& sdp_data,
+	                                       const std::vector<tCoreId>& workers_id,
+	                                       const std::vector<tCoreId>& workers_gc_id,
+	                                       bool use_huge_tlb)
+	{
+		// Part 1 - prepare data workers
+		//
+		std::map<tSocketId, uint64_t> sockets_shifts;
+
+		// Fill workers info
+		for (tCoreId core_id : workers_id)
+		{
+			tSocketId socket_id = GetNumaNode(core_id);
+			sdp_data.workers[core_id] = {socket_id, sockets_shifts[socket_id], nullptr};
+			sockets_shifts[socket_id] += sdp_data.metadata_worker.size;
+		}
+
+		// Fill workers_gc info
+		for (tCoreId core_id : workers_gc_id)
+		{
+			tSocketId socket_id = GetNumaNode(core_id);
+			sdp_data.workers_gc[core_id] = {socket_id, sockets_shifts[socket_id], nullptr};
+			sockets_shifts[socket_id] += sdp_data.metadata_worker_gc.size;
+		}
+
+		// Create buffers in shared memory for workers in numa nodes
+#ifndef YANET_USE_POSIX_SHARED_MEMORY
+		key_t key_shared_memory_segment = YANET_SHARED_MEMORY_KEY_DATAPLANE;
+#endif
+		std::map<tSocketId, void*> sockets_buffers;
+		for (auto [socket_id, size] : sockets_shifts)
+		{
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+			std::string filename = common::sdp::FileNameWorkerOnNumaNode(socket_id);
+			void* buffer = common::ipc::SharedMemory::CreateBufferFile(filename, size, use_huge_tlb, socket_id);
+			if (buffer == nullptr)
+			{
+				YANET_LOG_ERROR("Error create buffer in shared memory for workers on numa=%d, filename=%s, size=%ld",
+				                socket_id,
+				                filename.c_str(),
+				                size);
+				return eResult::errorInitSharedMemory;
+			}
+#else
+			key_shared_memory_segment++;
+			void* buffer = common::ipc::SharedMemory::CreateBufferKey(key_shared_memory_segment, size, use_huge_tlb, socket_id);
+			if (buffer == nullptr)
+			{
+				YANET_LOG_ERROR("Error create buffer in shared memory for workers on numa=%d, key=%d, size=%ld",
+				                socket_id,
+				                key_shared_memory_segment,
+				                size);
+				return eResult::errorInitSharedMemory;
+			}
+#endif
+			sockets_buffers[socket_id] = buffer;
+		}
+
+		// Fill workers buffers
+		for (auto& worker_info : sdp_data.workers)
+		{
+			worker_info.second.buffer = (char*)sockets_buffers[worker_info.second.socket] + worker_info.second.shift_in_socket;
+		}
+
+		// Fill workers_gc buffers
+		for (auto& worker_info : sdp_data.workers_gc)
+		{
+			worker_info.second.buffer = (char*)sockets_buffers[worker_info.second.socket] + worker_info.second.shift_in_socket;
+		}
+
+		// Part 2 - prepare data dataplane
+		// Create buffer in shared memory for dataplane data
+		sdp_data.FillSizes();
+#ifdef YANET_USE_POSIX_SHARED_MEMORY
+		sdp_data.dataplane_data = common::ipc::SharedMemory::CreateBufferFile(YANET_SHARED_MEMORY_FILE_DATAPLANE,
+		                                                                      sdp_data.size_dataplane_buffer,
+		                                                                      use_huge_tlb,
+		                                                                      std::nullopt);
+		if (sdp_data.dataplane_data == nullptr)
+		{
+			YANET_LOG_ERROR("Error create buffer in shared memory for dataplane data, filename=%s, size=%ld",
+			                YANET_SHARED_MEMORY_FILE_DATAPLANE,
+			                sdp_data.size_dataplane_buffer);
+			return eResult::errorInitSharedMemory;
+		}
+#else
+		sdp_data.dataplane_data = common::ipc::SharedMemory::CreateBufferKey(YANET_SHARED_MEMORY_KEY_DATAPLANE,
+		                                                                     sdp_data.size_dataplane_buffer,
+		                                                                     use_huge_tlb,
+		                                                                     std::nullopt);
+		if (sdp_data.dataplane_data == nullptr)
+		{
+			YANET_LOG_ERROR("Error create buffer in shared memory for dataplane data, key=%d, size=%ld",
+			                key_shared_memory_segment,
+			                sdp_data.size_dataplane_buffer);
+			return eResult::errorInitSharedMemory;
+		}
+#endif
+
+		WriteMainDataToBuffer(sdp_data);
+
+		return eResult::success;
+	}
+
+	static uint64_t GetStartData(uint64_t size, uint64_t& current_start)
+	{
+		static constexpr uint64_t cache_line_size = 64;
+		uint64_t result = current_start;
+		current_start += size;
+		current_start = cache_line_size * ((current_start + cache_line_size - 1) / cache_line_size);
+		return result;
+	}
+
+private:
+	static void WriteMainDataToBuffer(DataPlaneInSharedMemory& sdp_data)
+	{
+		// HEADER
+		uint64_t start_workers = DataPlaneInSharedMemory::size_header;
+		WriteValue(sdp_data, 0, start_workers);
+		WriteValue(sdp_data, 1, sdp_data.size_workers_section);
+
+		uint64_t start_workers_metadata = start_workers + sdp_data.size_workers_section;
+		WriteValue(sdp_data, 2, start_workers_metadata);
+		WriteValue(sdp_data, 3, sdp_data.size_workers_metadata_section);
+
+		sdp_data.start_bus_section = start_workers_metadata + sdp_data.size_workers_metadata_section;
+		WriteValue(sdp_data, 4, sdp_data.start_bus_section);
+		WriteValue(sdp_data, 5, sdp_data.size_bus_section);
+
+		// WORKERS
+		{
+			uint64_t index = start_workers / sizeof(uint64_t);
+			WriteValue(sdp_data, index++, sdp_data.workers.size());
+			WriteValue(sdp_data, index++, sdp_data.workers_gc.size());
+
+			for (const auto& [coreId, info] : sdp_data.workers)
+			{
+				WriteValue(sdp_data, index++, coreId);
+				WriteValue(sdp_data, index++, info.socket);
+				WriteValue(sdp_data, index++, info.shift_in_socket);
+			}
+
+			for (const auto& [coreId, info] : sdp_data.workers_gc)
+			{
+				WriteValue(sdp_data, index++, coreId);
+				WriteValue(sdp_data, index++, info.socket);
+				WriteValue(sdp_data, index++, info.shift_in_socket);
+			}
+		}
+
+		// WORKERS_METADATA
+		{
+			uint64_t index = start_workers_metadata / sizeof(uint64_t);
+
+			// 0-5 - values from MetadataWorker
+			WriteValue(sdp_data, index, sdp_data.metadata_worker.start_counters);
+			WriteValue(sdp_data, index + 1, sdp_data.metadata_worker.start_acl_counters);
+			WriteValue(sdp_data, index + 2, sdp_data.metadata_worker.start_bursts);
+			WriteValue(sdp_data, index + 3, sdp_data.metadata_worker.start_stats);
+			WriteValue(sdp_data, index + 4, sdp_data.metadata_worker.start_stats_ports);
+			WriteValue(sdp_data, index + 5, sdp_data.metadata_worker.size);
+			// 6 - n1 = size MetadataWorker.counter_positions
+			WriteValue(sdp_data, index + 6, sdp_data.metadata_worker.counter_positions.size());
+			// 7-9 - значения из MetadataWorker
+			WriteValue(sdp_data, index + 7, sdp_data.metadata_worker_gc.start_counters);
+			WriteValue(sdp_data, index + 8, sdp_data.metadata_worker_gc.start_stats);
+			WriteValue(sdp_data, index + 9, sdp_data.metadata_worker_gc.size);
+			// 10 - n2 = size MetadataWorker.counter_positions
+			WriteValue(sdp_data, index + 10, sdp_data.metadata_worker_gc.counter_positions.size());
+
+			WriteMap(sdp_data, start_workers_metadata + 128, sdp_data.metadata_worker.counter_positions);
+			WriteMap(sdp_data, start_workers_metadata + 128 * (1 + sdp_data.metadata_worker.counter_positions.size()), sdp_data.metadata_worker_gc.counter_positions);
+		}
+	}
+
+	static void WriteMap(DataPlaneInSharedMemory& sdp_data, uint64_t index, const std::map<std::string, uint64_t>& values)
+	{
+		for (const auto& [key, value] : values)
+		{
+			WriteValue(sdp_data, index / sizeof(uint64_t), value);
+			WriteString(sdp_data, index, key);
+			index += 128;
+		}
+	}
+
+	static void WriteValue(DataPlaneInSharedMemory& sdp_data, uint64_t index, uint64_t value)
+	{
+		((uint64_t*)sdp_data.dataplane_data)[index] = rte_cpu_to_be_64(value);
+	}
+
+	static void WriteString(DataPlaneInSharedMemory& sdp_data, uint64_t index, const std::string& str)
+	{
+		snprintf(reinterpret_cast<char*>(sdp_data.dataplane_data) + index + 8, 120, "%s", str.c_str());
+	}
+
+	static int GetNumaNode(tCoreId core_id)
+	{
+		int socket_id = numa_node_of_cpu(core_id);
+		if (socket_id == -1)
+		{
+			YANET_LOG_ERROR("numa_node_of_cpu(%d) err: %s\n", core_id, strerror(errno));
+			socket_id = 0;
+		}
+		return socket_id;
+	}
+};
+
+} // namespace common::sdp
diff --git a/dataplane/sharedmemory.cpp b/dataplane/sharedmemory.cpp
index 3168fba8..aec56f17 100644
--- a/dataplane/sharedmemory.cpp
+++ b/dataplane/sharedmemory.cpp
@@ -23,7 +23,7 @@ void cSharedMemory::write(rte_mbuf* mbuf, common::globalBase::eFlowType flow_typ
 
 	uint64_t wpos = (buffer.ring->header.before) % buffer.units_number;
 	buffer.ring->header.before++;
-	item_t* item = (item_t*)((uintptr_t)buffer.ring->memory + (wpos * buffer.unit_size));
+	auto* item = (item_t*)((uintptr_t)buffer.ring->memory + (wpos * buffer.unit_size));
 
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
diff --git a/dataplane/slow_worker.cpp b/dataplane/slow_worker.cpp
new file mode 100644
index 00000000..ccec4452
--- /dev/null
+++ b/dataplane/slow_worker.cpp
@@ -0,0 +1,985 @@
+#include "slow_worker.h"
+
+#include "checksum.h"
+#include "common/fallback.h"
+#include "dataplane.h"
+#include "icmp_translations.h"
+#include "prepare.h"
+
+namespace dataplane
+{
+SlowWorker::SlowWorker(cWorker* worker,
+                       std::vector<tPortId>&& ports_to_service,
+                       std::vector<cWorker*>&& workers_to_service,
+                       std::vector<dpdk::RingConn<rte_mbuf*>>&& from_gcs,
+                       KernelInterfaceWorker&& kni,
+                       rte_mempool* mempool,
+                       bool use_kni,
+                       uint32_t sw_icmp_out_rate_limit) :
+        ports_serviced_{std::move(ports_to_service)},
+        workers_serviced_{std::move(workers_to_service)},
+        from_gcs_{std::move(from_gcs)},
+        slow_worker_{worker},
+        mempool_{mempool},
+        fragmentation_(
+                SlowWorkerSender(),
+                slow_worker_->dataPlane->getConfigValues().fragmentation),
+        dregress_(this,
+                  slow_worker_->dataPlane,
+                  static_cast<uint32_t>(slow_worker_->dataPlane->getConfigValues().gc_step)), // @TODO fix mismatch in type of config value and actually used one
+        config_{sw_icmp_out_rate_limit, use_kni},
+        kni_worker_{std::move(kni)}
+{
+	workers_serviced_.emplace_back(slow_worker_);
+}
+
+SlowWorker::SlowWorker(SlowWorker&& other) :
+        ports_serviced_{std::move(other.ports_serviced_)},
+        workers_serviced_{std::move(other.workers_serviced_)},
+        slow_worker_{other.slow_worker_},
+        mempool_{other.mempool_},
+        fragmentation_{std::move(other.fragmentation_)},
+        dregress_{std::move(other.dregress_)},
+        kni_worker_{std::move(other.kni_worker_)}
+{
+	fragmentation_.Callback() = SlowWorkerSender();
+}
+
+SlowWorker& SlowWorker::operator=(SlowWorker&& other)
+{
+	ports_serviced_ = std::move(other.ports_serviced_);
+	workers_serviced_ = std::move(other.workers_serviced_);
+	slow_worker_ = other.slow_worker_;
+	mempool_ = other.mempool_;
+	fragmentation_ = std::move(other.fragmentation_);
+	fragmentation_.Callback() = SlowWorkerSender();
+	dregress_ = std::move(other.dregress_);
+	kni_worker_ = std::move(other.kni_worker_);
+	return *this;
+}
+
+void SlowWorker::freeWorkerPacket(rte_ring* ring_to_free_mbuf,
+                                  rte_mbuf* mbuf)
+{
+	if (ring_to_free_mbuf == slow_worker_->ring_toFreePackets)
+	{
+		rte_pktmbuf_free(mbuf);
+		return;
+	}
+
+	while (rte_ring_sp_enqueue(ring_to_free_mbuf, mbuf) != 0)
+	{
+		std::this_thread::yield();
+	}
+}
+
+rte_mbuf* SlowWorker::convertMempool(rte_ring* ring_to_free_mbuf, rte_mbuf* old_mbuf)
+{
+	/// we dont support attached mbufs
+
+	rte_mbuf* mbuf = rte_pktmbuf_alloc(mempool_);
+	if (!mbuf)
+	{
+		stats_.mempool_is_empty++;
+
+		freeWorkerPacket(ring_to_free_mbuf, old_mbuf);
+		return nullptr;
+	}
+
+	*YADECAP_METADATA(mbuf) = *YADECAP_METADATA(old_mbuf);
+
+	/// @todo: rte_pktmbuf_append() and check error
+
+	memcpy(rte_pktmbuf_mtod(mbuf, char*),
+	       rte_pktmbuf_mtod(old_mbuf, char*),
+	       old_mbuf->data_len);
+
+	mbuf->data_len = old_mbuf->data_len;
+	mbuf->pkt_len = old_mbuf->pkt_len;
+
+	freeWorkerPacket(ring_to_free_mbuf, old_mbuf);
+
+	if (rte_mbuf_refcnt_read(mbuf) != 1)
+	{
+		YADECAP_LOG_ERROR("something wrong\n");
+	}
+
+	return mbuf;
+}
+
+void SlowWorker::SendToSlowWorker(rte_mbuf* mbuf, const common::globalBase::tFlow& flow)
+{
+	/// we dont support attached mbufs
+
+	if (slow_worker_mbufs_.size() >= 1024) ///< @todo: variable
+	{
+		stats_.slowworker_drops++;
+		rte_pktmbuf_free(mbuf);
+		return;
+	}
+
+	stats_.slowworker_packets++;
+	slow_worker_mbufs_.emplace(mbuf, flow);
+}
+
+unsigned SlowWorker::ring_handle(rte_ring* ring_to_free_mbuf,
+                                 rte_ring* ring)
+{
+	rte_mbuf* mbufs[CONFIG_YADECAP_MBUFS_BURST_SIZE];
+
+	unsigned rxSize = rte_ring_sc_dequeue_burst(ring,
+	                                            (void**)mbufs,
+	                                            CONFIG_YADECAP_MBUFS_BURST_SIZE,
+	                                            nullptr);
+
+#ifdef CONFIG_YADECAP_AUTOTEST
+	if (rxSize)
+	{
+		std::this_thread::sleep_for(std::chrono::microseconds{400});
+	}
+#endif // CONFIG_YADECAP_AUTOTEST
+
+	for (uint16_t mbuf_i = 0; mbuf_i < rxSize; mbuf_i++)
+	{
+		rte_mbuf* mbuf = convertMempool(ring_to_free_mbuf, mbufs[mbuf_i]);
+		if (!mbuf)
+		{
+			continue;
+		}
+
+		dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+		if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_ingress_icmp)
+		{
+			handlePacket_icmp_translate_v6_to_v4(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_ingress_fragmentation)
+		{
+			metadata->flow.type = common::globalBase::eFlowType::nat64stateless_ingress_checked;
+			handlePacket_fragment(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_egress_icmp)
+		{
+			handlePacket_icmp_translate_v4_to_v6(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_egress_fragmentation)
+		{
+			metadata->flow.type = common::globalBase::eFlowType::nat64stateless_egress_checked;
+			handlePacket_fragment(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_dregress)
+		{
+			handlePacket_dregress(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_nat64stateless_egress_farm)
+		{
+			handlePacket_farm(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_dump)
+		{
+			kni_worker_.HandlePacketDump(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_repeat)
+		{
+			handlePacket_repeat(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_fw_sync)
+		{
+			handlePacket_fw_state_sync(mbuf);
+		}
+		else if (metadata->flow.type == common::globalBase::eFlowType::slowWorker_balancer_icmp_forward)
+		{
+			handlePacket_balancer_icmp_forward(mbuf);
+		}
+		else
+		{
+			handlePacketFromForwardingPlane(mbuf);
+		}
+	}
+	return rxSize;
+}
+
+void SlowWorker::handlePacket_icmp_translate_v6_to_v4(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	const auto& base = slow_worker_->current_base();
+	const auto& nat64stateless = base.globalBase->nat64statelesses[metadata->flow.data.nat64stateless.id];
+	const auto& translation = base.globalBase->nat64statelessTranslations[metadata->flow.data.nat64stateless.translationId];
+
+	slow_worker_->slowWorkerTranslation(mbuf, nat64stateless, translation, true);
+
+	if (do_icmp_translate_v6_to_v4(mbuf, translation))
+	{
+		slow_worker_->Stats().nat64stateless_ingressPackets++;
+		SendToSlowWorker(mbuf, nat64stateless.flow);
+	}
+	else
+	{
+		slow_worker_->Stats().nat64stateless_ingressUnknownICMP++;
+		rte_pktmbuf_free(mbuf);
+	}
+}
+
+void SlowWorker::handlePacket_icmp_translate_v4_to_v6(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	const auto& base = slow_worker_->current_base();
+	const auto& nat64stateless = base.globalBase->nat64statelesses[metadata->flow.data.nat64stateless.id];
+	const auto& translation = base.globalBase->nat64statelessTranslations[metadata->flow.data.nat64stateless.translationId];
+
+	slow_worker_->slowWorkerTranslation(mbuf, nat64stateless, translation, false);
+
+	if (do_icmp_translate_v4_to_v6(mbuf, translation))
+	{
+		slow_worker_->Stats().nat64stateless_egressPackets++;
+		SendToSlowWorker(mbuf, nat64stateless.flow);
+	}
+	else
+	{
+		slow_worker_->Stats().nat64stateless_egressUnknownICMP++;
+		rte_pktmbuf_free(mbuf);
+	}
+}
+
+void SlowWorker::handlePacket_fragment(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	const auto& base = slow_worker_->current_base();
+	const auto& nat64stateless = base.globalBase->nat64statelesses[metadata->flow.data.nat64stateless.id];
+
+	if (nat64stateless.defrag_farm_prefix.empty() || metadata->network_headerType != rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4) || nat64stateless.farm)
+	{
+		fragmentation_.insert(mbuf);
+		return;
+	}
+
+	stats_.tofarm_packets++;
+	slow_worker_->slowWorkerHandleFragment(mbuf);
+	SendToSlowWorker(mbuf, nat64stateless.flow);
+}
+
+void SlowWorker::handlePacket_dregress(rte_mbuf* mbuf)
+{
+	dregress_.insert(mbuf);
+}
+
+void SlowWorker::handlePacket_farm(rte_mbuf* mbuf)
+{
+	stats_.farm_packets++;
+	slow_worker_->slowWorkerFarmHandleFragment(mbuf);
+}
+
+void SlowWorker::handlePacket_repeat(rte_mbuf* mbuf)
+{
+	const rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, rte_ether_hdr*);
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	if (ethernetHeader->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
+	{
+		const rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf, rte_vlan_hdr*, sizeof(rte_ether_hdr));
+
+		metadata->flow.data.logicalPortId = CALCULATE_LOGICALPORT_ID(metadata->fromPortId, rte_be_to_cpu_16(vlanHeader->vlan_tci));
+	}
+	else
+	{
+		metadata->flow.data.logicalPortId = CALCULATE_LOGICALPORT_ID(metadata->fromPortId, 0);
+	}
+
+	/// @todo: opt
+	slow_worker_->preparePacket(mbuf);
+
+	const auto& base = slow_worker_->current_base();
+	const auto& logicalPort = base.globalBase->logicalPorts[metadata->flow.data.logicalPortId];
+
+	stats_.repeat_packets++;
+	SendToSlowWorker(mbuf, logicalPort.flow);
+}
+
+void SlowWorker::handlePacket_fw_state_sync(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	const auto& base = slow_worker_->current_base();
+	const auto& fw_state_config = base.globalBase->fw_state_sync_configs[metadata->flow.data.aclId];
+
+	metadata->network_headerType = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+	metadata->network_headerOffset = sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr);
+	metadata->transport_headerType = IPPROTO_UDP;
+	metadata->transport_headerOffset = metadata->network_headerOffset + sizeof(rte_ipv6_hdr);
+
+	generic_rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, generic_rte_ether_hdr*);
+	ethernetHeader->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN);
+	rte_ether_addr_copy(&fw_state_config.ether_address_destination, &ethernetHeader->dst_addr);
+
+	rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf, rte_vlan_hdr*, sizeof(rte_ether_hdr));
+	vlanHeader->eth_proto = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+
+	rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
+	ipv6Header->vtc_flow = rte_cpu_to_be_32(0x6 << 28);
+	ipv6Header->payload_len = rte_cpu_to_be_16(sizeof(rte_udp_hdr) + sizeof(dataplane::globalBase::fw_state_sync_frame_t));
+	ipv6Header->proto = IPPROTO_UDP;
+	ipv6Header->hop_limits = 64;
+	memcpy(ipv6Header->src_addr, fw_state_config.ipv6_address_source.bytes, 16);
+	memcpy(ipv6Header->dst_addr, fw_state_config.ipv6_address_multicast.bytes, 16);
+
+	rte_udp_hdr* udpHeader = rte_pktmbuf_mtod_offset(mbuf, rte_udp_hdr*, metadata->network_headerOffset + sizeof(rte_ipv6_hdr));
+	udpHeader->src_port = fw_state_config.port_multicast; // IPFW reuses the same port for both src and dst.
+	udpHeader->dst_port = fw_state_config.port_multicast;
+	udpHeader->dgram_len = rte_cpu_to_be_16(sizeof(rte_udp_hdr) + sizeof(dataplane::globalBase::fw_state_sync_frame_t));
+	udpHeader->dgram_cksum = 0;
+	udpHeader->dgram_cksum = rte_ipv6_udptcp_cksum(ipv6Header, udpHeader);
+
+	// Iterate for all interested ports.
+	for (unsigned int port_id = 0; port_id < fw_state_config.flows_size; port_id++)
+	{
+		rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool_);
+		if (mbuf_clone == nullptr)
+		{
+			slow_worker_->Stats().fwsync_multicast_egress_drops++;
+			continue;
+		}
+
+		*YADECAP_METADATA(mbuf_clone) = *YADECAP_METADATA(mbuf);
+
+		memcpy(rte_pktmbuf_mtod(mbuf_clone, char*),
+		       rte_pktmbuf_mtod(mbuf, char*),
+		       mbuf->data_len);
+		mbuf_clone->data_len = mbuf->data_len;
+		mbuf_clone->pkt_len = mbuf->pkt_len;
+
+		const auto& flow = fw_state_config.flows[port_id];
+		slow_worker_->Stats().fwsync_multicast_egress_packets++;
+		SendToSlowWorker(mbuf_clone, flow);
+	}
+
+	if (!fw_state_config.ipv6_address_unicast.empty())
+	{
+		memcpy(ipv6Header->src_addr, fw_state_config.ipv6_address_unicast_source.bytes, 16);
+		memcpy(ipv6Header->dst_addr, fw_state_config.ipv6_address_unicast.bytes, 16);
+		udpHeader->src_port = fw_state_config.port_unicast;
+		udpHeader->dst_port = fw_state_config.port_unicast;
+		udpHeader->dgram_cksum = 0;
+		udpHeader->dgram_cksum = rte_ipv6_udptcp_cksum(ipv6Header, udpHeader);
+
+		rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool_);
+		if (mbuf_clone == nullptr)
+		{
+			slow_worker_->Stats().fwsync_unicast_egress_drops++;
+		}
+		else
+		{
+			*YADECAP_METADATA(mbuf_clone) = *YADECAP_METADATA(mbuf);
+
+			memcpy(rte_pktmbuf_mtod(mbuf_clone, char*),
+			       rte_pktmbuf_mtod(mbuf, char*),
+			       mbuf->data_len);
+			mbuf_clone->data_len = mbuf->data_len;
+			mbuf_clone->pkt_len = mbuf->pkt_len;
+
+			slow_worker_->Stats().fwsync_unicast_egress_packets++;
+			SendToSlowWorker(mbuf_clone, fw_state_config.ingress_flow);
+		}
+	}
+
+	rte_pktmbuf_free(mbuf);
+}
+
+bool SlowWorker::handlePacket_fw_state_sync_ingress(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	generic_rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, generic_rte_ether_hdr*);
+	if ((ethernetHeader->dst_addr.addr_bytes[0] & 1) == 0)
+	{
+		return false;
+	}
+
+	// Confirmed multicast packet.
+	// Try to match against our multicast groups.
+	if (ethernetHeader->ether_type != rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
+	{
+		return false;
+	}
+
+	rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf, rte_vlan_hdr*, sizeof(rte_ether_hdr));
+	if (vlanHeader->eth_proto != rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6))
+	{
+		return false;
+	}
+
+	rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr));
+	if (metadata->transport_headerType != IPPROTO_UDP)
+	{
+		return false;
+	}
+
+	const auto udp_payload_len = rte_be_to_cpu_16(ipv6Header->payload_len) - sizeof(rte_udp_hdr);
+	// Can contain multiple states per sync packet.
+	if (udp_payload_len % sizeof(dataplane::globalBase::fw_state_sync_frame_t) != 0)
+	{
+		return false;
+	}
+
+	tAclId aclId = 0;
+	if (!slow_worker_->dataPlane->controlPlane->fw_state_multicast_acl_ids.apply([&](auto& fw_state_multicast_acl_ids) {
+		    auto it = fw_state_multicast_acl_ids.find(common::ipv6_address_t(ipv6Header->dst_addr));
+		    if (it == fw_state_multicast_acl_ids.end())
+		    {
+			    return false;
+		    }
+		    aclId = it->second;
+		    return true;
+	    }))
+	{
+		return false;
+	}
+
+	const auto& base = slow_worker_->current_base();
+	const auto& fw_state_config = base.globalBase->fw_state_sync_configs[aclId];
+
+	if (memcmp(ipv6Header->src_addr, fw_state_config.ipv6_address_source.bytes, 16) == 0)
+	{
+		// Ignore self-generated packets.
+		return false;
+	}
+
+	rte_udp_hdr* udpHeader = rte_pktmbuf_mtod_offset(mbuf, rte_udp_hdr*, sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr) + sizeof(rte_ipv6_hdr));
+	if (udpHeader->dst_port != fw_state_config.port_multicast)
+	{
+		return false;
+	}
+
+	for (size_t idx = 0; idx < udp_payload_len / sizeof(dataplane::globalBase::fw_state_sync_frame_t); ++idx)
+	{
+		dataplane::globalBase::fw_state_sync_frame_t* payload = rte_pktmbuf_mtod_offset(
+		        mbuf,
+		        dataplane::globalBase::fw_state_sync_frame_t*,
+		        sizeof(rte_ether_hdr) + sizeof(rte_vlan_hdr) + sizeof(rte_ipv6_hdr) + sizeof(rte_udp_hdr) + idx * sizeof(dataplane::globalBase::fw_state_sync_frame_t));
+
+		if (payload->addr_type == 6)
+		{
+			dataplane::globalBase::fw6_state_key_t key;
+			key.proto = payload->proto;
+			key.__nap = 0;
+			// Swap src and dst addresses.
+			memcpy(key.dst_addr.bytes, payload->src_ip6.bytes, 16);
+			memcpy(key.src_addr.bytes, payload->dst_ip6.bytes, 16);
+
+			if (payload->proto == IPPROTO_TCP || payload->proto == IPPROTO_UDP)
+			{
+				// Swap src and dst ports.
+				key.dst_port = payload->src_port;
+				key.src_port = payload->dst_port;
+			}
+			else
+			{
+				key.dst_port = 0;
+				key.src_port = 0;
+			}
+
+			dataplane::globalBase::fw_state_value_t value;
+			value.type = static_cast<dataplane::globalBase::fw_state_type>(payload->proto);
+			value.owner = dataplane::globalBase::fw_state_owner_e::external;
+			value.last_seen = slow_worker_->CurrentTime();
+			value.flow = fw_state_config.ingress_flow;
+			value.acl_id = aclId;
+			value.last_sync = slow_worker_->CurrentTime();
+			value.packets_since_last_sync = 0;
+			value.packets_backward = 0;
+			value.packets_forward = 0;
+			value.tcp.unpack(payload->flags);
+
+			auto& dataPlane = slow_worker_->dataPlane;
+			uint32_t state_timeout = dataPlane->getConfigValues().stateful_firewall_other_protocols_timeout;
+			if (payload->proto == IPPROTO_UDP)
+			{
+				state_timeout = dataPlane->getConfigValues().stateful_firewall_udp_timeout;
+			}
+			else if (payload->proto == IPPROTO_TCP)
+			{
+				state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_timeout;
+				uint8_t flags = value.tcp.src_flags | value.tcp.dst_flags;
+				if (flags & (uint8_t)common::fwstate::tcp_flags_e::ACK)
+				{
+					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_syn_ack_timeout;
+				}
+				else if (flags & (uint8_t)common::fwstate::tcp_flags_e::SYN)
+				{
+					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_syn_timeout;
+				}
+				if (flags & (uint8_t)common::fwstate::tcp_flags_e::FIN)
+				{
+					state_timeout = dataPlane->getConfigValues().stateful_firewall_tcp_fin_timeout;
+				}
+			}
+			value.state_timeout = state_timeout;
+
+			for (auto& [socketId, globalBaseAtomic] : slow_worker_->dataPlane->globalBaseAtomics)
+			{
+				YANET_GCC_BUG_UNUSED(socketId);
+
+				dataplane::globalBase::fw_state_value_t* lookup_value = nullptr;
+				dataplane::spinlock_nonrecursive_t* locker = nullptr;
+				const uint32_t hash = globalBaseAtomic->fw6_state->lookup(key, lookup_value, locker);
+				if (lookup_value)
+				{
+					// Keep state alive for us even if there were no packets received.
+					// Do not reset other counters.
+					lookup_value->last_seen = slow_worker_->CurrentTime();
+					lookup_value->tcp.src_flags |= value.tcp.src_flags;
+					lookup_value->tcp.dst_flags |= value.tcp.dst_flags;
+					lookup_value->state_timeout = std::max(lookup_value->state_timeout, value.state_timeout);
+				}
+				else
+				{
+					globalBaseAtomic->fw6_state->insert(hash, key, value);
+				}
+				locker->unlock();
+			}
+		}
+		else if (payload->addr_type == 4)
+		{
+			dataplane::globalBase::fw4_state_key_t key;
+			key.proto = payload->proto;
+			key.__nap = 0;
+			// Swap src and dst addresses.
+			key.dst_addr.address = payload->src_ip;
+			key.src_addr.address = payload->dst_ip;
+
+			if (payload->proto == IPPROTO_TCP || payload->proto == IPPROTO_UDP)
+			{
+				// Swap src and dst ports.
+				key.dst_port = payload->src_port;
+				key.src_port = payload->dst_port;
+			}
+			else
+			{
+				key.dst_port = 0;
+				key.src_port = 0;
+			}
+
+			dataplane::globalBase::fw_state_value_t value;
+			value.type = static_cast<dataplane::globalBase::fw_state_type>(payload->proto);
+			value.owner = dataplane::globalBase::fw_state_owner_e::external;
+			value.last_seen = slow_worker_->CurrentTime();
+			value.flow = fw_state_config.ingress_flow;
+			value.acl_id = aclId;
+			value.last_sync = slow_worker_->CurrentTime();
+			value.packets_since_last_sync = 0;
+			value.packets_backward = 0;
+			value.packets_forward = 0;
+			value.tcp.unpack(payload->flags);
+
+			auto& cfg = slow_worker_->dataPlane->getConfigValues();
+			uint32_t state_timeout = cfg.stateful_firewall_other_protocols_timeout;
+			if (payload->proto == IPPROTO_UDP)
+			{
+				state_timeout = cfg.stateful_firewall_udp_timeout;
+			}
+			else if (payload->proto == IPPROTO_TCP)
+			{
+				state_timeout = cfg.stateful_firewall_tcp_timeout;
+				uint8_t flags = value.tcp.src_flags | value.tcp.dst_flags;
+				if (flags & (uint8_t)common::fwstate::tcp_flags_e::ACK)
+				{
+					state_timeout = cfg.stateful_firewall_tcp_syn_ack_timeout;
+				}
+				else if (flags & (uint8_t)common::fwstate::tcp_flags_e::SYN)
+				{
+					state_timeout = cfg.stateful_firewall_tcp_syn_timeout;
+				}
+				if (flags & (uint8_t)common::fwstate::tcp_flags_e::FIN)
+				{
+					state_timeout = cfg.stateful_firewall_tcp_fin_timeout;
+				}
+			}
+			value.state_timeout = state_timeout;
+
+			for (auto& [socketId, globalBaseAtomic] : slow_worker_->dataPlane->globalBaseAtomics)
+			{
+				YANET_GCC_BUG_UNUSED(socketId);
+
+				dataplane::globalBase::fw_state_value_t* lookup_value = nullptr;
+				dataplane::spinlock_nonrecursive_t* locker = nullptr;
+				const uint32_t hash = globalBaseAtomic->fw4_state->lookup(key, lookup_value, locker);
+				if (lookup_value)
+				{
+					// Keep state alive for us even if there were no packets received.
+					// Do not reset other counters.
+					lookup_value->last_seen = slow_worker_->CurrentTime();
+					lookup_value->tcp.src_flags |= value.tcp.src_flags;
+					lookup_value->tcp.dst_flags |= value.tcp.dst_flags;
+					lookup_value->state_timeout = std::max(lookup_value->state_timeout, value.state_timeout);
+				}
+				else
+				{
+					globalBaseAtomic->fw4_state->insert(hash, key, value);
+				}
+				locker->unlock();
+			}
+		}
+	}
+
+	return true;
+}
+
+void SlowWorker::BalancerICMPForwardCriticalSection(
+        rte_mbuf* mbuf,
+        cControlPlane::VipToBalancers& vip_to_balancers,
+        cControlPlane::VipVportProto& vip_vport_proto)
+{
+	const auto& base = slow_worker_->current_base();
+
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	common::ip_address_t original_src_from_icmp_payload;
+	common::ip_address_t src_from_ip_header;
+	uint16_t original_src_port_from_icmp_payload = 0;
+
+	uint32_t balancer_id = metadata->flow.data.balancer.id;
+
+	dataplane::metadata inner_metadata;
+
+	if (metadata->transport_headerType == IPPROTO_ICMP)
+	{
+		rte_ipv4_hdr* ipv4Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
+		src_from_ip_header = common::ip_address_t(rte_be_to_cpu_32(ipv4Header->src_addr));
+
+		rte_ipv4_hdr* icmpPayloadIpv4Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->transport_headerOffset + sizeof(icmpv4_header_t));
+		original_src_from_icmp_payload = common::ip_address_t(rte_be_to_cpu_32(icmpPayloadIpv4Header->src_addr));
+
+		inner_metadata.network_headerType = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
+		inner_metadata.network_headerOffset = metadata->transport_headerOffset + sizeof(icmpv4_header_t);
+	}
+	else
+	{
+		rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
+		src_from_ip_header = common::ip_address_t(ipv6Header->src_addr);
+
+		rte_ipv6_hdr* icmpPayloadIpv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->transport_headerOffset + sizeof(icmpv6_header_t));
+		original_src_from_icmp_payload = common::ip_address_t(icmpPayloadIpv6Header->src_addr);
+
+		inner_metadata.network_headerType = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+		inner_metadata.network_headerOffset = metadata->transport_headerOffset + sizeof(icmpv6_header_t);
+	}
+
+	if (!prepareL3(mbuf, &inner_metadata))
+	{
+		/* we are not suppossed to get in here anyway, same check was done earlier by balancer_icmp_forward_handle(),
+		   but we needed to call prepareL3() to determine icmp payload original packets transport header offset */
+		if (inner_metadata.network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
+		{
+			slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_ip);
+		}
+		else
+		{
+			slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_ip);
+		}
+
+		return;
+	}
+
+	if (inner_metadata.transport_headerType != IPPROTO_TCP && inner_metadata.transport_headerType != IPPROTO_UDP)
+	{
+		// not supported protocol for cloning and distributing, drop
+		slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_unexpected_transport_protocol);
+		return;
+	}
+
+	// check whether ICMP payload is too short to contain "offending" packet's IP header and ports is performed earlier by balancer_icmp_forward_handle()
+	void* icmpPayloadTransportHeader = rte_pktmbuf_mtod_offset(mbuf, void*, inner_metadata.transport_headerOffset);
+
+	// both TCP and UDP headers have src port (16 bits) as the first field
+	original_src_port_from_icmp_payload = rte_be_to_cpu_16(*(uint16_t*)icmpPayloadTransportHeader);
+
+	if (vip_to_balancers.size() <= balancer_id)
+	{
+		// no vip_to_balancers table for this balancer_id
+		slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_no_unrdup_table_for_balancer_id);
+		return;
+	}
+
+	if (!vip_to_balancers[balancer_id].count(original_src_from_icmp_payload))
+	{
+		// vip is not listed in unrdup config - neighbor balancers are unknown, drop
+		slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_unrdup_vip_not_found);
+		return;
+	}
+
+	if (vip_vport_proto.size() <= balancer_id)
+	{
+		// no vip_vport_proto table for this balancer_id
+		slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id);
+		return;
+	}
+
+	if (!vip_vport_proto[balancer_id].count({original_src_from_icmp_payload, original_src_port_from_icmp_payload, inner_metadata.transport_headerType}))
+	{
+		// such combination of vip-vport-protocol is absent, don't clone, drop
+		slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_drop_unknown_service);
+		return;
+	}
+
+	const auto& neighbor_balancers = vip_to_balancers[balancer_id][original_src_from_icmp_payload];
+
+	for (const auto& neighbor_balancer : neighbor_balancers)
+	{
+		// will not send a cloned packet if source address in "balancer" section of controlplane.conf is absent
+		if (neighbor_balancer.is_ipv4() && !base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv4.address)
+		{
+			slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv4);
+			continue;
+		}
+
+		if (neighbor_balancer.is_ipv6() && base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv6.empty())
+		{
+			slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv6);
+			continue;
+		}
+
+		rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool_);
+		if (mbuf_clone == nullptr)
+		{
+			slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_failed_to_clone);
+			continue;
+		}
+
+		*YADECAP_METADATA(mbuf_clone) = *YADECAP_METADATA(mbuf);
+		dataplane::metadata* clone_metadata = YADECAP_METADATA(mbuf_clone);
+
+		rte_memcpy(rte_pktmbuf_mtod(mbuf_clone, char*),
+		           rte_pktmbuf_mtod(mbuf, char*),
+		           mbuf->data_len);
+
+		if (neighbor_balancer.is_ipv4())
+		{
+			rte_pktmbuf_prepend(mbuf_clone, sizeof(rte_ipv4_hdr));
+			memmove(rte_pktmbuf_mtod(mbuf_clone, char*),
+			        rte_pktmbuf_mtod_offset(mbuf_clone, char*, sizeof(rte_ipv4_hdr)),
+			        clone_metadata->network_headerOffset);
+
+			rte_ipv4_hdr* outerIpv4Header = rte_pktmbuf_mtod_offset(mbuf_clone, rte_ipv4_hdr*, clone_metadata->network_headerOffset);
+
+			outerIpv4Header->src_addr = base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv4.address;
+			outerIpv4Header->dst_addr = rte_cpu_to_be_32(neighbor_balancer.get_ipv4());
+
+			outerIpv4Header->version_ihl = 0x45;
+			outerIpv4Header->type_of_service = 0x00;
+			outerIpv4Header->packet_id = rte_cpu_to_be_16(0x01);
+			outerIpv4Header->fragment_offset = 0;
+			outerIpv4Header->time_to_live = 64;
+
+			outerIpv4Header->total_length = rte_cpu_to_be_16((uint16_t)(mbuf->pkt_len - clone_metadata->network_headerOffset + sizeof(rte_ipv4_hdr)));
+
+			if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
+			{
+				outerIpv4Header->next_proto_id = IPPROTO_IPIP;
+			}
+			else
+			{
+				outerIpv4Header->next_proto_id = IPPROTO_IPV6;
+			}
+
+			yanet_ipv4_checksum(outerIpv4Header);
+
+			mbuf_clone->data_len = mbuf->data_len + sizeof(rte_ipv4_hdr);
+			mbuf_clone->pkt_len = mbuf->pkt_len + sizeof(rte_ipv4_hdr);
+
+			// might need to change next protocol type in ethernet/vlan header in cloned packet
+
+			rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf_clone, rte_ether_hdr*);
+			if (ethernetHeader->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
+			{
+				rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf_clone, rte_vlan_hdr*, sizeof(rte_ether_hdr));
+				vlanHeader->eth_proto = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
+			}
+			else
+			{
+				ethernetHeader->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
+			}
+		}
+		else if (neighbor_balancer.is_ipv6())
+		{
+			rte_pktmbuf_prepend(mbuf_clone, sizeof(rte_ipv6_hdr));
+			memmove(rte_pktmbuf_mtod(mbuf_clone, char*),
+			        rte_pktmbuf_mtod_offset(mbuf_clone, char*, sizeof(rte_ipv6_hdr)),
+			        clone_metadata->network_headerOffset);
+
+			rte_ipv6_hdr* outerIpv6Header = rte_pktmbuf_mtod_offset(mbuf_clone, rte_ipv6_hdr*, clone_metadata->network_headerOffset);
+
+			rte_memcpy(outerIpv6Header->src_addr, base.globalBase->balancers[metadata->flow.data.balancer.id].source_ipv6.bytes, sizeof(outerIpv6Header->src_addr));
+			if (src_from_ip_header.is_ipv6())
+			{
+				((uint32_t*)outerIpv6Header->src_addr)[2] = ((uint32_t*)src_from_ip_header.get_ipv6().data())[2] ^ ((uint32_t*)src_from_ip_header.get_ipv6().data())[3];
+			}
+			else
+			{
+				((uint32_t*)outerIpv6Header->src_addr)[2] = src_from_ip_header.get_ipv4();
+			}
+			rte_memcpy(outerIpv6Header->dst_addr, neighbor_balancer.get_ipv6().data(), sizeof(outerIpv6Header->dst_addr));
+
+			outerIpv6Header->vtc_flow = rte_cpu_to_be_32((0x6 << 28));
+			outerIpv6Header->payload_len = rte_cpu_to_be_16((uint16_t)(mbuf->pkt_len - clone_metadata->network_headerOffset));
+			outerIpv6Header->hop_limits = 64;
+
+			if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4))
+			{
+				outerIpv6Header->proto = IPPROTO_IPIP;
+			}
+			else
+			{
+				outerIpv6Header->proto = IPPROTO_IPV6;
+			}
+
+			mbuf_clone->data_len = mbuf->data_len + sizeof(rte_ipv6_hdr);
+			mbuf_clone->pkt_len = mbuf->pkt_len + sizeof(rte_ipv6_hdr);
+
+			// might need to change next protocol type in ethernet/vlan header in cloned packet
+
+			rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf_clone, rte_ether_hdr*);
+			if (ethernetHeader->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_VLAN))
+			{
+				rte_vlan_hdr* vlanHeader = rte_pktmbuf_mtod_offset(mbuf_clone, rte_vlan_hdr*, sizeof(rte_ether_hdr));
+				vlanHeader->eth_proto = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+			}
+			else
+			{
+				ethernetHeader->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
+			}
+		}
+
+		slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_clone_forwarded);
+
+		const auto& flow = base.globalBase->balancers[metadata->flow.data.balancer.id].flow;
+
+		slow_worker_->preparePacket(mbuf_clone);
+		SendToSlowWorker(mbuf_clone, flow);
+	}
+}
+
+void SlowWorker::handlePacket_balancer_icmp_forward(rte_mbuf* mbuf)
+{
+	if (config_.SWICMPOutRateLimit != 0)
+	{
+		if (icmp_out_remainder_ == 0)
+		{
+			slow_worker_->IncrementCounter(common::globalBase::static_counter_type::balancer_icmp_out_rate_limit_reached);
+			rte_pktmbuf_free(mbuf);
+			return;
+		}
+
+		--icmp_out_remainder_;
+	}
+
+	slow_worker_->dataPlane->controlPlane->vip_to_balancers.apply([&](auto& vip_to_balancers) {
+		slow_worker_->dataPlane->controlPlane->vip_vport_proto.apply([&](auto& vip_vport_proto) {
+			BalancerICMPForwardCriticalSection(mbuf, vip_to_balancers, vip_vport_proto);
+		});
+	});
+
+	// packet itself is not going anywhere, only its clones with prepended header
+	rte_pktmbuf_free(mbuf);
+}
+
+void SlowWorker::handlePacketFromForwardingPlane(rte_mbuf* mbuf)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+	if (handlePacket_fw_state_sync_ingress(mbuf))
+	{
+		stats_.fwsync_multicast_ingress_packets++;
+		rte_pktmbuf_free(mbuf);
+		return;
+	}
+
+#ifdef CONFIG_YADECAP_AUTOTEST
+	if (metadata->flow.type != common::globalBase::eFlowType::slowWorker_kni_local)
+	{
+		// drop by default in tests
+		stats_.slowworker_drops++;
+		rte_pktmbuf_free(mbuf);
+		return;
+	}
+	rte_ether_hdr* ethernetHeader = rte_pktmbuf_mtod(mbuf, rte_ether_hdr*);
+	memset(ethernetHeader->dst_addr.addr_bytes,
+	       0x71,
+	       6);
+
+#endif
+
+	if (!config_.use_kernel_interface)
+	{
+		// TODO stats
+		unsigned txSize = rte_eth_tx_burst(metadata->fromPortId, 0, &mbuf, 1);
+		if (!txSize)
+		{
+			rte_pktmbuf_free(mbuf);
+		}
+		return;
+	}
+	else
+	{
+		kni_worker_.HandlePacketFromForwardingPlane(mbuf);
+	}
+}
+
+void SlowWorker::HandleWorkerRings()
+{
+	for (unsigned nIter = 0; nIter < YANET_CONFIG_RING_PRIORITY_RATIO; nIter++)
+	{
+		for (unsigned hIter = 0; hIter < YANET_CONFIG_RING_PRIORITY_RATIO; hIter++)
+		{
+			unsigned hProcessed = 0;
+			for (cWorker* worker : workers_serviced_)
+			{
+				hProcessed += ring_handle(worker->ring_toFreePackets, worker->ring_highPriority);
+			}
+			if (!hProcessed)
+			{
+				break;
+			}
+		}
+
+		unsigned nProcessed = 0;
+		for (cWorker* worker : workers_serviced_)
+		{
+			nProcessed += ring_handle(worker->ring_toFreePackets, worker->ring_normalPriority);
+		}
+		if (!nProcessed)
+		{
+			break;
+		}
+	}
+	for (cWorker* worker : workers_serviced_)
+	{
+		ring_handle(worker->ring_toFreePackets, worker->ring_lowPriority);
+	}
+}
+
+void SlowWorker::DequeueGC()
+{
+	for (auto& [process, free] : from_gcs_)
+	{
+		rte_mbuf* mbufs[CONFIG_YADECAP_MBUFS_BURST_SIZE];
+
+		unsigned rxSize = process.DequeueBurstSC(mbufs);
+
+		for (uint16_t mbuf_i = 0; mbuf_i < rxSize; mbuf_i++)
+		{
+			rte_mbuf* mbuf = convertMempool(free._Underlying(), mbufs[mbuf_i]);
+			if (!mbuf)
+			{
+				continue;
+			}
+
+			dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+
+			SendToSlowWorker(mbuf, metadata->flow);
+		}
+	}
+}
+
+} // namespace dataplane
diff --git a/dataplane/slow_worker.h b/dataplane/slow_worker.h
new file mode 100644
index 00000000..bd1791af
--- /dev/null
+++ b/dataplane/slow_worker.h
@@ -0,0 +1,144 @@
+#pragma once
+#include <queue>
+#include <tuple>
+#include <vector>
+
+#include "dpdk.h"
+#include "dregress.h"
+#include "fragmentation.h"
+#include "kernel_interface_handler.h"
+#include "worker.h"
+
+namespace dataplane
+{
+
+class SlowWorker
+{
+public:
+	struct Config
+	{
+		uint32_t SWICMPOutRateLimit = 0;
+		bool use_kernel_interface;
+	};
+
+private:
+	std::vector<tPortId> ports_serviced_;
+	std::vector<cWorker*> workers_serviced_;
+	std::vector<dpdk::RingConn<rte_mbuf*>> from_gcs_;
+	cWorker* slow_worker_;
+	std::queue<std::tuple<rte_mbuf*, common::globalBase::tFlow>> slow_worker_mbufs_;
+	rte_mempool* mempool_; // from cControlPlane
+	common::slowworker::stats_t stats_;
+	fragmentation::Fragmentation fragmentation_;
+	dregress_t dregress_;
+	uint32_t icmp_out_remainder_;
+	Config config_;
+	dataplane::KernelInterfaceWorker kni_worker_;
+
+	auto SlowWorkerSender()
+	{
+		return [this](rte_mbuf* pkt, const common::globalBase::tFlow& flow) {
+			SendToSlowWorker(pkt, flow);
+		};
+	}
+	using VipToBalancers = std::vector<std::unordered_map<common::ip_address_t, std::unordered_set<common::ip_address_t>>>;
+	using VipVportProto = std::vector<std::unordered_set<std::tuple<common::ip_address_t, std::optional<uint16_t>, uint8_t>>>;
+	void BalancerICMPForwardCriticalSection(
+	        rte_mbuf* mbuf,
+	        VipToBalancers& vip_to_balancers,
+	        VipVportProto& vip_vport_proto);
+
+public:
+	SlowWorker(cWorker* worker,
+	           std::vector<tPortId>&& ports_to_service,
+	           std::vector<cWorker*>&& workers_to_service,
+	           std::vector<dpdk::RingConn<rte_mbuf*>>&& from_gcs,
+	           KernelInterfaceWorker&& kni,
+	           rte_mempool* mempool,
+	           bool use_kni,
+	           uint32_t sw_icmp_out_rate_limit);
+	SlowWorker(const SlowWorker&) = delete;
+	SlowWorker(SlowWorker&& other);
+	SlowWorker& operator=(const SlowWorker&) = delete;
+	SlowWorker& operator=(SlowWorker&& other);
+
+	cWorker* GetWorker() { return slow_worker_; }
+	const dataplane::KernelInterfaceWorker& KniWorker() const { return kni_worker_; }
+	const dataplane::base::generation& current_base() { return slow_worker_->current_base(); }
+	const fragmentation::Fragmentation& Fragmentation() const { return fragmentation_; }
+	dregress_t& Dregress() { return dregress_; }
+	const dregress_t& Dregress() const { return dregress_; }
+	void freeWorkerPacket(rte_ring* ring_to_free_mbuf, rte_mbuf* mbuf);
+	rte_mbuf* convertMempool(rte_ring* ring_to_free_mbuf, rte_mbuf* old_mbuf);
+	rte_mempool* Mempool() { return mempool_; }
+	void PreparePacket(rte_mbuf* mbuf) { slow_worker_->preparePacket(mbuf); }
+	void SendToSlowWorker(rte_mbuf* mbuf, const common::globalBase::tFlow& flow);
+	void ResetIcmpOutRemainder(uint32_t limit) { icmp_out_remainder_ = limit; }
+
+	const common::slowworker::stats_t& Stats() const { return stats_; }
+	unsigned ring_handle(rte_ring* ring_to_free_mbuf, rte_ring* ring);
+	void handlePacket_icmp_translate_v6_to_v4(rte_mbuf* mbuf);
+	void handlePacket_icmp_translate_v4_to_v6(rte_mbuf* mbuf);
+	void handlePacket_fragment(rte_mbuf* mbuf);
+	void handlePacket_dregress(rte_mbuf* mbuf);
+	void handlePacket_farm(rte_mbuf* mbuf);
+	void handlePacket_repeat(rte_mbuf* mbuf);
+	void handlePacket_fw_state_sync(rte_mbuf* mbuf);
+	bool handlePacket_fw_state_sync_ingress(rte_mbuf* mbuf);
+	void handlePacket_balancer_icmp_forward(rte_mbuf* mbuf);
+	void handlePacketFromForwardingPlane(rte_mbuf* mbuf);
+	void HandleWorkerRings();
+
+	// \brief dequeue packets from worker_gc's ring to slowworker
+	void DequeueGC();
+
+	void Iteration()
+	{
+		slow_worker_->slowWorkerBeforeHandlePackets();
+
+		HandleWorkerRings();
+
+		if (config_.use_kernel_interface)
+		{
+			kni_worker_.Flush();
+		}
+
+		DequeueGC();
+		fragmentation_.handle();
+		dregress_.handle();
+
+		if (config_.use_kernel_interface)
+		{
+			kni_worker_.ForwardToPhy();
+			kni_worker_.RecvFree();
+		}
+
+		/// push packets to slow worker
+		while (!slow_worker_mbufs_.empty())
+		{
+			for (unsigned int i = 0;
+			     i < CONFIG_YADECAP_MBUFS_BURST_SIZE;
+			     i++)
+			{
+				if (slow_worker_mbufs_.empty())
+				{
+					break;
+				}
+
+				auto& tuple = slow_worker_mbufs_.front();
+				slow_worker_->slowWorkerFlow(std::get<0>(tuple), std::get<1>(tuple));
+
+				slow_worker_mbufs_.pop();
+			}
+
+			slow_worker_->slowWorkerHandlePackets();
+		}
+
+		slow_worker_->slowWorkerAfterHandlePackets();
+#ifdef CONFIG_YADECAP_AUTOTEST
+		std::this_thread::sleep_for(std::chrono::microseconds{1});
+#endif // CONFIG_YADECAP_AUTOTEST
+	}
+};
+
+} // namespace dataplane
diff --git a/dataplane/sock_dev.cpp b/dataplane/sock_dev.cpp
index 810d247c..3b852c17 100644
--- a/dataplane/sock_dev.cpp
+++ b/dataplane/sock_dev.cpp
@@ -98,12 +98,15 @@ sock_dev_stop(struct rte_eth_dev* dev)
 static int
 sock_dev_close(struct rte_eth_dev* dev)
 {
-	struct sock_internals* internals =
+	auto* internals =
 	        (struct sock_internals*)dev->data->dev_private;
 
 	close(internals->fd);
 	unlink(internals->sockaddr.sun_path);
-	rte_free(internals);
+	if (internals)
+	{
+		rte_free(internals);
+	}
 	return 0;
 }
 #else
@@ -140,7 +143,7 @@ sock_dev_rx_queue_setup(struct rte_eth_dev* dev,
                         const struct rte_eth_rxconf* rx_conf __rte_unused,
                         struct rte_mempool* mb_pool)
 {
-	struct sock_internals* si = (struct sock_internals*)dev->data->dev_private;
+	auto* si = (struct sock_internals*)dev->data->dev_private;
 	dev->data->rx_queues[rx_queue_id] = si->rx_queues + rx_queue_id;
 	si->rx_queues[rx_queue_id].internals = si;
 	si->rx_queues[rx_queue_id].mb_pool = mb_pool;
@@ -254,11 +257,11 @@ sock_dev_rx(void* q, struct rte_mbuf** bufs, uint16_t nb_bufs)
 		return 0;
 	}
 
-	struct sock_queue* sq = (struct sock_queue*)q;
+	auto* sq = (struct sock_queue*)q;
 
 	if (sq->internals->conFd < 0)
 	{
-		sq->internals->conFd = accept4(sq->internals->fd, NULL, NULL, SOCK_NONBLOCK);
+		sq->internals->conFd = accept4(sq->internals->fd, nullptr, nullptr, SOCK_NONBLOCK);
 	}
 
 	if (sq->internals->conFd < 0)
@@ -294,9 +297,9 @@ sock_dev_rx(void* q, struct rte_mbuf** bufs, uint16_t nb_bufs)
 		}
 	} while (rc == 0); /// Repeat if there is no data yet
 
-	struct rte_mbuf* mbuf;
+	struct rte_mbuf* mbuf = nullptr;
 	mbuf = rte_pktmbuf_alloc(sq->mb_pool);
-	if (unlikely(mbuf == NULL))
+	if (unlikely(mbuf == nullptr))
 	{
 		sq->internals->eth_stats.ierrors++;
 		return 0;
@@ -362,7 +365,7 @@ sock_dev_tx(void* q, struct rte_mbuf** bufs, uint16_t nb_bufs)
 		return 0;
 	}
 
-	struct sock_internals* si = (struct sock_internals*)q;
+	auto* si = (struct sock_internals*)q;
 	if (si->conFd < 0)
 	{
 		si->eth_stats.oerrors++;
@@ -383,7 +386,7 @@ sock_dev_tx(void* q, struct rte_mbuf** bufs, uint16_t nb_bufs)
 		iov[0].iov_base = &hdr;
 		iov[0].iov_len = sizeof(hdr);
 
-		iov[1].iov_base = (void*)rte_pktmbuf_read(mbuf, 0, len, writeBuf);
+		iov[1].iov_base = const_cast<void*>(rte_pktmbuf_read(mbuf, 0, len, writeBuf));
 		iov[1].iov_len = len;
 
 		if (writeIovCount(si->conFd, iov, 2) < 0)
@@ -403,18 +406,16 @@ sock_dev_tx(void* q, struct rte_mbuf** bufs, uint16_t nb_bufs)
 int sock_dev_stats_get(struct rte_eth_dev* dev,
                        struct rte_eth_stats* igb_stats)
 {
-	sock_internals* private_data = (struct sock_internals*)dev->data->dev_private;
+	auto* private_data = (struct sock_internals*)dev->data->dev_private;
 	memcpy(igb_stats, &private_data->eth_stats, sizeof(rte_eth_stats));
 	return 0;
 }
 
-int sock_dev_create(const char* name, uint8_t numa_node)
+int sock_dev_create(const char* path, const char* name, uint8_t numa_node)
 {
-	const char* path = name + strlen(SOCK_DEV_PREFIX);
-
-	struct sock_internals* internals = (struct sock_internals*)
+	auto* internals = (struct sock_internals*)
 	        rte_zmalloc_socket(path, sizeof(struct sock_internals), 0, numa_node);
-	if (internals == NULL)
+	if (internals == nullptr)
 		return ENOSPC;
 
 	internals->pci_id.device_id = 0xBEEF;
@@ -451,9 +452,9 @@ int sock_dev_create(const char* name, uint8_t numa_node)
 	listen(internals->fd, 1);
 	internals->conFd = -1;
 
-	struct rte_eth_dev* eth_dev = NULL;
-	eth_dev = rte_eth_dev_allocate(path);
-	if (eth_dev == NULL)
+	struct rte_eth_dev* eth_dev = nullptr;
+	eth_dev = rte_eth_dev_allocate(name);
+	if (eth_dev == nullptr)
 	{
 		close(internals->fd);
 		unlink(internals->sockaddr.sun_path);
diff --git a/dataplane/sock_dev.h b/dataplane/sock_dev.h
index 47553147..290cbe06 100644
--- a/dataplane/sock_dev.h
+++ b/dataplane/sock_dev.h
@@ -1,7 +1,10 @@
 #pragma once
 
 #include <cstdint>
+#include <string>
 
-#define SOCK_DEV_PREFIX "sock_dev:"
+// #define SOCK_DEV_PREFIX "sock_dev:"
+using namespace std::string_literals;
+const std::string SOCK_DEV_PREFIX = "sock_dev:"s;
 
-int sock_dev_create(const char* path, uint8_t numa_node);
+int sock_dev_create(const char* path, const char* name, uint8_t numa_node);
diff --git a/dataplane/type.h b/dataplane/type.h
index 4ce58a3f..cf55b213 100644
--- a/dataplane/type.h
+++ b/dataplane/type.h
@@ -1,10 +1,8 @@
 #pragma once
 
-#include <rte_byteorder.h>
 #include <rte_ether.h>
 
 #include "common/balancer.h"
-#include "common/config.h"
 #include "common/scheduler.h"
 #include "common/type.h"
 
@@ -191,7 +189,7 @@ struct ipv6_address_t
 		return !(*this == second);
 	}
 
-	bool empty() const ///< @todo: is_default()
+	[[nodiscard]] bool empty() const ///< @todo: is_default()
 	{
 		for (auto b : bytes)
 		{
@@ -301,8 +299,7 @@ struct tInterface
 
 struct nat64stateful_t
 {
-	nat64stateful_t() :
-	        pool_size(0)
+	nat64stateful_t()
 	{
 		state_timeout.tcp_syn = YANET_CONFIG_STATE_TIMEOUT_DEFAULT;
 		state_timeout.tcp_ack = YANET_CONFIG_STATE_TIMEOUT_DEFAULT;
@@ -315,7 +312,7 @@ struct nat64stateful_t
 	/// @todo: uint8_t enabled;
 
 	uint32_t pool_start;
-	uint32_t pool_size;
+	uint32_t pool_size{};
 	tCounterId counter_id;
 	uint8_t ipv4_dscp_flags;
 	struct
@@ -383,6 +380,7 @@ struct nexthop ///< @todo
 {
 	tInterfaceId interfaceId : 16;
 	uint16_t flags;
+	tCounterId counter_id;
 	ipv6_address_t neighbor_address;
 	uint32_t labelExpTransport; ///< @todo: rename first
 	uint32_t labelExpService; ///< @todo: rename second
@@ -404,12 +402,9 @@ static_assert(YANET_CONFIG_COUNTERS_SIZE <= 0xFFFFFF, "invalid YANET_CONFIG_COUN
 
 struct route_value_t
 {
-	route_value_t() :
-	        type(common::globalBase::eNexthopType::controlPlane)
-	{
-	}
+	route_value_t() = default;
 
-	common::globalBase::eNexthopType type; ///< @todo: DELETE
+	common::globalBase::eNexthopType type{common::globalBase::eNexthopType::controlPlane}; ///< @todo: DELETE
 
 	union
 	{
@@ -424,12 +419,9 @@ struct route_value_t
 
 struct route_tunnel_value_t
 {
-	route_tunnel_value_t() :
-	        type(common::globalBase::eNexthopType::controlPlane)
-	{
-	}
+	route_tunnel_value_t() = default;
 
-	common::globalBase::eNexthopType type; ///< @todo: DELETE
+	common::globalBase::eNexthopType type{common::globalBase::eNexthopType::controlPlane}; ///< @todo: DELETE
 
 	union
 	{
@@ -589,9 +581,9 @@ struct balancer_service_t
 	uint32_t wlc_power;
 
 	/*
-		outer_source_network_flag:
-		zero byte stores the state for ipv4_router_source_network
-		first byte stores the state for ipv6_router_source_network
+	        outer_source_network_flag:
+	        zero byte stores the state for ipv4_router_source_network
+	        first byte stores the state for ipv6_router_source_network
 	*/
 	uint8_t outer_source_network_flag;
 	ipv4_prefix_t ipv4_outer_source_network;
@@ -650,7 +642,7 @@ struct fw_tcp_state_value_t
 	uint8_t src_flags : 4;
 	uint8_t dst_flags : 4;
 
-	uint8_t pack() const
+	[[nodiscard]] uint8_t pack() const
 	{
 		return src_flags | (dst_flags << 4);
 	}
@@ -738,7 +730,7 @@ struct fw_state_sync_frame_t
 	uint32_t flow_id6;
 	uint32_t extra;
 
-	static inline fw_state_sync_frame_t from_state_key(const fw4_state_key_t& key)
+	static fw_state_sync_frame_t from_state_key(const fw4_state_key_t& key)
 	{
 		fw_state_sync_frame_t sync_frame{};
 		sync_frame.proto = uint8_t(key.proto);
@@ -751,7 +743,7 @@ struct fw_state_sync_frame_t
 		return sync_frame;
 	}
 
-	static inline fw_state_sync_frame_t from_state_key(const fw6_state_key_t& key)
+	static fw_state_sync_frame_t from_state_key(const fw6_state_key_t& key)
 	{
 		fw_state_sync_frame_t sync_frame{};
 		sync_frame.proto = uint8_t(key.proto);
diff --git a/dataplane/unittest/hashtable.cpp b/dataplane/unittest/hashtable.cpp
index 98f57c72..78381e00 100644
--- a/dataplane/unittest/hashtable.cpp
+++ b/dataplane/unittest/hashtable.cpp
@@ -10,7 +10,7 @@ TEST(HashtableTest, Basic)
 {
 	dataplane::hashtable_chain_t<int, int, 128, 128, 4, 4> t;
 
-	int* v;
+	int* v = nullptr;
 	int k = 1;
 	t.lookup(&k, &v, 1);
 	EXPECT_EQ(nullptr, v);
@@ -42,8 +42,8 @@ TEST(HashtableTest, Extended)
 
 	for (int k = 0; k < 512; ++k)
 	{
-		int* v;
-		dataplane::spinlock_t* locker;
+		int* v = nullptr;
+		dataplane::spinlock_t* locker = nullptr;
 
 		t.lookup(k, v, locker);
 		if ((k % 7) && (k % 11))
@@ -70,7 +70,7 @@ TEST(HashtableTest, Extended)
 	}
 
 	EXPECT_TRUE(ok);
-	EXPECT_NE(t.getStats().extendedChunksCount, 0);
+	EXPECT_NE(t.stats().extendedChunksCount, 0);
 
 	uint32_t from = 0;
 	for (auto iter : t.range(from, 8192))
@@ -100,8 +100,8 @@ TEST(HashtableTest, Extended)
 		iter.unlock();
 	}
 
-	EXPECT_EQ(t.getStats().extendedChunksCount, 0);
-	EXPECT_EQ(t.getStats().pairs, 0);
+	EXPECT_EQ(t.stats().extendedChunksCount, 0);
+	EXPECT_EQ(t.stats().pairs, 0);
 
 	for (int k = 0; k < 512; ++k)
 	{
@@ -127,21 +127,21 @@ TEST(HashtableTest, Extended)
 		iter.unlock();
 	}
 
-	EXPECT_EQ(t.getStats().extendedChunksCount, 0);
-	EXPECT_EQ(t.getStats().pairs, 0);
+	EXPECT_EQ(t.stats().extendedChunksCount, 0);
+	EXPECT_EQ(t.stats().pairs, 0);
 
 	for (int k = 0; k < 100500; ++k)
 	{
 		t.insert(k, k);
 	}
 
-	EXPECT_EQ(t.getStats().extendedChunksCount, 128);
-	EXPECT_EQ(t.getStats().pairs, 128 * 2 + 128 * 4);
+	EXPECT_EQ(t.stats().extendedChunksCount, 128);
+	EXPECT_EQ(t.stats().pairs, 128 * 2 + 128 * 4);
 
 	t.clear();
 
-	EXPECT_EQ(t.getStats().extendedChunksCount, 0);
-	EXPECT_EQ(t.getStats().pairs, 0);
+	EXPECT_EQ(t.stats().extendedChunksCount, 0);
+	EXPECT_EQ(t.stats().pairs, 0);
 }
 
 TEST(hashtable_mod_id32, basic)
@@ -220,47 +220,37 @@ TEST(hashtable_mod_id32, burst)
 	{
 		const auto mask = ht.lookup(hashes, keys, values, YANET_CONFIG_BURST_SIZE);
 		EXPECT_EQ(0, mask);
-		for (unsigned int i = 0;
-		     i < YANET_CONFIG_BURST_SIZE;
-		     i++)
+		for (unsigned int value : values)
 		{
-			EXPECT_EQ(0x80000000, values[i] & (1u << 31));
+			EXPECT_EQ(0x80000000, value & (1u << 31));
 		}
 	}
 
-	for (unsigned int i = 0;
-	     i < YANET_CONFIG_BURST_SIZE;
-	     i++)
+	for (auto key : keys)
 	{
-		EXPECT_EQ(eResult::success, ht.insert(updater, keys[i], value1));
+		EXPECT_EQ(eResult::success, ht.insert(updater, key, value1));
 	}
 
 	{
 		const auto mask = ht.lookup(hashes, keys, values, YANET_CONFIG_BURST_SIZE);
 		EXPECT_EQ(0xFFFFFFFF, mask);
-		for (unsigned int i = 0;
-		     i < YANET_CONFIG_BURST_SIZE;
-		     i++)
+		for (unsigned int value : values)
 		{
-			EXPECT_EQ(value1, values[i]);
+			EXPECT_EQ(value1, value);
 		}
 	}
 
-	for (unsigned int i = 0;
-	     i < YANET_CONFIG_BURST_SIZE;
-	     i++)
+	for (auto key : keys)
 	{
-		EXPECT_EQ(eResult::success, ht.insert(updater, keys[i], value2));
+		EXPECT_EQ(eResult::success, ht.insert(updater, key, value2));
 	}
 
 	{
 		const auto mask = ht.lookup(hashes, keys, values, YANET_CONFIG_BURST_SIZE);
 		EXPECT_EQ(0xFFFFFFFF, mask);
-		for (unsigned int i = 0;
-		     i < YANET_CONFIG_BURST_SIZE;
-		     i++)
+		for (unsigned int value : values)
 		{
-			EXPECT_EQ(value2, values[i]);
+			EXPECT_EQ(value2, value);
 		}
 	}
 
@@ -269,11 +259,9 @@ TEST(hashtable_mod_id32, burst)
 	{
 		const auto mask = ht.lookup(hashes, keys, values, YANET_CONFIG_BURST_SIZE);
 		EXPECT_EQ(0, mask);
-		for (unsigned int i = 0;
-		     i < YANET_CONFIG_BURST_SIZE;
-		     i++)
+		for (unsigned int value : values)
 		{
-			EXPECT_EQ(0x80000000, values[i] & (1u << 31));
+			EXPECT_EQ(0x80000000, value & (1u << 31));
 		}
 	}
 }
@@ -338,8 +326,8 @@ TEST(hashtable_mod_spinlock, basic)
 	const uint32_t value1 = 12345u;
 	const uint32_t value2 = 12345678u;
 
-	uint32_t* value;
-	dataplane::spinlock_nonrecursive_t* locker;
+	uint32_t* value = nullptr;
+	dataplane::spinlock_nonrecursive_t* locker = nullptr;
 
 	{
 		const uint32_t hash = ht.lookup(key, value, locker);
@@ -415,8 +403,8 @@ TEST(hashtable_mod_spinlock, collision)
 	                                  32>
 	        ht;
 
-	uint32_t* value;
-	dataplane::spinlock_nonrecursive_t* locker;
+	uint32_t* value = nullptr;
+	dataplane::spinlock_nonrecursive_t* locker = nullptr;
 
 	for (unsigned int i = 0;
 	     i < 64;
diff --git a/dataplane/unittest/ip_address.cpp b/dataplane/unittest/ip_address.cpp
index 0fcf9fec..aad01afa 100644
--- a/dataplane/unittest/ip_address.cpp
+++ b/dataplane/unittest/ip_address.cpp
@@ -21,7 +21,7 @@ TEST(IpAddress, Basic)
 
 	{
 		ipv6_address_t addr = ipv6_address_t::convert(commonAddr);
-		ipv6_address_t expected{0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8};
+		ipv6_address_t expected{{{0, 1, 0, 2, 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8}}};
 		EXPECT_EQ(addr, expected);
 
 		addr.reset();
diff --git a/dataplane/unittest/lpm.cpp b/dataplane/unittest/lpm.cpp
deleted file mode 100644
index bd83afc7..00000000
--- a/dataplane/unittest/lpm.cpp
+++ /dev/null
@@ -1,890 +0,0 @@
-//! In this LPM insertion order matters!
-
-#include <cctype>
-#include <fstream>
-#include <string>
-
-#include <gtest/gtest.h>
-
-#include "../lpm.h"
-
-namespace
-{
-
-/// Non-functional extension of an LPM to provide nice dump methods.
-template<uint32_t TExtendedSize>
-class lpm6_8x16bit_atomic : public dataplane::lpm6_8x16bit_atomic<TExtendedSize>
-{
-public:
-	void print() const
-	{
-		auto envPtr = std::getenv("YANET_TEST_DEBUG");
-		if (envPtr == nullptr)
-		{
-			return;
-		}
-
-		std::string env(envPtr);
-		if (env == "plain")
-		{
-			print_table();
-			return;
-		}
-		if (env == "graph")
-		{
-			print_digraph();
-			return;
-		}
-	}
-
-	void print_table() const
-	{
-		printf("==================================\n");
-		print_chunk(this->rootChunk, -1, true);
-		for (unsigned int j = 0; j < TExtendedSize; j++)
-		{
-			print_chunk(this->extendedChunks[j], j);
-		}
-	}
-
-	void print_digraph() const
-	{
-		printf("%s\n", digraph().data());
-	}
-
-	std::string digraph() const
-	{
-		std::ostringstream s;
-		s << "digraph G {\n";
-		s << "  nodesep=.05;\n";
-		s << "  rankdir=LR;\n";
-		s << "  node [shape=record fontname=\"Monospace\" fontsize=10];\n";
-		s << "  node [width = 0.5];\n";
-		build_digraph_chunk(this->rootChunk, "R", s, true);
-		for (unsigned int j = 0; j < TExtendedSize; j++)
-		{
-			build_digraph_chunk(this->extendedChunks[j], j, s);
-		}
-		s << "}\n";
-
-		return s.str();
-	}
-
-private:
-	struct entry_t
-	{
-		int from;
-		int to;
-		uint32_t flags;
-		uint32_t value;
-	};
-
-	template<typename T, typename F>
-	void visit_chunk(const T& chunk, bool isRoot, const F& fn) const
-	{
-		if (!(chunk.entries[0].flags & this->flagExtendedChunkOccupied) && !isRoot)
-		{
-			return;
-		}
-
-		int minDupIdx = 0;
-		for (int i = 1; i < 256 * 256; i++)
-		{
-			auto currEntry = chunk.entries[i];
-			currEntry.flags &= ~(this->flagExtendedChunkOccupied);
-			auto prevEntry = chunk.entries[i - 1];
-			prevEntry.flags &= ~(this->flagExtendedChunkOccupied);
-			auto minDupIdxEntry = chunk.entries[minDupIdx];
-			minDupIdxEntry.flags &= ~(this->flagExtendedChunkOccupied);
-
-			if (currEntry.atomic != prevEntry.atomic)
-			{
-				if (minDupIdxEntry.atomic != 0)
-				{
-					fn(entry_t{minDupIdx, i - 1, minDupIdxEntry.flags, minDupIdxEntry.valueId});
-				}
-				minDupIdx = i;
-			}
-		}
-		if (chunk.entries[minDupIdx].atomic != 0)
-		{
-			fn(entry_t{minDupIdx, 0xffff, chunk.entries[minDupIdx].flags, chunk.entries[minDupIdx].valueId});
-		}
-	}
-
-	template<typename T>
-	void print_chunk(const T& chunk, int chunkId, bool isRoot = false) const
-	{
-		visit_chunk(chunk, isRoot, [&](entry_t entry) {
-			if (entry.from == entry.to)
-			{
-				printf("%2d %04x      : flags=0x%02x, value=%d\n", chunkId, entry.from, entry.flags, entry.value);
-			}
-			else
-			{
-				printf("%2d %04x..%04x: flags=0x%02x, value=%d\n", chunkId, entry.from, entry.to, entry.flags, entry.value);
-			}
-		});
-	}
-
-	template<typename T, typename N>
-	void build_digraph_chunk(const T& chunk, N j, std::ostringstream& s, bool isRoot = false) const
-	{
-		std::vector<entry_t> entries;
-		visit_chunk(chunk, isRoot, [&](entry_t entry) {
-			entries.push_back(entry);
-		});
-
-		if (!entries.empty())
-		{
-			s << "  node" << j << "[label=\"<n>[" << j << "]|{{";
-			for (auto p = entries.begin(); p != entries.end(); ++p)
-			{
-				if (p->from == p->to)
-				{
-					char buf[16] = {};
-					std::snprintf(buf, 8, "%04x", p->from);
-					s << buf;
-				}
-				else
-				{
-					char buf[16] = {};
-					std::snprintf(buf, 12, "%04x-%04x", p->from, p->to);
-					s << buf;
-				}
-				if (p != entries.end() - 1)
-				{
-					s << "|";
-				}
-			}
-			s << "}|{";
-			for (unsigned int i = 0; i < entries.size(); ++i)
-			{
-				s << "<f" << i << ">";
-				if (entries[i].flags & this->flagValid)
-				{
-					s << entries[i].value;
-				}
-				if (i != entries.size() - 1)
-				{
-					s << "|";
-				}
-			}
-			s << "}}\"];\n";
-
-			for (unsigned int i = 0; i < entries.size(); ++i)
-			{
-				if (entries[i].flags & this->flagExtended)
-				{
-					s << "  node" << j << ":f" << i << "->node" << entries[i].value << ":n\n";
-				}
-			}
-		}
-	}
-};
-
-TEST(LPM, Lookup)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	uint32_t valueId{0};
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::1"), &valueId));
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), 64, 4299));
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::1"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:ffff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupUnalignedBitMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), 69, 4299));
-
-	uint32_t valueId{0};
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:07ff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	// Out of range.
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:800:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(dataplane::lpmValueIdInvalid, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupOverlapped)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), 64, 4299));
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234:4800::"), 69, 589));
-
-	uint32_t valueId{0};
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:47ff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:4800::"), &valueId));
-	EXPECT_EQ(589, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:4fff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(589, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:5000:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:ffff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupOverlappedSimple)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, uint8_t, uint32_t>> entries{
-	        {"::", 0, 1},
-	        {"10:20::", 32, 2},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t(net), mask, value));
-	}
-
-	uint32_t valueId{0};
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("::1"), &valueId));
-	EXPECT_EQ(1, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("10:20::1"), &valueId));
-	EXPECT_EQ(2, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupExtMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	uint32_t valueId{0};
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::1"), &valueId));
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), common::ipv6_address_t("ffff:ffff:ffff:ffff::"), 4299));
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::1"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:ffff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupUnalignedBitExtMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), common::ipv6_address_t("ffff:ffff:ffff:ffff:f800::"), 4299));
-
-	uint32_t valueId{0};
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:07ff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	// Out of range.
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:800:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(dataplane::lpmValueIdInvalid, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupOverlappedExt)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, std::string, uint32_t>> entries{
-	        {"2222:777:aabc:1234::", "ffff:ffff:ffff:ffff::", 4299},
-	        {"2222:777:aabc:1234:4800::", "ffff:ffff:ffff:ffff:f800::", 589},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value), eResult::success);
-		t->print();
-	}
-
-	uint32_t valueId{0};
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:47ff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:4800::"), &valueId));
-	EXPECT_EQ(589, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:4fff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(589, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:5000::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:ffff:ffff:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupProjectIDExtMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<128>>();
-
-	uint32_t valueId{0};
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:0:1234:0:1"), &valueId));
-
-	// 1234@2222:777:aabc::/48
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc::1234:0:0"), common::ipv6_address_t("ffff:ffff:ffff:0:ffff:ffff::"), 4299));
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:0:1234:0:1"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:0:1234::"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:0:1234:ffff:ffff"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("2222:777:aabc:1234:0:1233::"), &valueId));
-	EXPECT_EQ(dataplane::lpmValueIdInvalid, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupManyProjectIDsExtMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, std::string, uint32_t>> entries{
-	        {"2222:777:aabc::1234:0:0", "ffff:ffff:ffff:0:ffff:ffff::", 100},
-	        {"2222:777:aabc::1122:0:0", "ffff:ffff:ffff:0:ffff:ffff::", 101},
-	        {"2222:777:ff1d::", "ffff:ffff:ffff::", 102},
-	        {"2222:777:c00:0:add:8765::", "ffff:ffff:ff00:0:ffff:ffff::", 103},
-	        {"2222:777:c00:0:add:8005::", "ffff:ffff:ff00:0:ffff:ffff::", 104},
-	        {"2222:770:c00::f800:0:0", "ffff:ffff:ff00:0:ffff:f800::", 105},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value), eResult::success);
-	}
-
-	const std::vector<std::tuple<std::string, uint32_t>> cases{
-	        /// Value 100
-	        {"2222:777:aabc:1234:0:1234::", 100},
-	        {"2222:777:aabc:1234:0:1234:0:1", 100},
-	        {"2222:777:aabc:1234:0:1234::", 100},
-	        {"2222:777:aabc:1234:0:1234:0:ffff", 100},
-	        {"2222:777:aabc:1234:0:1234:ffff:ffff", 100},
-
-	        /// Value 101
-	        {"2222:777:aabc::1122:0:0", 101},
-	        {"2222:777:aabc::1122:0:1", 101},
-	        {"2222:777:aabc:ff00:0:1122:0:1", 101},
-	        {"2222:777:aabc:ffff:0:1122:0:1", 101},
-
-	        /// Value 102
-	        {"2222:777:ff1d::1", 102},
-	        {"2222:777:ff1d:ff00::1", 102},
-	        {"2222:777:ff1d:ff00:0:1234:0:1", 102},
-
-	        /// Value 103
-	        {"2222:777:c00:0:add:8765::", 103},
-	        {"2222:777:c00:0:add:8765:0:1", 103},
-	        {"2222:777:c00:0:add:8765:0:2211", 103},
-	        {"2222:777:c00:0:add:8765:4433:0", 103},
-	        {"2222:777:c77:6655:add:8765:4433:2211", 103},
-
-	        /// Value 104
-	        {"2222:777:c00:0:add:8005::", 104},
-	        {"2222:777:c00:0:add:8005:0:1", 104},
-	        {"2222:777:c00:0:add:8005:0:2211", 104},
-	        {"2222:777:c00:0:add:8005:4433:0", 104},
-	        {"2222:777:c77:6655:add:8005:4433:2211", 104},
-
-	        /// Value 105
-	        {"2222:770:c00::f800:0:0", 105},
-	        {"2222:770:c00::f800:0:11", 105},
-	        {"2222:770:c00::f800:4433:2211", 105},
-	        {"2222:770:c00::f900:4433:2211", 105},
-	        {"2222:770:c00::ff00:4433:2211", 105},
-	        {"2222:770:c00::ff01:4433:2211", 105},
-	        {"2222:770:c00::fffe:4433:2211", 105},
-	        {"2222:770:c00::ffff:4433:2211", 105},
-	        {"2222:770:c00:8877:0:ffff:4433:2211", 105},
-	        {"2222:770:c99:8877:0:ffff:4433:2211", 105},
-
-	        /// Invalid
-	        {"2222:777:aabc::1134:0:1", dataplane::lpmValueIdInvalid},
-	        {"2222:777:ff1f::1234:0:1", dataplane::lpmValueIdInvalid},
-	        {"2222:770:c00::f7ff:4433:2211", dataplane::lpmValueIdInvalid},
-	};
-
-	for (auto [addr, value] : cases)
-	{
-		uint32_t valueId{0};
-		EXPECT_EQ(value != dataplane::lpmValueIdInvalid, t->lookup(common::ipv6_address_t(addr), &valueId));
-		EXPECT_EQ(value, valueId);
-	}
-
-	t->print();
-}
-
-TEST(LPM, LookupTrouble)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, std::string, uint32_t>> entries{
-	        {"2222:777:aabc:2030::", "ffff:ffff:ffff:fff0::", 589},
-	        {"2222:777:aabc:2030::", "ffff:ffff:ffff:ffff::", 42},
-	        {"2222:777:aabc:2030:0:1234::", "ffff:ffff:ffff:fff0:ffff:ffff::", 4299},
-	        {"2222:777:aabc:2030:0:5678::", "ffff:ffff:ffff:fff0:ffff:ffff::", 4298},
-	        {"2222:777:aabc:2030:aabb:5678::", "ffff:ffff:ffff:fff0:ffff:ffff::", 4297},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value), eResult::success);
-		t->print();
-	}
-
-	const std::vector<std::tuple<std::string, uint32_t>> cases{
-	        {"2222:777:aabc:2030::1", 42},
-	        {"2222:777:aabc:2030:0:0:ffff:1", 42},
-	        {"2222:777:aabc:2030:0:ffff:0:1", 42},
-	        {"2222:777:aabc:2030:0:ffff:ffff:1", 42},
-	        {"2222:777:aabc:2030:aabb:ffff:ffff:1", 42},
-
-	        {"2222:777:aabc:2031::1", 589},
-	        {"2222:777:aabc:2032::1", 589},
-	        {"2222:777:aabc:2033::1", 589},
-	        {"2222:777:aabc:2034::1", 589},
-	        {"2222:777:aabc:2035::1", 589},
-	        {"2222:777:aabc:2036::1", 589},
-	        {"2222:777:aabc:2037::1", 589},
-	        {"2222:777:aabc:2038::1", 589},
-	        {"2222:777:aabc:2039::1", 589},
-	        {"2222:777:aabc:203a::1", 589},
-	        {"2222:777:aabc:203b::1", 589},
-	        {"2222:777:aabc:203c::1", 589},
-	        {"2222:777:aabc:203d::1", 589},
-	        {"2222:777:aabc:203e::1", 589},
-	        {"2222:777:aabc:203f::1", 589},
-	        {"2222:777:aabc:2031:0:0:ffff:1", 589},
-	        {"2222:777:aabc:2032:0:ffff:0:1", 589},
-	        {"2222:777:aabc:2033:0:ffff:ffff:1", 589},
-	        {"2222:777:aabc:2034:aabb:ffff:ffff:1", 589},
-
-	        {"2222:777:aabc:2030:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2031:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2032:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2033:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2034:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2035:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2036:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2037:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2038:0:1234:0:1", 4299},
-	        {"2222:777:aabc:2039:0:1234:0:1", 4299},
-	        {"2222:777:aabc:203a:0:1234:0:1", 4299},
-	        {"2222:777:aabc:203b:0:1234:0:1", 4299},
-	        {"2222:777:aabc:203c:0:1234:0:1", 4299},
-	        {"2222:777:aabc:203d:0:1234:0:1", 4299},
-	        {"2222:777:aabc:203e:0:1234:0:1", 4299},
-	        {"2222:777:aabc:203f:0:1234:0:1", 4299},
-
-	        {"2222:777:aabc:2030:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2031:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2032:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2033:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2034:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2035:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2036:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2037:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2038:0:5678:0:1", 4298},
-	        {"2222:777:aabc:2039:0:5678:0:1", 4298},
-	        {"2222:777:aabc:203a:0:5678:0:1", 4298},
-	        {"2222:777:aabc:203b:0:5678:0:1", 4298},
-	        {"2222:777:aabc:203c:0:5678:0:1", 4298},
-	        {"2222:777:aabc:203d:0:5678:0:1", 4298},
-	        {"2222:777:aabc:203e:0:5678:0:1", 4298},
-	        {"2222:777:aabc:203f:0:5678:0:1", 4298},
-
-	        {"2222:777:aabc:2030:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2031:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2032:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2033:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2034:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2035:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2036:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2037:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2038:aabb:5678::1", 4297},
-	        {"2222:777:aabc:2039:aabb:5678::1", 4297},
-	        {"2222:777:aabc:203a:aabb:5678::1", 4297},
-	        {"2222:777:aabc:203b:aabb:5678::1", 4297},
-	        {"2222:777:aabc:203c:aabb:5678::1", 4297},
-	        {"2222:777:aabc:203d:aabb:5678::1", 4297},
-	        {"2222:777:aabc:203e:aabb:5678::1", 4297},
-	        {"2222:777:aabc:203f:aabb:5678::1", 4297},
-	};
-
-	for (auto [addr, value] : cases)
-	{
-		uint32_t valueId{0};
-		EXPECT_EQ(value != dataplane::lpmValueIdInvalid, t->lookup(common::ipv6_address_t(addr), &valueId));
-		EXPECT_EQ(value, valueId) << common::ipv6_address_t(addr).toString() << " -> " << value;
-	}
-
-	t->print();
-}
-
-TEST(LPM, LookupMixedNetworksWithSamePrefix)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, std::string, uint32_t>> entries{
-	        {"2222:777:c00::", "ffff:ffff:ff00::", 589},
-	        {"2222:777:c00:0:add:8765::", "ffff:ffff:ff00:0:ffff:ffff::", 4299},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value), eResult::success);
-	}
-
-	const std::vector<std::tuple<std::string, uint32_t>> cases{
-	        {"2222:777:c00:0:add:8765:0:1", 4299},
-	        {"2222:777:c00:0:10d:4d60:0:1", 589},
-	};
-
-	for (auto [addr, value] : cases)
-	{
-		uint32_t valueId{0};
-		EXPECT_EQ(value != dataplane::lpmValueIdInvalid, t->lookup(common::ipv6_address_t(addr), &valueId));
-		EXPECT_EQ(value, valueId);
-	}
-
-	t->print();
-}
-
-TEST(LPM, LookupSummary)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, std::string, uint32_t>> entries{
-	        {"::", "::", 1001},
-	        {"1111:2222::", "ffff:ffff::", 1002},
-	        {"3333:4444:5555::", "ffff:ffff:ffff::", 1003},
-	        {"3333:4444:5555:0:aaaa:bbbb::", "ffff:ffff:ffff:0:ffff:ffff::", 1004},
-	        {"3333:4444:5555:6666::", "ffff:ffff:ffff:ffff::", 1005},
-	        {"3333:4444:5555:6666:aaaa:bbbb::", "ffff:ffff:ffff:ffff:ffff:ffff::", 1006},
-	        {"3333:4444:5555:6666:aaaa:bbbb:cccc:dddd", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", 1007},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value));
-		t->print();
-	}
-
-	const std::vector<std::tuple<std::string, uint32_t>> cases{
-	        {"::1", 1001},
-	        {"1111:2222:c00::1", 1002},
-	        {"3333:4444:5555::1", 1003},
-	        {"3333:4444:5555:0:aaaa:bbbb:0:1", 1004},
-	        {"3333:4444:5555:1:aaaa:bbbb:0:1", 1004},
-	        {"3333:4444:5555:ffff:aaaa:bbbb:0:1", 1004},
-	        {"3333:4444:5555:6666::1", 1005},
-	        {"3333:4444:5555:6666:aaaa::1", 1005},
-	        {"3333:4444:5555:6666:0:bbbb:0:1", 1005},
-	        {"3333:4444:5555:6666:aaaa:bbbb:0:1", 1006},
-	        {"3333:4444:5555:6666:aaaa:bbbb:cccc:dddd", 1007},
-	};
-
-	for (auto [addr, value] : cases)
-	{
-		uint32_t valueId{0};
-		EXPECT_EQ(value != dataplane::lpmValueIdInvalid, t->lookup(common::ipv6_address_t(addr), &valueId));
-		EXPECT_EQ(value, valueId);
-	}
-
-	t->print();
-}
-
-TEST(LPM, LookupMerge)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	for (int i = 65535; i >= 1; i--)
-	{
-		std::array<uint8_t, 16> addr{0x11, 0x11, 0x22, 0x22, uint8_t(i / 256), uint8_t(i % 256), 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-		EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t(addr), common::ipv6_address_t("ffff:ffff:ffff::"), 1000));
-	}
-
-	EXPECT_EQ(2, t->getStats().extendedChunksCount);
-
-	std::array<uint8_t, 16> addr{0x11, 0x11, 0x22, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t(addr), common::ipv6_address_t("ffff:ffff:ffff::"), 1000));
-	EXPECT_EQ(1, t->getStats().extendedChunksCount);
-
-	t->print();
-}
-
-TEST(LPM, LookupCruelRealWorld)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<512>>();
-
-	std::ifstream stream("networks.txt");
-	std::string line;
-	int counter = 1000000; // Easier to match by eyes.
-	std::vector<std::tuple<std::string, std::string, uint32_t>> entries;
-	while (std::getline(stream, line))
-	{
-		auto pos = line.find('/');
-		auto addr = line.substr(0, pos);
-		auto mask = line.substr(pos + 1);
-		if (pos == std::string::npos)
-		{
-			mask = "128";
-		}
-
-		auto isNumber = !mask.empty() && std::all_of(mask.begin(), mask.end(), ::isdigit);
-		if (isNumber)
-		{
-			// Nevermind. The easiest way to convert ones set to proper IPv6 address.
-			mask = common::ipv6_address_t(t->createMask(std::stoi(mask, nullptr, 10))).toString();
-		}
-		entries.emplace_back(addr, mask, counter++);
-	}
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value))
-		        << "Failed to insert " << value;
-	}
-
-	t->print();
-}
-
-TEST(LPM, RemoveOne)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), 64, 4299));
-	EXPECT_EQ(3, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("2222:777:aabc:1234::"), 64));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	t->print();
-}
-
-TEST(LPM, RemoveNotSame)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("::"), 0, 4299));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("::1"), 128));
-	EXPECT_EQ(7, t->getStats().extendedChunksCount);
-
-	uint32_t valueId{0};
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("::1"), &valueId));
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("::2"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, RemoveNet)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("1111:2222::"), 32, 100));
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("1111:2222:3333::"), 48, 101));
-	EXPECT_EQ(2, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("1111:2222::"), 32));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	t->print();
-}
-
-TEST(LPM, RemoveOneWithMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("2222:777:aabc:1234::"), common::ipv6_address_t("ffff:ffff:ffff:ffff::"), 4299));
-	EXPECT_EQ(3, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("2222:777:aabc:1234::"), common::ipv6_address_t("ffff:ffff:ffff:ffff::")));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	t->print();
-}
-
-TEST(LPM, RemoveNotSameWithMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("::"), common::ipv6_address_t("::"), 4299));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("::1"), common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")));
-	EXPECT_EQ(7, t->getStats().extendedChunksCount);
-
-	uint32_t valueId{0};
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("::1"), &valueId));
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("::2"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, RemoveNetWithMask)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("1111:2222::"), common::ipv6_address_t("ffff:ffff::"), 100));
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("1111:2222:3333::"), common::ipv6_address_t("ffff:ffff:ffff::"), 101));
-	EXPECT_EQ(2, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("1111:2222::"), common::ipv6_address_t("ffff:ffff::")));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	t->print();
-}
-
-TEST(LPM, RemoveGappedNetwork)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t("::"), common::ipv6_address_t("::"), 4299));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("1111:2222:0:0:aaaa:bbbb::"), common::ipv6_address_t("ffff:ffff:0:0:ffff:ffff:0:0")));
-	EXPECT_EQ(5, t->getStats().extendedChunksCount);
-
-	uint32_t valueId{0};
-	EXPECT_FALSE(t->lookup(common::ipv6_address_t("1111:2222:3333:4444:aaaa:bbbb::1"), &valueId));
-	EXPECT_EQ(dataplane::lpmValueIdInvalid, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("1111:2222:3333:4444:aaaa:cccc::2"), &valueId));
-	EXPECT_EQ(4299, valueId);
-
-	t->print();
-}
-
-TEST(LPM, LookupSummaryWithClear)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	const std::vector<std::tuple<std::string, std::string, uint32_t>> entries{
-	        {"::", "::", 1001},
-	        {"1111:2222::", "ffff:ffff::", 1002},
-	        {"3333:4444:5555::", "ffff:ffff:ffff::", 1003},
-	        {"3333:4444:5555:0:aaaa:bbbb::", "ffff:ffff:ffff:0:ffff:ffff::", 1004},
-	        {"3333:4444:5555:6666::", "ffff:ffff:ffff:ffff::", 1005},
-	        {"3333:4444:5555:6666:aaaa:bbbb::", "ffff:ffff:ffff:ffff:ffff:ffff::", 1006},
-	};
-
-	for (auto [net, mask, value] : entries)
-	{
-		EXPECT_EQ(eResult::success, t->insert(common::ipv6_address_t(net), common::ipv6_address_t(mask), value));
-	}
-
-	EXPECT_EQ(eResult::success, t->remove(common::ipv6_address_t("::"), common::ipv6_address_t("::")));
-	EXPECT_EQ(0, t->getStats().extendedChunksCount);
-
-	t->print();
-}
-
-TEST(LPM, InsertCorruption)
-{
-	auto t = std::make_unique<lpm6_8x16bit_atomic<64>>();
-
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777::00af"),
-	                    common::ipv6_address_t("ffff:ffff::ffff:ffff:ffff:ffff"),
-	                    4299));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:1a::a1"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    589));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:2a::a1"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    105));
-
-	uint32_t valueId{0};
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:1a::a1"), &valueId));
-	EXPECT_EQ(589, valueId);
-
-	t->print();
-
-	t->clear();
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777::00af"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    456));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:1a::00af"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    890));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:2a::00af"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    999));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777::00af"),
-	                    common::ipv6_address_t("ffff:ffff::ffff:ffff:ffff:ffff"),
-	                    4299));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:1a::a1"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    589));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:2a::a1"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    105));
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777::af"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:1a::a1"), &valueId));
-	EXPECT_EQ(589, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:2a::a1"), &valueId));
-	EXPECT_EQ(105, valueId);
-
-	t->print();
-
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:1a::a1"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    1112));
-	EXPECT_EQ(eResult::success,
-	          t->insert(common::ipv6_address_t("2222:777:2a::a1"),
-	                    common::ipv6_address_t("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"),
-	                    1221));
-
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777::af"), &valueId));
-	EXPECT_EQ(4299, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:1a::a1"), &valueId));
-	EXPECT_EQ(1112, valueId);
-	EXPECT_TRUE(t->lookup(common::ipv6_address_t("2222:777:2a::a1"), &valueId));
-	EXPECT_EQ(1221, valueId);
-
-	t->print();
-}
-
-} // namespace
diff --git a/dataplane/unittest/meson.build b/dataplane/unittest/meson.build
index 71429fb4..18c19364 100644
--- a/dataplane/unittest/meson.build
+++ b/dataplane/unittest/meson.build
@@ -8,7 +8,8 @@ dependencies += dependency('gtest_main')
 
 sources = files('unittest.cpp',
                 'ip_address.cpp',
-                'hashtable.cpp')
+                'hashtable.cpp',
+                'sdp.cpp')
 
 arch = 'corei7'
 cpp_args_append = ['-march=' + arch]
diff --git a/dataplane/unittest/sdp.cpp b/dataplane/unittest/sdp.cpp
new file mode 100644
index 00000000..992cd7ff
--- /dev/null
+++ b/dataplane/unittest/sdp.cpp
@@ -0,0 +1,368 @@
+#include <gtest/gtest.h>
+
+#include "../../common/idp.h"
+#include "../../common/sdpclient.h"
+#include "../sdpserver.h"
+
+class TestBus
+{
+public:
+	static uint64_t GetSizeForCounters()
+	{
+		auto count_errors = static_cast<uint32_t>(common::idp::errorType::size);
+		auto count_requests = static_cast<uint32_t>(common::idp::requestType::size);
+		return (count_errors + 2 * count_requests) * sizeof(uint64_t);
+	}
+
+	void SetBufferForCounters(const common::sdp::DataPlaneInSharedMemory& sdp_data)
+	{
+		auto [requests, errors, durations] = sdp_data.BuffersBus();
+		stats.requests = requests;
+		stats.errors = errors;
+		stats.durations = durations;
+	}
+
+	void SetTestValues()
+	{
+		for (uint32_t index = 0; index < static_cast<uint32_t>(common::idp::requestType::size); index++)
+		{
+			if (index % 2 == 0)
+			{
+				stats.requests[index] = index * index;
+				stats.durations[index] = index * index * index;
+			}
+		}
+
+		stats.errors[static_cast<uint32_t>(common::idp::errorType::busRead)] = 19;
+	}
+
+	void CompareWithClient(const common::sdp::DataPlaneInSharedMemory& sdp_data_client)
+	{
+		void* buffer = common::sdp::ShiftBuffer<void*>(sdp_data_client.dataplane_data, sdp_data_client.start_bus_section);
+		auto count_errors = static_cast<uint32_t>(common::idp::errorType::size);
+		auto count_requests = static_cast<uint32_t>(common::idp::requestType::size);
+		auto* requests = common::sdp::ShiftBuffer<uint64_t*>(buffer, 0);
+		auto* errors = common::sdp::ShiftBuffer<uint64_t*>(buffer, count_requests * sizeof(uint64_t));
+		auto* durations = common::sdp::ShiftBuffer<uint64_t*>(buffer, (count_requests + count_errors) * sizeof(uint64_t));
+
+		for (uint32_t index = 0; index < static_cast<uint32_t>(common::idp::requestType::size); index++)
+		{
+			ASSERT_EQ(stats.requests[index], requests[index]);
+			ASSERT_EQ(stats.durations[index], durations[index]);
+		}
+
+		for (uint32_t index = 0; index < static_cast<uint32_t>(common::idp::requestType::size); index++)
+		{
+			ASSERT_EQ(stats.errors[index], errors[index]);
+		}
+	}
+
+protected:
+	struct sStats
+	{
+		uint64_t* requests; // common::idp::requestType::size
+		uint64_t* errors; // common::idp::errorType::size
+		uint64_t* durations; // common::idp::requestType::size
+	} stats;
+};
+
+class TestWorker
+{
+public:
+	static void FillMetadataWorkerCounters(common::sdp::MetadataWorker& metadata)
+	{
+		metadata.size = 0;
+		metadata.start_counters = common::sdp::SdrSever::GetStartData(YANET_CONFIG_COUNTERS_SIZE * sizeof(uint64_t), metadata.size);
+		metadata.start_acl_counters = common::sdp::SdrSever::GetStartData(YANET_CONFIG_ACL_COUNTERS_SIZE * sizeof(uint64_t), metadata.size);
+		metadata.start_bursts = common::sdp::SdrSever::GetStartData((CONFIG_YADECAP_MBUFS_BURST_SIZE + 1) * sizeof(uint64_t), metadata.size);
+		metadata.start_stats = common::sdp::SdrSever::GetStartData(sizeof(common::worker::stats::common), metadata.size);
+		metadata.start_stats_ports = common::sdp::SdrSever::GetStartData(sizeof(common::worker::stats::port[CONFIG_YADECAP_PORTS_SIZE]), metadata.size);
+
+		// stats
+		std::map<std::string, uint64_t> counters_stats;
+		counters_stats["brokenPackets"] = offsetof(common::worker::stats::common, brokenPackets);
+		counters_stats["dropPackets"] = offsetof(common::worker::stats::common, dropPackets);
+		counters_stats["ring_highPriority_drops"] = offsetof(common::worker::stats::common, ring_highPriority_drops);
+		counters_stats["ring_normalPriority_drops"] = offsetof(common::worker::stats::common, ring_normalPriority_drops);
+		counters_stats["ring_lowPriority_drops"] = offsetof(common::worker::stats::common, ring_lowPriority_drops);
+		counters_stats["ring_highPriority_packets"] = offsetof(common::worker::stats::common, ring_highPriority_packets);
+		counters_stats["ring_normalPriority_packets"] = offsetof(common::worker::stats::common, ring_normalPriority_packets);
+		counters_stats["ring_lowPriority_packets"] = offsetof(common::worker::stats::common, ring_lowPriority_packets);
+		counters_stats["decap_packets"] = offsetof(common::worker::stats::common, decap_packets);
+		counters_stats["decap_fragments"] = offsetof(common::worker::stats::common, decap_fragments);
+		counters_stats["decap_unknownExtensions"] = offsetof(common::worker::stats::common, decap_unknownExtensions);
+		counters_stats["interface_lookupMisses"] = offsetof(common::worker::stats::common, interface_lookupMisses);
+		counters_stats["interface_hopLimits"] = offsetof(common::worker::stats::common, interface_hopLimits);
+		counters_stats["interface_neighbor_invalid"] = offsetof(common::worker::stats::common, interface_neighbor_invalid);
+		counters_stats["nat64stateless_ingressPackets"] = offsetof(common::worker::stats::common, nat64stateless_ingressPackets);
+		counters_stats["nat64stateless_ingressFragments"] = offsetof(common::worker::stats::common, nat64stateless_ingressFragments);
+		counters_stats["nat64stateless_ingressUnknownICMP"] = offsetof(common::worker::stats::common, nat64stateless_ingressUnknownICMP);
+		counters_stats["nat64stateless_egressPackets"] = offsetof(common::worker::stats::common, nat64stateless_egressPackets);
+		counters_stats["nat64stateless_egressFragments"] = offsetof(common::worker::stats::common, nat64stateless_egressFragments);
+		counters_stats["nat64stateless_egressUnknownICMP"] = offsetof(common::worker::stats::common, nat64stateless_egressUnknownICMP);
+		counters_stats["balancer_invalid_reals_count"] = offsetof(common::worker::stats::common, balancer_invalid_reals_count);
+		counters_stats["fwsync_multicast_egress_drops"] = offsetof(common::worker::stats::common, fwsync_multicast_egress_drops);
+		counters_stats["fwsync_multicast_egress_packets"] = offsetof(common::worker::stats::common, fwsync_multicast_egress_packets);
+		counters_stats["fwsync_multicast_egress_imm_packets"] = offsetof(common::worker::stats::common, fwsync_multicast_egress_imm_packets);
+		counters_stats["fwsync_no_config_drops"] = offsetof(common::worker::stats::common, fwsync_no_config_drops);
+		counters_stats["fwsync_unicast_egress_drops"] = offsetof(common::worker::stats::common, fwsync_unicast_egress_drops);
+		counters_stats["fwsync_unicast_egress_packets"] = offsetof(common::worker::stats::common, fwsync_unicast_egress_packets);
+		counters_stats["acl_ingress_dropPackets"] = offsetof(common::worker::stats::common, acl_ingress_dropPackets);
+		counters_stats["acl_egress_dropPackets"] = offsetof(common::worker::stats::common, acl_egress_dropPackets);
+		counters_stats["repeat_ttl"] = offsetof(common::worker::stats::common, repeat_ttl);
+		counters_stats["leakedMbufs"] = offsetof(common::worker::stats::common, leakedMbufs);
+		counters_stats["logs_packets"] = offsetof(common::worker::stats::common, logs_packets);
+		counters_stats["logs_drops"] = offsetof(common::worker::stats::common, logs_drops);
+		for (const auto& iter : counters_stats)
+		{
+			metadata.counter_positions[iter.first] = (metadata.start_stats + iter.second) / sizeof(uint64_t);
+		}
+
+		// counters
+		std::map<std::string, common::globalBase::static_counter_type> counters_named;
+		counters_named["balancer_state_insert_failed"] = common::globalBase::static_counter_type::balancer_state_insert_failed;
+		counters_named["balancer_state_insert_done"] = common::globalBase::static_counter_type::balancer_state_insert_done;
+		counters_named["balancer_icmp_generated_echo_reply_ipv4"] = common::globalBase::static_counter_type::balancer_icmp_generated_echo_reply_ipv4;
+		counters_named["balancer_icmp_generated_echo_reply_ipv6"] = common::globalBase::static_counter_type::balancer_icmp_generated_echo_reply_ipv6;
+		counters_named["balancer_icmp_drop_icmpv4_payload_too_short_ip"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_ip;
+		counters_named["balancer_icmp_drop_icmpv4_payload_too_short_port"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_port;
+		counters_named["balancer_icmp_drop_icmpv6_payload_too_short_ip"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_ip;
+		counters_named["balancer_icmp_drop_icmpv6_payload_too_short_port"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_port;
+		counters_named["balancer_icmp_unmatching_src_from_original_ipv4"] = common::globalBase::static_counter_type::balancer_icmp_unmatching_src_from_original_ipv4;
+		counters_named["balancer_icmp_unmatching_src_from_original_ipv6"] = common::globalBase::static_counter_type::balancer_icmp_unmatching_src_from_original_ipv6;
+		counters_named["balancer_icmp_drop_real_disabled"] = common::globalBase::static_counter_type::balancer_icmp_drop_real_disabled;
+		counters_named["balancer_icmp_no_balancer_src_ipv4"] = common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv4;
+		counters_named["balancer_icmp_no_balancer_src_ipv6"] = common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv6;
+		counters_named["balancer_icmp_drop_already_cloned"] = common::globalBase::static_counter_type::balancer_icmp_drop_already_cloned;
+		counters_named["balancer_icmp_drop_no_unrdup_table_for_balancer_id"] = common::globalBase::static_counter_type::balancer_icmp_drop_no_unrdup_table_for_balancer_id;
+		counters_named["balancer_icmp_drop_unrdup_vip_not_found"] = common::globalBase::static_counter_type::balancer_icmp_drop_unrdup_vip_not_found;
+		counters_named["balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id"] = common::globalBase::static_counter_type::balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id;
+		counters_named["balancer_icmp_drop_unexpected_transport_protocol"] = common::globalBase::static_counter_type::balancer_icmp_drop_unexpected_transport_protocol;
+		counters_named["balancer_icmp_drop_unknown_service"] = common::globalBase::static_counter_type::balancer_icmp_drop_unknown_service;
+		counters_named["balancer_icmp_failed_to_clone"] = common::globalBase::static_counter_type::balancer_icmp_failed_to_clone;
+		counters_named["balancer_icmp_clone_forwarded"] = common::globalBase::static_counter_type::balancer_icmp_clone_forwarded;
+		counters_named["balancer_icmp_sent_to_real"] = common::globalBase::static_counter_type::balancer_icmp_sent_to_real;
+		counters_named["balancer_icmp_out_rate_limit_reached"] = common::globalBase::static_counter_type::balancer_icmp_out_rate_limit_reached;
+		counters_named["slow_worker_normal_priority_rate_limit_exceeded"] = common::globalBase::static_counter_type::slow_worker_normal_priority_rate_limit_exceeded;
+
+		counters_named["acl_ingress_v4_broken_packet"] = common::globalBase::static_counter_type::acl_ingress_v4_broken_packet;
+		counters_named["acl_ingress_v6_broken_packet"] = common::globalBase::static_counter_type::acl_ingress_v6_broken_packet;
+		counters_named["acl_egress_v4_broken_packet"] = common::globalBase::static_counter_type::acl_egress_v4_broken_packet;
+		counters_named["acl_egress_v6_broken_packet"] = common::globalBase::static_counter_type::acl_egress_v6_broken_packet;
+		counters_named["balancer_fragment_drops"] = common::globalBase::static_counter_type::balancer_fragment_drops;
+
+		for (const auto& iter : counters_named)
+		{
+			metadata.counter_positions[iter.first] = metadata.start_counters / sizeof(uint64_t) + static_cast<uint64_t>(iter.second);
+		}
+	}
+
+	void SetBufferForCounters(void* buffer, const common::sdp::MetadataWorker& metadata)
+	{
+		counters = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_counters);
+		aclCounters = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_acl_counters);
+		bursts = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_bursts);
+		stats = common::sdp::ShiftBuffer<common::worker::stats::common*>(buffer, metadata.start_stats);
+		statsPorts = common::sdp::ShiftBuffer<common::worker::stats::port*>(buffer, metadata.start_stats_ports);
+	}
+
+	void SetTestValues(tCoreId coreId)
+	{
+		// stats
+		stats->dropPackets = (coreId + 1) * (coreId + 1);
+
+		// statsPorts
+		for (uint32_t index = 0; index < CONFIG_YADECAP_PORTS_SIZE + 1; index++)
+		{
+			statsPorts[index].controlPlane_drops = 3 * (index + coreId);
+			statsPorts[index].physicalPort_egress_drops = 4 * (index + coreId);
+		}
+
+		// bursts
+		for (uint32_t index = 0; index < CONFIG_YADECAP_MBUFS_BURST_SIZE + 1; index++)
+		{
+			bursts[index] = 5 * (index + coreId);
+		}
+
+		// counters
+		for (uint32_t index = YANET_CONFIG_COUNTER_FALLBACK_SIZE; index < YANET_CONFIG_COUNTERS_SIZE; index++)
+		{
+			counters[index] = (index + coreId) * (index + coreId);
+		}
+
+		// aclCounters
+		for (uint32_t index = 0; index < YANET_CONFIG_ACL_COUNTERS_SIZE; index++)
+		{
+			aclCounters[index] = index + coreId;
+		}
+	}
+
+	void CompareWithClient(tCoreId coreId, const common::sdp::DataPlaneInSharedMemory& sdp_data_client)
+	{
+		auto iter = sdp_data_client.workers.find(coreId);
+		ASSERT_TRUE(iter != sdp_data_client.workers.end());
+		void* buffer = iter->second.buffer;
+
+		// stats
+		ASSERT_EQ(common::sdp::SdpClient::GetCounterByName(sdp_data_client, "dropPackets", coreId)[coreId], stats->dropPackets);
+
+		// statsPorts
+		auto* bufStatsPorts = common::sdp::ShiftBuffer<common::worker::stats::port*>(buffer, sdp_data_client.metadata_worker.start_stats_ports);
+		for (uint32_t index = 0; index < CONFIG_YADECAP_PORTS_SIZE + 1; index++)
+		{
+			ASSERT_EQ(statsPorts[index].controlPlane_drops, bufStatsPorts[index].controlPlane_drops);
+			ASSERT_EQ(statsPorts[index].physicalPort_egress_drops, bufStatsPorts[index].physicalPort_egress_drops);
+		}
+
+		// bursts
+		auto* bufBursts = common::sdp::ShiftBuffer<uint64_t*>(buffer, sdp_data_client.metadata_worker.start_bursts);
+		for (uint32_t index = 0; index < CONFIG_YADECAP_MBUFS_BURST_SIZE + 1; index++)
+		{
+			ASSERT_EQ(bursts[index], bufBursts[index]);
+		}
+
+		// counters
+		auto* bufCounters = common::sdp::ShiftBuffer<uint64_t*>(buffer, sdp_data_client.metadata_worker.start_counters);
+		for (uint32_t index = 0; index < YANET_CONFIG_COUNTERS_SIZE; index++)
+		{
+			ASSERT_EQ(counters[index], bufCounters[index]);
+		}
+
+		// aclCounters
+		auto* bufAclCounters = common::sdp::ShiftBuffer<uint64_t*>(buffer, sdp_data_client.metadata_worker.start_acl_counters);
+		for (uint32_t index = 0; index < YANET_CONFIG_ACL_COUNTERS_SIZE; index++)
+		{
+			ASSERT_EQ(aclCounters[index], bufAclCounters[index]);
+		}
+	}
+
+protected:
+	common::worker::stats::common* stats;
+	common::worker::stats::port* statsPorts; // CONFIG_YADECAP_PORTS_SIZE
+	uint64_t* bursts; // CONFIG_YADECAP_MBUFS_BURST_SIZE + 1
+	uint64_t* counters; // YANET_CONFIG_COUNTERS_SIZE
+	uint64_t* aclCounters; // YANET_CONFIG_ACL_COUNTERS_SIZE
+};
+
+class TestWorkerGc
+{
+public:
+	static void FillMetadataWorkerCounters(common::sdp::MetadataWorkerGc& metadata)
+	{
+		metadata.size = 0;
+		metadata.start_counters = common::sdp::SdrSever::GetStartData(YANET_CONFIG_COUNTERS_SIZE * sizeof(uint64_t), metadata.size);
+		metadata.start_stats = common::sdp::SdrSever::GetStartData(sizeof(common::worker_gc::stats_t), metadata.size);
+
+		// stats
+		static_assert(std::is_trivially_destructible<common::worker_gc::stats_t>::value, "invalid struct destructible");
+		std::map<std::string, uint64_t> counters_stats;
+		counters_stats["broken_packets"] = offsetof(common::worker_gc::stats_t, broken_packets);
+		counters_stats["drop_packets"] = offsetof(common::worker_gc::stats_t, drop_packets);
+		counters_stats["ring_to_slowworker_packets"] = offsetof(common::worker_gc::stats_t, ring_to_slowworker_packets);
+		counters_stats["ring_to_slowworker_drops"] = offsetof(common::worker_gc::stats_t, ring_to_slowworker_drops);
+		counters_stats["fwsync_multicast_egress_packets"] = offsetof(common::worker_gc::stats_t, fwsync_multicast_egress_packets);
+		counters_stats["fwsync_multicast_egress_drops"] = offsetof(common::worker_gc::stats_t, fwsync_multicast_egress_drops);
+		counters_stats["fwsync_unicast_egress_packets"] = offsetof(common::worker_gc::stats_t, fwsync_unicast_egress_packets);
+		counters_stats["fwsync_unicast_egress_drops"] = offsetof(common::worker_gc::stats_t, fwsync_unicast_egress_drops);
+		counters_stats["drop_samples"] = offsetof(common::worker_gc::stats_t, drop_samples);
+		counters_stats["balancer_state_insert_failed"] = offsetof(common::worker_gc::stats_t, balancer_state_insert_failed);
+		counters_stats["balancer_state_insert_done"] = offsetof(common::worker_gc::stats_t, balancer_state_insert_done);
+
+		for (const auto& iter : counters_stats)
+		{
+			metadata.counter_positions[iter.first] = (metadata.start_stats + iter.second) / sizeof(uint64_t);
+		}
+	}
+
+	void SetBufferForCounters(void* buffer, const common::sdp::MetadataWorkerGc& metadata)
+	{
+		counters = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_counters);
+		stats = common::sdp::ShiftBuffer<common::worker_gc::stats_t*>(buffer, metadata.start_stats);
+	}
+
+	void SetTestValues(tCoreId coreId)
+	{
+		// stats
+		stats->drop_samples = 7 * (coreId + 1) * (coreId + 1);
+
+		// counters
+		for (uint32_t index = YANET_CONFIG_COUNTER_FALLBACK_SIZE; index < YANET_CONFIG_COUNTERS_SIZE; index++)
+		{
+			counters[index] = 11 * (index + coreId) * (index + coreId);
+		}
+	}
+
+	void CompareWithClient(tCoreId coreId, const common::sdp::DataPlaneInSharedMemory& sdp_data_client)
+	{
+		auto iter = sdp_data_client.workers_gc.find(coreId);
+		ASSERT_TRUE(iter != sdp_data_client.workers_gc.end());
+		void* buffer = iter->second.buffer;
+
+		// stats
+		ASSERT_EQ(common::sdp::SdpClient::GetCounterByName(sdp_data_client, "drop_samples", coreId)[coreId], stats->drop_samples);
+
+		// counters
+		auto* bufCounters = common::sdp::ShiftBuffer<uint64_t*>(buffer, sdp_data_client.metadata_worker_gc.start_counters);
+		for (uint32_t index = 0; index < YANET_CONFIG_COUNTERS_SIZE; index++)
+		{
+			ASSERT_EQ(counters[index], bufCounters[index]);
+		}
+	}
+
+protected:
+	uint64_t* counters; // YANET_CONFIG_COUNTERS_SIZE
+	common::worker_gc::stats_t* stats;
+};
+
+TEST(SDP, FullTests)
+{
+	bool useHugeMem = false;
+	std::vector<tCoreId> workers_id = {1, 2, 5};
+	std::vector<tCoreId> workers_gc_id = {0, 3};
+
+	// Initialize server
+	common::sdp::DataPlaneInSharedMemory sdp_data_server;
+	TestWorker::FillMetadataWorkerCounters(sdp_data_server.metadata_worker);
+	TestWorkerGc::FillMetadataWorkerCounters(sdp_data_server.metadata_worker_gc);
+	sdp_data_server.size_bus_section = TestBus::GetSizeForCounters();
+	ASSERT_EQ(common::sdp::SdrSever::PrepareSharedMemoryData(sdp_data_server, workers_id, workers_gc_id, useHugeMem), eResult::success);
+
+	// Initialize client
+	common::sdp::DataPlaneInSharedMemory sdp_data_client;
+	ASSERT_EQ(common::sdp::SdpClient::ReadSharedMemoryData(sdp_data_client, true), eResult::success);
+
+	// Check, that server structure = client structure
+	ASSERT_EQ(sdp_data_server, sdp_data_client);
+
+	// Test work bus
+	TestBus bus;
+	bus.SetBufferForCounters(sdp_data_server);
+	bus.SetTestValues();
+	bus.CompareWithClient(sdp_data_client);
+
+	// Test workers
+	std::map<tCoreId, std::shared_ptr<TestWorker>> workers;
+	for (tCoreId coreId : workers_id)
+	{
+		workers[coreId] = std::make_shared<TestWorker>();
+		workers[coreId]->SetBufferForCounters(sdp_data_server.workers[coreId].buffer, sdp_data_server.metadata_worker);
+		workers[coreId]->SetTestValues(coreId);
+	}
+	for (tCoreId coreId : workers_id)
+	{
+		workers[coreId]->CompareWithClient(coreId, sdp_data_client);
+	}
+
+	// Test workers_gc
+	std::map<tCoreId, std::shared_ptr<TestWorkerGc>> workers_gc;
+	for (tCoreId coreId : workers_gc_id)
+	{
+		workers_gc[coreId] = std::make_shared<TestWorkerGc>();
+		workers_gc[coreId]->SetBufferForCounters(sdp_data_server.workers_gc[coreId].buffer, sdp_data_server.metadata_worker_gc);
+		workers_gc[coreId]->SetTestValues(coreId);
+	}
+	for (tCoreId coreId : workers_id)
+	{
+		workers[coreId]->CompareWithClient(coreId, sdp_data_client);
+	}
+}
diff --git a/dataplane/updater.h b/dataplane/updater.h
index f5f8ee6f..b3b0dc04 100644
--- a/dataplane/updater.h
+++ b/dataplane/updater.h
@@ -1,6 +1,5 @@
 #pragma once
 
-#include <mutex>
 #include <nlohmann/json.hpp>
 #include <rte_malloc.h>
 
@@ -38,98 +37,80 @@ namespace dataplane
 }
 
 //
-
-class updater_lpm4_24bit_8bit
+template<typename Address, typename ObjectType>
+class updater_lpm
 {
-public:
-	using object_type = lpm4_24bit_8bit_atomic;
-
-	updater_lpm4_24bit_8bit(const char* name,
-	                        dataplane::memory_manager* memory_manager,
-	                        const tSocketId socket_id) :
-	        name(name),
-	        memory_manager(memory_manager),
-	        socket_id(socket_id),
-	        pointer(nullptr)
+	[[nodiscard]] memory_manager::unique_ptr<ObjectType> Allocate(std::size_t size)
 	{
-		stats.extended_chunks_count = 0;
-		stats.extended_chunks_size = 0;
-		stats.max_used_chunk_id = 0;
-		stats.free_chunk_cache.flags = 0;
+		return memory_manager_->create_unique<ObjectType>(name_.c_str(),
+		                                                  socket_id_,
+		                                                  ObjectType::calculate_sizeof(size));
 	}
 
-	eResult init()
+public:
+	using stats_t = typename ObjectType::stats_t;
+	updater_lpm(const char* name,
+	            dataplane::memory_manager* memory_manager,
+	            tSocketId socket_id) :
+	        name_(name),
+	        memory_manager_(memory_manager),
+	        socket_id_(socket_id),
+	        pointer_{nullptr, memory_manager_->deleter()}
 	{
-		return create(2 * object_type::extended_chunks_size_min);
+		stats_.extended_chunks_count = 0;
+		stats_.max_used_chunk_id = 0;
+		stats_.free_chunk_cache.flags = 0;
 	}
 
-	eResult create(const uint64_t extended_chunks_size)
+	eResult init()
 	{
-		auto* next_pointer = memory_manager->create<object_type>(name.data(),
-		                                                         socket_id,
-		                                                         object_type::calculate_sizeof(extended_chunks_size));
-		if (next_pointer == nullptr)
+		auto default_chunks_size = 2 * ObjectType::extended_chunks_size_min;
+		pointer_ = Allocate(default_chunks_size);
+		if (!pointer_)
 		{
 			return eResult::errorAllocatingMemory;
 		}
-
-		object_type::stats_t next_stats;
-		next_stats.extended_chunks_count = 0;
-		next_stats.extended_chunks_size = extended_chunks_size;
-		next_stats.max_used_chunk_id = 0;
-		next_stats.free_chunk_cache.flags = 0;
-
-		if (pointer)
-		{
-			next_pointer->copy(next_stats, stats, *pointer);
-			memory_manager->destroy(pointer);
-		}
-
-		stats = next_stats;
-		pointer = next_pointer;
-
+		stats_.extended_chunks_size = default_chunks_size;
 		return eResult::success;
 	}
 
-	eResult insert(const uint32_t& ip_address,
+	eResult insert(const Address& ip_address,
 	               const uint8_t& mask,
 	               const uint32_t& value_id)
 	{
-		if (stats.extended_chunks_size - stats.extended_chunks_count < object_type::extended_chunks_size_min)
+		if (NeedToGrow())
 		{
-			eResult result = create(stats.extended_chunks_size * 2);
+			eResult result = Resize(GrowSize());
 			if (result != eResult::success)
 			{
 				return result;
 			}
 		}
 
-		return pointer->insert(stats, ip_address, mask, value_id);
+		return pointer_->insert(stats_, ip_address, mask, value_id);
 	}
 
-	eResult remove(const uint32_t& ip_address,
+	eResult remove(const Address& ip_address,
 	               const uint8_t& mask)
 	{
-		eResult result = eResult::success;
-		if (stats.extended_chunks_size - stats.extended_chunks_count < object_type::extended_chunks_size_min)
+		if (NeedToGrow())
 		{
-			result = create(stats.extended_chunks_size * 2);
+			eResult result = Resize(GrowSize());
 			if (result != eResult::success)
 			{
 				return result;
 			}
 		}
 
-		result = pointer->remove(stats, ip_address, mask);
+		eResult result = pointer_->remove(stats_, ip_address, mask);
 		if (result != eResult::success)
 		{
 			return result;
 		}
 
-		if (stats.extended_chunks_size > 2 * object_type::extended_chunks_size_min &&
-		    stats.extended_chunks_count < stats.extended_chunks_size / 4)
+		if (NeedToShrink())
 		{
-			result = create(stats.extended_chunks_size / 2);
+			eResult result = Resize(ShrinkSize());
 			if (result != eResult::success)
 			{
 				return result;
@@ -139,182 +120,89 @@ class updater_lpm4_24bit_8bit
 		return result;
 	}
 
-	eResult clear()
+	void clear()
 	{
-		if (pointer)
+		if (pointer_)
 		{
-			memory_manager->destroy(pointer);
-			pointer = nullptr;
+			pointer_->clear();
+			stats_.clear();
+			if (NeedToShrink())
+			{
+				Resize(2 * ObjectType::extended_chunks_size_min);
+			}
 		}
-
-		return create(2 * object_type::extended_chunks_size_min);
 	}
 
 	void limits(common::idp::limits::response& limits) const
 	{
-		limits.emplace_back(name + ".extended_chunks",
-		                    socket_id,
-		                    stats.extended_chunks_count,
-		                    stats.extended_chunks_size);
+		limits.emplace_back(name_ + ".extended_chunks",
+		                    socket_id_,
+		                    stats_.extended_chunks_count,
+		                    stats_.extended_chunks_size);
 	}
 
 	void report(nlohmann::json& report) const
 	{
-		report["pointer"] = to_hex(pointer);
-		report["extended_chunks_count"] = stats.extended_chunks_count;
-		report["extended_chunks_size"] = stats.extended_chunks_size;
+		report["pointer"] = to_hex(pointer_.get());
+		report["extended_chunks_count"] = stats_.extended_chunks_count;
+		report["extended_chunks_size"] = stats_.extended_chunks_size;
 	}
 
-protected:
-	std::string name;
-	dataplane::memory_manager* memory_manager;
-	tSocketId socket_id;
-
-	object_type::stats_t stats;
-
-public:
-	object_type* pointer;
-};
-
-//
-
-class updater_lpm6_8x16bit
-{
-public:
-	using object_type = lpm6_8x16bit_atomic;
-
-	updater_lpm6_8x16bit(const char* name,
-	                     dataplane::memory_manager* memory_manager,
-	                     const tSocketId socket_id) :
-	        name(name),
-	        memory_manager(memory_manager),
-	        socket_id(socket_id),
-	        pointer(nullptr)
+	ObjectType* pointer()
 	{
-		stats.extended_chunks_count = 0;
-		stats.extended_chunks_size = 0;
-		stats.max_used_chunk_id = 0;
-		stats.free_chunk_cache.flags = 0;
+		return pointer_.get();
 	}
 
-	eResult init()
-	{
-		return create(2 * object_type::extended_chunks_size_min);
-	}
+private:
+	std::string name_;
+	dataplane::memory_manager* memory_manager_;
+	tSocketId socket_id_;
+	stats_t stats_;
+	dataplane::memory_manager::unique_ptr<ObjectType> pointer_;
 
-	eResult create(const uint64_t extended_chunks_size)
+	eResult Resize(const std::size_t size)
 	{
-		auto* next_pointer = memory_manager->create<object_type>(name.data(),
-		                                                         socket_id,
-		                                                         object_type::calculate_sizeof(extended_chunks_size));
-		if (next_pointer == nullptr)
+		memory_manager::unique_ptr<ObjectType> next = Allocate(size);
+		if (!next)
 		{
 			return eResult::errorAllocatingMemory;
 		}
 
-		object_type::stats_t next_stats;
+		stats_t next_stats;
 		next_stats.extended_chunks_count = 0;
-		next_stats.extended_chunks_size = extended_chunks_size;
+		next_stats.extended_chunks_size = size;
 		next_stats.max_used_chunk_id = 0;
 		next_stats.free_chunk_cache.flags = 0;
 
-		if (pointer)
-		{
-			next_pointer->copy(next_stats, stats, *pointer);
-			memory_manager->destroy(pointer);
-		}
-
-		stats = next_stats;
-		pointer = next_pointer;
-
+		next->copy(next_stats, stats_, *pointer_);
+		stats_ = next_stats;
+		std::swap(pointer_, next);
 		return eResult::success;
 	}
 
-	eResult insert(const std::array<uint8_t, 16>& ip_address,
-	               const uint8_t& mask,
-	               const uint32_t& value_id)
+	[[nodiscard]] bool NeedToGrow() const
 	{
-		if (stats.extended_chunks_size - stats.extended_chunks_count < object_type::extended_chunks_size_min)
-		{
-			eResult result = create(stats.extended_chunks_size * 2);
-			if (result != eResult::success)
-			{
-				return result;
-			}
-		}
-
-		return pointer->insert(stats, ip_address, mask, value_id);
+		return stats_.extended_chunks_size - stats_.extended_chunks_count < ObjectType::extended_chunks_size_min;
 	}
 
-	eResult remove(const std::array<uint8_t, 16>& ip_address,
-	               const uint8_t& mask)
+	[[nodiscard]] std::size_t GrowSize() const
 	{
-		eResult result = eResult::success;
-		if (stats.extended_chunks_size - stats.extended_chunks_count < object_type::extended_chunks_size_min)
-		{
-			result = create(stats.extended_chunks_size * 2);
-			if (result != eResult::success)
-			{
-				return result;
-			}
-		}
-
-		result = pointer->remove(stats, ip_address, mask);
-		if (result != eResult::success)
-		{
-			return result;
-		}
-
-		if (stats.extended_chunks_size > 2 * object_type::extended_chunks_size_min &&
-		    stats.extended_chunks_count < stats.extended_chunks_size / 4)
-		{
-			result = create(stats.extended_chunks_size / 2);
-			if (result != eResult::success)
-			{
-				return result;
-			}
-		}
-
-		return result;
+		return stats_.extended_chunks_size * 2;
 	}
 
-	eResult clear()
+	[[nodiscard]] std::size_t ShrinkSize() const
 	{
-		if (pointer)
-		{
-			memory_manager->destroy(pointer);
-			pointer = nullptr;
-		}
-
-		return create(2 * object_type::extended_chunks_size_min);
-	}
-
-	void limits(common::idp::limits::response& limits) const
-	{
-		limits.emplace_back(name + ".extended_chunks",
-		                    socket_id,
-		                    stats.extended_chunks_count,
-		                    stats.extended_chunks_size);
+		return stats_.extended_chunks_size / 2;
 	}
 
-	void report(nlohmann::json& report) const
+	[[nodiscard]] bool NeedToShrink() const
 	{
-		report["pointer"] = to_hex(pointer);
-		report["extended_chunks_count"] = stats.extended_chunks_count;
-		report["extended_chunks_size"] = stats.extended_chunks_size;
+		return ShrinkSize() > std::max(ObjectType::extended_chunks_size_min, GrowSize());
 	}
-
-protected:
-	std::string name;
-	dataplane::memory_manager* memory_manager;
-	tSocketId socket_id;
-
-	object_type::stats_t stats;
-
-public:
-	object_type* pointer;
 };
 
+using updater_lpm4_24bit_8bit = updater_lpm<uint32_t, lpm4_24bit_8bit_atomic>;
+using updater_lpm6_8x16bit = updater_lpm<std::array<uint8_t, 16>, lpm6_8x16bit_atomic>;
 //
 
 class updater_lpm4_24bit_8bit_id32
@@ -327,8 +215,7 @@ class updater_lpm4_24bit_8bit_id32
 	                             const tSocketId socket_id) :
 	        name(name),
 	        memory_manager(memory_manager),
-	        socket_id(socket_id),
-	        pointer(nullptr)
+	        socket_id(socket_id)
 	{
 	}
 
@@ -402,7 +289,7 @@ class updater_lpm4_24bit_8bit_id32
 	object_type::stats_t stats;
 
 public:
-	object_type* pointer;
+	object_type* pointer{};
 };
 
 //
@@ -417,8 +304,7 @@ class updater_lpm6_16x8bit_id32
 	                          const tSocketId socket_id) :
 	        name(name),
 	        memory_manager(memory_manager),
-	        socket_id(socket_id),
-	        pointer(nullptr)
+	        socket_id(socket_id)
 	{
 	}
 
@@ -492,7 +378,7 @@ class updater_lpm6_16x8bit_id32
 	object_type::stats_t stats;
 
 public:
-	object_type* pointer;
+	object_type* pointer{};
 };
 
 //
diff --git a/dataplane/utils.h b/dataplane/utils.h
new file mode 100644
index 00000000..8b713712
--- /dev/null
+++ b/dataplane/utils.h
@@ -0,0 +1,61 @@
+#pragma once
+#include <mutex>
+
+#include <rte_mbuf.h>
+
+#include "metadata.h"
+
+namespace utils
+{
+
+inline void SetFlow(rte_mbuf* mbuf, const common::globalBase::tFlow& flow)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+	metadata->flow = flow;
+}
+
+inline void SetFlowType(rte_mbuf* mbuf, const common::globalBase::eFlowType& type)
+{
+	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
+	metadata->flow.type = type;
+}
+
+template<typename It>
+class RoundRobinIterator
+{
+	It begin_;
+	It end_;
+	It curr_;
+
+public:
+	RoundRobinIterator(It range_start, It range_end) :
+	        begin_{range_start}, end_{range_end}, curr_{range_start}
+	{
+	}
+	It operator->() { return curr_; }
+	RoundRobinIterator& operator++()
+	{
+		if (++curr_ == end_)
+		{
+			curr_ = begin_;
+		}
+		return *this;
+	}
+};
+
+template<typename T>
+class Sequential
+{
+	std::mutex mutex_;
+	T data_;
+
+public:
+	template<typename F>
+	auto apply(F func)
+	{
+		std::lock_guard<std::mutex> lock(mutex_);
+		return func(data_);
+	}
+};
+
+} // namespace utils
diff --git a/dataplane/work_runner.h b/dataplane/work_runner.h
new file mode 100644
index 00000000..8c033ae1
--- /dev/null
+++ b/dataplane/work_runner.h
@@ -0,0 +1,71 @@
+#pragma once
+#include <chrono>
+#include <thread>
+#include <tuple>
+
+namespace dpdk
+{
+
+namespace internal
+{
+template<typename F>
+void CallIteration(F* f)
+{
+	f->Iteration();
+}
+
+template<typename F>
+void CallIteration(F f)
+{
+	f.Iteration();
+}
+
+} // namespace internal
+
+template<typename... Workloads>
+class WorkRunner
+{
+	std::tuple<Workloads...> m_workers;
+	template<int I = 0>
+	void Iteration()
+	{
+		if constexpr (I != sizeof...(Workloads))
+		{
+			internal::CallIteration(std::get<I>(m_workers));
+			Iteration<I + 1>();
+		}
+	}
+
+public:
+	void Run()
+	{
+		while (true)
+		{
+			Iteration();
+		}
+	}
+	WorkRunner(Workloads... loads) :
+	        m_workers{loads...}
+	{
+	}
+};
+
+template<int duration_value = 1, typename Duration = std::chrono::microseconds>
+class Sleeper
+{
+public:
+	void Iteration()
+	{
+		std::this_thread::sleep_for(Duration{duration_value});
+	}
+};
+
+struct Yielder
+{
+	void Iteration()
+	{
+		std::this_thread::yield();
+	}
+};
+
+} // namespace dpdk
\ No newline at end of file
diff --git a/dataplane/worker.cpp b/dataplane/worker.cpp
index dc9b7f7b..7a1ad8e5 100644
--- a/dataplane/worker.cpp
+++ b/dataplane/worker.cpp
@@ -1,6 +1,7 @@
 #include <netinet/icmp6.h>
 #include <netinet/ip_icmp.h>
 
+#include <optional>
 #include <string>
 
 #include <rte_cycles.h>
@@ -20,6 +21,9 @@
 #include "common/fallback.h"
 #include "common/nat46clat.h"
 
+#include "dataplane/sdpserver.h"
+
+#include "action_dispatcher.h"
 #include "checksum.h"
 #include "common.h"
 #include "dataplane.h"
@@ -45,8 +49,6 @@ cWorker::cWorker(cDataPlane* dataPlane) :
         ring_log(nullptr),
         packetsToSWNPRemainder(dataPlane->config.SWNormalPriorityRateLimitPerWorker)
 {
-	memset(bursts, 0, sizeof(bursts));
-	memset(counters, 0, sizeof(counters));
 }
 
 cWorker::~cWorker()
@@ -81,6 +83,17 @@ cWorker::~cWorker()
 	}
 }
 
+unsigned int cWorker::MempoolSize() const
+{
+	const auto& config = dataPlane->getConfigValues();
+	unsigned int rx_points_factor = 2 * basePermanently.rx_points.size();
+	return rx_points_factor * config.port_rx_queue_size +
+	       rx_points_factor * config.port_tx_queue_size +
+	       2 * config.ring_highPriority_size +
+	       2 * config.ring_normalPriority_size +
+	       2 * config.ring_lowPriority_size;
+}
+
 eResult cWorker::init(const tCoreId& coreId,
                       const dataplane::base::permanently& basePermanently,
                       const dataplane::base::generation& base)
@@ -95,11 +108,7 @@ eResult cWorker::init(const tCoreId& coreId,
 	this->bases[currentBaseId] = base;
 	this->bases[currentBaseId ^ 1] = base;
 
-	unsigned int elements_count = 2 * basePermanently.workerPortsCount * dataPlane->getConfigValues().port_rx_queue_size +
-	                              2 * basePermanently.workerPortsCount * dataPlane->getConfigValues().port_tx_queue_size +
-	                              2 * dataPlane->getConfigValues().ring_highPriority_size +
-	                              2 * dataPlane->getConfigValues().ring_normalPriority_size +
-	                              2 * dataPlane->getConfigValues().ring_lowPriority_size;
+	unsigned int elements_count = MempoolSize();
 
 	YADECAP_LOG_DEBUG("elements_count: %u\n", elements_count);
 
@@ -199,20 +208,7 @@ void cWorker::start()
 
 	/// @todo: prepare()
 
-	unsigned int mbufs_count_expect = 2 * basePermanently.workerPortsCount * dataPlane->getConfigValues().port_rx_queue_size +
-	                                  2 * basePermanently.workerPortsCount * dataPlane->getConfigValues().port_tx_queue_size +
-	                                  2 * dataPlane->getConfigValues().ring_highPriority_size +
-	                                  2 * dataPlane->getConfigValues().ring_normalPriority_size +
-	                                  2 * dataPlane->getConfigValues().ring_lowPriority_size;
-
 	unsigned int mbufs_count = rte_mempool_avail_count(mempool);
-	if (mbufs_count != mbufs_count_expect)
-	{
-		YADECAP_LOG_ERROR("mbufs_count: %u != %u\n",
-		                  mbufs_count,
-		                  mbufs_count_expect);
-		abort();
-	}
 
 	std::vector<rte_mbuf*> mbufs;
 	mbufs.resize(mbufs_count);
@@ -231,54 +227,12 @@ void cWorker::start()
 		abort();
 	}
 
-	for (unsigned int worker_port_i = 0;
-	     worker_port_i < basePermanently.workerPortsCount;
-	     worker_port_i++)
-	{
-		const auto& portId = basePermanently.workerPorts[worker_port_i].inPortId;
-		const auto& queueId = basePermanently.workerPorts[worker_port_i].inQueueId;
-
-		rc = rte_eth_rx_queue_setup(portId,
-		                            queueId,
-		                            dataPlane->getConfigValues().port_rx_queue_size,
-		                            rte_eth_dev_socket_id(portId),
-		                            nullptr, ///< @todo
-		                            mempool);
-		if (rc < 0)
-		{
-			YADECAP_LOG_ERROR("rte_eth_rx_queue_setup() = %d\n", rc);
-			abort();
-		}
-	}
-
 	if (rte_mempool_default_cache(mempool, coreId))
 	{
 		YADECAP_LOG_ERROR("mempool cache not empty\n");
 		abort();
 	}
 
-	rc = pthread_barrier_wait(&dataPlane->initPortBarrier);
-	if (rc == PTHREAD_BARRIER_SERIAL_THREAD)
-	{
-		pthread_barrier_destroy(&dataPlane->initPortBarrier);
-	}
-	else if (rc != 0)
-	{
-		YADECAP_LOG_ERROR("pthread_barrier_wait() = %d\n", rc);
-		abort();
-	}
-
-	rc = pthread_barrier_wait(&dataPlane->runBarrier);
-	if (rc == PTHREAD_BARRIER_SERIAL_THREAD)
-	{
-		pthread_barrier_destroy(&dataPlane->runBarrier);
-	}
-	else if (rc != 0)
-	{
-		YADECAP_LOG_ERROR("pthread_barrier_wait() = %d\n", rc);
-		abort();
-	}
-
 	for (unsigned int mbuf_i = 0;
 	     mbuf_i < mbufs_count;
 	     mbuf_i++)
@@ -300,71 +254,101 @@ void cWorker::start()
 	mainThread();
 }
 
-void cWorker::fillStatsNamesToAddrsTable(std::unordered_map<std::string, uint64_t*>& table)
+void cWorker::FillMetadataWorkerCounters(common::sdp::MetadataWorker& metadata)
 {
-	table["brokenPackets"] = &stats.brokenPackets;
-	table["dropPackets"] = &stats.dropPackets;
-	table["ring_highPriority_drops"] = &stats.ring_highPriority_drops;
-	table["ring_normalPriority_drops"] = &stats.ring_normalPriority_drops;
-	table["ring_lowPriority_drops"] = &stats.ring_lowPriority_drops;
-	table["ring_highPriority_packets"] = &stats.ring_highPriority_packets;
-	table["ring_normalPriority_packets"] = &stats.ring_normalPriority_packets;
-	table["ring_lowPriority_packets"] = &stats.ring_lowPriority_packets;
-	table["decap_packets"] = &stats.decap_packets;
-	table["decap_fragments"] = &stats.decap_fragments;
-	table["decap_unknownExtensions"] = &stats.decap_unknownExtensions;
-	table["interface_lookupMisses"] = &stats.interface_lookupMisses;
-	table["interface_hopLimits"] = &stats.interface_hopLimits;
-	table["interface_neighbor_invalid"] = &stats.interface_neighbor_invalid;
-	table["nat64stateless_ingressPackets"] = &stats.nat64stateless_ingressPackets;
-	table["nat64stateless_ingressFragments"] = &stats.nat64stateless_ingressFragments;
-	table["nat64stateless_ingressUnknownICMP"] = &stats.nat64stateless_ingressUnknownICMP;
-	table["nat64stateless_egressPackets"] = &stats.nat64stateless_egressPackets;
-	table["nat64stateless_egressFragments"] = &stats.nat64stateless_egressFragments;
-	table["nat64stateless_egressUnknownICMP"] = &stats.nat64stateless_egressUnknownICMP;
-	table["balancer_invalid_reals_count"] = &stats.balancer_invalid_reals_count;
-	table["fwsync_multicast_egress_drops"] = &stats.fwsync_multicast_egress_drops;
-	table["fwsync_multicast_egress_packets"] = &stats.fwsync_multicast_egress_packets;
-	table["fwsync_multicast_egress_imm_packets"] = &stats.fwsync_multicast_egress_imm_packets;
-	table["fwsync_no_config_drops"] = &stats.fwsync_no_config_drops;
-	table["fwsync_unicast_egress_drops"] = &stats.fwsync_unicast_egress_drops;
-	table["fwsync_unicast_egress_packets"] = &stats.fwsync_unicast_egress_packets;
-	table["acl_ingress_dropPackets"] = &stats.acl_ingress_dropPackets;
-	table["acl_egress_dropPackets"] = &stats.acl_egress_dropPackets;
-	table["repeat_ttl"] = &stats.repeat_ttl;
-	table["leakedMbufs"] = &stats.leakedMbufs;
-	table["logs_packets"] = &stats.logs_packets;
-	table["logs_drops"] = &stats.logs_drops;
-
-	table["balancer_state_insert_failed"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_state_insert_failed];
-	table["balancer_state_insert_done"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_state_insert_done];
-	table["balancer_icmp_generated_echo_reply_ipv4"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_generated_echo_reply_ipv4];
-	table["balancer_icmp_generated_echo_reply_ipv6"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_generated_echo_reply_ipv6];
-	table["balancer_icmp_drop_icmpv4_payload_too_short_ip"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_ip];
-	table["balancer_icmp_drop_icmpv4_payload_too_short_port"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_port];
-	table["balancer_icmp_drop_icmpv6_payload_too_short_ip"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_ip];
-	table["balancer_icmp_drop_icmpv6_payload_too_short_port"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_port];
-	table["balancer_icmp_unmatching_src_from_original_ipv4"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_unmatching_src_from_original_ipv4];
-	table["balancer_icmp_unmatching_src_from_original_ipv6"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_unmatching_src_from_original_ipv6];
-	table["balancer_icmp_drop_real_disabled"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_real_disabled];
-	table["balancer_icmp_no_balancer_src_ipv4"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv4];
-	table["balancer_icmp_no_balancer_src_ipv6"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv6];
-	table["balancer_icmp_drop_already_cloned"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_already_cloned];
-	table["balancer_icmp_drop_no_unrdup_table_for_balancer_id"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_no_unrdup_table_for_balancer_id];
-	table["balancer_icmp_drop_unrdup_vip_not_found"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_unrdup_vip_not_found];
-	table["balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id];
-	table["balancer_icmp_drop_unexpected_transport_protocol"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_unexpected_transport_protocol];
-	table["balancer_icmp_drop_unknown_service"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_drop_unknown_service];
-	table["balancer_icmp_failed_to_clone"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_failed_to_clone];
-	table["balancer_icmp_clone_forwarded"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_clone_forwarded];
-	table["balancer_icmp_sent_to_real"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_sent_to_real];
-	table["balancer_icmp_out_rate_limit_reached"] = &counters[(uint32_t)common::globalBase::static_counter_type::balancer_icmp_out_rate_limit_reached];
-	table["slow_worker_normal_priority_rate_limit_exceeded"] = &counters[(uint32_t)common::globalBase::static_counter_type::slow_worker_normal_priority_rate_limit_exceeded];
-
-	table["acl_ingress_v4_broken_packet"] = &counters[(uint32_t)common::globalBase::static_counter_type::acl_ingress_v4_broken_packet];
-	table["acl_ingress_v6_broken_packet"] = &counters[(uint32_t)common::globalBase::static_counter_type::acl_ingress_v6_broken_packet];
-	table["acl_egress_v4_broken_packet"] = &counters[(uint32_t)common::globalBase::static_counter_type::acl_egress_v4_broken_packet];
-	table["acl_egress_v6_broken_packet"] = &counters[(uint32_t)common::globalBase::static_counter_type::acl_egress_v6_broken_packet];
+	metadata.size = 0;
+	metadata.start_counters = common::sdp::SdrSever::GetStartData(YANET_CONFIG_COUNTERS_SIZE * sizeof(uint64_t), metadata.size);
+	metadata.start_acl_counters = common::sdp::SdrSever::GetStartData(YANET_CONFIG_ACL_COUNTERS_SIZE * sizeof(uint64_t), metadata.size);
+	metadata.start_bursts = common::sdp::SdrSever::GetStartData((CONFIG_YADECAP_MBUFS_BURST_SIZE + 1) * sizeof(uint64_t), metadata.size);
+	metadata.start_stats = common::sdp::SdrSever::GetStartData(sizeof(common::worker::stats::common), metadata.size);
+	metadata.start_stats_ports = common::sdp::SdrSever::GetStartData(sizeof(common::worker::stats::port[CONFIG_YADECAP_PORTS_SIZE]), metadata.size);
+
+	// stats
+	std::map<std::string, uint64_t> counters_stats;
+	counters_stats["brokenPackets"] = offsetof(common::worker::stats::common, brokenPackets);
+	counters_stats["dropPackets"] = offsetof(common::worker::stats::common, dropPackets);
+	counters_stats["ring_highPriority_drops"] = offsetof(common::worker::stats::common, ring_highPriority_drops);
+	counters_stats["ring_normalPriority_drops"] = offsetof(common::worker::stats::common, ring_normalPriority_drops);
+	counters_stats["ring_lowPriority_drops"] = offsetof(common::worker::stats::common, ring_lowPriority_drops);
+	counters_stats["ring_highPriority_packets"] = offsetof(common::worker::stats::common, ring_highPriority_packets);
+	counters_stats["ring_normalPriority_packets"] = offsetof(common::worker::stats::common, ring_normalPriority_packets);
+	counters_stats["ring_lowPriority_packets"] = offsetof(common::worker::stats::common, ring_lowPriority_packets);
+	counters_stats["decap_packets"] = offsetof(common::worker::stats::common, decap_packets);
+	counters_stats["decap_fragments"] = offsetof(common::worker::stats::common, decap_fragments);
+	counters_stats["decap_unknownExtensions"] = offsetof(common::worker::stats::common, decap_unknownExtensions);
+	counters_stats["interface_lookupMisses"] = offsetof(common::worker::stats::common, interface_lookupMisses);
+	counters_stats["interface_hopLimits"] = offsetof(common::worker::stats::common, interface_hopLimits);
+	counters_stats["interface_neighbor_invalid"] = offsetof(common::worker::stats::common, interface_neighbor_invalid);
+	counters_stats["nat64stateless_ingressPackets"] = offsetof(common::worker::stats::common, nat64stateless_ingressPackets);
+	counters_stats["nat64stateless_ingressFragments"] = offsetof(common::worker::stats::common, nat64stateless_ingressFragments);
+	counters_stats["nat64stateless_ingressUnknownICMP"] = offsetof(common::worker::stats::common, nat64stateless_ingressUnknownICMP);
+	counters_stats["nat64stateless_egressPackets"] = offsetof(common::worker::stats::common, nat64stateless_egressPackets);
+	counters_stats["nat64stateless_egressFragments"] = offsetof(common::worker::stats::common, nat64stateless_egressFragments);
+	counters_stats["nat64stateless_egressUnknownICMP"] = offsetof(common::worker::stats::common, nat64stateless_egressUnknownICMP);
+	counters_stats["balancer_invalid_reals_count"] = offsetof(common::worker::stats::common, balancer_invalid_reals_count);
+	counters_stats["fwsync_multicast_egress_drops"] = offsetof(common::worker::stats::common, fwsync_multicast_egress_drops);
+	counters_stats["fwsync_multicast_egress_packets"] = offsetof(common::worker::stats::common, fwsync_multicast_egress_packets);
+	counters_stats["fwsync_multicast_egress_imm_packets"] = offsetof(common::worker::stats::common, fwsync_multicast_egress_imm_packets);
+	counters_stats["fwsync_no_config_drops"] = offsetof(common::worker::stats::common, fwsync_no_config_drops);
+	counters_stats["fwsync_unicast_egress_drops"] = offsetof(common::worker::stats::common, fwsync_unicast_egress_drops);
+	counters_stats["fwsync_unicast_egress_packets"] = offsetof(common::worker::stats::common, fwsync_unicast_egress_packets);
+	counters_stats["acl_ingress_dropPackets"] = offsetof(common::worker::stats::common, acl_ingress_dropPackets);
+	counters_stats["acl_egress_dropPackets"] = offsetof(common::worker::stats::common, acl_egress_dropPackets);
+	counters_stats["repeat_ttl"] = offsetof(common::worker::stats::common, repeat_ttl);
+	counters_stats["leakedMbufs"] = offsetof(common::worker::stats::common, leakedMbufs);
+	counters_stats["logs_packets"] = offsetof(common::worker::stats::common, logs_packets);
+	counters_stats["logs_drops"] = offsetof(common::worker::stats::common, logs_drops);
+	for (const auto& iter : counters_stats)
+	{
+		metadata.counter_positions[iter.first] = (metadata.start_stats + iter.second) / sizeof(uint64_t);
+	}
+
+	// counters
+	std::map<std::string, common::globalBase::static_counter_type> counters_named;
+	counters_named["balancer_state_insert_failed"] = common::globalBase::static_counter_type::balancer_state_insert_failed;
+	counters_named["balancer_state_insert_done"] = common::globalBase::static_counter_type::balancer_state_insert_done;
+	counters_named["balancer_icmp_generated_echo_reply_ipv4"] = common::globalBase::static_counter_type::balancer_icmp_generated_echo_reply_ipv4;
+	counters_named["balancer_icmp_generated_echo_reply_ipv6"] = common::globalBase::static_counter_type::balancer_icmp_generated_echo_reply_ipv6;
+	counters_named["balancer_icmp_drop_icmpv4_payload_too_short_ip"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_ip;
+	counters_named["balancer_icmp_drop_icmpv4_payload_too_short_port"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv4_payload_too_short_port;
+	counters_named["balancer_icmp_drop_icmpv6_payload_too_short_ip"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_ip;
+	counters_named["balancer_icmp_drop_icmpv6_payload_too_short_port"] = common::globalBase::static_counter_type::balancer_icmp_drop_icmpv6_payload_too_short_port;
+	counters_named["balancer_icmp_unmatching_src_from_original_ipv4"] = common::globalBase::static_counter_type::balancer_icmp_unmatching_src_from_original_ipv4;
+	counters_named["balancer_icmp_unmatching_src_from_original_ipv6"] = common::globalBase::static_counter_type::balancer_icmp_unmatching_src_from_original_ipv6;
+	counters_named["balancer_icmp_drop_real_disabled"] = common::globalBase::static_counter_type::balancer_icmp_drop_real_disabled;
+	counters_named["balancer_icmp_no_balancer_src_ipv4"] = common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv4;
+	counters_named["balancer_icmp_no_balancer_src_ipv6"] = common::globalBase::static_counter_type::balancer_icmp_no_balancer_src_ipv6;
+	counters_named["balancer_icmp_drop_already_cloned"] = common::globalBase::static_counter_type::balancer_icmp_drop_already_cloned;
+	counters_named["balancer_icmp_drop_no_unrdup_table_for_balancer_id"] = common::globalBase::static_counter_type::balancer_icmp_drop_no_unrdup_table_for_balancer_id;
+	counters_named["balancer_icmp_drop_unrdup_vip_not_found"] = common::globalBase::static_counter_type::balancer_icmp_drop_unrdup_vip_not_found;
+	counters_named["balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id"] = common::globalBase::static_counter_type::balancer_icmp_drop_no_vip_vport_proto_table_for_balancer_id;
+	counters_named["balancer_icmp_drop_unexpected_transport_protocol"] = common::globalBase::static_counter_type::balancer_icmp_drop_unexpected_transport_protocol;
+	counters_named["balancer_icmp_drop_unknown_service"] = common::globalBase::static_counter_type::balancer_icmp_drop_unknown_service;
+	counters_named["balancer_icmp_failed_to_clone"] = common::globalBase::static_counter_type::balancer_icmp_failed_to_clone;
+	counters_named["balancer_icmp_clone_forwarded"] = common::globalBase::static_counter_type::balancer_icmp_clone_forwarded;
+	counters_named["balancer_icmp_sent_to_real"] = common::globalBase::static_counter_type::balancer_icmp_sent_to_real;
+	counters_named["balancer_icmp_out_rate_limit_reached"] = common::globalBase::static_counter_type::balancer_icmp_out_rate_limit_reached;
+	counters_named["slow_worker_normal_priority_rate_limit_exceeded"] = common::globalBase::static_counter_type::slow_worker_normal_priority_rate_limit_exceeded;
+
+	counters_named["acl_ingress_v4_broken_packet"] = common::globalBase::static_counter_type::acl_ingress_v4_broken_packet;
+	counters_named["acl_ingress_v6_broken_packet"] = common::globalBase::static_counter_type::acl_ingress_v6_broken_packet;
+	counters_named["acl_egress_v4_broken_packet"] = common::globalBase::static_counter_type::acl_egress_v4_broken_packet;
+	counters_named["acl_egress_v6_broken_packet"] = common::globalBase::static_counter_type::acl_egress_v6_broken_packet;
+	counters_named["balancer_fragment_drops"] = common::globalBase::static_counter_type::balancer_fragment_drops;
+
+	for (const auto& iter : counters_named)
+	{
+		metadata.counter_positions[iter.first] = metadata.start_counters / sizeof(uint64_t) + static_cast<uint64_t>(iter.second);
+	}
+}
+
+void cWorker::SetBufferForCounters(void* buffer, const common::sdp::MetadataWorker& metadata)
+{
+	counters = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_counters);
+	aclCounters = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_acl_counters);
+	bursts = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_bursts);
+	stats = common::sdp::ShiftBuffer<common::worker::stats::common*>(buffer, metadata.start_stats);
+	statsPorts = common::sdp::ShiftBuffer<common::worker::stats::port*>(buffer, metadata.start_stats_ports);
 }
 
 eResult cWorker::sanityCheck()
@@ -391,12 +375,10 @@ YANET_NEVER_INLINE void cWorker::mainThread()
 		localBaseId = currentBaseId;
 
 		/// @todo: opt
-		for (unsigned int worker_port_i = 0;
-		     worker_port_i < basePermanently.workerPortsCount;
-		     worker_port_i++)
+		for (const auto& rx_point : basePermanently.rx_points)
 		{
 			toFreePackets_handle();
-			physicalPort_ingress_handle(worker_port_i);
+			physicalPort_ingress_handle(rx_point);
 
 			if (unlikely(logicalPort_ingress_stack.mbufsCount == 0))
 			{
@@ -495,7 +477,7 @@ void cWorker::preparePacket(rte_mbuf* mbuf)
 	// will traverse through ipv4 options/ipv6 extensions and try to determine transport header type and offset
 	if (!prepareL3(mbuf, metadata))
 	{
-		stats.brokenPackets++;
+		stats->brokenPackets++;
 		return;
 	}
 
@@ -517,7 +499,7 @@ void cWorker::preparePacket(rte_mbuf* mbuf)
 	if ((!(metadata->network_flags & YANET_NETWORK_FLAG_NOT_FIRST_FRAGMENT)) &&
 	    network_payload_length < basePermanently.transportSizes[metadata->transport_headerType])
 	{
-		stats.brokenPackets++;
+		stats->brokenPackets++;
 		metadata->transport_headerType = YANET_TRANSPORT_TYPE_UNKNOWN;
 		return;
 	}
@@ -1022,11 +1004,11 @@ inline void cWorker::handlePackets()
 static_assert(CONFIG_YADECAP_PORTS_SIZE == 8, "(vlanId << 3) | metadata->fromPortId");
 static_assert(CONFIG_YADECAP_LOGICALPORTS_SIZE == CONFIG_YADECAP_PORTS_SIZE * 8192, "base.globalBase->logicalPorts[CALCULATE_LOGICALPORT_ID(metadata->fromPortId, vlanId)]");
 
-inline void cWorker::physicalPort_ingress_handle(const unsigned int& worker_port_i)
+inline void cWorker::physicalPort_ingress_handle(const dpdk::Endpoint& rx_point)
 {
 	/// read packets from ports
-	uint16_t rxSize = rte_eth_rx_burst(basePermanently.workerPorts[worker_port_i].inPortId,
-	                                   basePermanently.workerPorts[worker_port_i].inQueueId,
+	uint16_t rxSize = rte_eth_rx_burst(rx_point.port,
+	                                   rx_point.queue,
 	                                   logicalPort_ingress_stack.mbufs,
 	                                   CONFIG_YADECAP_MBUFS_BURST_SIZE);
 
@@ -1038,7 +1020,7 @@ inline void cWorker::physicalPort_ingress_handle(const unsigned int& worker_port
 		rte_mbuf* mbuf = logicalPort_ingress_stack.mbufs[mbuf_i];
 		dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
-		metadata->fromPortId = basePermanently.workerPorts[worker_port_i].inPortId;
+		metadata->fromPortId = rx_point.port;
 		metadata->repeat_ttl = YANET_CONFIG_REPEAT_TTL;
 		metadata->flowLabel = 0;
 		metadata->already_early_decapped = 0;
@@ -1351,7 +1333,7 @@ inline void cWorker::logicalPort_egress_handle()
 		}
 		if (rte_mbuf_refcnt_read(mbuf) < 1)
 		{
-			stats.leakedMbufs++;
+			stats->leakedMbufs++;
 
 #ifdef CONFIG_YADECAP_AUTOTEST
 			YADECAP_LOG_ERROR("mbuf[%p] is broken\n", mbuf);
@@ -1402,6 +1384,9 @@ inline void cWorker::acl_ingress_entry(rte_mbuf* mbuf)
 	}
 }
 
+using ActionsIngress = dataplane::ActionDispatcher<dataplane::FlowDirection::Ingress>;
+using ActionsEgress = dataplane::ActionDispatcher<dataplane::FlowDirection::Egress>;
+
 inline void cWorker::acl_ingress_handle4()
 {
 	const auto& base = bases[localBaseId & 1];
@@ -1543,44 +1528,7 @@ inline void cWorker::acl_ingress_handle4()
 
 		const auto& value = acl.values[total_value];
 
-		if (value.flow.type == common::globalBase::eFlowType::drop)
-		{
-			// Try to match against stateful dynamic rules. If so - a packet will be handled.
-			if (acl_try_keepstate(mbuf))
-			{
-				continue;
-			}
-		}
-
-		aclCounters[value.flow.counter_id]++;
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::log)
-		{
-			acl_log(mbuf, value.flow, metadata->flow.data.aclId);
-		}
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::keepstate)
-		{
-			acl_create_keepstate(mbuf, metadata->flow.data.aclId, value.flow);
-		}
-
-		for (auto dump_id : value.dump_ids)
-		{
-			if (dump_id == 0)
-			{
-				break;
-			}
-
-			auto ring_id = base.globalBase->dump_id_to_tag[dump_id];
-			if (ring_id == -1)
-			{
-				continue;
-			}
-			auto& ring = dumpRings[ring_id];
-			ring.write(mbuf, value.flow.type);
-		}
-
-		acl_ingress_flow(mbuf, value.flow);
+		ActionsIngress::execute(value, {this, mbuf, metadata, &base});
 	}
 
 	acl_ingress_stack4.clear();
@@ -1734,44 +1682,7 @@ inline void cWorker::acl_ingress_handle6()
 
 		const auto& value = acl.values[total_value];
 
-		if (value.flow.type == common::globalBase::eFlowType::drop)
-		{
-			// Try to match against stateful dynamic rules. If so - a packet will be handled.
-			if (acl_try_keepstate(mbuf))
-			{
-				continue;
-			}
-		}
-
-		aclCounters[value.flow.counter_id]++;
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::log)
-		{
-			acl_log(mbuf, value.flow, metadata->flow.data.aclId);
-		}
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::keepstate)
-		{
-			acl_create_keepstate(mbuf, metadata->flow.data.aclId, value.flow);
-		}
-
-		for (auto dump_id : value.dump_ids)
-		{
-			if (dump_id == 0)
-			{
-				break;
-			}
-
-			auto ring_id = base.globalBase->dump_id_to_tag[dump_id];
-			if (ring_id == -1)
-			{
-				continue;
-			}
-			auto& ring = dumpRings[ring_id];
-			ring.write(mbuf, value.flow.type);
-		}
-
-		acl_ingress_flow(mbuf, value.flow);
+		ActionsIngress::execute(value, {this, mbuf, metadata, &base});
 	}
 
 	acl_ingress_stack6.clear();
@@ -1882,7 +1793,7 @@ inline void cWorker::acl_ingress_flow(rte_mbuf* mbuf,
 	}
 	else
 	{
-		stats.acl_ingress_dropPackets++; ///< @todo
+		stats->acl_ingress_dropPackets++; ///< @todo
 		drop(mbuf);
 	}
 }
@@ -2093,7 +2004,7 @@ inline void cWorker::decap_handle()
 			mark_ipv4_dscp(mbuf, decap.ipv4DSCPFlags);
 		}
 
-		stats.decap_packets++;
+		stats->decap_packets++;
 		decap_flow(mbuf, decap.flow);
 	}
 
@@ -2135,7 +2046,7 @@ inline bool cWorker::decap_cut(rte_mbuf* mbuf)
 		const rte_gre_hdr* greHeader = rte_pktmbuf_mtod_offset(mbuf, rte_gre_hdr*, metadata->transport_headerOffset);
 		if (((*(uint32_t*)greHeader) & 0xFFFFFF4F) != 0x00080000) ///< |X|0|X|X|0|0|0x0800|. @todo: ACL_GRE
 		{
-			stats.decap_unknownExtensions++;
+			stats->decap_unknownExtensions++;
 			return false;
 		}
 
@@ -2177,7 +2088,7 @@ inline bool cWorker::decap_cut(rte_mbuf* mbuf)
 		return true;
 	}
 
-	stats.decap_unknownExtensions++;
+	stats->decap_unknownExtensions++;
 	return false;
 }
 
@@ -2236,7 +2147,7 @@ inline void cWorker::route_handle4()
 
 		if (route_ipv4_values[mbuf_i] == dataplane::lpmValueIdInvalid)
 		{
-			stats.interface_lookupMisses++;
+			stats->interface_lookupMisses++;
 			rte_pktmbuf_free(mbuf);
 			continue;
 		}
@@ -2250,7 +2161,7 @@ inline void cWorker::route_handle4()
 			rte_ipv4_hdr* ipv4Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
 			if (ipv4Header->time_to_live <= 1)
 			{
-				stats.interface_hopLimits++;
+				stats->interface_hopLimits++;
 				drop(mbuf);
 				continue;
 			}
@@ -2274,7 +2185,7 @@ inline void cWorker::route_handle4()
 				key.address.mapped_ipv4_address.address = nexthop.neighbor_address.mapped_ipv4_address.address;
 			}
 
-			dataplane::neighbor::value const* value;
+			dataplane::neighbor::value const* value = nullptr;
 			base.neighbor_hashtable->lookup(key, value);
 			if (value)
 			{
@@ -2283,7 +2194,7 @@ inline void cWorker::route_handle4()
 			}
 			else
 			{
-				stats.interface_neighbor_invalid++;
+				stats->interface_neighbor_invalid++;
 				drop(mbuf);
 
 				neighbor_resolve.insert_or_update(key, 0);
@@ -2291,6 +2202,9 @@ inline void cWorker::route_handle4()
 				continue;
 			}
 
+			counters[nexthop.counter_id]++;
+			counters[nexthop.counter_id + 1] += mbuf->pkt_len;
+
 			route_nexthop(mbuf, nexthop);
 
 			ipv4Header->time_to_live--;
@@ -2310,7 +2224,7 @@ inline void cWorker::route_handle4()
 			metadata->repeat_ttl--;
 			if (metadata->repeat_ttl == 0)
 			{
-				stats.repeat_ttl++;
+				stats->repeat_ttl++;
 				rte_pktmbuf_free(mbuf);
 			}
 			else
@@ -2361,7 +2275,7 @@ inline void cWorker::route_handle6()
 
 		if (route_ipv6_values[mbuf_i] == dataplane::lpmValueIdInvalid)
 		{
-			stats.interface_lookupMisses++;
+			stats->interface_lookupMisses++;
 			rte_pktmbuf_free(mbuf);
 			continue;
 		}
@@ -2375,7 +2289,7 @@ inline void cWorker::route_handle6()
 			rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
 			if (ipv6Header->hop_limits <= 1)
 			{
-				stats.interface_hopLimits++;
+				stats->interface_hopLimits++;
 				drop(mbuf);
 				continue;
 			}
@@ -2395,7 +2309,7 @@ inline void cWorker::route_handle6()
 				memcpy(key.address.bytes, nexthop.neighbor_address.bytes, 16);
 			}
 
-			dataplane::neighbor::value const* value;
+			dataplane::neighbor::value const* value = nullptr;
 			base.neighbor_hashtable->lookup(key, value);
 			if (value)
 			{
@@ -2404,7 +2318,7 @@ inline void cWorker::route_handle6()
 			}
 			else
 			{
-				stats.interface_neighbor_invalid++;
+				stats->interface_neighbor_invalid++;
 				drop(mbuf);
 
 				neighbor_resolve.insert_or_update(key, 0);
@@ -2412,6 +2326,9 @@ inline void cWorker::route_handle6()
 				continue;
 			}
 
+			counters[nexthop.counter_id]++;
+			counters[nexthop.counter_id + 1] += mbuf->pkt_len;
+
 			route_nexthop(mbuf, nexthop);
 
 			ipv6Header->hop_limits--;
@@ -2429,7 +2346,7 @@ inline void cWorker::route_handle6()
 			metadata->repeat_ttl--;
 			if (metadata->repeat_ttl == 0)
 			{
-				stats.repeat_ttl++;
+				stats->repeat_ttl++;
 				rte_pktmbuf_free(mbuf);
 			}
 			else
@@ -2567,7 +2484,7 @@ inline void cWorker::route_tunnel_handle4()
 
 		if (route_ipv4_values[mbuf_i] == dataplane::lpmValueIdInvalid)
 		{
-			stats.interface_lookupMisses++;
+			stats->interface_lookupMisses++;
 			rte_pktmbuf_free(mbuf);
 			continue;
 		}
@@ -2583,7 +2500,7 @@ inline void cWorker::route_tunnel_handle4()
 			rte_ipv4_hdr* ipv4Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
 			if (ipv4Header->time_to_live <= 1)
 			{
-				stats.interface_hopLimits++;
+				stats->interface_hopLimits++;
 				drop(mbuf);
 				continue;
 			}
@@ -2607,7 +2524,7 @@ inline void cWorker::route_tunnel_handle4()
 				key.address.mapped_ipv4_address.address = nexthop.neighbor_address.mapped_ipv4_address.address;
 			}
 
-			dataplane::neighbor::value const* value;
+			dataplane::neighbor::value const* value = nullptr;
 			base.neighbor_hashtable->lookup(key, value);
 			if (value)
 			{
@@ -2616,7 +2533,7 @@ inline void cWorker::route_tunnel_handle4()
 			}
 			else
 			{
-				stats.interface_neighbor_invalid++;
+				stats->interface_neighbor_invalid++;
 				drop(mbuf);
 
 				neighbor_resolve.insert_or_update(key, 0);
@@ -2646,7 +2563,7 @@ inline void cWorker::route_tunnel_handle4()
 			metadata->repeat_ttl--;
 			if (metadata->repeat_ttl == 0)
 			{
-				stats.repeat_ttl++;
+				stats->repeat_ttl++;
 				rte_pktmbuf_free(mbuf);
 			}
 			else
@@ -2698,7 +2615,7 @@ inline void cWorker::route_tunnel_handle6()
 
 		if (route_ipv6_values[mbuf_i] == dataplane::lpmValueIdInvalid)
 		{
-			stats.interface_lookupMisses++;
+			stats->interface_lookupMisses++;
 			rte_pktmbuf_free(mbuf);
 			continue;
 		}
@@ -2714,7 +2631,7 @@ inline void cWorker::route_tunnel_handle6()
 			rte_ipv6_hdr* ipv6Header = rte_pktmbuf_mtod_offset(mbuf, rte_ipv6_hdr*, metadata->network_headerOffset);
 			if (ipv6Header->hop_limits <= 1)
 			{
-				stats.interface_hopLimits++;
+				stats->interface_hopLimits++;
 				drop(mbuf);
 				continue;
 			}
@@ -2734,7 +2651,7 @@ inline void cWorker::route_tunnel_handle6()
 				memcpy(key.address.bytes, nexthop.neighbor_address.bytes, 16);
 			}
 
-			dataplane::neighbor::value const* value;
+			dataplane::neighbor::value const* value = nullptr;
 			base.neighbor_hashtable->lookup(key, value);
 			if (value)
 			{
@@ -2743,7 +2660,7 @@ inline void cWorker::route_tunnel_handle6()
 			}
 			else
 			{
-				stats.interface_neighbor_invalid++;
+				stats->interface_neighbor_invalid++;
 				drop(mbuf);
 
 				neighbor_resolve.insert_or_update(key, 0);
@@ -2771,7 +2688,7 @@ inline void cWorker::route_tunnel_handle6()
 			metadata->repeat_ttl--;
 			if (metadata->repeat_ttl == 0)
 			{
-				stats.repeat_ttl++;
+				stats->repeat_ttl++;
 				rte_pktmbuf_free(mbuf);
 			}
 			else
@@ -2803,7 +2720,7 @@ inline void cWorker::route_tunnel_nexthop(rte_mbuf* mbuf,
 		return;
 	}
 
-	uint16_t payload_length;
+	uint16_t payload_length = 0;
 	bool is_ipv4 = metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
 	if (is_ipv4 && !nexthop.is_ipv6)
 	{
@@ -2840,8 +2757,8 @@ inline void cWorker::route_tunnel_nexthop(rte_mbuf* mbuf,
 	}
 	else
 	{
-		uint32_t vtc_flow;
-		uint16_t payload_len;
+		uint32_t vtc_flow = 0;
+		uint16_t payload_len = 0;
 		if (is_ipv4)
 		{
 			rte_ipv4_hdr* ipv4HeaderInner = rte_pktmbuf_mtod_offset(mbuf, rte_ipv4_hdr*, metadata->network_headerOffset);
@@ -3054,8 +2971,8 @@ inline void cWorker::nat64stateful_lan_handle()
 
 		const auto& nat64stateful = base.globalBase->nat64statefuls[metadata->flow.data.nat64stateful_id];
 
-		dataplane::globalBase::nat64stateful_lan_value* value_lookup;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::nat64stateful_lan_value* value_lookup = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		const uint32_t hash = nat64stateful_lan_state->lookup(key, value_lookup, locker);
 		if (value_lookup)
 		{
@@ -3103,9 +3020,9 @@ inline void cWorker::nat64stateful_lan_handle()
 			wan_key.port_source = key.port_destination;
 			wan_key.port_destination = key.port_source;
 
-			uint32_t wan_hash;
-			dataplane::globalBase::nat64stateful_wan_value* wan_value_lookup;
-			dataplane::spinlock_nonrecursive_t* wan_locker;
+			uint32_t wan_hash = 0;
+			dataplane::globalBase::nat64stateful_wan_value* wan_value_lookup = nullptr;
+			dataplane::spinlock_nonrecursive_t* wan_locker = nullptr;
 			for (unsigned int try_i = 0;
 			     try_i < YANET_CONFIG_NAT64STATEFUL_INSERT_TRIES;
 			     try_i++)
@@ -3159,11 +3076,8 @@ inline void cWorker::nat64stateful_lan_handle()
 				}
 
 				/// @todo: create cross-numa state over slowworker?
-				for (unsigned int numa_i = 0;
-				     numa_i < YANET_CONFIG_NUMA_SIZE;
-				     numa_i++)
+				for (auto globalbase_atomic : basePermanently.globalBaseAtomics)
 				{
-					auto* globalbase_atomic = basePermanently.globalBaseAtomics[numa_i];
 					if (globalbase_atomic == basePermanently.globalBaseAtomic)
 					{
 						continue;
@@ -3199,11 +3113,8 @@ inline void cWorker::nat64stateful_lan_handle()
 
 				/// @todo: create cross-numa state over slowworker?
 				value.timestamp_last_packet = basePermanently.globalBaseAtomic->currentTime - YANET_CONFIG_STATE_TIMEOUT_MAX;
-				for (unsigned int numa_i = 0;
-				     numa_i < YANET_CONFIG_NUMA_SIZE;
-				     numa_i++)
+				for (auto globalbase_atomic : basePermanently.globalBaseAtomics)
 				{
-					auto* globalbase_atomic = basePermanently.globalBaseAtomics[numa_i];
 					if (globalbase_atomic == basePermanently.globalBaseAtomic)
 					{
 						continue;
@@ -3351,8 +3262,8 @@ inline void cWorker::nat64stateful_wan_handle()
 
 		const auto& nat64stateful = base.globalBase->nat64statefuls[metadata->flow.data.nat64stateful_id];
 
-		dataplane::globalBase::nat64stateful_wan_value* value_lookup;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::nat64stateful_wan_value* value_lookup = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		nat64stateful_wan_state->lookup(key, value_lookup, locker);
 		if (!value_lookup)
 		{
@@ -3487,7 +3398,7 @@ inline void cWorker::nat64stateless_ingress_handle()
 
 		nat64stateless_ingress_translation(mbuf, nat64stateless, translation);
 
-		stats.nat64stateless_ingressPackets++;
+		stats->nat64stateless_ingressPackets++;
 		nat64stateless_ingress_flow(mbuf, nat64stateless.flow);
 	}
 
@@ -3606,7 +3517,7 @@ inline void cWorker::nat64stateless_egress_handle()
 
 		nat64stateless_egress_translation(mbuf, translation);
 
-		stats.nat64stateless_egressPackets++;
+		stats->nat64stateless_egressPackets++;
 		nat64stateless_egress_flow(mbuf, nat64stateless.flow);
 	}
 
@@ -4144,8 +4055,8 @@ inline void cWorker::balancer_handle()
 
 		/// @todo: BALANCER TCP SYN
 
-		dataplane::globalBase::balancer_state_value_t* value;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::balancer_state_value_t* value = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		const uint32_t hash = basePermanently.globalBaseAtomic->balancer_state->lookup(key, value, locker);
 		bool rescheduleReal = false;
 		if (value)
@@ -4201,7 +4112,7 @@ inline void cWorker::balancer_handle()
 			{
 				locker->unlock();
 
-				stats.balancer_invalid_reals_count++;
+				stats->balancer_invalid_reals_count++;
 				drop(mbuf);
 				continue;
 			}
@@ -4413,7 +4324,7 @@ inline void cWorker::balancer_ipv6_source(rte_ipv6_hdr* header,
                                           const rte_ipv4_hdr* ipv4HeaderInner,
                                           const rte_ipv6_hdr* ipv6HeaderInner)
 {
-	uint32_t random_src;
+	uint32_t random_src = 0;
 	if (ipv4HeaderInner)
 	{
 		random_src = ipv4HeaderInner->src_addr;
@@ -4757,8 +4668,8 @@ inline void cWorker::balancer_icmp_forward_handle()
 		const balancer_service_id_t service_id = metadata->flow.data.atomic >> 8;
 		const auto& service = base.globalBase->balancer_services[service_id];
 
-		dataplane::globalBase::balancer_state_value_t* value;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::balancer_state_value_t* value = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		basePermanently.globalBaseAtomic->balancer_state->lookup(key, value, locker);
 
 		if (value)
@@ -4810,7 +4721,7 @@ inline void cWorker::balancer_icmp_forward_handle()
 	balancer_icmp_forward_stack.clear();
 }
 
-inline bool cWorker::acl_try_keepstate(rte_mbuf* mbuf)
+inline cWorker::FlowFromState cWorker::acl_checkstate(rte_mbuf* mbuf)
 {
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
@@ -4844,11 +4755,11 @@ inline bool cWorker::acl_try_keepstate(rte_mbuf* mbuf)
 			key.dst_port = 0;
 		}
 
-		dataplane::globalBase::fw_state_value_t* value;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::fw_state_value_t* value = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		basePermanently.globalBaseAtomic->fw4_state->lookup(key, value, locker);
 
-		return acl_try_keepstate(mbuf, value, locker);
+		return acl_checkstate(mbuf, value, locker);
 	}
 	else if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6))
 	{
@@ -4880,26 +4791,26 @@ inline bool cWorker::acl_try_keepstate(rte_mbuf* mbuf)
 			key.dst_port = 0;
 		}
 
-		dataplane::globalBase::fw_state_value_t* value;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::fw_state_value_t* value = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		basePermanently.globalBaseAtomic->fw6_state->lookup(key, value, locker);
 
-		return acl_try_keepstate(mbuf, value, locker);
+		return acl_checkstate(mbuf, value, locker);
 	}
 
-	return false;
+	return std::nullopt;
 }
 
-inline bool cWorker::acl_try_keepstate(rte_mbuf* mbuf,
-                                       dataplane::globalBase::fw_state_value_t* value,
-                                       dataplane::spinlock_nonrecursive_t* locker)
+inline cWorker::FlowFromState cWorker::acl_checkstate(rte_mbuf* mbuf,
+                                                      dataplane::globalBase::fw_state_value_t* value,
+                                                      dataplane::spinlock_nonrecursive_t* locker)
 {
 	// Checking both value and locker for non-being-nullptr seems redundant.
 	if (value == nullptr)
 	{
 		// No record found, the caller should continue as usual.
 		locker->unlock();
-		return false;
+		return std::nullopt;
 	}
 
 	uint8_t flags = 0;
@@ -4918,12 +4829,10 @@ inline bool cWorker::acl_try_keepstate(rte_mbuf* mbuf,
 	value->tcp.dst_flags |= flags;
 	locker->unlock();
 
-	// Handle the packet according its flow.
-	acl_ingress_flow(mbuf, flow);
-	return true;
+	return {flow};
 }
 
-inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow)
+inline void cWorker::acl_create_state(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow, std::optional<uint32_t> timeout)
 {
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
@@ -4966,10 +4875,11 @@ inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const co
 			key.src_port = 0;
 		}
 
-		dataplane::globalBase::fw_state_value_t value;
+		dataplane::globalBase::fw_state_value_t value{};
 		value.type = static_cast<dataplane::globalBase::fw_state_type>(metadata->transport_headerType);
 		value.owner = dataplane::globalBase::fw_state_owner_e::internal;
 		acl_touch_state(mbuf, metadata, &value);
+		acl_fill_state_timeout(mbuf, metadata, &value, timeout);
 		value.flow = flow;
 		value.acl_id = aclId;
 		value.last_sync = basePermanently.globalBaseAtomic->currentTime;
@@ -4980,16 +4890,15 @@ inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const co
 		value.tcp.dst_flags = 0;
 
 		bool emit = false;
-		for (unsigned int idx = 0; idx < YANET_CONFIG_NUMA_SIZE; ++idx)
+		for (auto atomic : basePermanently.globalBaseAtomics)
 		{
-			dataplane::globalBase::atomic* atomic = basePermanently.globalBaseAtomics[idx];
 			if (atomic == nullptr)
 			{
 				break;
 			}
 
-			dataplane::globalBase::fw_state_value_t* lookup_value;
-			dataplane::spinlock_nonrecursive_t* locker;
+			dataplane::globalBase::fw_state_value_t* lookup_value = nullptr;
+			dataplane::spinlock_nonrecursive_t* locker = nullptr;
 			const uint32_t hash = atomic->fw4_state->lookup(key, lookup_value, locker);
 			if (lookup_value)
 			{
@@ -5013,7 +4922,7 @@ inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const co
 		if (base.globalBase->fw_state_sync_configs[aclId].flows_size == 0)
 		{
 			// No fw state synchronization configured.
-			stats.fwsync_no_config_drops++;
+			stats->fwsync_no_config_drops++;
 			return;
 		}
 
@@ -5063,10 +4972,11 @@ inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const co
 			key.src_port = 0;
 		}
 
-		dataplane::globalBase::fw_state_value_t value;
+		dataplane::globalBase::fw_state_value_t value{};
 		value.type = static_cast<dataplane::globalBase::fw_state_type>(metadata->transport_headerType);
 		value.owner = dataplane::globalBase::fw_state_owner_e::internal;
 		acl_touch_state(mbuf, metadata, &value);
+		acl_fill_state_timeout(mbuf, metadata, &value, timeout);
 		value.flow = flow;
 		value.acl_id = aclId;
 		value.last_sync = basePermanently.globalBaseAtomic->currentTime;
@@ -5077,16 +4987,15 @@ inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const co
 		value.tcp.dst_flags = 0;
 
 		bool emit = false;
-		for (unsigned int idx = 0; idx < YANET_CONFIG_NUMA_SIZE; ++idx)
+		for (auto atomic : basePermanently.globalBaseAtomics)
 		{
-			dataplane::globalBase::atomic* atomic = basePermanently.globalBaseAtomics[idx];
 			if (atomic == nullptr)
 			{
 				break;
 			}
 
-			dataplane::globalBase::fw_state_value_t* lookup_value;
-			dataplane::spinlock_nonrecursive_t* locker;
+			dataplane::globalBase::fw_state_value_t* lookup_value = nullptr;
+			dataplane::spinlock_nonrecursive_t* locker = nullptr;
 			const uint32_t hash = atomic->fw6_state->lookup(key, lookup_value, locker);
 			if (lookup_value)
 			{
@@ -5110,7 +5019,7 @@ inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const co
 		if (base.globalBase->fw_state_sync_configs[aclId].flows_size == 0)
 		{
 			// No fw state synchronization configured.
-			stats.fwsync_no_config_drops++;
+			stats->fwsync_no_config_drops++;
 			return;
 		}
 
@@ -5128,7 +5037,7 @@ inline void cWorker::acl_state_emit(tAclId aclId, const dataplane::globalBase::f
 	rte_mbuf* mbuf = rte_pktmbuf_alloc(mempool);
 	if (mbuf == nullptr)
 	{
-		stats.fwsync_multicast_egress_drops++;
+		stats->fwsync_multicast_egress_drops++;
 		return;
 	}
 
@@ -5148,7 +5057,7 @@ inline void cWorker::acl_state_emit(tAclId aclId, const dataplane::globalBase::f
 	// Push packet to the ring through stack.
 	metadata->flow.type = common::globalBase::eFlowType::slowWorker_fw_sync;
 	controlPlane_stack.insert(mbuf);
-	stats.fwsync_multicast_egress_imm_packets++;
+	stats->fwsync_multicast_egress_imm_packets++;
 }
 
 inline void cWorker::acl_egress_entry(rte_mbuf* mbuf, tAclId aclId)
@@ -5311,44 +5220,7 @@ inline void cWorker::acl_egress_handle4()
 
 		const auto& value = acl.values[total_value];
 
-		if (value.flow.type == common::globalBase::eFlowType::drop)
-		{
-			// Try to match against stateful dynamic rules. If so - a packet will be handled.
-			if (acl_egress_try_keepstate(mbuf))
-			{
-				continue;
-			}
-		}
-
-		aclCounters[value.flow.counter_id]++;
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::log)
-		{
-			acl_log(mbuf, value.flow, metadata->aclId);
-		}
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::keepstate)
-		{
-			acl_create_keepstate(mbuf, metadata->aclId, value.flow);
-		}
-
-		for (auto dump_id : value.dump_ids)
-		{
-			if (dump_id == 0)
-			{
-				break;
-			}
-
-			auto ring_id = base.globalBase->dump_id_to_tag[dump_id];
-			if (ring_id == -1)
-			{
-				continue;
-			}
-			auto& ring = dumpRings[ring_id];
-			ring.write(mbuf, value.flow.type);
-		}
-
-		acl_egress_flow(mbuf, value.flow);
+		ActionsEgress::execute(value, {this, mbuf, metadata, &base});
 	}
 
 	acl_egress_stack4.clear();
@@ -5495,44 +5367,7 @@ inline void cWorker::acl_egress_handle6()
 
 		const auto& value = acl.values[total_value];
 
-		if (value.flow.type == common::globalBase::eFlowType::drop)
-		{
-			// Try to match against stateful dynamic rules. If so - a packet will be handled.
-			if (acl_egress_try_keepstate(mbuf))
-			{
-				continue;
-			}
-		}
-
-		aclCounters[value.flow.counter_id]++;
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::log)
-		{
-			acl_log(mbuf, value.flow, metadata->aclId);
-		}
-
-		if (value.flow.flags & (uint8_t)common::globalBase::eFlowFlags::keepstate)
-		{
-			acl_create_keepstate(mbuf, metadata->aclId, value.flow);
-		}
-
-		for (auto dump_id : value.dump_ids)
-		{
-			if (dump_id == 0)
-			{
-				break;
-			}
-
-			auto ring_id = base.globalBase->dump_id_to_tag[dump_id];
-			if (ring_id == -1)
-			{
-				continue;
-			}
-			auto& ring = dumpRings[ring_id];
-			ring.write(mbuf, value.flow.type);
-		}
-
-		acl_egress_flow(mbuf, value.flow);
+		ActionsEgress::execute(value, {this, mbuf, metadata, &base});
 	}
 
 	acl_egress_stack6.clear();
@@ -5542,17 +5377,17 @@ void cWorker::acl_log(rte_mbuf* mbuf, const common::globalBase::tFlow& flow, tAc
 {
 	if (rte_ring_full(ring_log))
 	{
-		stats.logs_drops++;
+		stats->logs_drops++;
 		return;
 	}
 
 	const auto& base = bases[localBaseId & 1];
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
-	samples::sample_t* sample;
+	samples::sample_t* sample = nullptr;
 	if (rte_mempool_get(dataPlane->mempool_log, (void**)&sample) != 0)
 	{
-		stats.logs_drops++;
+		stats->logs_drops++;
 		return;
 	}
 
@@ -5572,7 +5407,7 @@ void cWorker::acl_log(rte_mbuf* mbuf, const common::globalBase::tFlow& flow, tAc
 	}
 	else
 	{
-		stats.logs_drops++;
+		stats->logs_drops++;
 		rte_mempool_put(dataPlane->mempool_log, sample);
 		return;
 	}
@@ -5606,14 +5441,14 @@ void cWorker::acl_log(rte_mbuf* mbuf, const common::globalBase::tFlow& flow, tAc
 
 	if (rte_ring_enqueue(ring_log, sample) != 0)
 	{
-		stats.logs_drops++;
+		stats->logs_drops++;
 		rte_mempool_put(dataPlane->mempool_log, sample);
 		return;
 	}
-	stats.logs_packets++;
+	stats->logs_packets++;
 }
 
-inline bool cWorker::acl_egress_try_keepstate(rte_mbuf* mbuf)
+inline cWorker::FlowFromState cWorker::acl_egress_checkstate(rte_mbuf* mbuf)
 {
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
@@ -5647,11 +5482,11 @@ inline bool cWorker::acl_egress_try_keepstate(rte_mbuf* mbuf)
 			key.dst_port = 0;
 		}
 
-		dataplane::globalBase::fw_state_value_t* value;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::fw_state_value_t* value = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		basePermanently.globalBaseAtomic->fw4_state->lookup(key, value, locker);
 
-		return acl_egress_try_keepstate(mbuf, value, locker);
+		return acl_egress_checkstate(mbuf, value, locker);
 	}
 	else if (metadata->network_headerType == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6))
 	{
@@ -5683,26 +5518,26 @@ inline bool cWorker::acl_egress_try_keepstate(rte_mbuf* mbuf)
 			key.dst_port = 0;
 		}
 
-		dataplane::globalBase::fw_state_value_t* value;
-		dataplane::spinlock_nonrecursive_t* locker;
+		dataplane::globalBase::fw_state_value_t* value = nullptr;
+		dataplane::spinlock_nonrecursive_t* locker = nullptr;
 		basePermanently.globalBaseAtomic->fw6_state->lookup(key, value, locker);
 
-		return acl_egress_try_keepstate(mbuf, value, locker);
+		return acl_egress_checkstate(mbuf, value, locker);
 	}
 
-	return false;
+	return std::nullopt;
 }
 
-inline bool cWorker::acl_egress_try_keepstate(rte_mbuf* mbuf,
-                                              dataplane::globalBase::fw_state_value_t* value,
-                                              dataplane::spinlock_nonrecursive_t* locker)
+inline cWorker::FlowFromState cWorker::acl_egress_checkstate(rte_mbuf* mbuf,
+                                                             dataplane::globalBase::fw_state_value_t* value,
+                                                             dataplane::spinlock_nonrecursive_t* locker)
 {
 	// Checking both value and locker for non-being-nullptr seems redundant.
 	if (value == nullptr)
 	{
 		// No record found, the caller should continue as usual.
 		locker->unlock();
-		return false;
+		return std::nullopt;
 	}
 
 	uint8_t flags = 0;
@@ -5721,9 +5556,7 @@ inline bool cWorker::acl_egress_try_keepstate(rte_mbuf* mbuf,
 	value->tcp.dst_flags |= flags;
 	locker->unlock();
 
-	// Handle the packet according its flow.
-	acl_egress_flow(mbuf, flow);
-	return true;
+	return {flow};
 }
 
 inline void cWorker::acl_egress_flow(rte_mbuf* mbuf, const common::globalBase::tFlow& flow)
@@ -5732,12 +5565,12 @@ inline void cWorker::acl_egress_flow(rte_mbuf* mbuf, const common::globalBase::t
 
 	if (flow.type == common::globalBase::eFlowType::controlPlane)
 	{
-		stats.acl_egress_dropPackets++;
+		stats->acl_egress_dropPackets++;
 		controlPlane(mbuf);
 	}
 	else if (flow.type == common::globalBase::eFlowType::drop)
 	{
-		stats.acl_egress_dropPackets++;
+		stats->acl_egress_dropPackets++;
 		drop(mbuf);
 	}
 	else if (metadata->flow.type == common::globalBase::eFlowType::logicalPort_egress || metadata->flow.type == common::globalBase::eFlowType::acl_egress)
@@ -5809,18 +5642,18 @@ inline void cWorker::controlPlane_handle()
 	     mbuf_i++)
 	{
 		rte_mbuf* mbuf = controlPlane_stack.mbufs[mbuf_i];
-		stats.ring_normalPriority_drops++;
+		stats->ring_normalPriority_drops++;
 		rte_pktmbuf_free(mbuf);
 	}
 
-	stats.ring_normalPriority_packets += count;
+	stats->ring_normalPriority_packets += count;
 
 	controlPlane_stack.clear();
 }
 
 inline void cWorker::drop(rte_mbuf* mbuf)
 {
-	stats.dropPackets++;
+	stats->dropPackets++;
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 
 	if (basePermanently.globalBaseAtomic->physicalPort_flags[metadata->fromPortId] & YANET_PHYSICALPORT_FLAG_DROP_DUMP)
@@ -5875,12 +5708,12 @@ inline void cWorker::slowWorker_entry_highPriority(rte_mbuf* mbuf,
 
 	if (rte_ring_sp_enqueue(ring_highPriority, (void*)mbuf))
 	{
-		stats.ring_highPriority_drops++;
+		stats->ring_highPriority_drops++;
 		rte_pktmbuf_free(mbuf);
 	}
 	else
 	{
-		stats.ring_highPriority_packets++;
+		stats->ring_highPriority_packets++;
 	}
 }
 
@@ -5902,12 +5735,12 @@ inline void cWorker::slowWorker_entry_normalPriority(rte_mbuf* mbuf,
 
 	if (rte_ring_sp_enqueue(ring_normalPriority, (void*)mbuf))
 	{
-		stats.ring_normalPriority_drops++;
+		stats->ring_normalPriority_drops++;
 		rte_pktmbuf_free(mbuf);
 	}
 	else
 	{
-		stats.ring_normalPriority_packets++;
+		stats->ring_normalPriority_packets++;
 	}
 }
 
@@ -5917,12 +5750,12 @@ inline void cWorker::slowWorker_entry_lowPriority(rte_mbuf* mbuf)
 
 	if (rte_ring_sp_enqueue(ring_lowPriority, (void*)mbuf))
 	{
-		stats.ring_lowPriority_drops++;
+		stats->ring_lowPriority_drops++;
 		rte_pktmbuf_free(mbuf);
 	}
 	else
 	{
-		stats.ring_lowPriority_packets++;
+		stats->ring_lowPriority_packets++;
 	}
 }
 
@@ -6060,7 +5893,7 @@ YANET_NEVER_INLINE void cWorker::slowWorkerFarmHandleFragment(rte_mbuf* mbuf)
 	metadata->repeat_ttl--;
 	if (metadata->repeat_ttl == 0)
 	{
-		stats.repeat_ttl++;
+		stats->repeat_ttl++;
 		rte_pktmbuf_free(mbuf);
 		return;
 	}
@@ -6074,7 +5907,11 @@ YANET_NEVER_INLINE void cWorker::slowWorkerFarmHandleFragment(rte_mbuf* mbuf)
 inline void cWorker::acl_touch_state(rte_mbuf* mbuf, dataplane::metadata* metadata, dataplane::globalBase::fw_state_value_t* value)
 {
 	value->last_seen = basePermanently.globalBaseAtomic->currentTime;
-	value->state_timeout = get_state_timeout(mbuf, metadata, acl_state_config);
+}
+
+inline void cWorker::acl_fill_state_timeout(rte_mbuf* mbuf, dataplane::metadata* metadata, dataplane::globalBase::fw_state_value_t* value, std::optional<uint32_t> timeout)
+{
+	value->state_timeout = timeout.has_value() ? timeout.value() : get_state_timeout(mbuf, metadata, acl_state_config);
 }
 
 inline void cWorker::balancer_touch_state(rte_mbuf* mbuf, dataplane::metadata* metadata, dataplane::globalBase::balancer_state_value_t* value)
@@ -6113,3 +5950,11 @@ inline uint32_t cWorker::get_state_timeout(rte_mbuf* mbuf, dataplane::metadata*
 	}
 	return state_timeout_config.default_timeout;
 }
+
+inline void cWorker::populate_hitcount_map(const std::string& id, rte_mbuf* mbuf)
+{
+	common::idp::hitcount_dump::Data& entry = dataPlane->hitcount_map_[id];
+
+	entry.count++;
+	entry.bytes += mbuf->pkt_len;
+}
diff --git a/dataplane/worker.h b/dataplane/worker.h
index e0352ee2..1ed5774f 100644
--- a/dataplane/worker.h
+++ b/dataplane/worker.h
@@ -9,6 +9,7 @@
 #include <rte_ring.h>
 
 #include "common/result.h"
+#include "common/sdpcommon.h"
 #include "common/tsc_deltas.h"
 #include "common/type.h"
 
@@ -18,8 +19,11 @@
 #include "samples.h"
 #include "sharedmemory.h"
 
-class cDataPlane;
-class mControlPlane;
+namespace dataplane
+{
+template<dataplane::FlowDirection Direction>
+struct ActionDispatcher;
+}
 
 namespace worker
 {
@@ -28,10 +32,7 @@ template<unsigned int TSize = CONFIG_YADECAP_MBUFS_BURST_SIZE>
 class tStack
 {
 public:
-	tStack() :
-	        mbufsCount(0)
-	{
-	}
+	tStack() = default;
 
 	inline void insert(rte_mbuf** mbufs, unsigned int mbufsCount)
 	{
@@ -51,7 +52,7 @@ class tStack
 	}
 
 public:
-	unsigned int mbufsCount;
+	unsigned int mbufsCount{};
 	rte_mbuf* mbufs[TSize];
 };
 
@@ -59,15 +60,19 @@ class tStack
 
 class cWorker
 {
+	unsigned int MempoolSize() const;
+
 public:
 	cWorker(cDataPlane* dataPlane);
 	~cWorker();
 
 	eResult init(const tCoreId& coreId, const dataplane::base::permanently& basePermanently, const dataplane::base::generation& base);
-
 	void start();
 
-	void fillStatsNamesToAddrsTable(std::unordered_map<std::string, uint64_t*>& table);
+	static void FillMetadataWorkerCounters(common::sdp::MetadataWorker& metadata);
+	void SetBufferForCounters(void* buffer, const common::sdp::MetadataWorker& metadata);
+
+	[[nodiscard]] const dataplane::base::generation& current_base() const { return bases[localBaseId & 1]; }
 
 protected:
 	eResult sanityCheck();
@@ -75,8 +80,11 @@ class cWorker
 	YANET_NEVER_INLINE void mainThread();
 
 	inline void calcHash(rte_mbuf* mbuf, uint8_t without_ports = 0);
+
+public:
 	void preparePacket(rte_mbuf* mbuf); ///< @todo: inline
 
+protected:
 	constexpr static uint32_t translation_ignore = 0xFFFFFFFFu;
 	inline void translation_ipv4_to_ipv6(rte_mbuf* mbuf, const ipv6_address_t& ipv6_source, const ipv6_address_t& ipv6_destination, const uint32_t port_source, const uint32_t port_destination, const uint32_t identifier);
 	inline void translation_ipv6_to_ipv4(rte_mbuf* mbuf, const ipv4_address_t& ipv4_source, const ipv4_address_t& ipv4_destination, const uint32_t port_source, const uint32_t port_destination, const uint32_t identifier);
@@ -85,7 +93,7 @@ class cWorker
 
 	inline void handlePackets();
 
-	inline void physicalPort_ingress_handle(const unsigned int& worker_port_i);
+	inline void physicalPort_ingress_handle(const dpdk::Endpoint& rx_point);
 
 	inline void physicalPort_egress_handle();
 
@@ -180,11 +188,12 @@ class cWorker
 	inline void balancer_touch_state(rte_mbuf* mbuf, dataplane::metadata* metadata, dataplane::globalBase::balancer_state_value_t* value);
 
 	/// fw state
-	inline bool acl_try_keepstate(rte_mbuf* mbuf);
-	inline bool acl_try_keepstate(rte_mbuf* mbuf, dataplane::globalBase::fw_state_value_t* value, dataplane::spinlock_nonrecursive_t* locker);
-	inline bool acl_egress_try_keepstate(rte_mbuf* mbuf);
-	inline bool acl_egress_try_keepstate(rte_mbuf* mbuf, dataplane::globalBase::fw_state_value_t* value, dataplane::spinlock_nonrecursive_t* locker);
-	inline void acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow);
+	using FlowFromState = std::optional<common::globalBase::tFlow>;
+	inline FlowFromState acl_checkstate(rte_mbuf* mbuf);
+	inline FlowFromState acl_checkstate(rte_mbuf* mbuf, dataplane::globalBase::fw_state_value_t* value, dataplane::spinlock_nonrecursive_t* locker);
+	inline FlowFromState acl_egress_checkstate(rte_mbuf* mbuf);
+	inline FlowFromState acl_egress_checkstate(rte_mbuf* mbuf, dataplane::globalBase::fw_state_value_t* value, dataplane::spinlock_nonrecursive_t* locker);
+	inline void acl_create_state(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow, std::optional<uint32_t> timeout);
 	inline void acl_state_emit(tAclId aclId, const dataplane::globalBase::fw_state_sync_frame_t& frame);
 
 	inline void acl_egress_entry(rte_mbuf* mbuf, tAclId aclId);
@@ -193,6 +202,7 @@ class cWorker
 	inline void acl_egress_flow(rte_mbuf* mbuf, const common::globalBase::tFlow& flow);
 	inline void acl_log(rte_mbuf* mbuf, const common::globalBase::tFlow& flow, tAclId aclId);
 	inline void acl_touch_state(rte_mbuf* mbuf, dataplane::metadata* metadata, dataplane::globalBase::fw_state_value_t* value);
+	inline void acl_fill_state_timeout(rte_mbuf* mbuf, dataplane::metadata* metadata, dataplane::globalBase::fw_state_value_t* value, std::optional<uint32_t> timeout);
 
 	inline void dregress_entry(rte_mbuf* mbuf);
 
@@ -210,24 +220,33 @@ class cWorker
 	inline uint32_t get_tcp_state_timeout(uint8_t flags, const dataplane::globalBase::state_timeout_config_t& state_timeout_config);
 	inline uint32_t get_state_timeout(rte_mbuf* mbuf, dataplane::metadata* metadata, const dataplane::globalBase::state_timeout_config_t& state_timeout_config);
 
+	inline void populate_hitcount_map(const std::string& id, rte_mbuf* mbuf);
+
 protected:
 	/// @todo: move to slow_worker_t
+public:
 	YANET_NEVER_INLINE void slowWorkerBeforeHandlePackets();
 	YANET_NEVER_INLINE void slowWorkerHandlePackets();
+
 	YANET_NEVER_INLINE void slowWorkerHandleFragment(rte_mbuf* mbuf);
 	YANET_NEVER_INLINE void slowWorkerFarmHandleFragment(rte_mbuf* mbuf);
+
 	YANET_NEVER_INLINE void slowWorkerAfterHandlePackets();
+
 	YANET_NEVER_INLINE void slowWorkerFlow(rte_mbuf* mbuf, const common::globalBase::tFlow& flow);
 	YANET_NEVER_INLINE void slowWorkerTranslation(rte_mbuf* mbuf, const dataplane::globalBase::tNat64stateless& nat64stateless, const dataplane::globalBase::nat64stateless_translation_t& translation, bool direction); /** true: ingress, false: egress */
+	const dataplane::base::generation& CurrentBase() { return bases[localBaseId & 1]; }
+	void IncrementCounter(common::globalBase::static_counter_type type) { counters[(uint32_t)type]++; }
+	[[nodiscard]] uint32_t CurrentTime() const { return basePermanently.globalBaseAtomic->currentTime; }
 
-public:
 	friend class cDataPlane;
 	friend class cReport;
 	friend class cControlPlane;
-	friend class mControlPlane;
 	friend class dregress_t;
 	friend class worker_gc_t;
 	friend class dataplane::globalBase::generation;
+	friend struct dataplane::ActionDispatcher<dataplane::FlowDirection::Ingress>;
+	friend struct dataplane::ActionDispatcher<dataplane::FlowDirection::Egress>;
 
 	cDataPlane* dataPlane;
 	tCoreId coreId;
@@ -319,19 +338,22 @@ class cWorker
 	worker::tStack<> after_early_decap_stack4;
 	worker::tStack<> after_early_decap_stack6;
 
+public:
 	rte_ring* ring_highPriority;
 	rte_ring* ring_normalPriority;
 	rte_ring* ring_lowPriority;
 	dataplane::perf::tsc_deltas* tsc_deltas;
 	rte_ring* ring_toFreePackets;
+	common::worker::stats::common& Stats() { return *stats; }
 
+protected:
 	rte_ring* ring_log;
 
-	common::worker::stats::common stats;
-	common::worker::stats::port statsPorts[CONFIG_YADECAP_PORTS_SIZE];
-	uint64_t bursts[CONFIG_YADECAP_MBUFS_BURST_SIZE + 1];
-	uint64_t counters[YANET_CONFIG_COUNTERS_SIZE];
-	uint64_t aclCounters[YANET_CONFIG_ACL_COUNTERS_SIZE];
+	common::worker::stats::common* stats;
+	common::worker::stats::port* statsPorts; // CONFIG_YADECAP_PORTS_SIZE
+	uint64_t* bursts; // CONFIG_YADECAP_MBUFS_BURST_SIZE + 1
+	uint64_t* counters; // YANET_CONFIG_COUNTERS_SIZE
+	uint64_t* aclCounters; // YANET_CONFIG_ACL_COUNTERS_SIZE
 
 	// will decrease with each new packet sent to slow worker, replenishes each N mseconds
 	int32_t packetsToSWNPRemainder;
diff --git a/dataplane/worker_gc.cpp b/dataplane/worker_gc.cpp
index 91e688d5..2a645aa4 100644
--- a/dataplane/worker_gc.cpp
+++ b/dataplane/worker_gc.cpp
@@ -1,29 +1,26 @@
-#include <thread>
-
 #include <rte_errno.h>
 #include <rte_ethdev.h>
 
 #include "common/counters.h"
 #include "common/fallback.h"
+#include "dataplane/globalbase.h"
+#include "dataplane/sdpserver.h"
+#include "dataplane/worker_gc.h"
 
-#include "dataplane.h"
-#include "worker.h"
-#include "worker_gc.h"
-
-worker_gc_t::worker_gc_t(cDataPlane* dataplane) :
-        dataplane(dataplane),
-        controlplane(nullptr),
+worker_gc_t::worker_gc_t(const ConfigValues& cfg, const PortToSocketArray& pts, SamplersVector&& samplers) :
         mempool(nullptr),
         core_id(-1),
         socket_id(-1),
         iteration(0),
         current_base_id(0),
         local_base_id(0),
-        ring_to_slowworker(nullptr),
-        ring_to_free_mbuf(nullptr),
-        callback_id(0)
+        toSlowWorker_(toSlowWorkers_.begin(), toSlowWorkers_.end()),
+        port_id_to_socket_id{pts},
+        samplers_{samplers},
+        callback_id(0),
+        gc_step{static_cast<uint32_t>(cfg.gc_step)},
+        sample_gc_step{static_cast<uint32_t>(cfg.sample_gc_step)}
 {
-	memset(counters, 0, sizeof(counters));
 }
 
 worker_gc_t::~worker_gc_t()
@@ -33,14 +30,14 @@ worker_gc_t::~worker_gc_t()
 		rte_mempool_free(mempool);
 	}
 
-	if (ring_to_slowworker)
+	for (auto& ring : toSlowWorkers_)
 	{
-		rte_ring_free(ring_to_slowworker);
+		ring.Destroy();
 	}
 
-	if (ring_to_free_mbuf)
+	for (auto& ring : toFree_)
 	{
-		rte_ring_free(ring_to_free_mbuf);
+		ring.Destroy();
 	}
 }
 
@@ -55,17 +52,6 @@ eResult worker_gc_t::init(const tCoreId& core_id,
 	this->bases[local_base_id] = base;
 	this->bases[local_base_id ^ 1] = base;
 
-	this->controlplane = dataplane->controlPlane.get();
-
-	for (const auto& [port_id, port] : dataplane->ports)
-	{
-		(void)port;
-		port_id_to_socket_id[port_id] = rte_eth_dev_socket_id(port_id);
-	}
-
-	gc_step = dataplane->getConfigValues().gc_step;
-	sample_gc_step = dataplane->getConfigValues().sample_gc_step;
-
 	mempool = rte_mempool_create(("wgc" + std::to_string(core_id)).data(),
 	                             CONFIG_YADECAP_MBUFS_COUNT + 3 * CONFIG_YADECAP_PORTS_SIZE * CONFIG_YADECAP_MBUFS_BURST_SIZE,
 	                             CONFIG_YADECAP_MBUF_SIZE,
@@ -83,44 +69,49 @@ eResult worker_gc_t::init(const tCoreId& core_id,
 		return eResult::errorInitMempool;
 	}
 
-	ring_to_slowworker = rte_ring_create(("r_tsw_" + std::to_string(core_id)).c_str(),
-	                                     dataplane->getConfigValues().ring_normalPriority_size,
-	                                     socket_id,
-	                                     RING_F_SP_ENQ | RING_F_SC_DEQ);
-	if (!ring_to_slowworker)
+	return eResult::success;
+}
+
+[[nodiscard]] std::optional<dpdk::RingConn<rte_mbuf*>> worker_gc_t::RegisterSlowWorker(const std::string& name,
+                                                                                       unsigned int capacity,
+                                                                                       unsigned int capacity_to_free)
+{
+	if (toSlowWorkers_.Full() || toFree_.Full())
 	{
-		return eResult::errorInitRing;
+		YANET_LOG_ERROR("Trying to assign to many workers to garbage collector on core %d\n", core_id);
+		return std::nullopt;
 	}
+	auto rs = dpdk::Ring<rte_mbuf*>::Make(
+	        "r_gc" + std::to_string(socket_id) + "_to_" + name,
+	        capacity,
+	        socket_id,
+	        RING_F_SP_ENQ | RING_F_SC_DEQ);
+	if (!rs)
+	{
+		return std::nullopt;
+	}
+
+	auto rf = dpdk::Ring<rte_mbuf*>::Make(
+	        "r_tfmb_gc" + std::to_string(socket_id) + "_from_" + name,
+	        capacity_to_free,
+	        socket_id,
+	        RING_F_SP_ENQ | RING_F_SC_DEQ);
 
-	ring_to_free_mbuf = rte_ring_create(("r_tfmb_" + std::to_string(core_id)).c_str(),
-	                                    dataplane->getConfigValues().ring_toFreePackets_size,
-	                                    socket_id,
-	                                    RING_F_SP_ENQ | RING_F_SC_DEQ);
-	if (!ring_to_free_mbuf)
+	if (!rf)
 	{
-		return eResult::errorInitRing;
+		rs.value().Destroy();
+		return std::nullopt;
 	}
 
-	return eResult::success;
+	toSlowWorkers_.push_back(rs.value());
+	toFree_.push_back(rf.value());
+
+	toSlowWorker_ = {toSlowWorkers_.begin(), toSlowWorkers_.end()};
+	return dpdk::RingConn<rte_mbuf*>{std::move(rs.value()), std::move(rf.value())};
 }
 
 void worker_gc_t::start()
 {
-	/// @todo: prepare
-
-	int rc;
-
-	rc = pthread_barrier_wait(&dataplane->runBarrier);
-	if (rc == PTHREAD_BARRIER_SERIAL_THREAD)
-	{
-		pthread_barrier_destroy(&dataplane->runBarrier);
-	}
-	else if (rc != 0)
-	{
-		YADECAP_LOG_ERROR("pthread_barrier_wait() = %d\n", rc);
-		abort();
-	}
-
 	thread();
 }
 
@@ -159,19 +150,37 @@ void worker_gc_t::limits(common::idp::limits::response& response) const
 	globalbase_atomic->updater.fw6_state.limits(response, "acl.state.v6.ht");
 }
 
-void worker_gc_t::fillStatsNamesToAddrsTable(std::unordered_map<std::string, uint64_t*>& table)
+void worker_gc_t::FillMetadataWorkerCounters(common::sdp::MetadataWorkerGc& metadata)
 {
-	table["broken_packets"] = &stats.broken_packets;
-	table["drop_packets"] = &stats.drop_packets;
-	table["ring_to_slowworker_packets"] = &stats.ring_to_slowworker_packets;
-	table["ring_to_slowworker_drops"] = &stats.ring_to_slowworker_drops;
-	table["fwsync_multicast_egress_packets"] = &stats.fwsync_multicast_egress_packets;
-	table["fwsync_multicast_egress_drops"] = &stats.fwsync_multicast_egress_drops;
-	table["fwsync_unicast_egress_packets"] = &stats.fwsync_unicast_egress_packets;
-	table["fwsync_unicast_egress_drops"] = &stats.fwsync_unicast_egress_drops;
-	table["drop_samples"] = &stats.drop_samples;
-	table["balancer_state_insert_failed"] = &stats.balancer_state_insert_failed;
-	table["balancer_state_insert_done"] = &stats.balancer_state_insert_done;
+	metadata.size = 0;
+	metadata.start_counters = common::sdp::SdrSever::GetStartData(YANET_CONFIG_COUNTERS_SIZE * sizeof(uint64_t), metadata.size);
+	metadata.start_stats = common::sdp::SdrSever::GetStartData(sizeof(common::worker_gc::stats_t), metadata.size);
+
+	// stats
+	static_assert(std::is_trivially_destructible<common::worker_gc::stats_t>::value, "invalid struct destructible");
+	std::map<std::string, uint64_t> counters_stats;
+	counters_stats["broken_packets"] = offsetof(common::worker_gc::stats_t, broken_packets);
+	counters_stats["drop_packets"] = offsetof(common::worker_gc::stats_t, drop_packets);
+	counters_stats["ring_to_slowworker_packets"] = offsetof(common::worker_gc::stats_t, ring_to_slowworker_packets);
+	counters_stats["ring_to_slowworker_drops"] = offsetof(common::worker_gc::stats_t, ring_to_slowworker_drops);
+	counters_stats["fwsync_multicast_egress_packets"] = offsetof(common::worker_gc::stats_t, fwsync_multicast_egress_packets);
+	counters_stats["fwsync_multicast_egress_drops"] = offsetof(common::worker_gc::stats_t, fwsync_multicast_egress_drops);
+	counters_stats["fwsync_unicast_egress_packets"] = offsetof(common::worker_gc::stats_t, fwsync_unicast_egress_packets);
+	counters_stats["fwsync_unicast_egress_drops"] = offsetof(common::worker_gc::stats_t, fwsync_unicast_egress_drops);
+	counters_stats["drop_samples"] = offsetof(common::worker_gc::stats_t, drop_samples);
+	counters_stats["balancer_state_insert_failed"] = offsetof(common::worker_gc::stats_t, balancer_state_insert_failed);
+	counters_stats["balancer_state_insert_done"] = offsetof(common::worker_gc::stats_t, balancer_state_insert_done);
+
+	for (const auto& iter : counters_stats)
+	{
+		metadata.counter_positions[iter.first] = (metadata.start_stats + iter.second) / sizeof(uint64_t);
+	}
+}
+
+void worker_gc_t::SetBufferForCounters(void* buffer, const common::sdp::MetadataWorkerGc& metadata)
+{
+	counters = common::sdp::ShiftBuffer<uint64_t*>(buffer, metadata.start_counters);
+	stats = common::sdp::ShiftBuffer<common::worker_gc::stats_t*>(buffer, metadata.start_stats);
 }
 
 YANET_INLINE_NEVER void worker_gc_t::thread()
@@ -234,11 +243,8 @@ void worker_gc_t::handle_nat64stateful_gc()
 		const auto& nat64stateful = base.globalBase->nat64statefuls[wan_key.nat64stateful_id];
 
 		/// check other wan tables
-		for (unsigned int numa_i = 0;
-		     numa_i < YANET_CONFIG_NUMA_SIZE;
-		     numa_i++)
+		for (auto globalbase_atomic : base_permanently.globalBaseAtomics)
 		{
-			auto* globalbase_atomic = base_permanently.globalBaseAtomics[numa_i];
 			if (globalbase_atomic == base_permanently.globalBaseAtomic)
 			{
 				continue;
@@ -248,8 +254,8 @@ void worker_gc_t::handle_nat64stateful_gc()
 				break;
 			}
 
-			dataplane::globalBase::nat64stateful_wan_value* wan_value_lookup;
-			dataplane::spinlock_nonrecursive_t* wan_locker;
+			dataplane::globalBase::nat64stateful_wan_value* wan_value_lookup = nullptr;
+			dataplane::spinlock_nonrecursive_t* wan_locker = nullptr;
 			globalbase_atomic->nat64stateful_wan_state->lookup(wan_key, wan_value_lookup, wan_locker);
 			if (wan_value_lookup)
 			{
@@ -270,18 +276,15 @@ void worker_gc_t::handle_nat64stateful_gc()
 		lan_key.port_destination = wan_key.port_source;
 
 		/// check lan tables
-		for (unsigned int numa_i = 0;
-		     numa_i < YANET_CONFIG_NUMA_SIZE;
-		     numa_i++)
+		for (auto globalbase_atomic : base_permanently.globalBaseAtomics)
 		{
-			auto* globalbase_atomic = base_permanently.globalBaseAtomics[numa_i];
 			if (globalbase_atomic == nullptr)
 			{
 				break;
 			}
 
-			dataplane::globalBase::nat64stateful_lan_value* lan_value_lookup;
-			dataplane::spinlock_nonrecursive_t* lan_locker;
+			dataplane::globalBase::nat64stateful_lan_value* lan_value_lookup = nullptr;
+			dataplane::spinlock_nonrecursive_t* lan_locker = nullptr;
 			globalbase_atomic->nat64stateful_lan_state->lookup(lan_key, lan_value_lookup, lan_locker);
 			if (lan_value_lookup)
 			{
@@ -419,11 +422,8 @@ void worker_gc_t::handle_balancer_gc()
 				auto value = *iter.value();
 				iter.unlock();
 
-				for (unsigned int numa_i = 0;
-				     numa_i < YANET_CONFIG_NUMA_SIZE;
-				     numa_i++)
+				for (auto globalbase_atomic_other : base_permanently.globalBaseAtomics)
 				{
-					dataplane::globalBase::atomic* globalbase_atomic_other = base_permanently.globalBaseAtomics[numa_i];
 					if (globalbase_atomic_other == nullptr)
 					{
 						break;
@@ -437,9 +437,9 @@ void worker_gc_t::handle_balancer_gc()
 					bool saved = true;
 					bool updated = false;
 
-					dataplane::globalBase::balancer_state_value_t* ht_value;
-					dataplane::spinlock_nonrecursive_t* locker;
-					uint32_t old_real_id;
+					dataplane::globalBase::balancer_state_value_t* ht_value = nullptr;
+					dataplane::spinlock_nonrecursive_t* locker = nullptr;
+					uint32_t old_real_id = 0;
 
 					uint32_t hash = globalbase_atomic_other->balancer_state->lookup(*iter.key(), ht_value, locker);
 					if (ht_value)
@@ -457,7 +457,7 @@ void worker_gc_t::handle_balancer_gc()
 
 					if (saved)
 					{
-						stats.balancer_state_insert_done++;
+						stats->balancer_state_insert_done++;
 						const auto& real_from_base = base.globalBase->balancer_reals[value.real_unordered_id];
 						if (updated)
 						{
@@ -475,7 +475,7 @@ void worker_gc_t::handle_balancer_gc()
 					}
 					else
 					{
-						stats.balancer_state_insert_failed++;
+						stats->balancer_state_insert_failed++;
 					}
 				}
 
@@ -609,6 +609,22 @@ void worker_gc_t::handle_acl_gc()
 
 			iter.unlock();
 		}
+		else
+		{
+			// The entry is invalid, likely due to a call to clearFWState().
+			iter.lock();
+			auto key = *iter.key();
+			iter.unlock();
+
+			common::idp::getFWState::key_t fw_key(
+			        std::uint8_t(key.proto),
+			        {rte_be_to_cpu_32(key.src_addr.address)},
+			        {rte_be_to_cpu_32(key.dst_addr.address)},
+			        key.src_port,
+			        key.dst_port);
+
+			fw_state_remove_stack.emplace_back(fw_key);
+		}
 	}
 
 	if (fw4_state_gc.offset == 0)
@@ -717,6 +733,22 @@ void worker_gc_t::handle_acl_gc()
 
 			iter.unlock();
 		}
+		else
+		{
+			// The entry is invalid, likely due to a call to clearFWState().
+			iter.lock();
+			auto key = *iter.key();
+			iter.unlock();
+
+			common::idp::getFWState::key_t fw_key(
+			        std::uint8_t(key.proto),
+			        {key.src_addr.bytes},
+			        {key.dst_addr.bytes},
+			        key.src_port,
+			        key.dst_port);
+
+			fw_state_remove_stack.emplace_back(fw_key);
+		}
 	}
 
 	if (fw6_state_gc.offset == 0)
@@ -817,7 +849,7 @@ void worker_gc_t::handle_acl_sync()
 				rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool);
 				if (mbuf_clone == nullptr)
 				{
-					stats.fwsync_multicast_egress_drops++;
+					stats->fwsync_multicast_egress_drops++;
 					continue;
 				}
 
@@ -829,8 +861,9 @@ void worker_gc_t::handle_acl_sync()
 				mbuf_clone->data_len = mbuf->data_len;
 				mbuf_clone->pkt_len = mbuf->pkt_len;
 
-				stats.fwsync_multicast_egress_packets++;
-				send_to_slowworker(mbuf_clone, flow);
+				stats->fwsync_multicast_egress_packets++;
+				utils::SetFlow(mbuf_clone, flow);
+				SendToSlowWorker(mbuf_clone);
 			}
 
 			if (!fw_state_config.ipv6_address_unicast.empty())
@@ -845,7 +878,7 @@ void worker_gc_t::handle_acl_sync()
 				rte_mbuf* mbuf_clone = rte_pktmbuf_alloc(mempool);
 				if (mbuf_clone == nullptr)
 				{
-					stats.fwsync_unicast_egress_drops++;
+					stats->fwsync_unicast_egress_drops++;
 				}
 				else
 				{
@@ -857,8 +890,9 @@ void worker_gc_t::handle_acl_sync()
 					mbuf_clone->data_len = mbuf->data_len;
 					mbuf_clone->pkt_len = mbuf->pkt_len;
 
-					stats.fwsync_unicast_egress_packets++;
-					send_to_slowworker(mbuf_clone, fw_state_config.ingress_flow);
+					stats->fwsync_unicast_egress_packets++;
+					utils::SetFlow(mbuf_clone, fw_state_config.ingress_flow);
+					SendToSlowWorker(mbuf_clone);
 				}
 			}
 		}
@@ -908,18 +942,12 @@ void worker_gc_t::handle_callbacks()
 void worker_gc_t::handle_free_mbuf()
 {
 	rte_mbuf* mbufs[CONFIG_YADECAP_MBUFS_BURST_SIZE];
-	unsigned int mbufs_count;
-
-	mbufs_count = rte_ring_sc_dequeue_burst(ring_to_free_mbuf,
-	                                        (void**)mbufs,
-	                                        CONFIG_YADECAP_MBUFS_BURST_SIZE,
-	                                        nullptr);
-	for (unsigned int mbuf_i = 0;
-	     mbuf_i < mbufs_count;
-	     mbuf_i++)
+	unsigned int mbufs_count = 0;
+
+	for (auto& ring : toFree_)
 	{
-		rte_mbuf* mbuf = mbufs[mbuf_i];
-		rte_pktmbuf_free(mbuf);
+		mbufs_count = ring.DequeueBurstSC(mbufs);
+		rte_pktmbuf_free_bulk(mbufs, mbufs_count);
 	}
 }
 
@@ -932,7 +960,7 @@ inline bool worker_gc_t::is_timeout(const uint32_t timestamp,
 inline void worker_gc_t::correct_timestamp(uint16_t& timestamp,
                                            const uint16_t last_seen_max)
 {
-	uint16_t last_seen = (uint16_t)(current_time - timestamp);
+	auto last_seen = (uint16_t)(current_time - timestamp);
 	if (last_seen > last_seen_max)
 	{
 		timestamp = (uint16_t)(current_time - last_seen_max);
@@ -948,11 +976,8 @@ void worker_gc_t::nat64stateful_remove_state(const dataplane::globalBase::nat64s
                                              const dataplane::globalBase::nat64stateful_wan_key& wan_key)
 {
 	/// remove on other numas
-	for (unsigned int numa_i = 0;
-	     numa_i < YANET_CONFIG_NUMA_SIZE;
-	     numa_i++)
+	for (auto globalbase_atomic : base_permanently.globalBaseAtomics)
 	{
-		auto* globalbase_atomic = base_permanently.globalBaseAtomics[numa_i];
 		if (globalbase_atomic == base_permanently.globalBaseAtomic)
 		{
 			continue;
@@ -974,37 +999,16 @@ void worker_gc_t::nat64stateful_remove_state(const dataplane::globalBase::nat64s
 	}
 }
 
-void worker_gc_t::send_to_slowworker(rte_mbuf* mbuf,
-                                     const common::globalBase::eFlowType& flow_type)
+void worker_gc_t::SendToSlowWorker(rte_mbuf* mbuf)
 {
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-	metadata->flow.type = flow_type;
-
-	if (rte_ring_sp_enqueue(ring_to_slowworker, (void*)mbuf))
-	{
-		stats.ring_to_slowworker_drops++;
-		rte_pktmbuf_free(mbuf);
-	}
-	else
-	{
-		stats.ring_to_slowworker_packets++;
-	}
-}
-
-void worker_gc_t::send_to_slowworker(rte_mbuf* mbuf,
-                                     const common::globalBase::tFlow& flow)
-{
-	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
-	metadata->flow = flow;
-
-	if (rte_ring_sp_enqueue(ring_to_slowworker, (void*)mbuf))
+	if (toSlowWorker_->EnqueueSP(mbuf))
 	{
-		stats.ring_to_slowworker_drops++;
+		stats->ring_to_slowworker_drops++;
 		rte_pktmbuf_free(mbuf);
 	}
 	else
 	{
-		stats.ring_to_slowworker_packets++;
+		stats->ring_to_slowworker_packets++;
 	}
 }
 
@@ -1017,40 +1021,35 @@ void worker_gc_t::handle_samples()
 
 	std::lock_guard<std::mutex> guard(samples_mutex);
 
-	for (const auto& iter : dataplane->workers)
+	for (auto sampler : samplers_)
 	{
-		if (iter.second->socketId != socket_id)
-			continue;
-
-		auto& sampler = iter.second->sampler;
-
-		sampler.visit6([this](auto& sample) {
+		sampler->visit6([this](auto& sample) {
 			if (samples.size() < YANET_CONFIG_SAMPLES_SIZE * 8)
 			{
 				samples.emplace(sample.proto, sample.in_logicalport_id, sample.out_logicalport_id, sample.src_port, sample.dst_port, sample.src_addr.bytes, sample.dst_addr.bytes);
 			}
 			else
 			{
-				stats.drop_samples++;
+				stats->drop_samples++;
 			}
 		});
-		sampler.visit4([this](auto& sample) {
+		sampler->visit4([this](auto& sample) {
 			if (samples.size() < YANET_CONFIG_SAMPLES_SIZE * 8)
 			{
 				samples.emplace(sample.proto, sample.in_logicalport_id, sample.out_logicalport_id, sample.src_port, sample.dst_port, rte_be_to_cpu_32(sample.src_addr.address), rte_be_to_cpu_32(sample.dst_addr.address));
 			}
 			else
 			{
-				stats.drop_samples++;
+				stats->drop_samples++;
 			}
 		});
-		sampler.clear();
+		sampler->clear();
 	}
 
 	if (samples_current_base_id != current_base_id)
 	{
 		// config changed, aclId may be invalid now
-		stats.drop_samples += samples.size();
+		stats->drop_samples += samples.size();
 		samples.clear();
 		samples_current_base_id = current_base_id;
 	}
@@ -1096,11 +1095,8 @@ void worker_gc_t::nat64stateful_state(const common::idp::nat64stateful_state::re
 			uint16_t wan_last_seen = calc_last_seen(wan_value.timestamp_last_packet);
 
 			/// check other wan tables
-			for (unsigned int numa_i = 0;
-			     numa_i < YANET_CONFIG_NUMA_SIZE;
-			     numa_i++)
+			for (auto globalbase_atomic : base_permanently.globalBaseAtomics)
 			{
-				auto* globalbase_atomic = base_permanently.globalBaseAtomics[numa_i];
 				if (globalbase_atomic == base_permanently.globalBaseAtomic)
 				{
 					continue;
@@ -1110,8 +1106,8 @@ void worker_gc_t::nat64stateful_state(const common::idp::nat64stateful_state::re
 					break;
 				}
 
-				dataplane::globalBase::nat64stateful_wan_value* wan_value_lookup;
-				dataplane::spinlock_nonrecursive_t* wan_locker;
+				dataplane::globalBase::nat64stateful_wan_value* wan_value_lookup = nullptr;
+				dataplane::spinlock_nonrecursive_t* wan_locker = nullptr;
 				globalbase_atomic->nat64stateful_wan_state->lookup(wan_key, wan_value_lookup, wan_locker);
 				if (wan_value_lookup)
 				{
@@ -1131,18 +1127,15 @@ void worker_gc_t::nat64stateful_state(const common::idp::nat64stateful_state::re
 			lan_key.port_destination = wan_key.port_source;
 
 			/// check lan tables
-			for (unsigned int numa_i = 0;
-			     numa_i < YANET_CONFIG_NUMA_SIZE;
-			     numa_i++)
+			for (auto globalbase_atomic : base_permanently.globalBaseAtomics)
 			{
-				auto* globalbase_atomic = base_permanently.globalBaseAtomics[numa_i];
 				if (globalbase_atomic == nullptr)
 				{
 					break;
 				}
 
-				dataplane::globalBase::nat64stateful_lan_value* lan_value_lookup;
-				dataplane::spinlock_nonrecursive_t* lan_locker;
+				dataplane::globalBase::nat64stateful_lan_value* lan_value_lookup = nullptr;
+				dataplane::spinlock_nonrecursive_t* lan_locker = nullptr;
 				globalbase_atomic->nat64stateful_lan_state->lookup(lan_key, lan_value_lookup, lan_locker);
 				if (lan_value_lookup)
 				{
diff --git a/dataplane/worker_gc.h b/dataplane/worker_gc.h
index 0243662d..074fb6df 100644
--- a/dataplane/worker_gc.h
+++ b/dataplane/worker_gc.h
@@ -5,16 +5,23 @@
 
 #include "base.h"
 #include "common.h"
+#include "common/sdpcommon.h"
+#include "config_values.h"
 #include "hashtable.h"
+#include "samples.h"
+#include "utils.h"
 
 #include "common/generation.h"
 #include "common/idp.h"
+#include "common/static_vector.h"
 #include "hashtable.h"
 
 class worker_gc_t
 {
 public:
-	worker_gc_t(cDataPlane* dataplane);
+	using PortToSocketArray = std::array<tSocketId, CONFIG_YADECAP_PORTS_SIZE>;
+	using SamplersVector = utils::StaticVector<samples::Sampler*, YANET_CONFIG_MAX_SAMPLED_WORKERS_PER_GC>;
+	worker_gc_t(const ConfigValues& cfg, const PortToSocketArray& pts, SamplersVector&& samplers);
 	~worker_gc_t();
 
 	eResult init(const tCoreId& core_id, const tSocketId& socket_id, const dataplane::base::permanently& base_permanently, const dataplane::base::generation& base);
@@ -26,7 +33,8 @@ class worker_gc_t
 
 	void limits(common::idp::limits::response& response) const;
 
-	void fillStatsNamesToAddrsTable(std::unordered_map<std::string, uint64_t*>& table);
+	static void FillMetadataWorkerCounters(common::sdp::MetadataWorkerGc& metadata);
+	void SetBufferForCounters(void* buffer, const common::sdp::MetadataWorkerGc& metadata);
 
 protected:
 	YANET_INLINE_NEVER void thread();
@@ -44,14 +52,15 @@ class worker_gc_t
 
 	void nat64stateful_remove_state(const dataplane::globalBase::nat64stateful_lan_key& lan_key, const dataplane::globalBase::nat64stateful_wan_key& wan_key);
 
-	void send_to_slowworker(rte_mbuf* mbuf, const common::globalBase::eFlowType& flow_type);
-	void send_to_slowworker(rte_mbuf* mbuf, const common::globalBase::tFlow& flow);
+	void SendToSlowWorker(rte_mbuf* mbuf);
 
 	void handle_samples();
 
 public:
-	cDataPlane* dataplane;
-	cControlPlane* controlplane;
+	[[nodiscard]] std::optional<dpdk::RingConn<rte_mbuf*>> RegisterSlowWorker(const std::string& name,
+	                                                                          unsigned int capacity,
+	                                                                          unsigned int capacity_to_free);
+
 	rte_mempool* mempool;
 	tCoreId core_id;
 	tSocketId socket_id;
@@ -59,18 +68,20 @@ class worker_gc_t
 	uint32_t current_base_id;
 	uint32_t local_base_id;
 	dataplane::base::permanently base_permanently;
-	common::worker_gc::stats_t stats;
+	common::worker_gc::stats_t* stats;
 	dataplane::base::generation bases[2];
 
 	YADECAP_CACHE_ALIGNED(align1);
 
-	rte_ring* ring_to_slowworker;
-	rte_ring* ring_to_free_mbuf;
+	utils::StaticVector<dpdk::Ring<rte_mbuf*>, YANET_CONFIG_MAX_SLOW_WORKERS_PER_GC> toSlowWorkers_;
+	utils::StaticVector<dpdk::Ring<rte_mbuf*>, YANET_CONFIG_MAX_SLOW_WORKERS_PER_GC> toFree_;
+	utils::RoundRobinIterator<decltype(toSlowWorkers_)::iterator> toSlowWorker_;
 
-	tSocketId port_id_to_socket_id[CONFIG_YADECAP_PORTS_SIZE];
+	PortToSocketArray port_id_to_socket_id;
 
 	YADECAP_CACHE_ALIGNED(align2);
 
+	SamplersVector samplers_;
 	std::set<common::idp::samples::sample_t> samples;
 	uint32_t samples_current_base_id;
 	std::mutex samples_mutex;
@@ -94,7 +105,7 @@ class worker_gc_t
 	generation_manager<common::idp::balancer_real_connections::connections> balancer_real_connections;
 	generation_manager<dataplane::hashtable_mod_spinlock_stats> balancer_state_stats;
 
-	uint64_t counters[YANET_CONFIG_COUNTERS_SIZE];
+	uint64_t* counters; // YANET_CONFIG_COUNTERS_SIZE
 
 	uint32_t current_time;
 	dataplane::hashtable_gc_t nat64stateful_lan_state_gc;
diff --git a/ext/xxhash32.h b/ext/xxhash32.h
index e801f503..857ad54a 100644
--- a/ext/xxhash32.h
+++ b/ext/xxhash32.h
@@ -163,13 +163,13 @@ class XXHash32
   uint64_t      totalLength;
 
   /// rotate bits, should compile to a single CPU instruction (ROL)
-  static inline uint32_t rotateLeft(uint32_t x, unsigned char bits)
+  static uint32_t rotateLeft(uint32_t x, unsigned char bits)
   {
     return (x << bits) | (x >> (32 - bits));
   }
 
   /// process a block of 4x4 bytes, this is the main part of the XXHash32 algorithm
-  static inline void process(const void* data, uint32_t& state0, uint32_t& state1, uint32_t& state2, uint32_t& state3)
+  static void process(const void* data, uint32_t& state0, uint32_t& state1, uint32_t& state2, uint32_t& state3)
   {
     const uint32_t* block = (const uint32_t*) data;
     state0 = rotateLeft(state0 + block[0] * Prime2, 13) * Prime1;
diff --git a/libfwparser/fw_config.cpp b/libfwparser/fw_config.cpp
index b8568b04..e756fa21 100644
--- a/libfwparser/fw_config.cpp
+++ b/libfwparser/fw_config.cpp
@@ -16,17 +16,13 @@ using namespace ipfw;
 			std::cerr << "DEBUG: " << __func__ << ": " << msg << std::endl; \
 	} while (0)
 
-fw_config_t::fw_config_t(int step)
+fw_config_t::fw_config_t(int step) :
+        m_curr_entity(entity_type::NONE), m_debug(0), m_ruleid_last(0), m_ruleno_last(0)
 {
 	// use limits like in FreeBSD kernel
 	const auto value = std::clamp(step, 1, 1000);
 
-	m_debug = 0;
-	m_ruleid_last = 0;
-	m_ruleno_last = 0;
 	m_ruleno_step = value;
-
-	m_curr_entity = entity_type::NONE;
 	m_curr_rule = std::make_shared<rule_t>();
 	m_prev_rule = nullptr;
 
@@ -273,7 +269,7 @@ void fw_config_t::set_fqdn(const std::string& s)
 
 		location = {(unsigned int)l.begin.line, m_fileno.top()};
 		addresses.clear();
-		(void)used;
+		YANET_GCC_BUG_UNUSED(used);
 	}
 	else
 	{
@@ -545,6 +541,11 @@ std::string trim_spaces(const std::string& str)
 
 void fw_config_t::fill_rule_text(void)
 {
+	if (m_curr_rule->implicit_check_state)
+	{
+		add_implicit_check_state_rule();
+	}
+
 	m_curr_rule->text = trim_spaces(m_lexer.m_line);
 	m_curr_rule->location.lineno = m_location.top().begin.line;
 	m_curr_rule->location.fileno = m_fileno.top();
@@ -552,18 +553,7 @@ void fw_config_t::fill_rule_text(void)
 	m_curr_rule->ruleid = ++m_ruleid_last;
 
 	FW_CONF_DEBUG(m_curr_rule->text);
-	// user may specify rule number, if it is greather than
-	// last added, use it for automatic numeration
-	if (m_curr_rule->ruleno > m_ruleno_last)
-	{
-		m_ruleno_last = m_curr_rule->ruleno;
-	}
-	// if rulenumber is not specified, use automatic numeration
-	if (m_curr_rule->ruleno == 0)
-	{
-		m_curr_rule->ruleno = m_ruleno_last + m_ruleno_step;
-		m_ruleno_last = m_curr_rule->ruleno;
-	}
+	fill_rule_number_if_needed();
 	m_rules[m_curr_rule->ruleno].emplace_back(m_curr_rule);
 	m_prev_rule = m_curr_rule;
 	m_curr_rule = std::make_shared<rule_t>();
@@ -657,7 +647,7 @@ void fw_config_t::add_rule_table(const std::string& name)
 
 	for (const auto& [prefix, label] : std::get<tables::prefix_skipto_t>(table))
 	{
-		(void)label;
+		YANET_GCC_BUG_UNUSED(label);
 		add_rule_addr(prefix);
 	}
 }
@@ -832,8 +822,12 @@ void fw_config_t::add_rule_opcode(const rule_t::opcode_arg_t& value)
 		case rule_t::opcode_t::DIRECTION:
 			m_curr_rule->direction |= std::get<uint32_t>(value);
 			break;
+		case rule_t::opcode_t::RECORDSTATE:
+			m_curr_rule->recordstate = true;
+			break;
 		case rule_t::opcode_t::KEEPSTATE:
-			m_curr_rule->keepstate = true;
+			m_curr_rule->implicit_check_state = true;
+			m_curr_rule->recordstate = true;
 			break;
 		case rule_t::opcode_t::IPID:
 			break;
@@ -889,6 +883,48 @@ void fw_config_t::add_rule_opcode(const rule_t::opcode_arg_t& value)
 	}
 }
 
+void fw_config_t::fill_rule_number_if_needed()
+{
+	// user may specify rule number, if it is greather than
+	// last added, use it for automatic numeration
+	if (m_curr_rule->ruleno > m_ruleno_last)
+	{
+		m_ruleno_last = m_curr_rule->ruleno;
+	}
+	// if rulenumber is not specified, use automatic numeration
+	if (m_curr_rule->ruleno == 0)
+	{
+		m_curr_rule->ruleno = m_ruleno_last + m_ruleno_step;
+		m_ruleno_last = m_curr_rule->ruleno;
+	}
+}
+
+void fw_config_t::add_implicit_check_state_rule()
+{
+	// Save the current rule
+	auto current_rule = m_curr_rule;
+
+	// Create a new check-state rule
+	m_curr_rule = std::make_shared<rule_t>();
+	set_rule_action(rule_action_t::CHECKSTATE);
+	m_curr_rule->ruleno = current_rule->ruleno;
+	m_curr_rule->location = current_rule->location;
+	m_curr_rule->location.implicitly_generated_rule = true;
+	m_curr_rule->ruleid = ++m_ruleid_last;
+	m_curr_rule->text = "check-state";
+
+	fill_rule_number_if_needed();
+
+	// Add the check-state rule like fill_rule_text method does
+	m_rules[m_curr_rule->ruleno].emplace_back(m_curr_rule);
+
+	// Restore the original rule
+	m_curr_rule = current_rule;
+
+	// Reset rule number for automatic generation
+	m_curr_rule->ruleno = 0;
+}
+
 void fw_config_t::set_rule_flag(uint32_t flag)
 {
 	FW_CONF_DEBUG("flag " << flag);
@@ -1023,7 +1059,15 @@ std::string fw_config_t::format_location(const location_history_t& loc)
 	{
 		filename = "UNKNOWN";
 	}
-	return filename + ":" + std::to_string(loc.lineno);
+
+	std::string location_str = filename + ":" + std::to_string(loc.lineno);
+
+	if (loc.implicitly_generated_rule)
+	{
+		return "This rule is implicit, generated by the rule at " + location_str;
+	}
+
+	return location_str;
 }
 
 bool fw_config_t::resolve_labels()
@@ -1098,6 +1142,9 @@ bool fw_config_t::validate_rule(rule_ptr_t rulep)
 		case rule_action_t::DENY:
 		case rule_action_t::SKIPTO:
 		case rule_action_t::DUMP:
+		case rule_action_t::CHECKSTATE:
+		case rule_action_t::STATETIMEOUT:
+		case rule_action_t::HITCOUNT:
 			break;
 		default:
 			return true;
@@ -1151,7 +1198,7 @@ bool fw_config_t::validate()
 	}
 	for (auto& [ruleno, rules] : m_rules)
 	{
-		(void)ruleno;
+		YANET_GCC_BUG_UNUSED(ruleno);
 		for (auto rulep : rules)
 		{
 			if (!validate_rule(rulep))
diff --git a/libfwparser/fw_config.h b/libfwparser/fw_config.h
index f51f3a0e..7a8f701d 100644
--- a/libfwparser/fw_config.h
+++ b/libfwparser/fw_config.h
@@ -39,6 +39,7 @@ using location_history_t = struct location_history
 {
 	size_t lineno; // line number in the config file
 	size_t fileno; // file number in the history
+	bool implicitly_generated_rule = false; // flag for implicitly generated rules
 };
 
 using label_info_t = std::tuple<unsigned int, // ruleno
@@ -169,6 +170,8 @@ enum class rule_action_t
 	SRCPRJID,
 	DSTPRJID,
 	DUMP,
+	STATETIMEOUT,
+	HITCOUNT,
 };
 
 enum class rule_action_modifier_t
@@ -216,6 +219,7 @@ struct rule_t
 	enum class opcode_t
 	{
 		DIRECTION,
+		RECORDSTATE,
 		KEEPSTATE,
 		IPID,
 		IPLEN,
@@ -299,7 +303,8 @@ struct rule_t
 
 	location_history_t location; // file:lineno
 	rule_state_t state = rule_state_t::UNKNOWN;
-	bool keepstate = false;
+	bool recordstate = false;
+	bool implicit_check_state = false;
 	bool log = false; // has log option
 	unsigned int logamount = 0; // log limit
 	unsigned int setno = 0; // set number
@@ -427,11 +432,11 @@ class fw_config_t
 
 	void set_fqdn(const std::string&);
 	void fill_fqdn(const common::ip_address_t&);
-	const auto& resolve_fqdn(const std::string& s) const
+	[[nodiscard]] const auto& resolve_fqdn(const std::string& s) const
 	{
 		return std::get<1>(m_dns_cache.at(s));
 	}
-	const auto& resolve_macro(const std::string& s) const
+	[[nodiscard]] const auto& resolve_macro(const std::string& s) const
 	{
 		return std::get<1>(m_macros.at(s));
 	}
@@ -449,6 +454,7 @@ class fw_config_t
 	{
 		m_curr_rule->log = true;
 	}
+	void fill_rule_number_if_needed();
 	void fill_rule_proto(uint8_t);
 	void fill_rule_proto(const std::string&);
 	void fill_rule_ipver(rule_t::ip_version_t ver);
@@ -498,8 +504,22 @@ class fw_config_t
 	void set_rule_flag(uint32_t);
 	void clear_rule_flag(uint32_t);
 
+	/**
+	 * @brief Adds an implicit check-state rule.
+	 *
+	 * This function creates a check-state rule based on the current rule's
+	 * configuration. The newly created rule is marked as implicitly generated
+	 * and is inserted into the rules list. After adding the check-state rule,
+	 * the original rule configuration is restored, and the rule number is reset
+	 * for automatic generation.
+	 *
+	 * This is used to handle the `keep-state` option, which requires an implicit
+	 * check-state rule to be added before the original rule.
+	 */
+	void add_implicit_check_state_rule();
+
 	std::string format_location(const location_history_t& loc);
-	const auto& labels() const
+	[[nodiscard]] const auto& labels() const
 	{
 		return m_labels;
 	}
diff --git a/libfwparser/fw_lexer.cpp b/libfwparser/fw_lexer.cpp
index cad85fed..e5773853 100644
--- a/libfwparser/fw_lexer.cpp
+++ b/libfwparser/fw_lexer.cpp
@@ -110,7 +110,7 @@ fw_lexer_t::make_IP6PRJID(const std::string& s, fw_parser_t::location_type& l)
 	common::ipv6_address_t addr;
 	std::string tmp = s;
 	uint32_t prjid = 0;
-	int prefixlen, prjid_prefixlen = 32;
+	int prefixlen = 0, prjid_prefixlen = 32;
 
 	// handle addresses with holes in masks 1407@2a02:6b8:c00::/40
 	auto pos = tmp.find("@");
diff --git a/libfwparser/fw_parser.y b/libfwparser/fw_parser.y
index 5c06b966..88c606cc 100644
--- a/libfwparser/fw_parser.y
+++ b/libfwparser/fw_parser.y
@@ -108,7 +108,7 @@
 		REASS CONFIG BW WEIGHT BUCKETS MASK SCHEDMASK NOERROR PLR
 		DROPTAIL FLOWID PDELAY SCHED FLOWMASK LINK PRIORITY TYPE
 		VALTYPE ALGO FIB PROFILE BURST CHECKSTATE FWD LOG LOGAMOUNT
-		LOGDST SETUP ESTABLISHED FRAG MF RF DF OFFSET KEEPSTATE
+		LOGDST SETUP ESTABLISHED FRAG MF RF DF OFFSET RECORDSTATE KEEPSTATE
 		ICMPTYPES ICMP6TYPES FROM TO ME ME6 ANY IN OUT VIA XMIT
 		RECV OR NOT LIMIT TABLE TCPFLAGS TCPOPTIONS T_IP T_IP4 T_IP6
 		IPLEN IPID IPOPTIONS IPTOS IPTTL TCPDATALEN TCPSEQ TCPWIN
@@ -131,6 +131,7 @@
 		SRCPRJID DSTPRJID RED ALL LMAX DSTIP6 SRCIP6 TCPSETMSS
 		NAT64CLAT NAT64LSN NAT64STL NPTV6 SRCADDR QM DSTADDR
 		SRCPORT DSTPORT SRCIP DSTIP EQUAL COMMA MINUS EOL M4LQ M4RQ DUMP
+		STATETIMEOUT HITCOUNT
 
 // QUEUE could be an argument to *MASK
 %precedence	QUEUE
@@ -505,6 +506,18 @@ action:
 		cfg.set_rule_action(rule_action_t::DUMP);
 	}
 	|
+	STATETIMEOUT NUMBER
+	{
+		cfg.set_rule_action(rule_action_t::STATETIMEOUT);
+		cfg.set_rule_action_arg($2);
+	}
+	|
+	HITCOUNT TOKEN
+	{
+		cfg.set_rule_action(rule_action_t::HITCOUNT);
+		cfg.set_rule_action_arg($2);
+	}
+	|
 	T_REJECT
 	{
 		cfg.set_rule_action(rule_action_t::UNREACH);
@@ -1260,6 +1273,12 @@ optiontoken:
 	}
 	icmptypes
 	|
+	recordstate
+	{
+		cfg.set_rule_opcode(rule_t::opcode_t::RECORDSTATE);
+		cfg.add_rule_opcode(1);
+	}
+	|
 	keepstate
 	{
 		cfg.set_rule_opcode(rule_t::opcode_t::KEEPSTATE);
@@ -1451,6 +1470,11 @@ fragtoken:
 		cfg.clear_rule_flag(rule_t::ipoff_flags_t::OFFSET);
 	}
 	;
+recordstate:
+	RECORDSTATE
+	|
+	RECORDSTATE LABEL
+	;
 keepstate:
 	KEEPSTATE
 	|
diff --git a/libfwparser/token.l b/libfwparser/token.l
index 1bdda844..c15fe169 100644
--- a/libfwparser/token.l
+++ b/libfwparser/token.l
@@ -110,6 +110,8 @@ permit			return ipfw::fw_parser_t::make_ALLOW(*ploc);
 deny_in			return ipfw::fw_parser_t::make_DENY_IN(*ploc);
 deny|drop		return ipfw::fw_parser_t::make_DENY(*ploc);
 dump			return ipfw::fw_parser_t::make_DUMP(*ploc);
+state-timeout	return ipfw::fw_parser_t::make_STATETIMEOUT(*ploc);
+hitcount		return ipfw::fw_parser_t::make_HITCOUNT(*ploc);
 reject			return ipfw::fw_parser_t::make_T_REJECT(*ploc);
 unreach			return ipfw::fw_parser_t::make_UNREACH(*ploc);
 unreach6		return ipfw::fw_parser_t::make_UNREACH6(*ploc);
@@ -162,6 +164,7 @@ mf			return ipfw::fw_parser_t::make_MF(*ploc);
 rf			return ipfw::fw_parser_t::make_RF(*ploc);
 df			return ipfw::fw_parser_t::make_DF(*ploc);
 offset			return ipfw::fw_parser_t::make_OFFSET(*ploc);
+record-state		return ipfw::fw_parser_t::make_RECORDSTATE(*ploc);
 keep-state		return ipfw::fw_parser_t::make_KEEPSTATE(*ploc);
 icmptype|icmptypes	return ipfw::fw_parser_t::make_ICMPTYPES(*ploc);
 icmp6type|icmp6types	return ipfw::fw_parser_t::make_ICMP6TYPES(*ploc);
diff --git a/librib/libyabird.cpp b/librib/libyabird.cpp
index abc464f0..04767c88 100644
--- a/librib/libyabird.cpp
+++ b/librib/libyabird.cpp
@@ -7,7 +7,6 @@
 
 #include "common/define.h"
 #include "common/icontrolplane.h"
-#include "common/result.h"
 #include "common/type.h"
 
 #include "libyabird.h"
@@ -180,12 +179,12 @@ void libyabird_t::update(yanet_data_t* data)
 		std::set<common::community_t> attribute_communities;
 		std::set<common::large_community_t> attribute_large_communities;
 		std::vector<uint32_t> labels;
-		node* n;
-		yanet_prefix_t* p;
-		yanet_u32_t* uptr;
+		node* n = nullptr;
+		yanet_prefix_t* p = nullptr;
+		yanet_u32_t* uptr = nullptr;
 		uint32_t attribute_local_preference = 0;
 		uint32_t attribute_med = 0;
-		uint32_t i;
+		uint32_t i = 0;
 
 		if (data->flags & YANET_ORIGIN)
 			attribute_origin = std::string(data->origin);
@@ -259,7 +258,7 @@ void libyabird_t::update(yanet_data_t* data)
 				WALK_LIST(n, data->prefixes)
 				{
 					common::ip_prefix_t prefix;
-					size_t pos;
+					size_t pos = 0;
 
 					p = reinterpret_cast<yanet_prefix_t*>(n);
 
@@ -306,7 +305,7 @@ void libyabird_t::update(yanet_data_t* data)
 			WALK_LIST(n, data->withdraw)
 			{
 				common::ip_prefix_t prefix;
-				size_t pos;
+				size_t pos = 0;
 
 				p = reinterpret_cast<yanet_prefix_t*>(n);
 
@@ -375,7 +374,7 @@ yanet_open(void)
 	{
 		std::cerr << __func__ << " failed" << std::endl;
 	}
-	return (NULL);
+	return (nullptr);
 }
 
 extern "C" void
diff --git a/librib/libyabird.h b/librib/libyabird.h
index d7214a73..464794e0 100644
--- a/librib/libyabird.h
+++ b/librib/libyabird.h
@@ -1,6 +1,7 @@
 #ifndef _LIBYABIRD_H_
 #define _LIBYABIRD_H_
 
+#include <cstdint>
 #ifdef __cplusplus
 /*
  * Simple LIST implementation used in bird2.
@@ -96,7 +97,7 @@ extern "C"
 };
 #else /* __cplusplus */
 
-//#define	YANET_DEBUG
+// #define	YANET_DEBUG
 
 #ifdef YANET_DEBUG
 #include <cstdio>
diff --git a/logger/main.cpp b/logger/main.cpp
index 8510606d..dbacd0db 100644
--- a/logger/main.cpp
+++ b/logger/main.cpp
@@ -1,5 +1,5 @@
+#include <csignal>
 #include <fstream>
-#include <signal.h>
 #include <systemd/sd-daemon.h>
 #include <thread>
 
@@ -9,9 +9,9 @@
 #include <rte_ring.h>
 #include <rte_version.h>
 
+#include "common/define.h"
 #include "common/icontrolplane.h"
 #include "common/idataplane.h"
-#include "common/result.h"
 #include "common/type.h"
 
 #include "dataplane/samples.h"
@@ -42,13 +42,13 @@ int initLogger()
 	auto response = dataplane.getConfig();
 	auto& workers = std::get<1>(response);
 
-	for (auto it : workers)
+	for (auto& [core, workers_vector] : workers)
 	{
-		auto coreId = it.first;
-		auto ring = rte_ring_lookup(("r_log_" + std::to_string(coreId)).c_str());
-		if (ring != NULL)
+		YANET_GCC_BUG_UNUSED(workers_vector);
+		auto ring = rte_ring_lookup(("r_log_" + std::to_string(core)).c_str());
+		if (ring != nullptr)
 		{
-			YANET_LOG_DEBUG("found log ring on #%u core\n", coreId);
+			YANET_LOG_DEBUG("found log ring on #%u core\n", core);
 
 			rings.push_back(ring);
 		}
@@ -90,8 +90,8 @@ int runLogger()
 
 	interface::controlPlane controlplane;
 
-	uint32_t size = 1024;
-	samples::sample_t* samples[size];
+	constexpr uint32_t size = 1024;
+	std::array<samples::sample_t*, size> samples;
 
 	std::map<uint32_t, common::icp::getAclConfig::response> configs;
 
@@ -151,7 +151,7 @@ int runLogger()
 				if (aclConfig != nullptr)
 				{
 					auto& [serial, ifaces, rules] = *aclConfig;
-					(void)serial;
+					YANET_GCC_BUG_UNUSED(serial);
 
 					auto it = ifaces.find(sample->acl_id);
 					if (it != ifaces.end())
@@ -169,14 +169,14 @@ int runLogger()
 				}
 
 				std::cout << "{"
-				          << "\"action\":\"" << common::globalBase::eFlowType_toString(sample->action) << "\","
+				          << R"("action":")" << common::globalBase::eFlowType_toString(sample->action) << "\","
 				          << "\"rule_ids\":[" << rule_ids << "],"
 				          << "\"direction\":" << (direction ? "\"in\"" : "\"out\"") << ","
-				          << "\"iface\":\"" << iface << "\","
+				          << R"("iface":")" << iface << "\","
 				          << "\"proto\":" << (int)sample->proto << ","
-				          << "\"src_addr\":\"" << src_addr.toString() << "\","
+				          << R"("src_addr":")" << src_addr.toString() << "\","
 				          << "\"src_port\":" << sample->src_port << ","
-				          << "\"dst_addr\":\"" << dst_addr.toString() << "\","
+				          << R"("dst_addr":")" << dst_addr.toString() << "\","
 				          << "\"dst_port\":" << sample->dst_port << "}\n";
 
 				rte_mempool_put(mempool, sample);
@@ -232,82 +232,84 @@ int loadConfig(const std::string& path)
 	return 0;
 }
 
-int main(int argc,
-         char** argv)
+int main(int argc, char** argv)
 {
 	int config = argc;
 	for (int i = 1; i < argc; i++)
 	{
-		if (strcmp(argv[i], "-d") == 0)
+		std::string_view arg{argv[i]};
+		if (arg == "-d")
 		{
 			common::log::logPriority = common::log::TLOG_DEBUG;
 		}
-		else if (strcmp(argv[i], "-c") == 0)
+		else if (arg == "-c")
 		{
 			config = i + 1;
 		}
 	}
+
 	if (config >= argc)
 	{
 		std::cout << "usage: " << argv[0] << " [-d] -c <logger.conf>" << std::endl;
 		return 1;
 	}
+
 	int ret = loadConfig(argv[config]);
 	if (ret != 0)
 	{
 		return ret;
 	}
 
-	std::vector<const char*> args;
+	std::vector<std::string> args;
 	args.push_back(argv[0]);
-	args.push_back("--proc-type=secondary");
+	args.emplace_back("--proc-type=secondary");
 
 	std::string filePrefix = "--file-prefix=";
+	if (const char* pointer = std::getenv("YANET_FILEPREFIX"))
 	{
-		char* pointer = getenv("YANET_FILEPREFIX");
-		if (pointer)
-		{
-			filePrefix += pointer;
-		}
-		else
-		{
-			char* pointer = getenv("YANET_PREFIX");
-			if (pointer)
-			{
-				filePrefix += pointer;
-			}
-		}
+		filePrefix += pointer;
 	}
+	else if (const char* pointer = std::getenv("YANET_PREFIX"))
+	{
+		filePrefix += pointer;
+	}
+
 	if (filePrefix.size() > std::string("--file-prefix=").size())
 	{
-		args.push_back(filePrefix.data());
+		args.push_back(filePrefix);
 	}
 
 #if (RTE_VER_YEAR < 20) || (RTE_VER_YEAR == 20 && RTE_VER_MONT < 11)
-	const char masterLcore[] = "--master-lcore";
+	const std::string masterLcore = "--master-lcore";
 #else
-	const char masterLcore[] = "--main-lcore";
+	const std::string masterLcore = "--main-lcore";
 #endif
 
 	std::string masterLcoreId = std::to_string(loggerCoreId);
-
 	args.push_back(masterLcore);
-	args.push_back(masterLcoreId.data());
+	args.push_back(masterLcoreId);
 
 	YANET_LOG_DEBUG("eal args:\n");
-	for (uint32_t i = 0; i < args.size(); ++i)
+	for (const auto& arg : args)
+	{
+		YANET_LOG_DEBUG("%s\n", arg.c_str());
+	}
+
+	// Use std::vector<char*> and copy the data into it for passing to rte_eal_init
+	std::vector<char*> c_args;
+	for (auto& arg : args)
 	{
-		YANET_LOG_DEBUG("%s\n", args[i]);
+		c_args.push_back(const_cast<char*>(arg.c_str()));
 	}
 
-	ret = rte_eal_init(args.size(), (char**)args.data());
+	ret = rte_eal_init(static_cast<int>(c_args.size()), c_args.data());
 	if (ret < 0)
 	{
 		YANET_LOG_ERROR("rte_eal_init() = %d\n", ret);
 		return 2;
 	}
 
-	if (signal(SIGPIPE, handleSignal) == SIG_ERR)
+	if (std::signal(SIGPIPE, handleSignal) == SIG_ERR)
 	{
 		return 3;
 	}
diff --git a/meson.build b/meson.build
index ccbee825..25d116b3 100644
--- a/meson.build
+++ b/meson.build
@@ -35,6 +35,8 @@ add_global_arguments(compiler_args, language: 'cpp')
 
 add_global_arguments('-DGOOGLE_PROTOBUF_NO_RTTI', language: 'cpp')
 
+add_project_link_arguments('-lnuma', language : 'cpp')
+
 add_global_arguments('-Wno-unused-parameter', language: 'cpp')
 
 if target_option.contains('librib')
@@ -60,9 +62,12 @@ if target_option.contains('buildenv')
     subdir('parser')
     subdir_done()
 elif target_option.contains('unittest')
+    subdir('libprotobuf')
     subdir('libfwparser')
     subdir('dataplane/unittest')
     subdir('controlplane/unittest')
+    subdir('cli/unittest')
+    subdir('common/unittest')
     subdir_done()
 endif
 
diff --git a/parser/fw_dump.cpp b/parser/fw_dump.cpp
index 67452ed4..c1c75c70 100644
--- a/parser/fw_dump.cpp
+++ b/parser/fw_dump.cpp
@@ -11,7 +11,7 @@ void fw_dump_t::dump_dnscache()
 		const auto& [lh, addresses, actual] = values;
 		bool comma = false;
 
-		(void)lh;
+		YANET_GCC_BUG_UNUSED(lh);
 		std::cerr << fqdn << " ";
 		for (const auto& addr : addresses)
 		{
@@ -33,7 +33,7 @@ void fw_dump_t::dump_tables()
 	{
 		const auto& [lh, table] = values;
 
-		(void)lh;
+		YANET_GCC_BUG_UNUSED(lh);
 		std::cerr << "table " << name << " create type " << types[table.index()] << std::endl;
 		if (std::holds_alternative<tables::prefix_skipto_t>(table))
 		{
@@ -64,7 +64,7 @@ void fw_dump_t::dump_macros()
 		const auto& [lh, prefixes, used] = values;
 		bool comma = false;
 
-		(void)lh;
+		YANET_GCC_BUG_UNUSED(lh);
 		if (!used)
 		{
 			// comment unused macros
@@ -239,7 +239,7 @@ void fw_dump_t::dump_rule(rule_ptr_t rulep)
 	{
 		std::cerr << "# frag = set(" << std::hex << (int)rulep->ipoff_setflags << "), clear(" << (int)rulep->ipoff_clearflags << ")" << std::dec << std::endl;
 	}
-	std::cerr << "# keepstate = " << rulep->keepstate << std::endl;
+	std::cerr << "# recordstate = " << rulep->recordstate << std::endl;
 	if (rulep->direction == rule_t::direction_t::IN)
 		std::cerr << "# direction = IN" << std::endl;
 	else if (rulep->direction == rule_t::direction_t::OUT)
@@ -250,7 +250,7 @@ void fw_dump_t::dump_rule(rule_ptr_t rulep)
 		std::cerr << "# via: ";
 		for (const auto& [name, how] : rulep->ifaces)
 		{
-			(void)how;
+			YANET_GCC_BUG_UNUSED(how);
 			if (many)
 				std::cerr << " or ";
 			std::cerr << name;
@@ -264,7 +264,7 @@ void fw_dump_t::dump_rule(rule_ptr_t rulep)
 		std::cerr << "# via table: ";
 		for (const auto& [how, tables] : rulep->iface_tables)
 		{
-			(void)how;
+			YANET_GCC_BUG_UNUSED(how);
 			for (const auto& name : tables)
 			{
 				if (comma)
@@ -283,7 +283,7 @@ void fw_dump_t::dump_rules()
 	std::cerr << "#----------------------------------------" << std::endl;
 	for (auto& [ruleno, rules] : m_conf->m_rules)
 	{
-		(void)ruleno;
+		YANET_GCC_BUG_UNUSED(ruleno);
 		for (auto rulep : rules)
 		{
 			dump_rule(rulep);
diff --git a/parser/fw_dump.h b/parser/fw_dump.h
index 7551b19e..1b74f5aa 100644
--- a/parser/fw_dump.h
+++ b/parser/fw_dump.h
@@ -1,6 +1,7 @@
 #pragma once
 
-#include "fw_parser.h"
+#include "libfwparser/fw_config.h"
+#include "libfwparser/fw_parser.h"
 #include <memory>
 
 namespace ipfw
diff --git a/parser/main.cpp b/parser/main.cpp
index 279558ff..d06dc146 100644
--- a/parser/main.cpp
+++ b/parser/main.cpp
@@ -36,9 +36,9 @@ int main(int argc, char* argv[])
 {
 	std::shared_ptr<ipfw::fw_config_t> config;
 	std::string dname, fname, mname;
-	bool cmd_mode, quiet_mode, test_mode, dump, success, sanity;
+	bool cmd_mode = false, quiet_mode = false, test_mode = false, dump = false, success = false, sanity = false;
 	int verbose_level = 0;
-	char ch;
+	char ch = 0;
 
 	cmd_mode = quiet_mode = test_mode = dump = sanity = false;
 	while (!cmd_mode && (ch = getopt(argc, argv, "d:f:c:m:Dqsvnh")) != -1)
@@ -98,12 +98,12 @@ int main(int argc, char* argv[])
 	config->set_debug(verbose_level);
 
 	/*
-     * For -c option we concatenate all remaining arguments into
-     * single spaces delimited string and pass it to the parser.
-     *
-     * NOTE: the order of scheduled files is matter. DNS cache
-     * should be scheduled last, then it will be processed first.
-     */
+	 * For -c option we concatenate all remaining arguments into
+	 * single spaces delimited string and pass it to the parser.
+	 *
+	 * NOTE: the order of scheduled files is matter. DNS cache
+	 * should be scheduled last, then it will be processed first.
+	 */
 	if (cmd_mode)
 	{
 		/* Rule from command line arguments */
diff --git a/unwind/unwind.cpp b/unwind/unwind.cpp
index 0fa8a3a9..8bac5586 100644
--- a/unwind/unwind.cpp
+++ b/unwind/unwind.cpp
@@ -1,7 +1,6 @@
 #include <cerrno>
 #include <cstdlib>
 #include <cstring>
-#include <fstream>
 #include <iostream>
 #include <memory>
 #include <string>
@@ -12,8 +11,8 @@
 #include <unistd.h>
 
 #include "common/type.h"
-#include "controlplane/src/acl.h"
-#include "controlplane/src/acl/rule.h"
+#include "controlplane/acl.h"
+#include "controlplane/acl/rule.h"
 
 auto make_default_acl(tAclId aclId = 1)
 {
@@ -90,7 +89,7 @@ int main(int argc, char* argv[])
 	common::acl::iface_map_t ifmap;
 	std::set<std::string> oif, iif;
 	std::string fname;
-	char ch;
+	char ch = 0;
 
 	while ((ch = getopt(argc, argv, "f:o:i:hI")) != -1)
 	{
diff --git a/yanet-announcer.py b/yanet-announcer.py
index 6318b450..cd1e9098 100755
--- a/yanet-announcer.py
+++ b/yanet-announcer.py
@@ -7,6 +7,7 @@
 import logging
 import signal
 import subprocess
+import ipaddress
 import textwrap
 import time
 import typing
@@ -67,7 +68,7 @@ def get(command: str) -> typing.List[typing.Dict[str, str]]:
         # don't use generator output, because LRU cache return wrong response
         parsed_output: typing.List[typing.Dict[str, str]] = []
 
-        out = subprocess.check_output(command, shell=True).decode("ascii").splitlines()
+        out = subprocess.check_output(command, shell=True, stderr=subprocess.DEVNULL).decode("ascii").splitlines()
         if len(out) <= 1:
             return parsed_output
 
@@ -146,18 +147,36 @@ def bgp_remove_ipv6(prefix):
             Executer.run(command)
 
 
-def bgp_update(prefix):
-    if ":" in prefix:
-        bgp_update_ipv6(prefix)
-    else:
-        bgp_update_ipv4(prefix)
+def bgp_update(prefix_list):
+    for prefix in prefix_list:
+        try:
+            parsed = ipaddress.ip_network(prefix)
+            if parsed.version == 6:
+                bgp_update_ipv6(prefix)
+            else:
+                bgp_update_ipv4(prefix)
+        except Exception as error:
+            if "firewall" in prefix:
+                bgp_update_ipv6(prefix)
+                LOGGER.info("Update bgp with custom prefix: %s", prefix)
+            else:
+                LOGGER.error("Can not update bgp prefix: %s with error: %s", prefix, error)
 
 
-def bgp_remove(prefix):
-    if ":" in prefix:
-        bgp_remove_ipv6(prefix)
-    else:
-        bgp_remove_ipv4(prefix)
+def bgp_remove(prefix_list):
+    for prefix in prefix_list:
+        try:
+            parsed = ipaddress.ip_network(prefix)
+            if parsed.version == 6:
+                bgp_remove_ipv6(prefix)
+            else:
+                bgp_remove_ipv4(prefix)
+        except Exception as error:
+            if "firewall" in prefix:
+                bgp_remove_ipv6(prefix)
+                LOGGER.info("Remove bgp with custom prefix: %s", prefix)
+            else:
+                LOGGER.error("Can not remove bgp prefix: %s with error: %s", prefix, error)
 
 
 def get_announces(types):
@@ -458,7 +477,8 @@ def main():
         signal.signal(signal.SIGTERM, signal_handler)
 
     current_prefixes = []
-    report_counter: int = 0
+    report_config_counter: int = 0
+    report_getannounces_counter: int = 0
     is_firewall_machine: bool = False
 
     try:
@@ -475,10 +495,11 @@ def main():
 
         try:
             update_config()
+            report_config_counter = 0
         except Exception as error:
-            if report_counter % 25 == 0:
+            if report_config_counter == 0:
                 LOGGER.error("Fail: %s", error)
-            report_counter += 1
+            report_config_counter = 1
             time.sleep(1)
             continue
 
@@ -489,34 +510,33 @@ def main():
 
                 if check_module(module):
                     prefixes.extend(module["announces"])
-        except:
-            pass
+            report_getannounces_counter = 0
+        except Exception as error:
+            if report_getannounces_counter == 0:
+                LOGGER.error("Can not get announces with error: %s", error)
+                report_getannounces_counter = 1
+            if len(current_prefixes) > 0:
+                LOGGER.warning(
+                    "Problem with get_announce(dp/cp in down state?), remove current announces: %s", current_prefixes
+                )
+                bgp_remove(current_prefixes)
+                current_prefixes = []
+            continue
 
         if is_firewall_machine and check_firewall_module():
             prefixes.extend(["firewall::/128"])
 
-        for prefix in list(set(prefixes) - set(current_prefixes)):
-            try:
-                bgp_update(prefix)
-            except:
-                pass
+        bgp_update(list(set(prefixes) - set(current_prefixes)))
 
-        for prefix in list(set(current_prefixes) - set(prefixes)):
-            try:
-                bgp_remove(prefix)
-            except:
-                pass
+        bgp_remove(list(set(current_prefixes) - set(prefixes)))
 
         if not OPTIONS.daemon:
             return
 
         current_prefixes = prefixes
         if SIGNAL_RECV:
-            for prefix in current_prefixes:
-                try:
-                    bgp_remove(prefix)
-                except:
-                    pass
+            LOGGER.warning("Detect SIGNAL_RECV, remove announces and exit...")
+            bgp_remove(current_prefixes)
             return
 
         time.sleep(1)