mirror/nlnetlabs-routinator
1
0
Fork 0
mirror of https://github.com/NLnetLabs/routinator.git synced 2024-05-19 06:50:04 +00:00
Code Issues Releases Activity
nlnetlabs-routinator/Changelog.md
Martin Hoffmann 404e84f7f1 Bump version.
2020-10-19 13:26:39 +02:00

29 KiB
Raw Blame History

Change Log

Unreleased future version

Breaking Changes

New

Bug Fixes

Other Changes

0.8.0 Strikes and Gutters, Ups and Downs

Released 2020-10-19.

There have been no changes since RC2.

0.8.0-rc2

Released 2020-10-09.

Bug Fixes

  • Apply unsafe filter (if requested) also on subsequent validation runs in server mode. (#407)
  • Update all metrics on all validation runs. (#407)
  • Show the status code instead of -1 in RRDP status metrics. (#408)

Other Changes

  • Improve log message when listing resources being added to the unsafe filter list. (#406)

0.8.0-rc1

Released 2020-10-07.

Breaking Changes

  • Validation now follows the rules suggested by draft-ietf-sidrops-6486bis: Any invalid object mentioned on the manifest will lead to the issuing CA and all its objects being rejected. However, unlike suggested by the draft, Routinator currently will not fall back to cached older versions of the CAs objects that may still be valid. In addition, unknown RPKI object types are currently accepted with a warning logged. This behaviour can be changed via the unknown-types policy option. (#371, #401)
  • Similarly, CRL handling has been tightened significantly. Each CA must now have exactly one CRL which must be the one stated in the manifests EE certificate. Any violation will lead to the whole CA being rejected with the same consequences as above. (#397)
  • The default for dealing with stale objects has been changed to reject in accordance with the same draft. (#387)
  • Parsing of local exception files is now more strict in accordance with RFC 8416. Any additional member in the JSON objects will lead to an error. However, error reporting has been greatly improved and now the line and column of an error will be indicated. (#372)
  • The alias --allow-dubios-hosts for the correctly spelled option has been removed. (#384)
  • The minimal supported Rust version is now 1.42.0.

New

  • All VRPs overlapping with resources from rejected CAs dubbed unsafe VRPs can filtered via the new unsafe-vrps option. Doing so will avoid situations were routes become RPKI invalid if their VRPs are split over multiple CAs or there are less specific ROAs. By default, unsafe VRPs are only warned about. (#377, #400)
  • New metrics for the VRPs produced and filtered on the various TALs. (#377)
  • The logging output of the latest validation run is now available via the HTTP services /log endpoint. (#396)
  • TCP keep-alive is now supported and enabled by default on RTR connections as suggested by RFC 8210. It can be disabled and its idle time changed from the default 60 seconds via the new rtr-tcp-keepalive command line and config file option. (#390)
  • The pid-file, working-dir, chroot, user, and group config file and server command options now also work without the --detach command line option. (#392)
  • The init command will now change ownership of the cache directory if the user and group options are set via config file or command line options. (#392)
  • Irrelevant log messages from libraries are now also filtered when using syslog logging. (#385)
  • Release builds will now abort on panic, i.e., when an unexpected internal condition is detected. This ensures that there wont be a Routinator in a coma. (#394)
  • The feature rta enables the new command rta for validating Resource Tagged Assertions as described in draft-michaelson-rpki-rta. This feature is not enabled by default and needs to be activated by adding the option --features rta to the Cargo build command.

Bug Fixes

  • Update start and end times will not change between consecutive metrics reports any more. (#389)
  • Local exceptions will now be loaded before starting a validation run both in vrps and server mode instead of discarding the run after it finished when loading fails. In server mode, we now wait 10 seconds after loading local exceptions fails and try again instead of repeatedly starting validation runs and discarding them. (594186c)
  • EE certificates encountered in the repository are now validated as router certificates rather than regular RPKI EE certificates. (#398)

Other Changes

  • Logging has been cleaned up. The meaning of the four log levels is now better defined see the man page and all log output has been reassigned accordingly. (#396)

0.7.1 Moonlight and Love Songs

Released 2020-06-15.

There have been no changes since RC2.

0.7.1-rc2

Released 2020-06-10.

Other Changes

  • Update the ARIN TAL to include the HTTPS URIs of their trust anchor certificate. (#347)

0.7.1-rc1

Released 2020-06-09.

New

  • The HTTP /status command now contains a version field showing the Routinator version running. [(#342)]

Bug Fixes

  • Prefer HTTPS URIs in TALs if RRDP is enabled. The order of URIs with the same scheme is maintained. (#343)
  • Fix a typo in the --allow-dubious-hosts option which was actually expected to be spelled as --allow-dubios-hosts. This dubious spelling is kept as an alias until the next breaking release. (#339)

Dependencies

  • Remove the pin on Tokio and set the minimum version to 0.2.21. (#340)

Other Changes

  • Update the AFRINIC, APNIC and RIPE NCC TALs to include HTTPS URIs for their trust anchor certificates. (#331, #344, #345)

0.7.0 Your Time Starts … Now

Released 2020-05-06.

There have been no changes since RC3.

0.7.0-rc3

Dependencies

  • Pinned Tokio to 0.2.13. There have been reports of issues with automatic cooperative task yielding introduced in 0.2.14, so we will stick with 0.2.13 for this release. (#321)

0.7.0-rc2

Bug Fixes

  • Bind listening sockets before possibly dropping privileges while detaching. (#313, discovered by @alarig).
  • Re-enable Tokios threaded runtime. (#315)

0.7.0-rc1

Breaking Changes

  • Routinator now filters out rsync URIs and RRDP URIs that contain dubious host names that should not be present in the public RPKI. In this version they are localhost, any IP address, and any URI with the port explicitly specified. This filter can be disabled via the --allow-dubious-hosts command line and config option for test deployments. (#293)
  • Only CRLs mentioned on the manifest are now considered when checking any published objects except for the manifest itself. If the hash of the CRL on the manifest does not match the CRL, it is rejected. Objects referencing a CRL that is not on a manifest or has a hash mismatch are rejected. [(#299)]
  • The minimal supported Rust version is now 1.39.0.

New

  • The new option --stale allows selecting a policy for dealing with stale objects i.e., manifests and CRLs that are past their next-update date. The policies are reject, warn, and accept. The previous hard-coded policy of warn, i.e., accept but log a warning, is the default. (#288)
  • New output formats bird and bird2 which produce a roa table for Bird 1 and a route table for Bird 2, respectively. (#290, by @netravnen)
  • New output format csvcompat which produces CSV output as similar to that of the RIPE NCC Validator as possible. (#292)
  • The new config file option tal-labels allows defining explicit names to be used when TALs are referenced in output. This way, the output can be made to be even more similar to that produced by the RIPE NCC Validator. (#291)
  • The csvext output format is now also available via the HTTP server at the /csvext path. (#294)
  • New metrics for the status of the RTR and HTTP servers. (#298)
  • New metric of the number of stale objects encountered in the last validation run. (#298)

Other Changes

  • Update to Rusts new asynchronous IO framework for the RTR and HTTP servers. Repository synchronization and validation remain synchronous atop a thread pool. (#282)
  • Changed concurrency strategy for repository update and validation. Previously, each trust anchor was updated and validated synchronously. Now processing of a CA is deferred if its repository publication point hasnt been updated yet. Processing is then picked up by the next available worker thread. This should guarantee that all worker threads are busy all the time. ([#284)]
  • Optimized what information to keep for each ROA, bringing maximum memory consumption down to about a quarter. (#293)
  • The Docker image now wraps Routinator into tini for properly dealing with signals and child processes. (#277)

0.6.4 Jeepers

Bug Fixes

  • Fixes an issue where Routinator occasionally gets completely stuck. (#255)

0.6.3 That Escalated Fast

New

  • Reload TALs and restart validation via SIGUSR1 on Unix systems. (#241, thanks to Veit Heller!)

Bug Fixes

  • RRDP requests failed with a timeout if Routinator was started in detached server mode (server -d). (#250, discovered by Will McLendon)
  • Fix spelling of routinator_rrdp_duration metrics definition. (#248)

0.6.2 Distillers Edition

New

  • Added a --disable-rsync command line and disable-rsync configuration file option to, well, disable rsync. (#229)

Bug Fixes

  • Fall back to rsync data if RRDP data is missing in no-update mode. (This only caused trouble if you are fabricating a repository cache directory from rsync-only data.) (#223)
  • Try creating the parent directories before moving a file published via RRDP delta to its final location. This avoids regular fallback to snapshots. (#227)
  • Consider previously manipulated files when processing a sequence of multiple RRDP deltas. This avoids occasional fallback to snapshots. (#228)
  • Fixed a decoding error in manifests which caused certain manifests (which dont seem to be existing in the wild currently) to be rejected. (via rpki-rs #78)
  • The /rpsl endpoint of the HTTP server accidentally produced CSV output. (#238)
  • Produce a formatting of the time elements of RPSL with a stable length. This will result in the RPSL output via the HTTP server to be correct and also decreases the size of the RPSL output by about twenty percent. (#243)

Other Changes

  • Suppressing debug log from some dependencies for stderr and file logging. (#224)

0.6.1 Philosophy Is Tricky

New

  • RRDP access statistics are now also shown in the /status HTTP endpoint. They were already part of the Prometheus metrics. (#218)

Bug Fixes

  • The RTR serial number was not increased when new data became available. (#215)

Other changes

  • The RRDP client will not complain if it cant read a non-existing state file anymore as this is a completely normal situation. (#217)

Dependencies

0.6.0 Pink Sombrero

Breaking Changes

  • Removed the rsync-count command line and configuration file option. This option is now unused as modules are now rsynced only when they are actually accessed. (#187)
  • The default value for refresh has been lowered to 600 seconds. (#191)
  • The refresh time placed in the RTR End-of-data PDU is now calculated from the time until the next validation run is expected to finish. (#193)
  • The listeners for RTR and HTTP in server mode are now started right away and report an error until the first validation has finished. (#203)

New

  • Routinator now supports RRDP for synchronizing repository content. (#187)
  • Restructured repository directory. The rsync data now lives in a sub-directory called rsync. The main repository directory will now be kept clean and all unexpected files removed. (#187)
  • In server mode, the repository will be refreshed and re-validated when the first object expires. (#191)
  • Protection against loops in the CA structure: Routinator checks that any subject key identifier only appears once in the chain from a trust anchor to a CA certificate. (#192)
  • Routinator now explicitly skips .cer files that arent CA certificates before even trying to validate them. This already happened before because these files failed validation. (#194)
  • New options user and group for setting the user and group names a detached server process should be run as. (#213)

Bug Fixes

  • Fixed crash if the TAL directory is empty. Routinator will complain but run since there could be local exceptions. (#212)

0.5.0 Why Not Try a Holiday in Sweden This Year?

Breaking Changes

  • Prometheus metrics are now prefixed with routinator_. (#162 by @momorientes)
  • Added --timeout option to rsync call. This seems to be available on most rsync versions in use. Should that not be the case, you can use the rsync-args config file option to define your own set of rsync arguments, overriding this behaviour. ([#176])

New

  • The local copy of the repository is now cleaned up after each validation run, removing directories and files that werent referenced during the run. This can be disabled with the new --dirty command line and dirty config file options. (#180)
  • You can now check pairs of address prefix and AS number for their RPKI origin validation status either via the HTTP interface or the new validate command. The HTTP API is the same as that used by the RIPE NCC RPKI Validator for easy migration. (#173)
  • Output format summary which will print a summary of the content of the RPKI repository. (#167)
  • The ARIN TAL can now be skipped during init with the --decline-arin-rpa option. (#169)
  • Various commands have received a --complete option that causes them to exit with status code 2 if any of the rsync commands fails. ([#177)]
  • Additional metrics showing the status and duration of rsync commands. (#178)

Bug Fixes

  • Fix Prometheus metrics output Prometheus insists on a line break at the end of the last line. (#156)
  • Fix Prometheus metrics definitions. (#161 by @momorientes)
  • The HTTP server can now deal with unreasonably large requests. It has been switched to using hyper. (#171)

0.4.0 The Bumpy Road to Love

Breaking Changes

  • Major cleanup of the command line and configuration file for server mode. The command is now server (instead of rtrd). RTR and HTTP are now equals. There is no more default listeners being created, you have to specify them explicitly via command line options or config file. The option is now --rtr for RTR listeners (previously just --listen) and --http for HTTP listeners (previously --listen-http). The config file fields are rtr-listen and http-listen, respectively. (#133)
  • In server (formerly rtrd) mode, the -a option is gone and has been replaced by a -d option. In other words, the default is now to stay attached to the terminal and only fork into the background if -d is given. (#134)
  • The TAL directory will no longer be automatically populated. Instead, you can install the bundled TALs via the new init command. After having received permission from ARIN, we are now also bundling the ARIN TAL in Routinator and require specific agreement to ARINs Relying Party Agreement via a command line option. (#135)
  • The minimum supported Rust version is now 1.34.0. (#112)

New

  • Four new monitoring gauges last_update_start, last_update_done, last_update_duration, and serial that will allow alerting if Routinator stops updating. (#122 and #131)
  • Accept RTR listening socket from systemd. This allows to listen on port 323 without special privileges. Enable via the new --listen-systemd option. (#127 and #130).
  • Improved path /status in HTTP output that provides the same information as the /metrics endpoint in slightly different format that might make it easier to use in processing. (#131)
  • Filtering for address prefixes and ASNs in VRP output via the vrps command or in HTTP output. (#137)

Bug Fixes

  • The value of the listen-http config option wasnt include in the output of the config command. Now it is. (#109)
  • The HTTP server would eventually hang Routinator in a tight loop if connections were closed early by the peer. (#120)
  • Only read files ending in .tal in the TAL directory as is already documented. (#121)
  • Announce the correct content type in HTTP output with formats JSON and CSV. (#146)

Dependencies

  • Update to rpki-rs 0.4 (#111)

0.3.3 Big Bada Boom

Bug Fixes

  • The config file option specific to rtrd mode werent picked up. (#102, reported by Jay Borkenhagen)
  • Ignore broken pipe errors when outputting VRPs to make Routinator play nice with piping output into scripts etc. (#105)
  • Fixes a crash when validating certain invalid resource sets on certificates. (rpki-rs #30)

Dependencies

  • Theres now a crude way to check if you have the minimum Rust version required and stop building. (#104)

0.3.2 Bitter and Twisted

Bug Fixes

  • Print errors when reading the trust anchor locators to standard error instead of logging them since logging isnt set up yet at that point. (#89)
  • Use route6: fields in RPSL output for IPv6 prefixes. (#96, reported by @matsm)
  • Use LF as line endings in RPSL output. Seems thats what whois uses in practice, too. (#97, reported by @matsm)

0.3.1 More Intensity

New

  • TAL files will only be read once when Routinator starts. This improves robustness at the cost of having to restart Routinator when the TALs change. (#74)
  • New option --rsync-timeout setting the maximum number of seconds any rsync command is allowed to run. This prevents hanging rsync from blocking Routinator. (#76)
  • Additional Prometheus metric valid_roas reporting the number of verified ROAs. Additionally, both metrics are now reported separately for each TAL. (#78)
  • Compare RTR serial numbers according to RFC 1932. (#81)

Bug Fixes

  • A missing tcp-listen option in the config file caused Routinator to crash in rtrd mode instead of using the default socket. (#80)
  • Decoding manifest and ROAs now checks that the content type field in the signed object has the correct object identifier. (rpki-rs #27)

0.3.0 Its More Fun at the Zoo

Breaking Changes

  • Several API and organizational changes in the Routinator library crate for the various improvements below.

New

  • New output format csvext that mimics the output format of the Original RIPE NCC Validator. (#59)

  • Support for alternative resource extensions and validation defined in [RFC 8360]. (The accompanying changes made it quite a bit faster, too.) (#63)

  • Support for cargo-deb-based Debian packaging. Thanks to David Monosov. (#62)

  • Log warnings for stale manifests and CRLs.

  • Optional HTTP service in rtrd mode. This can be enabled via the --listen-http command line option and the listen-http config option. This is only the beginning of more extensive monitoring support. (#68)

Bug Fixes

  • Converts the endianess of the serial number in the SerialNotify RTR PDU. Reported by Massimiliano Stucchi. (#60)

Dependencies

  • Docker build updated to Rust 1.32 and Alpine Linux 3.9. Thanks to David Monosov. (#61)

Housekeeping

  • Included Clippy in Travis runs for better code quality. (#65)

0.2.1 Rated R

New

  • The config command now prints the configuration in TOML format and can be used to create a configuration file for the current configuration. (#54)
  • Routinator now builds and runs on Windows. Given that Windows is a Rust tier 1 platform, we wanted to see how difficult it is to get this going. Note that you will need the rsync executable that comes with Cygwin. (#55)

Bug Fixes

  • Actually use $HOME/.routinator.conf as the default config file as promised by the documentation. (#49)
  • Fix a compile time error on 32 bit systems.

0.2.0 Instant Gezellig

Breaking Changes

  • The command line arguments have been restructured to use commands to determine the mode of operation rather than options. In the course of that, some options changed, too. (#35)
  • Add trust anchor information to the CSV, JSON, and RPSL output. (#21)

New

  • Add a configuration file for all standard options and the options for the RTR server mode. (#35)
  • Add a Dockerfile for building and deploying through Docker. Thanks to David Monosov. (#23)
  • Output from the rsync runs is now send to the logger and will be handled according to log settings. Output to stderr is logged with log level warn, stdout is logged with info. (#27)
  • New options for daemon mode: pid-file, working-dir, and chroot. Options to change the user and group in daemon mode are coming soon. (#42)
  • In daemon mode, forking now happens after the TALs are checked so that you can see the error messages and that it fails.
  • New VRP output format openbgpd which produces a roa-set for OpenBGPD config. Thanks to Job Snijders. (#32)
  • A new command line and config file option rsync-command allows to choose which command to run for rsync. A new config file option rsync-args allows to provide arguments to rsync. (#41)

Bug Fixes

  • The default output format was accidentally changed to none. It is csv again.

Performance Improvements

  • Caching of CRL serial numbers for CAs with large manifests leads to about half the validation time for the current repository. (#34)

0.1.2 And I Cry If I Want To

Bug Fixes

0.1.1 Five-second Rule

Bug Fixes

0.1.0 Godspeed!

Initial public release.