Skip to content
a215402
Compare
Choose a tag to compare

Bug Fixes

  • The rrdp-timeout configuration setting now correctly limits the maximum length an RRDP request can take. This prevents a possible issue where a RRDP repository maliciously or erroneously delays a request and subsequently a validation run. (#666, CVE-2021-43173)

New

  • The new configuration setting max-ca-depth limits the length a chain of CAs from a trust anchor. By default it is set to 32. This fixes a possible vulnerability where a CA creates an infinite chain of CAs. (#665, CVE-2021-43172)

Other Changes

  • Support for the gzip transfer encoding for RRDP has been removed because gzip in combination with XML provides multiple ways to delay validation. The configuration setting rrdp-disable-gzip is now deprecated and will be removed in the next breaking release. (#667, CVE-2021-43174)
e715237
Compare
Choose a tag to compare

Other Changes

3ecf1d5
Compare
Choose a tag to compare

0.10.1-rc3

Pre-release
Pre-release

Other Changes

  • Update UI to 0.3.4. (#651)
    • Fixed links for prefixes.
9e8e3d4
Compare
Choose a tag to compare

0.10.1-rc2

Pre-release
Pre-release

Bug Fixes

  • Redirect / to /ui to bring back the UI for the blank hostname. (#648)

Other Changes

  • Update UI to 0.3.3.
    • Fixes UI loading with query parameters.
77f3594
Compare
Choose a tag to compare

0.10.1-rc1

Pre-release
Pre-release

Other Changes

  • Extended UI with BGP and allocation data lookups. [(#635)]
  • The UI now lives in its own crate routinator-ui. [(#635)]
Compare
Choose a tag to compare

Breaking changes

  • Data is now stored directly in the file system again. This returns memory consumption to pre-0.9 levels. All improvements to robustness have been maintained. (#590, #601, #604)
  • The json and jsonext output formats now include a metadata object that contains the time the data set was created in the generated and generatedTime fields as Unix and ISO time stamps, respectively. (#605)
  • The JSON output of the validate command and the of the /validity HTTP endpoint now include a generatedTime field that provides the generation time of the data set that was used for validation as an ISO time stamp. (#605)
  • The default RRDP timeout (via the rrdp-timeout option) has been increased to 300 seconds. (#612)

New

  • The maximum of delta steps performed during an update of an RRDP repository is now limited via the rrdp-max-delta option. If more steps are necessary, the snapshot is used instead. This will improve the update times in cases where Routinator isn’t running constantly. The default limit is 100 steps. (#615)
  • It is now possible to disable the use of the gzip transfer encoding in the RRDP client via the new rrdp-disable-gzip option. (#602)
  • The start of a validation run is now logged as an info message. (#609)
  • A reference to the global help appears now at the end of a sub-command’s help message. (#607)
  • A summary of the data set similar to the summary output format is now logged at log level info at the end of a validation run. (#617)
  • Strict checking for address and prefix lengths in certificates, and for prefix and max-length in ROAs. (via rpki #154, based on an error report by @job)

Bug Fixes

  • Catch and log error output from rsync. (#577)
  • Local exception files that contain prefix assertions with a shorter max-length than the prefix length are now rejected instead of addingthese invalid prefix assertions to the output data set. (#608)
  • The rrdp-timeout command line option was setting both the RRDP timeout and the RRDP connection timeout. Now the rrdp-connect-timeout is correctly used for the latter. (Note: The config file was using the correct keys.) (#611)
  • Added --rrdp-fallback-time option to the command line parser. It was documented and supposed to be present previously, but wasn’t. (#614)
  • The RTR server now returns the correct PDU as a cache reset response, which is returned when the server cannot provide a delta update to a client. Previously, a broken End of Data PDU was returned. (Via rpki #151.)
  • Make parsing of local exception files much more strict to avoid introducing illegal VRPs into the data set. Parsing will now fail if any aspect of a prefix or prefix assertion is incorrect. This includes a non-zero host portion of a prefix. (#627)

Other

  • In the JSON metrics for RRDP repositories, the fields serial, session, delta, and snapshotReason are left out entirely when the server reported no changes via a 304 response. (#613)
be82401
Compare
Choose a tag to compare

New

  • Strict checking for address and prefix lengths in certificates, and for prefix and max-length in ROAs. (via rpki #154, based on an error report by @job)
911a0dc
Compare
Choose a tag to compare

0.10.0-rc2

Pre-release
Pre-release

Bug Fixes

  • Fix the missing line feed in the summary output format. (#625)
  • The RTR server now returns the correct PDU as a cache reset response, which is returned when the server cannot provide a delta update to a client. Previously, a broken End of Data PDU was returned. (Via rpki #151.)
  • Make parsing of local exception files much more strict to avoid introducing illegal VRPs into the data set. Parsing will now fail if any aspect of a prefix or prefix assertion is incorrect. This includes a non-zero host portion of a prefix. (#627)
2e7afd7
Compare
Choose a tag to compare

0.10.0-rc1

Pre-release
Pre-release

Breaking changes

  • Data is now stored directly in the file system again. This returns memory consumption to pre-0.9 levels. All improvements to robustness have been maintained. (#590, #601, #604)
  • The json and jsonext output formats now include a metadata object that contains the time the data set was created in the generated and generatedTime fields as Unix and ISO time stamps, respectively. (#605)
  • The JSON output of the validate command and the of the /validity HTTP endpoint now include a generatedTime field that provides the generation time of the data set that was used for validation as an ISO time stamp. (#605)
  • The default RRDP timeout (via the rrdp-timeout option) has been increased to 300 seconds. (#612)

New

  • The maximum over delta steps performed during an update of an RRDP repository is now be limited via the rrdp-max-delta option. If more steps are necessary, the snapshot is used instead. This will improve the update times in cases where Routinator isn’t running constantly. The default limit is 100 steps. (#615)
  • It is now possible to disable the use of the gzip transfer encoding in the RRDP client via the new rrdp-disable-gzip option. (#602)
  • The start of a validation run is now logged as an info message. (#609)
  • A reference to the global help appears now at the end of a sub-command’s help message. (#607)
  • A summary of the data set similar to the summary output format is now logged at log level info at the end of a validation run. (#617)

Bug Fixes

  • Catch and log error output from rsync. (#577)
  • Local exception files that contain prefix assertions with a shorter max-length than the prefix length are now rejected instead of adding these invalid prefix assertions to the output data set. (#608)
  • The rrdp-timeout command line option was setting both the RRDP timeout and the RRDP connection timeout. Now the rrdp-connect-timeout is correctly used for the latter. (Note: The config file was using the correct keys.) (#611)
  • Added --rrdp-fallback-time option to the command line parser. It was documented and supposed to be present previously, but wasn’t. (#614)

Other

  • In the JSON metrics for RRDP repositories, the fields serial, session, delta, and snapshotReason are left out entirely when the server reported not changes via a 304 response. (#613)
67c1df0
Compare
Choose a tag to compare

Breaking Changes

  • Routinator now collects metrics about VRPs both per trust anchor and per repository. The names of the older per trust anchor metrics have been adjusted. They now use the prefix routinator_ta and the label name (instead of the previous tal) for the individual trust anchors.
  • Routinator now keeps the last valid data from a publication point and falls back to using that if an update to the publication point does not have a valid manifest or the data does not match the manifest. This data is stored in a [sled] key-value database rather than directly in the file system. (#456)
  • RRDP data is now collected into the same key-value database. The new command dump allows copying the data from the database to the file system. (#473, #480, #484)
  • If an RRDP repository is unavailable for a certain time, Routinator will now fall back to rsync. The time since last successful update before this fallback happens is randomly chosen for each repository between the refresh time and an upper limit configurable via the new rrdp-fallback-time option that defaults to one hour. (#473, #482, #507)
  • The rsync-timeout now describes a hard timeout on the rsync process for updating a repository. ([#528)]
  • The size of downloaded RPKI objects is now limited by the max-object-size options which defaults to a limit of 20 MBytes. This limit applies to both RRDP and rsync. (#531)
  • Routinator now includes additional TALs for various commonly used RPKI testbeds. The init command has been restructured to make it possible to select the TALs for installation. The default is still to install the five production RIR TALs. (#500)
  • Deprecated configuration items have been removed: unknown-objects cannot be spelled with a underscore anymore and string values are not accepted anymore for rtr-tcp-keepalive. (#496)
  • The minimal supported Rust version is now 1.47.0. (#444, #498, #568)

New

  • The new option --fresh causes Routinator to delete all cached data before starting. This can be used when data corruption is reported. (#470)
  • The new HTTP server endpoint /json-delta provides an option to retrieve updates to a previously received data set via deltas. (#537)
  • A new output format jsonext is available both in the vrps command and the HTTP server that provides more detailed information about the sources of a VRP. (#511)
  • The validate command now accepts input from and can write its output to files. Both are available in simple plain text and JSON formatting. (#514)
  • The HTTP endpoints that supply the current VRP set now support conditional request handling. They include Etag and Last-Modified headers in their response and process If-None-Match and If-Modified-Since headers in requests. (#474, contributed by @reschke, #488)
  • The vrps command line option and the HTTP query parameters for limiting the VRPs included in the returned VRP set have been renamed from filter-prefix to select-prefix and from filter-asn to select-asn for clarity. The old options are still accepted. (#511)
  • Status information is now available in JSON format at /api/v1/status. (#437)
  • The metrics of RRDP repositories now also include the serial number of the last update. The JSON status information also includes the session ID and whether the last update was via a delta and if it wasn’t why a snapshot had to be used. It also separately provides the status codes for the request of the notification file and the snapshot or last requested delta file. (#487, #489)
  • Prometheus metrics and JSON status have been greatly extended with more detailed counters for individual valid and invalid object types. They are also now available on a per-repository basis in addition to the already existing per-TAL basis. (#493, #539)
  • Prometheus metrics and JSON status can now optionally include per-client RTR metrics. This is disabled by default to avoid accidentally leaking information about the local network topology. (#519)
  • The RRDP client now supports the gzip transfer encoding for HTTPs. (#463, contributed by @bjpbakker)
  • The exception config file value now also accepts a single string with a path name instead of an array of strings. (#471)
  • The new rrdp-keep-responses option allows optionally storing the XML content of all received RRDP responses in the file system. (#490)

Bug Fixes

  • The csvcompat output format that was introduced in 0.7.0 is now actually accepted by the --format command line option.
  • The /validity HTTP endpoint now accepts percent-encoded characters in the query parameters. (#505)

Other Changes

  • Updated the bundled APNIC and LACNIC TALs. When upgrading, please re-install the TALs in your system via routinator init. (#510, #543)
  • Upgrade [rpki-rs] to 0.11 and drop now unnecessary separate dependency to rpki-rtr. (#443)
  • Upgrade Tokio-related dependencies to new version based on Tokio 1.0. (#444)
  • Upgrade the bundled UI to version 0.2.0 reflecting the changed metrics. (#550)