Releases: NLnetLabs/routinator
0.8.0-rc1
Breaking Changes
- Validation now follows the rules suggested by draft-ietf-sidrops-6486bis: Any invalid object mentioned on the manifest will lead to the issuing CA and all its objects being rejected. However, unlike suggested by the draft, Routinator currently will not fall back to cached older versions of the CA’s objects that may still be valid. In addition, unknown RPKI object types are currently accepted with a warning logged. This behaviour can be changed via the
unknown-types
policy option. (#371, #401) - Similarly, CRL handling has been tightened significantly. Each CA must now have exactly one CRL which must be the one stated in the manifest’s EE certificate. Any violation will lead to the whole CA being rejected with the same consequences as above. (#397)
- The default for dealing with stale objects has been changed to
reject
in accordance with the same draft. (#387) - Parsing of local exception files is now more strict in accordance with RFC 8416. Any additional member in the JSON objects will lead to an error. However, error reporting has been greatly improved and now the line and column of an error will be indicated. (#372)
- The alias
--allow-dubios-hosts
for the correctly spelled option has been removed. (#384) - The minimal supported Rust version is now 1.42.0.
New
- All VRPs overlapping with resources from rejected CAs – dubbed ‘unsafe VRPs’ can filtered via the new
unsafe-vrps
option. Doing so will avoid situations were routes become RPKI invalid if their VRPs are split over multiple CAs or there are less specific ROAs. By default, unsafe VRPs are only warned about. (#377, #400) - New metrics for the VRPs produced and filtered on the various TALs. (#377)
- The logging output of the latest validation run is now available via the HTTP service’s
/log
endpoint. (#396) - TCP keep-alive is now supported and enabled by default on RTR connections as suggested by RFC 8210. It can be disabled and its idle time changed from the default 60 seconds via the new
rtr-tcp-keepalive
command line and config file option. (#390) - The
pid-file
,working-dir
,chroot
,user
, andgroup
config file and server command options now also work without the--detach
command line option. (#392) - The
init
command will now change ownership of the cache directory if theuser
andgroup
options are set via config file or command line options. (#392) - Irrelevant log messages from libraries are now also filtered when using syslog logging. (#385)
- Release builds will now abort on panic, i.e., when an unexpected internal condition is detected. This ensures that there won’t be a
Routinator in a coma. (#394) - The feature
rta
enables the new commandrta
for validating Resource Tagged Assertions as described in draft-michaelson-rpki-rta. This feature is not enabled by default and needs to be activated by adding the option--features rta
to the Cargo build command.
Bug Fixes
- Update start and end times will not change between consecutive metrics reports any more. (#389)
- Local exceptions will now be loaded before starting a validation run both in vrps and server mode instead of discarding the run after it finished when loading fails. In server mode, we now wait 10 seconds after loading local exceptions fails and try again instead of repeatedly starting validation runs and discarding them. (594186c)
- EE certificates encountered in the repository are now validated as router certificates rather than regular RPKI EE certificates. (#398)
Other Changes
- Logging has been cleaned up. The meaning of the four log levels is now better defined – see the man page – and all log output has been reassigned accordingly. (#396)
0.7.1 ‘Moonlight and Love Songs’
New
- The HTTP
/status
command now contains aversion
field showing the Routinator version running. (#342)
Bug Fixes
- Prefer HTTPS URIs in TALs if RRDP is enabled. The order of URIs with the same scheme is maintained. (#343)
- Fix a typo in the
--allow-dubious-hosts
option which was actually expected to be spelled as--allow-dubios-hosts
. This dubious spelling is kept as an alias until the next breaking release. (#339)
Dependencies
- Remove the pin on Tokio and set the minimum version to 0.2.21. (#340)
Other Changes
0.7.1-rc2
0.7.1-rc1
New
- The HTTP
/status
command now contains aversion
field showing the Routinator version running. (#342)
Bug Fixes
- Prefer HTTPS URIs in TALs if RRDP is enabled. The order of URIs with the same scheme is maintained. (#343)
- Fix a typo in the
--allow-dubious-hosts
option which was actually expected to be spelled as--allow-dubios-hosts
. This dubious spelling is kept as an alias until the next breaking release. (#339)
Dependencies
- Remove the pin on Tokio and set the minimum version to 0.2.21. (#340)
Other Changes
0.7.0 ‘Your Time Starts … Now’
Breaking Changes
- Routinator now filters out rsync URIs and RRDP URIs that contain dubious host names that should not be present in the public RPKI. In this version they are ‘localhost,’ any IP address, and any URI with the port explicitly specified. This filter can be disabled via the
--allow-dubious-hosts
command line and config option for test deployments. (#293) - Only CRLs mentioned on the manifest are now considered when checking any published objects except for the manifest itself. If the hash of the CRL on the manifest does not match the CRL, it is rejected. Objects referencing a CRL that is not on a manifest or has a hash mismatch are rejected. [(#299)]
- The minimal supported Rust version is now 1.39.0.
New
- The new option
--stale
allows selecting a policy for dealing with stale objects – i.e., manifests and CRLs that are past their next-update date. The policies arereject
,warn
, andaccept
. The previous hard-coded policy ofwarn
, i.e., accept but log a warning, is the default. (#288) - New output formats
bird
andbird2
which produce aroa table
for Bird 1 and aroute table
for Bird 2, respectively. (#290, by @netravnen) - New output format
csvcompat
which produces CSV output as similar to that of the RIPE NCC Validator as possible. (#292) - The new config file option
tal-labels
allows defining explicit names to be used when TALs are referenced in output. This way, the output can be made to be even more similar to that produced by the RIPE NCC Validator. (#291) - The csvext output format is now also available via the HTTP server at the
/csvext
path. (#294) - New metrics for the status of the RTR and HTTP servers. (#298)
- New metric of the number of stale objects encountered in the last validation run. (#298)
Other Changes
- Update to Rust’s new asynchronous IO framework for the RTR and HTTP servers. Repository synchronization and validation remain synchronous atop a thread pool. (#282)
- Changed concurrency strategy for repository update and validation. Previously, each trust anchor was updated and validated synchronously. Now processing of a CA is deferred if its repository publication point hasn’t been updated yet. Processing is then picked up by the next available worker thread. This should guarantee that all worker threads are busy all the time. ([#284)]
- Optimized what information to keep for each ROA, bringing maximum memory consumption down to about a quarter. (#293)
- The Docker image now wraps Routinator into tini for properly dealing with signals and child processes. (#277)
0.7.0-rc3
0.7.0-rc2
0.7.0-rc1
Nearing the 1.0 release, we are changing our release cycle slightly. From now on, each release will be preceded by at least one release candidate allowing us and potential package maintainers to preview the changes made by an upcoming release. This is the first such release candidate.
Breaking Changes
- Routinator now filters out rsync URIs and RRDP URIs that contain dubious host names that should not be present in the public RPKI. In this version they are ‘localhost,’ any IP address, and any URI with the port explicitly specified. This filter can be disabled via the
--allow-dubious-hosts
command line and config option for test deployments. (#293) - Only CRLs mentioned on the manifest are now considered when checking any published objects except for the manifest itself. If the hash of the CRL on the manifest does not match the CRL, it is rejected. Objects
referencing a CRL that is not on a manifest or has a hash mismatch are rejected. [(#299)] - The minimal supported Rust version is now 1.39.0.
New
- The new option
--stale
allows selecting a policy for dealing with stale objects – i.e., manifests and CRLs that are past their next-update date. The policies arereject
,warn
, andaccept
. The previous hard-coded policy ofwarn
, i.e., accept but log a warning, is the default. (#288) - New output formats
bird
andbird2
which produce aroa table
for Bird 1 and aroute table
for Bird 2, respectively. (#290, by @netravnen) - New output format
csvcompat
which produces CSV output as similar to that of the RIPE NCC Validator as possible. (#292) - The new config file option
tal-labels
allows defining explicit names to be used when TALs are referenced in output. This way, the output can be made to be even more similar to that produced by the RIPE NCC Validator. (#291) - The csvext output format is now also available via the HTTP server at the
/csvext
path. (#294) - New metrics for the status of the RTR and HTTP servers. (#298)
- New metric of the number of stale objects encountered in the last validation run. (#298)
Other Changes
- Update to Rust’s new asynchronous IO framework for the RTR and HTTP servers. Repository synchronization and validation remain synchronous atop a thread pool. (#282)
- Changed concurrency strategy for repository update and validation. Previously, each trust anchor was updated and validated synchronously. Now processing of a CA is deferred if its repository publication point hasn’t been updated yet. Processing is then picked up by the next available worker thread. This should guarantee that all worker threads are busy all the time. ([#284)]
- Optimized what information to keep for each ROA, bringing maximum memory consumption down to about a quarter. (#293)
- The Docker image now wraps Routinator into tini for properly dealing with signals and child processes. (#277)
0.6.4 ‘Jeepers’
This is a bug fix release that fixes an issue introduced in the last version which caused Routinator to hang indefinitely on occasion.
Bug Fixes
- Fixes an issue where Routinator occasionally gets completely stuck. (#255)
0.6.3 ‘That Escalated Fast’
This version contains a bug that causes Routinator to occasionally get stuck completely. Please do not use this version and upgrade to 0.6.4 instead.
This release primarily fixes an issue where all RRDP requests would time out in detached server mode, i.e., if server mode is invoked with the -d
option. Because Routinator only falls back to rsync if an RRDP fetch for
a given repository has never succeeded and otherwise uses the data previously fetched (assuming that the RRDP failure was only of a temporary nature), this caused the eventual loss of the RIPE and APNIC regions’ ROAs if Routinator was ever run in a different way before.
But it is not all bleak news, there is a new feature, too. Veit Heller kindly contributed code to make Routinator reload the TALs and restart validation in server mode when signal USR1 is sent to it. This can be used both to notify Routinator of a change in the set of TALs without having to tear down all RTR
sessions as well as kicking off a new validation run before the refresh time has passed.
New
- Reload TALs and restart validation via SIGUSR1 on Unix systems. (#241, thanks to Veit Heller!)
Bug Fixes
- RRDP requests failed with a timeout if Routinator was started in detached server mode (
server -d
). (#250, discovered by Will McLendon) - Fix spelling of
routinator_rrdp_duration
metrics definition. (#248)