v0.10.0 "Stäfeliflue"

What's Changed

Dependencies

Update various dependencies; in particular, update quic-go to v0.40.0.
Update to go 1.21, building with go 1.21.3.

Packages

Build debian packages for the SCION services and tools for multiple target platforms (x86-64, arm64, x86-32 and arm).
These packages are not published in a package repository just yet. Packages for release versions are attached to the release. Packages for in-development versions are available from the latest nightly build.
See the installation manual page for more details.

Internal / Testing

Add benchmark tests for the router to track the packet forwarding performance.
These benchmarks are run in the CI, failing on unexpected performance regressions. The benchmark can also be run locally to determine the performance impact of any changes. For this, run e.g. bazel test --test_output=streamed -t- //acceptance/router_benchmark:test and inspect the measured performance in the test output.

Bug fixes

• daemon: fix docstring for latencies in protobuf file by @mlegner in #4443
• processmetrics: explicit type conversion to support arm64 by @mlegner in #4446
• bazel: update bazelisk and support arm64 by @mlegner in #4447
• prometheus: fix copying of metrics labels by @sustrik in #4450
• pkg/log: fix panic when using custom Logger by @lukedirtwalker in #4452
• daemon: error out when using drkey endpoints without configured drkey by @rohrerj in #4453
• tools: fix wireshark dissector TLV options without data by @marcodermatt in #4458

Full Changelog

v0.9.1...v0.10.0

New Contributors

• @marcodermatt made their first contribution in #4458

v0.9.1

What's Changed

• Update google.golang.org/grpc dependency and set MaxConcurrentStreams, to address gRPC-Go HTTP/2 Rapid Reset vulnerability.

Full Changelog: v0.9.0...v0.9.1

v0.9.0 "Bürgenstock"

What's Changed

Peering links

Peering links in the topology are supported, in both the control plane (control) and the data plane (router).
Configuring a peering link requires setting the interface ID in the remote AS, see remote_interface_id in the configuration manual.

Router Performance Improvements and Slow-Path Packet Handling

An internal restructuring of the router decouples receiving, processing and forwarding packets. Directly, this restructuring brings modest performance improvements, and enables a special, lower priority processing of any exceptional cases (SCMP traceroute requests, and SCMP error messages).
This will be the basis for more performance tuning in the future.

Receive and send buffer sizes, batch sizes as well as the number of packet processing goroutines can now be tuned. See router in the router configuration manual.

DRKey and SPAO

Dynamically-Recreatable Key (DRKey) is a system to establish shared symmetric keys between any two hosts in SCION, based on a key-derivation hierarchy that requires explicit key exchange only on the level of ASes. These keys are intended to be used primarily for packet authentication, in the form of the SCION Packet Authentication Option (SPAO) in the end-to-end packet extension header.

The control service now includes an implementation of the DRKey infrastructure. This system is still somewhat experimental and is disabled by default. See drkey in the control service configuration manual.

The AS-level key exchanges in DRKey rely on TLS for authentication, based on the SCION control-plane-PKI AS certificates.
As a side-effect of this, all other RPC invocations between control services now use the CP-PKI AS certificates, too. Previously, this had not been required, as all other RPCs control messages that were directly authenticated.

The router includes an experimental and somewhat incomplete implementation of SPAO-based authentication of SCMP messages. This, too, is disabled by default.

Command line tools

• scion ping set payload size appropriately if --max-mtu is set (#4250) and and add new option --packet-size that allows setting the final packet size (#4251).
• Add machine readable output (json/yaml) for scion ping scion traceroute and scion showpaths with the new format option (#4287).
• Use the same emoji encoding mapping as smallstep in scion-pki certificate fingerprint --format emoji (#4252).
• Add scion-pki key fingerprint command to calculate SubjectKeyID (#4253).

Go packages:

• pkg/snet: support URI style UDPAddr encoding (#4254).
• pkg/addr: replace addr.HostAddr hierarchy with tagged union addr.Host.
  Additionally, add a new addr.Addr type representing a full SCION address (ISD, AS and host address), including parsing functionality. This definition is identical to the snet.SCIONAddress type, which is now only kept as a type alias for compatibility (#4346).

sqlite Implementation and Platform Compatibility

By default, the SCION components now use a pure Go implementation of sqlite (modernc.org/sqlite) and build without CGo. This allows to build the SCION components as statically linked binaries, removing any dependence on a minimum libc or libresolv version.

Gobra CI

All pull-requests now run through formal program verification using Gobra. Only a small fraction of the source code carries the annotations that enable the verification, but already some bugs in edge cases could be discovered and fixed.

Full Changelog

v0.8.0...v0.9.0

Upgrading

router

• router now validates that the source IP address of transit packets match the IP address of the corresponding other router (#4157). This could be incompatible with certain asymmetric NAT setups.

Configuration

• toml key trustengine.cache.expiration now expects a formatted duration string, instead of an integer number of nanoseconds.

Go package API

• pkg/snet: IntraASPathQuerier has been removed (moved to internal library) as it was not working correctly and not widely used.
• pkg/addr: replace addr.HostAddr hierarchy with tagged union addr.Host (#4346).
  The attached gopatch file can automatically patch some of the affected consumer code, but some manual changes are likely still necessary.
• pkg/slayers: SetNetworkLayerForChecksum now only accepts a type-safe *slayers.SCION.
• pkg/slayers/path: MaxTTL is now a time.Duration instead of an int number of seconds.

Deprecations

• topology.json: the AS attributes authoritative, voting, and issuing are ineffective and should no longer be used (#4333).
• scion showpaths: the --json flag is deprecated in favor of the --format=json option.

New Contributors

• @gavinleroy made their first contribution in #4229
• @kmavromati made their first contribution in #4237
• @jcp19 made their first contribution in #4187
• @bunert made their first contribution in #4250
• @fstreun made their first contribution in #4289
• @VickyMerzOwn made their first contribution in #4292
• @marcfrei made their first contribution in #4298
• @rohrerj made their first contribution in #4304
• @dependabot made their first contribution in #4316
• @MrR0b0t14 made their first contribution in #4341
• @steffenfritz made their first contribution in #4345
• @jBainMartincoit made their first contribution in #4349
• @HawkCorrigan made their first contribution in #4358
• @uniquefine made their first contribution in #4367
• @jiceatscion made their first contribution in #4373
• @edoardottt made their first contribution in #4419

v0.8.0

Full Changelog: v0.7.0...v0.8.0

What's Changed

The repository is completely restructured. We follow a more idomatic pattern and
make the separation between code that is private and code that is importable by
external parties more obvious.

The overall structure was discussed in #4076.

• Each service and command line tool gets a top-level directory. (e.g. daemon)
• Packages that are shared across multiple applications are grouped in the private directory.
  This should indicate that these packages are not intended to be used by external
  parties, and that semantic versioning will not apply to these packages.
• Project local developer tools are grouped in the tools directory.
• Code that is intended to be consumed by external third parties is grouped in the pkg directory.

To smoothen transition, we kept track of the move in a gist :

• shuffle.yml: lists all the moved packages and their targets.
• go-imports.sh: fixes the imports.

New Contributors

• @Hygster made their first contribution in #4204

v0.7.0

Full Changelog: v0.6.0...v0.7.0

v0.6.0

Release notes

This release uses the new application names. The changes are as follows:

• BR is now referred to as (POSIX) Router
• SIG is now referred to as (POSIX) Gateway
• SCIOND/SD is now referred to as Daemon

Note that the binary/docker container names are slightly different (e.g.,
the Control Service/CS is called control).

New features

• daemon: modify default db connection values to

    [trust_db]
      connection = "/share/data/sd.trust.db"
    [path_db]
      connection = "/share/cache/sd.path.db"

• cmd/scion: path lists for showpaths, ping, and traceroute are now sorted.

• cmd/scion: path lists for showpaths, ping, and traceroute are colored by
  default. The coloring can be turned off by specifying the --no-color flag.

• cmd/scion: path lists for showpaths can be filtered based on a sequence flag input.

• control: Use gRPC for all RPCs that the control service is involved in.

  CS to CS communication is achieved with gRPC over QUIC/SCION. Router to CS,
  and SCION Daemon to CS communication is established with gRPC over TCP/IP.

• control: CA Control Services will now periodically pick up new client certificates
  from disk.

• daemon: Use gRPC over TCP/IP for RPCs to the control service.

• all: add log/level HTTP API endpoint to all services. The endpoint allows querying and setting
  the log level dynamically.

  # GET shows the current log level.
  $ curl <ip:port>/log/level
  {"level":"debug"}
  
  # PUT sets the current log level.
  $ curl -X PUT <ip:port>/log/level -d '{"level":"info"}'
  {"level":"info"}
  

• gateway: Query SCION daemon for local ISD-AS. This allows the
  gateway to infer the local ISD-AS without it being configured in the
  config file.

• gateway: Infer local IP if not configured in the config file.

• router: Routers now establish intra-AS and
  inter-AS Bidirectional Forwarding Detection sessions. Between ASes, one
  session is established for each pair of SCION Interface IDs. Inside ASes,
  one session is established for each pair of routers.

• router: Metric names have changed.

• Allow BFD configuration for external interfaces through the topology file.

• Gateway can be configured to use different control and data IP addresses.

• cmd/scion: More granular exit codes.

  ping now exits with code 1 if no reply packet was received. If at least one
  packet was received, the exit code is 0. If any other error occurred, the exit
  code is 2.

  traceroute now exits with code 1 if any packet is dropped. If any other
  error occurred, the exit code is 2.

  showpaths now exits with code 1 if no path is alive and probing is not
  disabled. If probing is disabled, and at least one path is found, the exit
  code is 0. If any other error occurred, the exit code is 2.

• router: list of interfaces in /status page is now sorted

• control/daemon: The new path lookup strategy is now implemented. This
  is a breaking change as the wire format of control messages has been changed.
  Segment synchronization in the core is no longer needed. Instead in the lookup
  we fetch down segments from each core we want to have down segments from.
  All connected daemons/control services should be updated at the same time.

• Allow BFD configuration for external interfaces through the topology file.

• Gateway can be configured to use different control and data addresses.

• Daemon: Use the default SCION Daemon API port (30255) if the address in the
  config toml does not specify a port or uses zero.

• cmd/scion: More granular exit codes.

  ping now exits with code 1 if no reply packet was received. If at least one
  packet was received, the exit code is 0. If any other error occurred, the exit
  code is 2.

  traceroute now exits with code 1 if any packet is dropped. If any other
  error occurred, the exit code is 2.

  showpaths now exits with code 1 if no path is alive and probing is not
  disabled. If probing is disabled, and at least one path is found, the exit
  code is 0. If any other error occurred, the exit code is 2.

• log: Add a config option to set the stacktrace level for logging.

• Updated Wireshark SCION dissector plugin.

• router: add two metrics that expose the service instances state as seen by the
  data plane:

  • router_service_instance_changes_total
  • router_service_instance_count

  Consult the router metrics documentation for more information.

• cs: metrics are are more unified. Check the upgrade notes for details.

• gateway: The gateway now has dynamic IP prefix discovery. To manage the IP prefix
  discovery a routing policy file is used. It is described here: Gateway routing policy
  documentation

• gateway: The gateway now supports prefix pinning. To manage the prefix pinning the
  allow_interfaces property in the gateway section of the topology file can be used. A more
  extensive description will follow on the Gateway documentation
  page

Known issues

• There is currently no way to disable the HTTP API without also disabling metrics. If
  there are security concerns about the API (e.g., it's possible to degrade application
  performance without authentication by downgrading logging to debug) it should
  be firewalled. The full APIs can be found in the documentation site:

  • Routers
  • Dispatcher
  • Daemon
  • Control Service
  • Gateway

Upgrade notes

• The format of SCION packets has changed. The new format is incompatible with previous versions.
  This affects all SCION-speaking processes (routers, gateways, control services, dispatchers,
  tooling). This requires a synchronized upgrade of all existing networks.

• The format of SCION control-plane RPCs has changed from capnp messages to gRPC. The new
  format is incompatible with previous versions. The change affects daemons and control services.
  This requires a synchronized upgrade of all existing daemons and control services.

• The formats of Gateway packets and RPCs have changed. The new formats are incompatible with
  previous versions. The change affects gateways. This requires a synchronized upgrade of all gateways.

• The communication patterns of Gateway RPCs have changed.

• Keepalives have been removed and replaced by BFD. See the New features section for more
  information.

• Container names for released applications have changed. The names have changed as follows:

  • scion_cs is now control
  • scion_sciond is now daemon
  • scion_dispatcher is now dispatcher
  • scion_sig is now posix-gateway
  • scion_border is now posix-router

• The scmp command has been deleted. The scion command should cover the functionality, scmp tr
  is now scion tr and scmp echo is now scion ping. Note that the format of the arguments has
  changed, check against the respective --help output.

• The logging format changed (we use a new logging library), if any tools relied
  on the exact log output format they need to adapt. Configuration and
  functionality wise nothing changed.

• cmd/scion: path lists for showpaths, ping, and traceroute now group
  paths by hop count. A grouping header is introduced.

• infra: With the switch to a new messenger stack, all ASes need to be updated in sync.

• control: With the switch to the new gRPC stack, segment requests no longer have the cache_only flag.

• SCION daemon users: The path_count config option was removed from the SCION daemon client
  configuration. The flag was never actually used previously and was thus removed.

• gateway: Field isd_as is removed from the [sig] section of the gateway config file.

• docker: the entrypoint and cmd configurations of containers have changed. The entrypoint
  now contains only the application name, and the cmd contains the arguments.

• logging: file logging support is removed without replacement. It is recommended to use stdout logging at the appropriate level and collect the logs manually via another mechanism (docker, journald, etc.).

• control: The sample config and policy files are now displayed using the sample command:

  cs sample config
  cs sample policy

• control: The open-source Control Service database configurations no longer allow for a backend to specified. The configuration rules for the closed-source Control Service did not change.

• daemon: The sample config is now displayed using the sample command:

  sciond sample config

• daemon: SCION Daemon database configurations no longer allow for a backend to specified. Configurations with trust_db.backend or path_db.backend specified will cause the application to error out on start-up.

• showpaths: The showpaths binary has been removed. All users of it should now use the scion showpaths (scion sp short). It supports the same features but the command line slightly changed, use scion sp help to find details about its usage.

• control: TOML configs must not include certificates for QUIC connections.

  • cert_file = "/share/conf/quic/tls.pem" //removed
  • key_file = "/share/conf/quic/tls.key" //removed

• gateway: TOML configs have to be changed in the following way:

  • The ip...

v0.5.0

Commits:

• Fix nightly build (#3693)
• New system for gathering license files (#3692)
• scmp/showpaths: remove local address flags (#3691)
• snet: API function/type renaming (#3690)
• colibri: add ctrl structs for requests (#3685)
• SIG: Pass both control and data address in probes (#3689)
• SIG: Move sig.json parsing into a shared library (#3688)
• br: Add status page (#3687)
• Fixed HBH ext parse panic when start >= end (#3674)
• Build all in CI (#3686)
• toml: use snake_case remove unused properties (#3684)
• COLIBRI: AS-to-AS capnp definitions (#3660)
• colibri: add basic request payload types (#3658)
• Guard against system clock moving backwards. (#3679)
• BR acceptance test: Add an option to sleep after setup step (#3678)
• log: Clean log package & move config to log package (#3677)
• Remove unused/obsolete python code (#3670)
• log: rename LogPanicAndExit to HandlePanic (#3642)
• Fix distroless build error (#3673)
• SPKI: Add verify commands (#3672)
• Move go/sig/internal/disp to go/lib (#3671)
• Log local address with IA when registering to dispatcher (#3669)
• Remove unused sd_client config from control service (#3668)
• SIG: Move pathmgr to a library (#3667)
• SIG: Move definition of SIG control messages to go/lib/ctrl (#3665)
• sd: state connection db is required in help (#3666)
• braccept: expired revocation on interface not owned (#3664)
• Lint: Update flake8 (#3559)
• Avoid net.ResolveUDPAddr in snet.UDPAddrFromString (#3662)
• Lint: Add linter for log statements (#3663)
• TrustStore: Ensure referenced TRC is available (#3629)
• Colibri.service.design (#3653)
• Refactor itopo initialization (#3661)
• SIG: Make the snet connection in ingress.Dispatcher mockable (#3659)
• Fake SCIOND: Use MTU of 1472 (#3657)
• Delete Discovery Service (#3656)
• Monolithic Control Service (#3652)
• Fix snet.UDPAddress parsing & serialization (#3650)
• Msgr: Fix svc redirect in UDP only mode (#3649)
• SIG: Option to configure number of paths retrieved (#3639)
• SIG: Dispatcher bypass (#3646)
• Remove snet.Addr (#3644)
• Remove convey from tests in lib/addr (#3643)
• Adapt pathpol.Path interface to snet.Path (#3640)
• Document our use of su-exec and why. (#3638)
• keyconf: Remove unused code (#3630)
• ci: Fix remote caching (#3633)
• Fix bug in dispatcher (#3637)
• dispatcher: Fix bug in dispatcher library read function (#3635)
• ci: Add dockerized integration tests (#3627)
• godispatcher: Split out a library that could be linked into apps (#3634)
• SPKI: Return error if keyloading fails (#3632)
• Use snet.{UDP,SVC}Addr instead of snet.Addr everywhere (#3631)
• Use /topology endpoint for topology reload tests (#3622)
• CPPKI: Polishing the TRC and certificate format (#3602)
• TrustStore: Add metrics (#3628)
• SPKI: tmpl error if no voting/issuing AS is specified (#3596)
• TrustStore: Improve error context (#3620)
• Add more context when config loading or log init fails (#3624)
• ci: announce_rc file in bazel (#3609)
• dispatcher: Remove obsolete field (#3614)
• ci: Use trace logging in integration tests (#3621)
• Fix connected Write on snet.Conn (#3617)
• Simplify bazel SIG tests (#3616)
• cert renewal: Adapt request to design document (#3612)
• CPPKI: Define certificate renewal interaction (#3598)
• Fix metric names (#3611)
• Make sure file logs works (#3601)
• CI: Use bazelrc_ci always on CI (#3591)
• Add primary attributes to topology file (#3607)
• Add HTTP status pages (#3608)
• PS: Remove request holding (#3604)
• Fix gomocks (#3606)
• Remove forgotten configuration types from beacon_srv (#3603)
• Monolithic Control Service POC (#3590)
• Add bazel icon to bazelified pipeline tests (#3600)
• Delete old crypto code move v2 inplace (#3597)
• Clean up pipeline file names (#3599)
• Add support for log compression (#3592)
• Add IPv6 ASes to test topology (#3593)
• snet: do not use snet.Addr in read/write functions (#3583)
• CI: add bazel timestamps and enable local run of the pipeline (#3589)
• SPKI: Improve help messages (#3567)
• CI: Delete old pipeline and associated files (#3581)
• SPKI: Fix template generation (#3587)
• Topo file: add support for v2 trust attributes (#3586)
• BS: reduce interface state to active/revoked (#3572)
• Remove AppAddr from SIG code (#3578)
• CI: Use bazel cache also for acceptance tests (#3582)
• SH: Only build necessary binaries (#3566)
• Remove path resolution step from snet writes (#3571)
• MD: Update badge (#3579)
• CI: Add python unit tests (#3577)
• CI: Remove explicit scionproto2 references (#3573)
• Cert renewal: Add request struct for v2 (#3548)
• Do not use appaddr in cert_integration (#3553)
• ci: add go integration tests with supervisord (#3526)
• python: Fix YAMLLoadWarning (#3565)
• CI: move bazel-cache bucket name into env (#3564)
• CI: add revocation tests to pipeline 2 (#3563)
• snet: Add context to Dispatcher and Listen and Dial (#3562)
• Convert sig_short_exp acceptance to use Bazel (#3561)
• Make scmp.Error compatible with go 1.13 error funcs (#3558)
• Remove direct xerrors dependency (#3555)
• Remove common.GetErrorMsg (#3554)
• Fix BR acceptance tests in old CI pipeline (#3557)
• Migrate sig_failover_acceptance to bazel (#3550)
• SIG: Move sigcmn to internal (#3545)
• Remove overlay.OverlayAddr (#3552)
• CPPKI: Do not double base64 encode (#3549)
• BR: Fatal on irrecoverable errors (#3547)
• BS: Register one-hop dispatcher without timeout (#3546)
• Tracing: Add span logger (#3544)
• CI: Add acceptance tests to new pipeline (#3537)
• Acceptance: Disable convoluted tests (#3542)
• Add simple UDP proxy written in Go (#3540)
• TrustStore: Combine components to Store (#3538)
• Fix removing IPv6 registrations in godispatcher (#3531)
• perapp: Simplify Makefile (#3539)
• TrustStore: The great export (#3530)
• CI: Fix failure in lint steps of new pipeline (#3533)
• CS: Refactor to the common setup pattern (#3535)
• TrustStore: Add Implementation for GetASKey (#3536)
• Consistently handle nil in Copy implementations (#3534)
• keyconf: Add key ring (#3528)
• TrustStore: unify interface (#3532)
• snet: Allow dial/listen using IPv6 addresses (#3522)
• infra: Refactor signer/verifier (#3529)
• CI: Add lint steps to new pipeline (#3520)
• TrustStore: implement RPC interface (#3527)
• snet: refactor Listens and Dials (#1694) (#3521)
• Fix nil-pointer dereference in sciond.Path.String (#3519)
• Add missing license header (#3518)
• TrustStore: add verifier implementation (#3513)
• TrustStore: Add signer (#3516)
• sciond-lib: Add IFInfo function back to connector interface (#3514)
• topogen: remove CA generator (#3515)
• dispatcher: Fix registration with length 16 IPv4 addresses (#3512)
• TrustStore: Provider handles certificate chains (#3496)
• TrustStore: Purge cache (#3510)
• CI: Initial new pipeline (#3505)
• TrustStore: Add chain request handler (#3500)
• topology: replace SCIONAddress with net.UDPAddr os (#3507)
• TrustStore: Resolver handles certificate chains (#3495)
• TrustStore: Add TRC request handler (#3499)
• TrustStore: Add TRC push handler (#3498)
• TrustStore: Add chain push handler (#3501)
• TrustStore: Inserter handles chains (#3494)
• common/infra: Don't panic on nil (#3506)
• TrustDB: Implement GetIssuingKeyInfo (#3503)
• TrustStore: Add help message to tests (#3504)
• SIG: SessPath key truncated to ...

v0.4.0

• Bazel: Use --stamp command line flag (#3380)
• Fix workspace for scion image generation (#3379)
• sciond-API: Only have a single Connect method (#3374)
• SPKI: Prototype, sign and combine in one command (#3371)
• SIG: move base to internal (#3369)
• Refactor overlay addresses to always use net.IP (#3332)
• seghandler: Report error if all segments fail to verify (#3368)
• SPKI: Generate issuer and AS config for topo (#3363)
• SPKI: TRC signature combination (#3341)
• update gazelle and rules_go (#3325)
• trustdb: Use transaction for chain insert (#3367)
• Acceptance tests: Move reload_sig function to a library (#3361)
• SPKI: Add AS and Issuer certificate configuration (#3345)
• SPKI: TRC signing (#3340)
• Hide raw topology from mains (#3353)
• Consistently use neigh_ia label name. (#3354)
• snet: remove goconvey (#3350)
• Remove python images from perapp Makefile (#3343)
• SPKI: Remove legacy config definitions (#3342)
• SIG: Move go/sig/metrics to go/sig/internal/metrics (#3326)
• SIG: Sessmon metrics (#3329)
• Use bazel disk cache (#3336)
• SPKI: Prototype TRC generation (#3328)
• SPKI: Remove legacy key generation (#3331)
• periodic: increase period and error verbosity (#3335)
• metrics: do not initialize metrics (#3333)
• Convert more goconvey tests to normal go tests (#3330)
• healthpool: fix flaky test (#3307)
• SPKI: Generate TRC and keys config for topo (#3319)
• snet: Extract PathReplyEntry from Path (#3324)
• Remove addr.L4Info (#3323)
• SIG: Move go/sig/disp to go/sig/internal/disp (#3313)
• errors: Use common.ErrMsg for constants (#3314)
• topo-gen: Create BR dispatcher per BR (#3321)
• Export types of Topology fields (#3320)
• TrustStore: Disable unit tests (#3311)
• Refactor: split pathpol tests into multiple files (#3316)
• SPKI: Add key commands (#3308)
• Remove unused messenger metrics code (#3315)
• segfetcher: Stop fetch loop on errors (#3306)
• periodic: add timeout to all function calls in the tests (#3309)
• SIG: Move xnet to internal (#3300)
• SPKI: Add TRC configuration (#3228)
• Minimized interface argument needed to create default SCMP handler (#3305)
• scion.sh add topo_clean command (#3303)
• SIG: Fix malformed logger invocation (#3302)
• Decouple applications from topology internals (#3299)
• snet: Add stringer to path (#3290)
• showpaths: respect timeout arg (#3291)
• topology: Reduce exposed types, remove unused code (#3277)
• snet: Add scmp handler to NewSCIONPacketConn (#3289)
• metrics: initialize {Counter,Gauge,Histogram} Vec (#3283)
• snet: SCIONPacketConn.ReadFrom - Don't fail on nil argument (#3282)
• br: acceptance setcap on test run (#3284)
• Periodic: add timeouts in tests (#3275)
• segfetcher: Add segreq & revocation metrics (#3264)
• segfetcher: Classify error better (#3272)
• Make specifying zookeeper in topo files optional (#3278)
• topogen: Don't generate unused config files for Go (#3280)
• Remove unused as_conf go library (#3279)
• Improve messenger metrics (#3273)
• metrics: avoid hidden countervec metrics (#3268)
• Fix wrong git checkout path in README (#3266)
• bug: make gomocks work (#3269)
• HP: Add HPGCfgReqHandler (#3260)
• PS: Add metrics for revocation notifications (#3262)
• periodic: make the pkg internal only (#3263)
• Fix typos and increase consistency (#3261)
• Add metrics to the Go dispatcher (#3258)
• Add metrics to snet (#3257)
• Remove old messenger metrics implementation (#3259)
• HP: Add HPSegReqHandler (#3243)
• Periodic: Add basic metrics in the library (#3237)
• Add metrics for SCIOND client API (#3254)
• PS: Add segsyncer metrics (#3241)
• snet: Add path policy support to BaseRouter (#3253)
• Add metrics to reliable socket and reconnecting libs (#3242)
• SD: Add request metrics (#3247)
• snet: Report full info about revocations (#3251)
• SD: returns ErrNoPaths if no paths were found (#3250)
• snet: Add Interfaces() to Path interface (#3252)
• Simplify SCIOND client API implementation (#3244)
• Remove tags make target (#3249)
• PS: Expose request metrics (#3232)
• segfetcher: Keep next query entries when receiving revocations (#3235)
• Update prometheus dependencies (#3239)
• fix: quic message handler okay with not handled message types (#3236)
• Clean up host type in SCIOND-API RPC messages (#3233)
• bs: refactor propagator/registrar/originator metrics (#3207)
• Add Exiry() to Path interface (#3229)
• SPKI: Generate public keys (#3227)
• SPKI: Generate private keys (#3218)
• Use serrors.New instead of common.NewBasicError (#3175)
• TrustStore: Implement inserter (#3225)
• pathpol: Do not use policy.Policy directly (#3173)
• TrustStore: Add ISD inspector (#3223)
• SPKI: Add key configuration (#3217)
• snet: Copy method added to snet.Path (#3226)
• TrustStore: Implement recurser (#3222)
• snet: Add Fingerprint and MTU to Path interface (#3224)
• TrustStore: Implement TRC resolution (#3211)
• Add AllRoutes function to snet.Router (#3221)
• Fix prometheus code in metrics documentation (#3204)
• serrorscheck: Update revision to support differnt string types (#3219)
• TrustStore: Fix flaky unit test (#3216)
• serrorscheck: Use newer revision (#3215)
• serrors: Add nogo check (#3213)
• acceptance: Increase reconnect wait time (#3212)
• TrustStore: Implement crypto provider (#3149)
• Segfetcher: Make NextQuery dependent on segments (#3208)
• keyconf: Load keys from PEM (#3177)
• BR: metrics rework (#3176)
• scrypto: Make LatestVer of type version (#3206)
• BR acceptance: custom parameters (#3203)
• BS: refactor received beacon metrics (#3186)
• README: https clone, not recursive (#3205)
• Add error formatting to serrors examples (#3199)
• Fixes #3194 (#3197)
• bazel: update rules_go (#3200)
• snet: Pass on errors from custom SCMP handlers (#3192)
• Allow "isd loops" by default. (#3184)
• Fix metric names for consistency (#3191)
• discovery: Call correct callback when cleaning dynamic (#3189)
• discovery: Add metrics for itopo and idiscovery (#3181)
• bs: return stats when insert beacon in db (#3182)
• TrustStore: Define components (#3174)
• bs: add revocation metrics (#3167)
• Remove goconvey from config tests (#3179)
• TrustStore: Add metrics (#3169)
• doc: Add metrics doc (#3162)
• Ringbuf: metrics rework (#3165)
• Start removing GetErrMsg == "xx" tests (#3172)
• serrors: Add serrors package (#3159)
• SegVerifier: Set TRC version on verifier (#3171)
• mock: Generate mocks for matched packages (#3150)
• PS: Improve segment registration metrics (#3152)
• Remove more convey (#3158)
• bs: add keepalive metrics (#3151)
• Add dependencies to the "install Bazel" step (#3164)
• disp: Add missing element ID export (#3163)
• prom: Remove custom registry (#3161)
• BK: Add automatic retry for jobs that lost their agent (#3156)
• Use bazelrc to set build options (#3157)
• CI: Fix build by making app_builder dependency explicit (#3155)
• Remove c/ (#3144)
• Make env assumptions more explicit. (#3143)
• SPKI: Add TRC signature combination (#3137)
• topo-gen: Use go dispatcher for SIG (#3139)
• snet: Use correct base conn (#3134)
• showpaths: Fix probing (#3127)
• jaeger: Fix storing segments (#3131)
• Fix build for ARM 32 bit (#3129)
• Update jaeger all-in-one image to 1.14 (#3128)
• SPKI: Use RunE in cobra commands (#3102)
• dispatcher socket file mode. (#3124)
• HP: Registration Handler tests (#3123)
• HP: Add HPSegRegHandler (#3075)
• BS: Configurable RevConfig (#3111)
• BS: Make ifstate metric useful (#3105)
• sciond socket file mode. (#3099)
• Acceptance: Increase timings in discovery tests (#3095)
• Fix topo_br_reload_if_* acceptance tests (#3096)
• Acceptance: Reduce query interval on sciond (#3089)
• PS: Log & return err from segfetcher (#3092)
• Avoid cgo in lib/overlay/conn to simplify cross-compilation (#3064)
• generator: Use scion-pki tool (#3084)
• Acceptance: Add SIG test with short-lived segments (#3085)
• pathpol: Clean test formatting (#3086)
• Add seghandler to verify and store segs & revs (#3081)
• Add method to filter segments with a path policy (#3072)
• SPKI: Generate templates from topology file (#3079)
• SIG: Tighten the API between main and ingress/egress (#3018)
• Disp: Do not allow running as root (#3074)
• CPPKI: Emphasize best-effort revocation + CAP trade-off (#2932)
• PS: Remove superfluous handler timeout (#3080)
• BR: reconnect to dispatcher support (#3040)
• SPKI: Display human readable TRCs (#3068)
• proto: Make test run in bazel (#3073)
• pathpol: Update design doc (#3070)
• Guard pkt parsing through defer/recover (#3060)
• errors: add support for Is and Unwrap (#3048)
• SPKI: Generate TRC signatures (#3056)
• proto: Re-enable catching panics in proto library (#3059)
• db-test: Create new context after reopening DB (#3062)
• Pathpol: Change policy in options (#2349)
• PS,SD: Use revocations from SegReply to invalidate NextQuery (#3058)
• Use bazel fetch to get everything needed by the go toolchain. (#3061)
• hpkt: Error on small-sized packets (#3055)
• Remove Convey from layers package (#3051)
• segfetcher: Improve logging / documentation (#3054)
• SPKI: Generate prototype TRC (#3049)
• HP: add hidden path segment extension (#3053)
• Remove goconvey from go/lib/hpkt (#3039)
• PS,SD: Use new path lookup strategy (#2997)
• segfetcher: Add functionality to delete NextQuery entries (#3046)
• HP: HiddenPathDB interface and PathDB Adapter (#3044)
• sciond: Fix bug with new error reporting (#3047)
• segfetcher: Consider revocations in resolver (#3045)
• sciond: Fix TRC not found locally error logic (#3043)
• BR: improve control error messages (#3029)
• Move segutil from PS to revcache (#3041)
• Add test to check that all feature flags are boolean (#3036)
• verifier: Make acceptable TS range configurable (#3003)
• sciond: Improve GetPath error messages (#3035)
• brconf: remove unu...

v0.3.1

• Fix deadlock in memrevcache (#1895)
• Update PathSegment string representation. (#1894)
• PS: Fix race condition in segsyncer, save ns in sqlite (#1888)
• Segverifier, PS, SD fixes/improvements (#1887)
• End2End: retry earlier if we receive a revocation (#1886)
• Try to ensure that addr.HostIPv4 is 4 bytes. (#1885)
• CS: Reply to newest version requests (#1883)
• Extract common topology-related ops from Go SD and PS (#1850)

v0.3.0

• PS: Add missing initialization of config (#1882)
• Enable dispatcher reconnection logic in Go infra (#1854)
• sciond: Workaround for first hop border router outage (#1877)
• Handle loops in path combinator (#1874)
• sciond: Periodically refetch path segments (#1872)
• Add graphupdater to generate test graph from topo (#1866)
• pathdb: Store next query instead of LastQuery (#1869)
• sciond: Fix handling of ISD-0 request (#1865)
• Disallow illegal link types in lib/topology. (#1871)
• Update to packaging 17.1 (#1870)
• lint: Use lll to check line len in go code (#1860)
• Switch from goimports to impi. (#1861)
• PS: Periodically refetch segments for a dst (#1856)
• PS: Small fixes (#1851)
• Fix Go SCIOND test for new topology (#1805)
• Drop handwritten messenger mock (#1845)
• Introduce iface variables for the dflt test graph (#1849)
• PS: Introduce messages for the new down segment sync (#1848)
• Remove generated mocks from git (#1847)
• PS: Sync downSegs periodically not on receive (#1841)
• Remove import workaround for gomock (#1843)
• PS: Hold request until up-/core-segs are available (#1840)
• Implement reconnecting proxy on top of snet (#1833)
• Introduce various convenience methods (#1831)
• Introduce cleaner, to periodically clean the pathDB (#1830)
• pathdb: Enhance query.Params (#1832)
• Handle IFStateInfo messages in PS (#1828)
• Add a periodic task runner (#1823)
• Use a named struct for SegReq flags (#1827)
• trust: Use constant for latest version (#1822)
• Rename infra.MessageTypes to shorter names (#1826)
• Initial go PS (#1783)
• PS-DD: Add details about down seg sync (#1798)
• Remove superfluous pathdb.DB abstraction (#1812)
• Add RawWriteTo method to PathSegment in seg.go (#1811)
• sciond: Increase timeout for PathReply processing (#1808)
• Fix writing of offsets in scion packets (go) (#1810)
• Timeout of 0 in snet and reliable now means infinity (#1809)
• snet: fix panic in Listen (#1806)
• Don't use sudo -v (#1807)
• PS: Make py-PS interoperable with go-PS (#1790)
• Add timeout support for custom network snet (#1804)
• SIG: Add retry and timeout while connecting to SCIOND (#1802)

Breaking changes

• BR: Control/Data plane split (#1797)
• Refactor TopoAddr from RAI and related tests (#1829)