Releases: scionproto/scion
v0.12.0 "Rooterberg"
What's Changed
New Features and improvements
- The dispatcher is gone! Well, mostly. We still have a shim for backward compatibility.
- The migration to ConnectRPC has begun. The first PR has been merged. Many more to come.
- We now build RPM packages for the x86_64 platform. Stay tuned for other platforms as the Bazel rules improve.
- The router code got faster by about 15%.
- For the price of one small patch, SCION can now build for windows too.
- Scion-pki has acquired some new features. Find them in the scion-pki documentation.
Documentation
- We have updated and improved the deployment tutorial.
- The cryptography documentation now includes instructions to use scion-pki and sports a ceremony script builder UI (yes, embedded in the documentation!).
- Added OpenWRT installation instructions.
Configuration Changes
- The unused
QUIC
configuration field is gone from the Control Service's schema. It must be removed from toml files. - The router configuration gained a new field:
router.bfd
. This allows to configure BFD on all links by default. Subfields are the same as in the bfd field of links in the topology configuration. The defaults apply to links that do not have an explicit configuration for a given field. Previously, this was done by setting the environment variablesSCION_EXPERIMENTAL_BFD_*
. Those are now ignored. - The topology.json file gained a new field:
dispatched_ports
. While transitioning away from the dispatcher, SCION applications on dispatcher-less hosts are expected to listen on a restricted port range. This must be set to the same value on updated hosts and on their updated border routers. The recommended value isdispatched_ports="31000 - 32767"
. This must be configured, there is no safe default. - The field "reconnect_to_dispatcher" is gone. It must be removed from all toml files (i.e. the control service and the SCION daemon).
Building, Testing, and Code Quality
As usual, we've put quite a bit of effort in improving build reliability, burying dead code, simplifying, adding tests, fixing flakes, filling potholes, and complying with best practice and standards (including SCION published specs). Most notable in the latter category were:
- router - race condition: #4282 - Another finding of VerifiedSCION (Thanks @jcp19!)
- router - drop invalid packets packets: #4415, #4558
- router - return SCMP on invalid dst address: #4126
- router - strengthen the checks performed by parsePath: #4524, #4531 - Another findind of VerifiedSCION (Thanks @jcp19 and @mlimbeck!)
- topology - allow peering links between core ASes: #4484
We have also made a small improvement to Wireshark's SCION support: heuristic detection of SCION traffic is now supported. With the removal of the dispatcher and associated limited port range, this became nice-to-have.
Dependencies
We have updated a few of our dependencies. Most notably our minimum Go version, which is now 1.22.7. Also updated are:
- Certifi: 2024.2.2 -> 2024.7.4
- Antlr: 0.6.0 -> 0.6.1
- rules_js: 1.33.1 -> 2.0.0-rc6
- nodejs: latest -> 16.19.0
- pnpm: latest -> 9.4.0
- spectral-cli: 6.11.0 -> 6.11.1
New Contributors
- @mseewer made their first contribution in #4532
- @GioBar00 made their first contribution in #4536
- @martenwallewein made their first contribution in #4610
- @thomasgruebl made their first contribution in #4619
Full Changelog: v0.11.0...v0.12.0
v0.11.0 "Schibegütsch"
What's Changed
Path Segment Validity / CP-PKI
Path segment validation is now more strict. The lifetime of a path segment needs to be fully covered by the validity period of the signing certificate chain. Previously, the certificate chain only needed to be valid at the time of verification.
Segments that are valid under this stricter regime have been created since v0.9.0, thus this stricter check is expected to be compatible with all ASes operating at least v0.9.0.
See #4286 for more details.
Configuration
Simplify the configuration of the local address of a router interface. The fields public
and bind
have been combined into a single field local
. The new field explicitly allows omitting the IP address, in which case the router binds to the wildcard IP.
The old public
and bind
fields are still accepted, but have been documented as deprecated and will be removed in a future release.
Refer to manual section on the topology.json file or #4489 for more details.
Management API
Added support for deleting segments and beacons.
Refer to the Open API section in the control service manual for more details (DELETE /segments/{segment-id}, DELETE /beacons/{segment-id}).
Dependencies
Update various dependencies; in particular, update quic-go to v0.43.1, go-toml to v2, security updates for lestrrat-go/jwx, x/crypto, and x/net.
Packages
In addition to the Debian packages built since the last release, we now also build packages for OpenWRT.
As the toolchain is relatively complicated, only x86_64 is supported for now. Like the .deb packages, these OpenWRT packages are not published in a package repository just yet. Packages for release versions are attached to the release. Packages for in-development versions are available from the latest nightly build.
See the installation manual page for more details.
Bug fixes
- paths: Add check for hopfield count <= 64 when deserializing a scion path by @jiceatscion in #4483
Thanks to @jcp and the VerifiedSCION project for this bug report #4482 - router: factor out platform-dependent underlay conn flags by @marcfrei in #4507
This allows building the router for non-Linux platforms, in particular macOS or BSD. - pathpol: ensure deserialized ACL has default rule by @fbuetler in #4505
- router: forbid bouncing packets internally by @matzf in #4502
Thanks to @mlimbeck and the VerifiedSCION project for this bug report #4497 - router: optimize computeProcID by @jiceatscion in #4520
New Contributors
- @cdekater made their first contribution in #4435
- @MatthewCroughan made their first contribution in #4466
- @tzaeschke made their first contribution in #4500
- @fbuetler made their first contribution in #4505
Full Changelog: v0.10.0...v0.11.0
v0.10.0 "Stäfeliflue"
What's Changed
Dependencies
Update various dependencies; in particular, update quic-go to v0.40.0.
Update to go 1.21, building with go 1.21.3.
Packages
Build debian packages for the SCION services and tools for multiple target platforms (x86-64, arm64, x86-32 and arm).
These packages are not published in a package repository just yet. Packages for release versions are attached to the release. Packages for in-development versions are available from the latest nightly build.
See the installation manual page for more details.
Internal / Testing
Add benchmark tests for the router to track the packet forwarding performance.
These benchmarks are run in the CI, failing on unexpected performance regressions. The benchmark can also be run locally to determine the performance impact of any changes. For this, run e.g. bazel test --test_output=streamed -t- //acceptance/router_benchmark:test
and inspect the measured performance in the test output.
Bug fixes
- daemon: fix docstring for latencies in protobuf file by @mlegner in #4443
- processmetrics: explicit type conversion to support arm64 by @mlegner in #4446
- bazel: update bazelisk and support arm64 by @mlegner in #4447
- prometheus: fix copying of metrics labels by @sustrik in #4450
- pkg/log: fix panic when using custom Logger by @lukedirtwalker in #4452
- daemon: error out when using drkey endpoints without configured drkey by @rohrerj in #4453
- tools: fix wireshark dissector TLV options without data by @marcodermatt in #4458
Full Changelog
New Contributors
- @marcodermatt made their first contribution in #4458
v0.9.1
What's Changed
- Update google.golang.org/grpc dependency and set MaxConcurrentStreams, to address gRPC-Go HTTP/2 Rapid Reset vulnerability.
Full Changelog: v0.9.0...v0.9.1
v0.9.0 "Bürgenstock"
What's Changed
Peering links
Peering links in the topology are supported, in both the control plane (control
) and the data plane (router
).
Configuring a peering link requires setting the interface ID in the remote AS, see remote_interface_id
in the configuration manual.
Router Performance Improvements and Slow-Path Packet Handling
An internal restructuring of the router
decouples receiving, processing and forwarding packets. Directly, this restructuring brings modest performance improvements, and enables a special, lower priority processing of any exceptional cases (SCMP traceroute requests, and SCMP error messages).
This will be the basis for more performance tuning in the future.
Receive and send buffer sizes, batch sizes as well as the number of packet processing goroutines can now be tuned. See router
in the router configuration manual.
DRKey and SPAO
Dynamically-Recreatable Key (DRKey) is a system to establish shared symmetric keys between any two hosts in SCION, based on a key-derivation hierarchy that requires explicit key exchange only on the level of ASes. These keys are intended to be used primarily for packet authentication, in the form of the SCION Packet Authentication Option (SPAO) in the end-to-end packet extension header.
The control
service now includes an implementation of the DRKey infrastructure. This system is still somewhat experimental and is disabled by default. See drkey
in the control service configuration manual.
The AS-level key exchanges in DRKey rely on TLS for authentication, based on the SCION control-plane-PKI AS certificates.
As a side-effect of this, all other RPC invocations between control services now use the CP-PKI AS certificates, too. Previously, this had not been required, as all other RPCs control messages that were directly authenticated.
The router
includes an experimental and somewhat incomplete implementation of SPAO-based authentication of SCMP messages. This, too, is disabled by default.
Command line tools
scion ping
set payload size appropriately if--max-mtu
is set (#4250) and and add new option--packet-size
that allows setting the final packet size (#4251).- Add machine readable output (json/yaml) for
scion ping
scion traceroute
andscion showpaths
with the newformat
option (#4287). - Use the same emoji encoding mapping as smallstep in
scion-pki certificate fingerprint --format emoji
(#4252). - Add
scion-pki key fingerprint
command to calculate SubjectKeyID (#4253).
Go packages:
- pkg/snet: support URI style UDPAddr encoding (#4254).
- pkg/addr: replace
addr.HostAddr
hierarchy with tagged unionaddr.Host
.
Additionally, add a new addr.Addr type representing a full SCION address (ISD, AS and host address), including parsing functionality. This definition is identical to thesnet.SCIONAddress
type, which is now only kept as a type alias for compatibility (#4346).
sqlite Implementation and Platform Compatibility
By default, the SCION components now use a pure Go implementation of sqlite (modernc.org/sqlite) and build without CGo. This allows to build the SCION components as statically linked binaries, removing any dependence on a minimum libc or libresolv version.
Gobra CI
All pull-requests now run through formal program verification using Gobra. Only a small fraction of the source code carries the annotations that enable the verification, but already some bugs in edge cases could be discovered and fixed.
Full Changelog
Upgrading
router
router
now validates that the source IP address of transit packets match the IP address of the corresponding other router (#4157). This could be incompatible with certain asymmetric NAT setups.
Configuration
- toml key
trustengine.cache.expiration
now expects a formatted duration string, instead of an integer number of nanoseconds.
Go package API
- pkg/snet:
IntraASPathQuerier
has been removed (moved to internal library) as it was not working correctly and not widely used. - pkg/addr: replace
addr.HostAddr
hierarchy with tagged unionaddr.Host
(#4346).
The attached gopatch file can automatically patch some of the affected consumer code, but some manual changes are likely still necessary. - pkg/slayers:
SetNetworkLayerForChecksum
now only accepts a type-safe*slayers.SCION
. - pkg/slayers/path:
MaxTTL
is now atime.Duration
instead of anint
number of seconds.
Deprecations
- topology.json: the AS attributes
authoritative
,voting
, andissuing
are ineffective and should no longer be used (#4333). scion showpaths
: the--json
flag is deprecated in favor of the--format=json
option.
New Contributors
- @gavinleroy made their first contribution in #4229
- @kmavromati made their first contribution in #4237
- @jcp19 made their first contribution in #4187
- @bunert made their first contribution in #4250
- @fstreun made their first contribution in #4289
- @VickyMerzOwn made their first contribution in #4292
- @marcfrei made their first contribution in #4298
- @rohrerj made their first contribution in #4304
- @dependabot made their first contribution in #4316
- @MrR0b0t14 made their first contribution in #4341
- @steffenfritz made their first contribution in #4345
- @jBainMartincoit made their first contribution in #4349
- @HawkCorrigan made their first contribution in #4358
- @uniquefine made their first contribution in #4367
- @jiceatscion made their first contribution in #4373
- @edoardottt made their first contribution in #4419
v0.8.0
Full Changelog: v0.7.0...v0.8.0
What's Changed
The repository is completely restructured. We follow a more idomatic pattern and
make the separation between code that is private and code that is importable by
external parties more obvious.
The overall structure was discussed in #4076.
- Each service and command line tool gets a top-level directory. (e.g. daemon)
- Packages that are shared across multiple applications are grouped in the private directory.
This should indicate that these packages are not intended to be used by external
parties, and that semantic versioning will not apply to these packages. - Project local developer tools are grouped in the tools directory.
- Code that is intended to be consumed by external third parties is grouped in the pkg directory.
To smoothen transition, we kept track of the move in a gist :
- shuffle.yml: lists all the moved packages and their targets.
- go-imports.sh: fixes the imports.
New Contributors
v0.7.0
Full Changelog: v0.6.0...v0.7.0
v0.6.0
Release notes
This release uses the new application names. The changes are as follows:
- BR is now referred to as (POSIX) Router
- SIG is now referred to as (POSIX) Gateway
- SCIOND/SD is now referred to as Daemon
Note that the binary/docker container names are slightly different (e.g.,
the Control Service/CS is called control
).
New features
-
daemon: modify default db connection values to
[trust_db] connection = "/share/data/sd.trust.db" [path_db] connection = "/share/cache/sd.path.db"
-
cmd/scion: path lists for
showpaths
,ping
, andtraceroute
are now sorted. -
cmd/scion: path lists for
showpaths
,ping
, andtraceroute
are colored by
default. The coloring can be turned off by specifying the--no-color
flag. -
cmd/scion: path lists for
showpaths
can be filtered based on a sequence flag input. -
control: Use gRPC for all RPCs that the control service is involved in.
CS to CS communication is achieved with gRPC over QUIC/SCION. Router to CS,
and SCION Daemon to CS communication is established with gRPC over TCP/IP. -
control: CA Control Services will now periodically pick up new client certificates
from disk. -
daemon: Use gRPC over TCP/IP for RPCs to the control service.
-
all: add
log/level
HTTP API endpoint to all services. The endpoint allows querying and setting
the log level dynamically.# GET shows the current log level. $ curl <ip:port>/log/level {"level":"debug"} # PUT sets the current log level. $ curl -X PUT <ip:port>/log/level -d '{"level":"info"}' {"level":"info"}
-
gateway: Query SCION daemon for local ISD-AS. This allows the
gateway to infer the local ISD-AS without it being configured in the
config file. -
gateway: Infer local IP if not configured in the config file.
-
router: Routers now establish intra-AS and
inter-AS Bidirectional Forwarding Detection sessions. Between ASes, one
session is established for each pair of SCION Interface IDs. Inside ASes,
one session is established for each pair of routers. -
router: Metric names have changed.
-
Allow BFD configuration for external interfaces through the topology file.
-
Gateway can be configured to use different control and data IP addresses.
-
cmd/scion: More granular exit codes.
ping
now exits with code 1 if no reply packet was received. If at least one
packet was received, the exit code is 0. If any other error occurred, the exit
code is 2.traceroute
now exits with code 1 if any packet is dropped. If any other
error occurred, the exit code is 2.showpaths
now exits with code 1 if no path is alive and probing is not
disabled. If probing is disabled, and at least one path is found, the exit
code is 0. If any other error occurred, the exit code is 2. -
router: list of interfaces in
/status
page is now sorted -
control/daemon: The new path lookup strategy is now implemented. This
is a breaking change as the wire format of control messages has been changed.
Segment synchronization in the core is no longer needed. Instead in the lookup
we fetch down segments from each core we want to have down segments from.
All connected daemons/control services should be updated at the same time. -
Allow BFD configuration for external interfaces through the topology file.
-
Gateway can be configured to use different control and data addresses.
-
Daemon: Use the default SCION Daemon API port (30255) if the address in the
config toml does not specify a port or uses zero. -
cmd/scion: More granular exit codes.
ping
now exits with code 1 if no reply packet was received. If at least one
packet was received, the exit code is 0. If any other error occurred, the exit
code is 2.traceroute
now exits with code 1 if any packet is dropped. If any other
error occurred, the exit code is 2.showpaths
now exits with code 1 if no path is alive and probing is not
disabled. If probing is disabled, and at least one path is found, the exit
code is 0. If any other error occurred, the exit code is 2. -
log: Add a config option to set the stacktrace level for logging.
-
Updated Wireshark SCION dissector plugin.
-
router: add two metrics that expose the service instances state as seen by the
data plane:router_service_instance_changes_total
router_service_instance_count
Consult the router metrics documentation for more information.
-
cs: metrics are are more unified. Check the upgrade notes for details.
-
gateway: The gateway now has dynamic IP prefix discovery. To manage the IP prefix
discovery a routing policy file is used. It is described here: Gateway routing policy
documentation -
gateway: The gateway now supports prefix pinning. To manage the prefix pinning the
allow_interfaces
property in the gateway section of the topology file can be used. A more
extensive description will follow on the Gateway documentation
page
Known issues
-
There is currently no way to disable the HTTP API without also disabling metrics. If
there are security concerns about the API (e.g., it's possible to degrade application
performance without authentication by downgrading logging todebug
) it should
be firewalled. The full APIs can be found in the documentation site:
Upgrade notes
-
The format of SCION packets has changed. The new format is incompatible with previous versions.
This affects all SCION-speaking processes (routers, gateways, control services, dispatchers,
tooling). This requires a synchronized upgrade of all existing networks. -
The format of SCION control-plane RPCs has changed from capnp messages to gRPC. The new
format is incompatible with previous versions. The change affects daemons and control services.
This requires a synchronized upgrade of all existing daemons and control services. -
The formats of Gateway packets and RPCs have changed. The new formats are incompatible with
previous versions. The change affects gateways. This requires a synchronized upgrade of all gateways. -
The communication patterns of Gateway RPCs have changed.
-
Keepalives have been removed and replaced by BFD. See the New features section for more
information. -
Container names for released applications have changed. The names have changed as follows:
scion_cs
is nowcontrol
scion_sciond
is nowdaemon
scion_dispatcher
is nowdispatcher
scion_sig
is nowposix-gateway
scion_border
is nowposix-router
-
The
scmp
command has been deleted. The scion command should cover the functionality,scmp tr
is nowscion tr
andscmp echo
is nowscion ping
. Note that the format of the arguments has
changed, check against the respective--help
output. -
The logging format changed (we use a new logging library), if any tools relied
on the exact log output format they need to adapt. Configuration and
functionality wise nothing changed. -
cmd/scion: path lists for
showpaths
,ping
, andtraceroute
now group
paths by hop count. A grouping header is introduced. -
infra: With the switch to a new messenger stack, all ASes need to be updated in sync.
-
control: With the switch to the new gRPC stack, segment requests no longer have the
cache_only
flag. -
SCION daemon users: The
path_count
config option was removed from the SCION daemon client
configuration. The flag was never actually used previously and was thus removed. -
gateway: Field
isd_as
is removed from the[sig]
section of the gateway config file. -
docker: the entrypoint and cmd configurations of containers have changed. The entrypoint
now contains only the application name, and the cmd contains the arguments. -
logging: file logging support is removed without replacement. It is recommended to use stdout logging at the appropriate level and collect the logs manually via another mechanism (docker, journald, etc.).
-
control: The sample config and policy files are now displayed using the
sample
command:cs sample config cs sample policy
-
control: The open-source Control Service database configurations no longer allow for a backend to specified. The configuration rules for the closed-source Control Service did not change.
-
daemon: The sample config is now displayed using the
sample
command:sciond sample config
-
daemon: SCION Daemon database configurations no longer allow for a backend to specified. Configurations with trust_db.backend or path_db.backend specified will cause the application to error out on start-up.
-
showpaths: The
showpaths
binary has been removed. All users of it should now use thescion showpaths
(scion sp
short). It supports the same features but the command line slightly changed, usescion sp help
to find details about its usage. -
control: TOML configs must not include certificates for QUIC connections.
- cert_file = "/share/conf/quic/tls.pem" //removed
- key_file = "/share/conf/quic/tls.key" //removed
-
gateway: TOML configs have to be changed in the following way:
- The
ip
...
- The
v0.5.0
Commits:
- Fix nightly build (#3693)
- New system for gathering license files (#3692)
- scmp/showpaths: remove local address flags (#3691)
- snet: API function/type renaming (#3690)
- colibri: add ctrl structs for requests (#3685)
- SIG: Pass both control and data address in probes (#3689)
- SIG: Move sig.json parsing into a shared library (#3688)
- br: Add status page (#3687)
- Fixed HBH ext parse panic when start >= end (#3674)
- Build all in CI (#3686)
- toml: use snake_case remove unused properties (#3684)
- COLIBRI: AS-to-AS capnp definitions (#3660)
- colibri: add basic request payload types (#3658)
- Guard against system clock moving backwards. (#3679)
- BR acceptance test: Add an option to sleep after setup step (#3678)
- log: Clean log package & move config to log package (#3677)
- Remove unused/obsolete python code (#3670)
- log: rename LogPanicAndExit to HandlePanic (#3642)
- Fix distroless build error (#3673)
- SPKI: Add verify commands (#3672)
- Move go/sig/internal/disp to go/lib (#3671)
- Log local address with IA when registering to dispatcher (#3669)
- Remove unused sd_client config from control service (#3668)
- SIG: Move pathmgr to a library (#3667)
- SIG: Move definition of SIG control messages to go/lib/ctrl (#3665)
- sd: state connection db is required in help (#3666)
- braccept: expired revocation on interface not owned (#3664)
- Lint: Update flake8 (#3559)
- Avoid net.ResolveUDPAddr in snet.UDPAddrFromString (#3662)
- Lint: Add linter for log statements (#3663)
- TrustStore: Ensure referenced TRC is available (#3629)
- Colibri.service.design (#3653)
- Refactor itopo initialization (#3661)
- SIG: Make the snet connection in ingress.Dispatcher mockable (#3659)
- Fake SCIOND: Use MTU of 1472 (#3657)
- Delete Discovery Service (#3656)
- Monolithic Control Service (#3652)
- Fix snet.UDPAddress parsing & serialization (#3650)
- Msgr: Fix svc redirect in UDP only mode (#3649)
- SIG: Option to configure number of paths retrieved (#3639)
- SIG: Dispatcher bypass (#3646)
- Remove snet.Addr (#3644)
- Remove convey from tests in lib/addr (#3643)
- Adapt pathpol.Path interface to snet.Path (#3640)
- Document our use of su-exec and why. (#3638)
- keyconf: Remove unused code (#3630)
- ci: Fix remote caching (#3633)
- Fix bug in dispatcher (#3637)
- dispatcher: Fix bug in dispatcher library read function (#3635)
- ci: Add dockerized integration tests (#3627)
- godispatcher: Split out a library that could be linked into apps (#3634)
- SPKI: Return error if keyloading fails (#3632)
- Use snet.{UDP,SVC}Addr instead of snet.Addr everywhere (#3631)
- Use /topology endpoint for topology reload tests (#3622)
- CPPKI: Polishing the TRC and certificate format (#3602)
- TrustStore: Add metrics (#3628)
- SPKI: tmpl error if no voting/issuing AS is specified (#3596)
- TrustStore: Improve error context (#3620)
- Add more context when config loading or log init fails (#3624)
- ci: announce_rc file in bazel (#3609)
- dispatcher: Remove obsolete field (#3614)
- ci: Use trace logging in integration tests (#3621)
- Fix connected Write on snet.Conn (#3617)
- Simplify bazel SIG tests (#3616)
- cert renewal: Adapt request to design document (#3612)
- CPPKI: Define certificate renewal interaction (#3598)
- Fix metric names (#3611)
- Make sure file logs works (#3601)
- CI: Use bazelrc_ci always on CI (#3591)
- Add primary attributes to topology file (#3607)
- Add HTTP status pages (#3608)
- PS: Remove request holding (#3604)
- Fix gomocks (#3606)
- Remove forgotten configuration types from beacon_srv (#3603)
- Monolithic Control Service POC (#3590)
- Add bazel icon to bazelified pipeline tests (#3600)
- Delete old crypto code move v2 inplace (#3597)
- Clean up pipeline file names (#3599)
- Add support for log compression (#3592)
- Add IPv6 ASes to test topology (#3593)
- snet: do not use snet.Addr in read/write functions (#3583)
- CI: add bazel timestamps and enable local run of the pipeline (#3589)
- SPKI: Improve help messages (#3567)
- CI: Delete old pipeline and associated files (#3581)
- SPKI: Fix template generation (#3587)
- Topo file: add support for v2 trust attributes (#3586)
- BS: reduce interface state to active/revoked (#3572)
- Remove AppAddr from SIG code (#3578)
- CI: Use bazel cache also for acceptance tests (#3582)
- SH: Only build necessary binaries (#3566)
- Remove path resolution step from snet writes (#3571)
- MD: Update badge (#3579)
- CI: Add python unit tests (#3577)
- CI: Remove explicit scionproto2 references (#3573)
- Cert renewal: Add request struct for v2 (#3548)
- Do not use appaddr in cert_integration (#3553)
- ci: add go integration tests with supervisord (#3526)
- python: Fix YAMLLoadWarning (#3565)
- CI: move bazel-cache bucket name into env (#3564)
- CI: add revocation tests to pipeline 2 (#3563)
- snet: Add context to Dispatcher and Listen and Dial (#3562)
- Convert sig_short_exp acceptance to use Bazel (#3561)
- Make scmp.Error compatible with go 1.13 error funcs (#3558)
- Remove direct xerrors dependency (#3555)
- Remove common.GetErrorMsg (#3554)
- Fix BR acceptance tests in old CI pipeline (#3557)
- Migrate sig_failover_acceptance to bazel (#3550)
- SIG: Move sigcmn to internal (#3545)
- Remove overlay.OverlayAddr (#3552)
- CPPKI: Do not double base64 encode (#3549)
- BR: Fatal on irrecoverable errors (#3547)
- BS: Register one-hop dispatcher without timeout (#3546)
- Tracing: Add span logger (#3544)
- CI: Add acceptance tests to new pipeline (#3537)
- Acceptance: Disable convoluted tests (#3542)
- Add simple UDP proxy written in Go (#3540)
- TrustStore: Combine components to Store (#3538)
- Fix removing IPv6 registrations in godispatcher (#3531)
- perapp: Simplify Makefile (#3539)
- TrustStore: The great export (#3530)
- CI: Fix failure in lint steps of new pipeline (#3533)
- CS: Refactor to the common setup pattern (#3535)
- TrustStore: Add Implementation for GetASKey (#3536)
- Consistently handle nil in Copy implementations (#3534)
- keyconf: Add key ring (#3528)
- TrustStore: unify interface (#3532)
- snet: Allow dial/listen using IPv6 addresses (#3522)
- infra: Refactor signer/verifier (#3529)
- CI: Add lint steps to new pipeline (#3520)
- TrustStore: implement RPC interface (#3527)
- snet: refactor Listens and Dials (#1694) (#3521)
- Fix nil-pointer dereference in sciond.Path.String (#3519)
- Add missing license header (#3518)
- TrustStore: add verifier implementation (#3513)
- TrustStore: Add signer (#3516)
- sciond-lib: Add IFInfo function back to connector interface (#3514)
- topogen: remove CA generator (#3515)
- dispatcher: Fix registration with length 16 IPv4 addresses (#3512)
- TrustStore: Provider handles certificate chains (#3496)
- TrustStore: Purge cache (#3510)
- CI: Initial new pipeline (#3505)
- TrustStore: Add chain request handler (#3500)
- topology: replace SCIONAddress with net.UDPAddr os (#3507)
- TrustStore: Resolver handles certificate chains (#3495)
- TrustStore: Add TRC request handler (#3499)
- TrustStore: Add TRC push handler (#3498)
- TrustStore: Add chain push handler (#3501)
- TrustStore: Inserter handles chains (#3494)
- common/infra: Don't panic on nil (#3506)
- TrustDB: Implement GetIssuingKeyInfo (#3503)
- TrustStore: Add help message to tests (#3504)
- SIG: SessPath key truncated to ...
v0.4.0
- Bazel: Use --stamp command line flag (#3380)
- Fix workspace for scion image generation (#3379)
- sciond-API: Only have a single Connect method (#3374)
- SPKI: Prototype, sign and combine in one command (#3371)
- SIG: move base to internal (#3369)
- Refactor overlay addresses to always use net.IP (#3332)
- seghandler: Report error if all segments fail to verify (#3368)
- SPKI: Generate issuer and AS config for topo (#3363)
- SPKI: TRC signature combination (#3341)
- update gazelle and rules_go (#3325)
- trustdb: Use transaction for chain insert (#3367)
- Acceptance tests: Move reload_sig function to a library (#3361)
- SPKI: Add AS and Issuer certificate configuration (#3345)
- SPKI: TRC signing (#3340)
- Hide raw topology from mains (#3353)
- Consistently use neigh_ia label name. (#3354)
- snet: remove goconvey (#3350)
- Remove python images from perapp Makefile (#3343)
- SPKI: Remove legacy config definitions (#3342)
- SIG: Move go/sig/metrics to go/sig/internal/metrics (#3326)
- SIG: Sessmon metrics (#3329)
- Use bazel disk cache (#3336)
- SPKI: Prototype TRC generation (#3328)
- SPKI: Remove legacy key generation (#3331)
- periodic: increase period and error verbosity (#3335)
- metrics: do not initialize metrics (#3333)
- Convert more goconvey tests to normal go tests (#3330)
- healthpool: fix flaky test (#3307)
- SPKI: Generate TRC and keys config for topo (#3319)
- snet: Extract PathReplyEntry from Path (#3324)
- Remove addr.L4Info (#3323)
- SIG: Move go/sig/disp to go/sig/internal/disp (#3313)
- errors: Use common.ErrMsg for constants (#3314)
- topo-gen: Create BR dispatcher per BR (#3321)
- Export types of Topology fields (#3320)
- TrustStore: Disable unit tests (#3311)
- Refactor: split pathpol tests into multiple files (#3316)
- SPKI: Add key commands (#3308)
- Remove unused messenger metrics code (#3315)
- segfetcher: Stop fetch loop on errors (#3306)
- periodic: add timeout to all function calls in the tests (#3309)
- SIG: Move xnet to internal (#3300)
- SPKI: Add TRC configuration (#3228)
- Minimized interface argument needed to create default SCMP handler (#3305)
- scion.sh add topo_clean command (#3303)
- SIG: Fix malformed logger invocation (#3302)
- Decouple applications from topology internals (#3299)
- snet: Add stringer to path (#3290)
- showpaths: respect timeout arg (#3291)
- topology: Reduce exposed types, remove unused code (#3277)
- snet: Add scmp handler to NewSCIONPacketConn (#3289)
- metrics: initialize {Counter,Gauge,Histogram} Vec (#3283)
- snet: SCIONPacketConn.ReadFrom - Don't fail on nil argument (#3282)
- br: acceptance setcap on test run (#3284)
- Periodic: add timeouts in tests (#3275)
- segfetcher: Add segreq & revocation metrics (#3264)
- segfetcher: Classify error better (#3272)
- Make specifying zookeeper in topo files optional (#3278)
- topogen: Don't generate unused config files for Go (#3280)
- Remove unused as_conf go library (#3279)
- Improve messenger metrics (#3273)
- metrics: avoid hidden countervec metrics (#3268)
- Fix wrong git checkout path in README (#3266)
- bug: make
gomocks
work (#3269) - HP: Add HPGCfgReqHandler (#3260)
- PS: Add metrics for revocation notifications (#3262)
- periodic: make the pkg internal only (#3263)
- Fix typos and increase consistency (#3261)
- Add metrics to the Go dispatcher (#3258)
- Add metrics to snet (#3257)
- Remove old messenger metrics implementation (#3259)
- HP: Add HPSegReqHandler (#3243)
- Periodic: Add basic metrics in the library (#3237)
- Add metrics for SCIOND client API (#3254)
- PS: Add segsyncer metrics (#3241)
- snet: Add path policy support to BaseRouter (#3253)
- Add metrics to reliable socket and reconnecting libs (#3242)
- SD: Add request metrics (#3247)
- snet: Report full info about revocations (#3251)
- SD: returns ErrNoPaths if no paths were found (#3250)
- snet: Add Interfaces() to Path interface (#3252)
- Simplify SCIOND client API implementation (#3244)
- Remove tags make target (#3249)
- PS: Expose request metrics (#3232)
- segfetcher: Keep next query entries when receiving revocations (#3235)
- Update prometheus dependencies (#3239)
- fix: quic message handler okay with not handled message types (#3236)
- Clean up host type in SCIOND-API RPC messages (#3233)
- bs: refactor propagator/registrar/originator metrics (#3207)
- Add Exiry() to Path interface (#3229)
- SPKI: Generate public keys (#3227)
- SPKI: Generate private keys (#3218)
- Use serrors.New instead of common.NewBasicError (#3175)
- TrustStore: Implement inserter (#3225)
- pathpol: Do not use policy.Policy directly (#3173)
- TrustStore: Add ISD inspector (#3223)
- SPKI: Add key configuration (#3217)
- snet: Copy method added to snet.Path (#3226)
- TrustStore: Implement recurser (#3222)
- snet: Add Fingerprint and MTU to Path interface (#3224)
- TrustStore: Implement TRC resolution (#3211)
- Add AllRoutes function to snet.Router (#3221)
- Fix prometheus code in metrics documentation (#3204)
- serrorscheck: Update revision to support differnt string types (#3219)
- TrustStore: Fix flaky unit test (#3216)
- serrorscheck: Use newer revision (#3215)
- serrors: Add nogo check (#3213)
- acceptance: Increase reconnect wait time (#3212)
- TrustStore: Implement crypto provider (#3149)
- Segfetcher: Make NextQuery dependent on segments (#3208)
- keyconf: Load keys from PEM (#3177)
- BR: metrics rework (#3176)
- scrypto: Make LatestVer of type version (#3206)
- BR acceptance: custom parameters (#3203)
- BS: refactor received beacon metrics (#3186)
- README: https clone, not recursive (#3205)
- Add error formatting to serrors examples (#3199)
- Fixes #3194 (#3197)
- bazel: update rules_go (#3200)
- snet: Pass on errors from custom SCMP handlers (#3192)
- Allow "isd loops" by default. (#3184)
- Fix metric names for consistency (#3191)
- discovery: Call correct callback when cleaning dynamic (#3189)
- discovery: Add metrics for itopo and idiscovery (#3181)
- bs: return stats when insert beacon in db (#3182)
- TrustStore: Define components (#3174)
- bs: add revocation metrics (#3167)
- Remove goconvey from config tests (#3179)
- TrustStore: Add metrics (#3169)
- doc: Add metrics doc (#3162)
- Ringbuf: metrics rework (#3165)
- Start removing GetErrMsg == "xx" tests (#3172)
- serrors: Add serrors package (#3159)
- SegVerifier: Set TRC version on verifier (#3171)
- mock: Generate mocks for matched packages (#3150)
- PS: Improve segment registration metrics (#3152)
- Remove more convey (#3158)
- bs: add keepalive metrics (#3151)
- Add dependencies to the "install Bazel" step (#3164)
- disp: Add missing element ID export (#3163)
- prom: Remove custom registry (#3161)
- BK: Add automatic retry for jobs that lost their agent (#3156)
- Use bazelrc to set build options (#3157)
- CI: Fix build by making app_builder dependency explicit (#3155)
- Remove c/ (#3144)
- Make env assumptions more explicit. (#3143)
- SPKI: Add TRC signature combination (#3137)
- topo-gen: Use go dispatcher for SIG (#3139)
- snet: Use correct base conn (#3134)
- showpaths: Fix probing (#3127)
- jaeger: Fix storing segments (#3131)
- Fix build for ARM 32 bit (#3129)
- Update jaeger all-in-one image to 1.14 (#3128)
- SPKI: Use RunE in cobra commands (#3102)
- dispatcher socket file mode. (#3124)
- HP: Registration Handler tests (#3123)
- HP: Add HPSegRegHandler (#3075)
- BS: Configurable RevConfig (#3111)
- BS: Make ifstate metric useful (#3105)
- sciond socket file mode. (#3099)
- Acceptance: Increase timings in discovery tests (#3095)
- Fix topo_br_reload_if_* acceptance tests (#3096)
- Acceptance: Reduce query interval on sciond (#3089)
- PS: Log & return err from segfetcher (#3092)
- Avoid cgo in lib/overlay/conn to simplify cross-compilation (#3064)
- generator: Use scion-pki tool (#3084)
- Acceptance: Add SIG test with short-lived segments (#3085)
- pathpol: Clean test formatting (#3086)
- Add seghandler to verify and store segs & revs (#3081)
- Add method to filter segments with a path policy (#3072)
- SPKI: Generate templates from topology file (#3079)
- SIG: Tighten the API between main and ingress/egress (#3018)
- Disp: Do not allow running as root (#3074)
- CPPKI: Emphasize best-effort revocation + CAP trade-off (#2932)
- PS: Remove superfluous handler timeout (#3080)
- BR: reconnect to dispatcher support (#3040)
- SPKI: Display human readable TRCs (#3068)
- proto: Make test run in bazel (#3073)
- pathpol: Update design doc (#3070)
- Guard pkt parsing through defer/recover (#3060)
- errors: add support for Is and Unwrap (#3048)
- SPKI: Generate TRC signatures (#3056)
- proto: Re-enable catching panics in proto library (#3059)
- db-test: Create new context after reopening DB (#3062)
- Pathpol: Change policy in options (#2349)
- PS,SD: Use revocations from SegReply to invalidate NextQuery (#3058)
- Use bazel fetch to get everything needed by the go toolchain. (#3061)
- hpkt: Error on small-sized packets (#3055)
- Remove Convey from layers package (#3051)
- segfetcher: Improve logging / documentation (#3054)
- SPKI: Generate prototype TRC (#3049)
- HP: add hidden path segment extension (#3053)
- Remove goconvey from go/lib/hpkt (#3039)
- PS,SD: Use new path lookup strategy (#2997)
- segfetcher: Add functionality to delete NextQuery entries (#3046)
- HP: HiddenPathDB interface and PathDB Adapter (#3044)
- sciond: Fix bug with new error reporting (#3047)
- segfetcher: Consider revocations in resolver (#3045)
- sciond: Fix TRC not found locally error logic (#3043)
- BR: improve control error messages (#3029)
- Move segutil from PS to revcache (#3041)
- Add test to check that all feature flags are boolean (#3036)
- verifier: Make acceptable TS range configurable (#3003)
- sciond: Improve GetPath error messages (#3035)
- brconf: remove unu...