0.7.0-rc2

Bug Fixes

• Bind listening sockets before possibly dropping privileges while detaching. (#313, discovered by @alarig).
• Re-enable Tokio’s threaded runtime. (#315)

0.7.0-rc1

Nearing the 1.0 release, we are changing our release cycle slightly. From now on, each release will be preceded by at least one release candidate allowing us and potential package maintainers to preview the changes made by an upcoming release. This is the first such release candidate.

Breaking Changes

• Routinator now filters out rsync URIs and RRDP URIs that contain dubious host names that should not be present in the public RPKI. In this version they are ‘localhost,’ any IP address, and any URI with the port explicitly specified. This filter can be disabled via the --allow-dubious-hosts command line and config option for test deployments. (#293)
• Only CRLs mentioned on the manifest are now considered when checking any published objects except for the manifest itself. If the hash of the CRL on the manifest does not match the CRL, it is rejected. Objects
  referencing a CRL that is not on a manifest or has a hash mismatch are rejected. [(#299)]
• The minimal supported Rust version is now 1.39.0.

New

• The new option --stale allows selecting a policy for dealing with stale objects – i.e., manifests and CRLs that are past their next-update date. The policies are reject, warn, and accept. The previous hard-coded policy of warn, i.e., accept but log a warning, is the default. (#288)
• New output formats bird and bird2 which produce a roa table for Bird 1 and a route table for Bird 2, respectively. (#290, by @netravnen)
• New output format csvcompat which produces CSV output as similar to that of the RIPE NCC Validator as possible. (#292)
• The new config file option tal-labels allows defining explicit names to be used when TALs are referenced in output. This way, the output can be made to be even more similar to that produced by the RIPE NCC Validator. (#291)
• The csvext output format is now also available via the HTTP server at the /csvext path. (#294)
• New metrics for the status of the RTR and HTTP servers. (#298)
• New metric of the number of stale objects encountered in the last validation run. (#298)

Other Changes

• Update to Rust’s new asynchronous IO framework for the RTR and HTTP servers. Repository synchronization and validation remain synchronous atop a thread pool. (#282)
• Changed concurrency strategy for repository update and validation. Previously, each trust anchor was updated and validated synchronously. Now processing of a CA is deferred if its repository publication point hasn’t been updated yet. Processing is then picked up by the next available worker thread. This should guarantee that all worker threads are busy all the time. ([#284)]
• Optimized what information to keep for each ROA, bringing maximum memory consumption down to about a quarter. (#293)
• The Docker image now wraps Routinator into tini for properly dealing with signals and child processes. (#277)

0.6.4 ‘Jeepers’

This is a bug fix release that fixes an issue introduced in the last version which caused Routinator to hang indefinitely on occasion.

---

Bug Fixes

• Fixes an issue where Routinator occasionally gets completely stuck. (#255)

0.6.3 ‘That Escalated Fast’

This version contains a bug that causes Routinator to occasionally get stuck completely. Please do not use this version and upgrade to 0.6.4 instead.

This release primarily fixes an issue where all RRDP requests would time out in detached server mode, i.e., if server mode is invoked with the -d option. Because Routinator only falls back to rsync if an RRDP fetch for
a given repository has never succeeded and otherwise uses the data previously fetched (assuming that the RRDP failure was only of a temporary nature), this caused the eventual loss of the RIPE and APNIC regions’ ROAs if Routinator was ever run in a different way before.

But it is not all bleak news, there is a new feature, too. Veit Heller kindly contributed code to make Routinator reload the TALs and restart validation in server mode when signal USR1 is sent to it. This can be used both to notify Routinator of a change in the set of TALs without having to tear down all RTR
sessions as well as kicking off a new validation run before the refresh time has passed.

---

New

• Reload TALs and restart validation via SIGUSR1 on Unix systems. (#241, thanks to Veit Heller!)

Bug Fixes

• RRDP requests failed with a timeout if Routinator was started in detached server mode (server -d). (#250, discovered by Will McLendon)
• Fix spelling of routinator_rrdp_duration metrics definition. (#248)

0.6.2 ‘Distiller’s Edition’

This release doesn’t introduce any new features but rather is a collection of bug fixes and minor improvements.

---

New

• Added a --disable-rsync command line and disable-rsync configuration file option to, well, disable rsync. (#229)

Bug Fixes

• Fall back to rsync data if RRDP data is missing in no-update mode. (This only caused trouble if you are fabricating a repository cache directory from rsync-only data.) (#223)
• Try creating the parent directories before moving a file published via RRDP delta to its final location. This avoids regular fallback to snapshots. (#227)
• Consider previously manipulated files when processing a sequence of multiple RRDP deltas. This avoids occasional fallback to snapshots. (#228)
• Fixed a decoding error in manifests which caused certain manifests (which don’t seem to be existing in the wild currently) to be rejected. (via rpki-rs #78)
• The /rpsl endpoint of the HTTP server accidentally produced CSV output. (#238)
• Produce a formatting of the time elements of RPSL with a stable length. This will result in the RPSL output via the HTTP server to be correct and also decreases the size of the RPSL output by about twenty percent. (#243)

Other Changes

• Suppressing debug log from some dependencies for stderr and file logging. (#224)

0.6.1 ‘Philosophy Is Tricky’

This is a bug fix release that primarily fixes an issue in 0.6.0 where the serial number for RTR was not updated when new data became available resulting in RTR clients getting stuck with old data.

---

New

• RRDP access statistics are now also shown in the /status HTTP endpoint. They were already part of the Prometheus metrics. (#218)

Bug Fixes

• The RTR serial number was not increased when new data became available. (#215)

Other changes

• The RRDP client will not complain if it can’t read a non-existing state file anymore as this is a completely normal situation. (#217)

0.6.0 ‘Pink Sombrero’

This release contains a bug in that leaves RTR clients stuck with old data. Please do not use this release if you are using Routinator with RTR and upgrade to 0.6.1 instead.

This release adds support for the RPKI Repository Delta Protocol (RRDP), an alternative method of fetching RPKI data that uses HTTPS instead of rsync. RRDP will speed up synchronisation for frequently updated repositories, for instance when Routinator is running in server mode. For the RRDP implementation, most of the internal logic of Routinator has been rewired. We used this opportunity for extensive refactoring and cleanup of the code base.

One user visible consequence is that the listeners for RTR and HTTP are now started immediately instead of waiting until after the first validation run. They still will report an error message until then, but at least you won’t
have to wonder whether something went wrong anymore.

---

Breaking Changes

• Removed the rsync-count command line and configuration file option.
  This option is now unused as modules are now rsynced only when they are
  actually accessed. (#187)
• The default value for refresh has been lowered to 600 seconds.
  (#191)
• The refresh time placed in the RTR End-of-data PDU is now calculated
  from the time until the next validation run is expected to finish.
  (#193)
• The listeners for RTR and HTTP in server mode are now started right away
  and report an error until the first validation has finished. (#203)

New

• Routinator now supports RRDP for synchronizing repository content.
  (#187)
• Restructured repository directory. The rsync data now lives in a
  sub-directory called rsync. The main repository directory will now be
  kept clean and all unexpected files removed. (#187)
• In server mode, the repository will be refreshed and re-validated when
  the first object expires. (#191)
• Protection against loops in the CA structure: Routinator checks that any
  subject key identifier only appears once in the chain from a trust
  anchor to a CA certificate. (#192)
• Routinator now explicitly skips .cer files that aren’t CA certificates
  before even trying to validate them. This already happened before
  because these files failed validation. (#194)
• New options user and group for setting the user and group names a
  detached server process should be run as. (#213)

Bug Fixes

• Fixed crash if the TAL directory is empty. Routinator will complain but
  run since there could be local exceptions. (#212)

0.5.0 ‘Why Not Try a Holiday in Sweden This Year?’

This release adds actual RPKI origin validation to Routinator itself.
An address prefix and AS number can now be checked for its RPKI status
on the command line via the new validate command or via the HTTP server.
The latter is done provided in a way compatible with the
API provided by the RIPE NCC RPKI Validator.

The release also includes some breaking changes to the Prometheus metrics.
Back when we introduced those, we chose names for the metrics that didn’t
start with a prefix allowing to identify them as being from Routinator.
This is now corrected and all metrics start with routinator_.
While at it, we added new metrics for the rsync commands being run by
Routinator, showing both their exit status codes and how long they took.

In addition, there has been quite a few internal plumbing changes. One more
visible change is that Routinator will now delete the data for rsync modules
that aren’t referenced anymore, keeping the local repository clean and small.

---

Breaking Changes

• Prometheus metrics are now prefixed with routinator_. (#162 by
  @momorientes)
• Added --timeout option to rsync call. This seems to be available on
  most rsync versions in use. Should that not be the case, you can use
  the rsync-args config file option to define your own set of rsync
  arguments, overriding this behaviour. ([#176])

New

• The local copy of the repository is now cleaned up after each validation
  run, removing directories and files that weren’t referenced during the
  run. This can be disabled with the new --dirty command line and
  dirty config file options. (#180)
• You can now check pairs of address prefix and AS number for their RPKI
  origin validation status either via the HTTP interface or the new validate
  command. The HTTP API is the same as that used by the RIPE NCC RPKI
  Validator for easy migration. (#173)
• Output format summary which will print a summary of the content of the
  RPKI repository. (#167)
• The ARIN TAL can now be skipped during init with the --decline-arin-rpa
  option. (#169)
• Various commands have received a --complete option that causes them to
  exit with status code 2 if any of the rsync commands fails. ([#177)]
• Additional metrics showing the status and duration of rsync commands.
  (#178)

Bug Fixes

• Fix Prometheus metrics output – Prometheus insists on a line break at the
  end of the last line. (#156)
• Fix Prometheus metrics definitions. (#161 by @momorientes)
• The HTTP server can now deal with unreasonably large requests. It has
  been switched to using hyper. (#171)

0.4.0 ‘The Bumpy Road to Love’

This release fundamentally changes the command line options for
running the server and introduces a new way to initialize the local RPKI
repository used by Routinator. If you have been using previous releases,
you will likely have to adjust your tooling. We apologize for this, but
we also feel that the new commands are more intuitive and logical.

Server Mode

The command for running the server (previously rtrd) is now called
server. It will not detach from the terminal anymore unless
explicitly instructed via the -d option.

When we added HTTP support, we intended it to be for monitoring only.
But it turned out that using HTTP is very useful for integrating Routinator
into existing work flows, so we now make HTTP a first class protocol. Since
this means that users may want to use the server mode without RTR,
Routinator will not listen on any ports by default any more. Instead, you
will have to explicitly choose the protocols, addresses, and ports to listen
on. The options for listening are now more intuitive, too: --rtr for RTR
and --http for HTTP.

Initialization

Previously, Routinator automatically installed the TALs if the TAL
directory wasn’t present and then stopped because of the missing ARIN TAL.
This made it difficult to automatically install TALs in deployments.

This release replaces the automatic mechanism with a manual procedure that
is invoked by the new init command.

In addition, we have received permission by ARIN to include their TAL. If
you agree with the ARIN Relying Party Agreement, you can now instruct
Routinator to install all TALs without having to download anything.

Filtering of VRPs

To make up for all these breaking changes, we added filtering of VRPs in
output both via the vrps command and in the HTTP output. Command line
options or HTTP query fields allow limiting the output to those VRPs that
cover a set of address prefixes or are related to a set of ASNs.

---

All Changes

Breaking Changes

• Major cleanup of the command line and configuration file for server
  mode. The command is now server (instead of rtrd). RTR and HTTP are
  now equals. There is no more default listeners being created, you have to
  specify them explicitly via command line options or config file. The option
  is now --rtr for RTR listeners (previously just --listen) and
  --http for HTTP listeners (previously --listen-http). The config
  file fields are rtr-listen and http-listen, respectively. (#133)
• In server (formerly rtrd) mode, the -a option is gone and has
  been replaced by a -d option. In other words, the default is now to
  stay attached to the terminal and only fork into the background if -d
  is given. (#134)
• The TAL directory will no longer be automatically populated. Instead,
  you can install the bundled TALs via the new init command. After
  having received permission from ARIN, we are now also bundling the ARIN
  TAL in Routinator and require specific agreement to ARIN’s Relying Party
  Agreement via a command line option. (#135)
• The minimum supported Rust version is now 1.34.0. (#112)

New

• Four new monitoring gauges last_update_start, last_update_done,
  last_update_duration, and serial that will allow alerting if
  Routinator stops updating. (#122 and #131)
• Accept RTR listening socket from systemd. This allows to listen on port
  323 without special privileges. Enable via the new --listen-systemd
  option. (#127 and #130).
• Improved path /status in HTTP output that provides the same
  information as the /metrics endpoint in slightly different format that
  might make it easier to use in processing. (#131)
• Filtering for address prefixes and ASNs in VRP output via the vrps
  command or in HTTP output. (#137)

Bug Fixes

• The value of the listen-http config option wasn’t include in the
  output of the config command. Now it is. (#109)
• The HTTP server would eventually hang Routinator in a tight loop if
  connections were closed early by the peer. (#120)
• Only read files ending in .tal in the TAL directory as is already
  documented. (#121)
• Announce the correct content type in HTTP output with formats JSON and
  CSV. (#146)

Dependencies

• Update to rpki-rs 0.4 (#111)

0.3.3 ‘Big Bada Boom’

This is yet another bug fix release. It primarily fixes a crash that happened under certain conditions when checking address prefixes in certificates. In addition, some configuration file options related to rtrd mode were ignored. Finally, we now quietly ignore if the standard output is closed midway during output in vrps mode, making Routinator behave better when piping output somewhere.

---

Bug Fixes

• The config file option specific to rtrd mode weren’t picked up.
  (#102, reported by Jay Borkenhagen)
• Ignore ‘broken pipe’ errors when outputting VRPs to make Routinator play
  nice with piping output into scripts etc. (#105)
• Fixes a crash when validating certain invalid resource sets on
  certificates. (rpki-rs #30)

Dependencies

• There’s now a crude way to check if you have the minimum Rust version
  required and stop building. (#104)