Skip to content

v0.9.0 "Bürgenstock"
Compare
Choose a tag to compare
@matzf matzf released this 17 Oct 12:03
· 156 commits to master since this release
v0.9.0
46b055a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

Peering links

Peering links in the topology are supported, in both the control plane (control) and the data plane (router).
Configuring a peering link requires setting the interface ID in the remote AS, see remote_interface_id in the configuration manual.

Router Performance Improvements and Slow-Path Packet Handling

An internal restructuring of the router decouples receiving, processing and forwarding packets. Directly, this restructuring brings modest performance improvements, and enables a special, lower priority processing of any exceptional cases (SCMP traceroute requests, and SCMP error messages).
This will be the basis for more performance tuning in the future.

Receive and send buffer sizes, batch sizes as well as the number of packet processing goroutines can now be tuned. See router in the router configuration manual.

DRKey and SPAO

Dynamically-Recreatable Key (DRKey) is a system to establish shared symmetric keys between any two hosts in SCION, based on a key-derivation hierarchy that requires explicit key exchange only on the level of ASes. These keys are intended to be used primarily for packet authentication, in the form of the SCION Packet Authentication Option (SPAO) in the end-to-end packet extension header.

The control service now includes an implementation of the DRKey infrastructure. This system is still somewhat experimental and is disabled by default. See drkey in the control service configuration manual.

The AS-level key exchanges in DRKey rely on TLS for authentication, based on the SCION control-plane-PKI AS certificates.
As a side-effect of this, all other RPC invocations between control services now use the CP-PKI AS certificates, too. Previously, this had not been required, as all other RPCs control messages that were directly authenticated.

The router includes an experimental and somewhat incomplete implementation of SPAO-based authentication of SCMP messages. This, too, is disabled by default.

Command line tools

  • scion ping set payload size appropriately if --max-mtu is set (#4250) and and add new option --packet-size that allows setting the final packet size (#4251).
  • Add machine readable output (json/yaml) for scion ping scion traceroute and scion showpaths with the new format option (#4287).
  • Use the same emoji encoding mapping as smallstep in scion-pki certificate fingerprint --format emoji (#4252).
  • Add scion-pki key fingerprint command to calculate SubjectKeyID (#4253).

Go packages:

  • pkg/snet: support URI style UDPAddr encoding (#4254).
  • pkg/addr: replace addr.HostAddr hierarchy with tagged union addr.Host.
    Additionally, add a new addr.Addr type representing a full SCION address (ISD, AS and host address), including parsing functionality. This definition is identical to the snet.SCIONAddress type, which is now only kept as a type alias for compatibility (#4346).

sqlite Implementation and Platform Compatibility

By default, the SCION components now use a pure Go implementation of sqlite (modernc.org/sqlite) and build without CGo. This allows to build the SCION components as statically linked binaries, removing any dependence on a minimum libc or libresolv version.

Gobra CI

All pull-requests now run through formal program verification using Gobra. Only a small fraction of the source code carries the annotations that enable the verification, but already some bugs in edge cases could be discovered and fixed.

Full Changelog

v0.8.0...v0.9.0

Upgrading

router

  • router now validates that the source IP address of transit packets match the IP address of the corresponding other router (#4157). This could be incompatible with certain asymmetric NAT setups.

Configuration

Go package API

  • pkg/snet: IntraASPathQuerier has been removed (moved to internal library) as it was not working correctly and not widely used.
  • pkg/addr: replace addr.HostAddr hierarchy with tagged union addr.Host (#4346).
    The attached gopatch file can automatically patch some of the affected consumer code, but some manual changes are likely still necessary.
  • pkg/slayers: SetNetworkLayerForChecksum now only accepts a type-safe *slayers.SCION.
  • pkg/slayers/path: MaxTTL is now a time.Duration instead of an int number of seconds.

Deprecations

  • topology.json: the AS attributes authoritative, voting, and issuing are ineffective and should no longer be used (#4333).
  • scion showpaths: the --json flag is deprecated in favor of the --format=json option.

New Contributors

Contributors

marcfrei, HawkCorrigan, and 14 other contributors
Assets 4
Loading