v0.14.0 "Tannhorn"

What's Changed

New features and improvements

• Connect RPC support was added on server and client side. Happy eyeballs is used on a client side.
• A new beacon extension containing the control and discovery service addresses of the AS was added, so less SVC resolution is done now.
• Pluggable segment registration was implemented.
• Various improvements were done for SQLite usage in the storage layer.
• A simple BPF port filter was added to enable the use of non-XDP raw sockets by the router underlay providers.
• Path MTU calculation was fixed for shortcut paths.

Documentation

• SGRP section was added.
• The demo network tutorial was further improved.
• KMS can now be configured in the TRC signing ceremony builder.
• Various small fixes are included too.

Building, testing, code quality

• We've upgraded to golangci-lint v2, fixing various linter findings at the same time.
• Different graph topologies can be generated and used in tests now.
• Local topology certificate validity was increased.

Dependencies

Various dependencies were updated:

• We're using Go 1.24.2 now.
• gopkg.in/yaml.v3 is used instead of gopkg.in/yaml.v2.
• We cleaned up the tools required for Bazel.
• Security updates for quic-go, golang.org/x/crypto, go-viper/mapstructure/v2 and others.

New Contributors

• @seadog007 made their first contribution in #4764
• @utkn made their first contribution in #4782
• @knmeynell made their first contribution in #4825
• @ddogfoodd made their first contribution in #4844

Full Changelog: v0.13.0...v0.14.0

v0.13.0 "Fürstein"

What's Changed

New features and improvements

• A major refactoring of router was done to enable multiple underlay implementations.
• Handling TCP/SCION packets at the last-mile AS is now supported.
• BGP ASNs in local topologies are now supported.
• Flaky tests were fixed.
• Various changes for running SCION on Windows.

Documentation

• The demo network tutorial had multiple improvements, including an automated Docker setup.
• SIG documentation was updated.
• Various small updates were made as well.

Building, testing, code quality

• We are using Bazel 8.1.1 now. Bazel configuration was overhauled.
• Cross-platform RPM packages are now available.
• New linters were added.
• Lots of small refactorings to improve code quality and use the best code practices.

Dependencies

Various dependencies were updated:

• We are using Go 1.24.0 now.
• Security updates for quic-go, golang.org/x/crypto, golang.org/x/net and others.
• Bazel-related rules to use with Bazel 8.

New Contributors

• @LencigGaer made their first contribution in #4663
• @aaronbojarski made their first contribution in #4690
• @johnstudarus made their first contribution in #4738
• @guilloboi1917 made their first contribution in #4724

Full Changelog: v0.12.0...v0.13.0

v0.12.0 "Rooterberg"

What's Changed

New Features and improvements

• The dispatcher is gone! Well, mostly. We still have a shim for backward compatibility.
• The migration to ConnectRPC has begun. The first PR has been merged. Many more to come.
• We now build RPM packages for the x86_64 platform. Stay tuned for other platforms as the Bazel rules improve.
• The router code got faster by about 15%.
• For the price of one small patch, SCION can now build for windows too.
• Scion-pki has acquired some new features. Find them in the scion-pki documentation.

Documentation

• We have updated and improved the deployment tutorial.
• The cryptography documentation now includes instructions to use scion-pki and sports a ceremony script builder UI (yes, embedded in the documentation!).
• Added OpenWRT installation instructions.

Configuration Changes

• The unused QUIC configuration field is gone from the Control Service's schema. It must be removed from toml files.
• The router configuration gained a new field: router.bfd. This allows to configure BFD on all links by default. Subfields are the same as in the bfd field of links in the topology configuration. The defaults apply to links that do not have an explicit configuration for a given field. Previously, this was done by setting the environment variables SCION_EXPERIMENTAL_BFD_*. Those are now ignored.
• The topology.json file gained a new field: dispatched_ports. While transitioning away from the dispatcher, SCION applications on dispatcher-less hosts are expected to listen on a restricted port range. This must be set to the same value on updated hosts and on their updated border routers. The recommended value is dispatched_ports="31000 - 32767". This must be configured, there is no safe default.
• The field "reconnect_to_dispatcher" is gone. It must be removed from all toml files (i.e. the control service and the SCION daemon).

Building, Testing, and Code Quality

As usual, we've put quite a bit of effort in improving build reliability, burying dead code, simplifying, adding tests, fixing flakes, filling potholes, and complying with best practice and standards (including SCION published specs). Most notable in the latter category were:

• router - race condition: #4282 - Another finding of VerifiedSCION (Thanks @jcp19!)
• router - drop invalid packets packets: #4415, #4558
• router - return SCMP on invalid dst address: #4126
• router - strengthen the checks performed by parsePath: #4524, #4531 - Another findind of VerifiedSCION (Thanks @jcp19 and @mlimbeck!)
• topology - allow peering links between core ASes: #4484

We have also made a small improvement to Wireshark's SCION support: heuristic detection of SCION traffic is now supported. With the removal of the dispatcher and associated limited port range, this became nice-to-have.

Dependencies

We have updated a few of our dependencies. Most notably our minimum Go version, which is now 1.22.7. Also updated are:

• Certifi: 2024.2.2 -> 2024.7.4
• Antlr: 0.6.0 -> 0.6.1
• rules_js: 1.33.1 -> 2.0.0-rc6
• nodejs: latest -> 16.19.0
• pnpm: latest -> 9.4.0
• spectral-cli: 6.11.0 -> 6.11.1

New Contributors

• @mseewer made their first contribution in #4532
• @GioBar00 made their first contribution in #4536
• @martenwallewein made their first contribution in #4610
• @thomasgruebl made their first contribution in #4619

Full Changelog: v0.11.0...v0.12.0

v0.11.0 "Schibegütsch"

What's Changed

Path Segment Validity / CP-PKI

Path segment validation is now more strict. The lifetime of a path segment needs to be fully covered by the validity period of the signing certificate chain. Previously, the certificate chain only needed to be valid at the time of verification.
Segments that are valid under this stricter regime have been created since v0.9.0, thus this stricter check is expected to be compatible with all ASes operating at least v0.9.0.
See #4286 for more details.

Configuration

Simplify the configuration of the local address of a router interface. The fields public and bind have been combined into a single field local. The new field explicitly allows omitting the IP address, in which case the router binds to the wildcard IP.
The old public and bind fields are still accepted, but have been documented as deprecated and will be removed in a future release.
Refer to manual section on the topology.json file or #4489 for more details.

Management API

Added support for deleting segments and beacons.
Refer to the Open API section in the control service manual for more details (DELETE /segments/{segment-id}, DELETE /beacons/{segment-id}).

Dependencies

Update various dependencies; in particular, update quic-go to v0.43.1, go-toml to v2, security updates for lestrrat-go/jwx, x/crypto, and x/net.

Packages

In addition to the Debian packages built since the last release, we now also build packages for OpenWRT.
As the toolchain is relatively complicated, only x86_64 is supported for now. Like the .deb packages, these OpenWRT packages are not published in a package repository just yet. Packages for release versions are attached to the release. Packages for in-development versions are available from the latest nightly build.
See the installation manual page for more details.

Bug fixes

• paths: Add check for hopfield count <= 64 when deserializing a scion path by @jiceatscion in #4483
  Thanks to @jcp and the VerifiedSCION project for this bug report #4482
• router: factor out platform-dependent underlay conn flags by @marcfrei in #4507
  This allows building the router for non-Linux platforms, in particular macOS or BSD.
• pathpol: ensure deserialized ACL has default rule by @fbuetler in #4505
• router: forbid bouncing packets internally by @matzf in #4502
  Thanks to @mlimbeck and the VerifiedSCION project for this bug report #4497
• router: optimize computeProcID by @jiceatscion in #4520

New Contributors

• @cdekater made their first contribution in #4435
• @MatthewCroughan made their first contribution in #4466
• @tzaeschke made their first contribution in #4500
• @fbuetler made their first contribution in #4505

Full Changelog: v0.10.0...v0.11.0

v0.10.0 "Stäfeliflue"

What's Changed

Dependencies

Update various dependencies; in particular, update quic-go to v0.40.0.
Update to go 1.21, building with go 1.21.3.

Packages

Build debian packages for the SCION services and tools for multiple target platforms (x86-64, arm64, x86-32 and arm).
These packages are not published in a package repository just yet. Packages for release versions are attached to the release. Packages for in-development versions are available from the latest nightly build.
See the installation manual page for more details.

Internal / Testing

Add benchmark tests for the router to track the packet forwarding performance.
These benchmarks are run in the CI, failing on unexpected performance regressions. The benchmark can also be run locally to determine the performance impact of any changes. For this, run e.g. bazel test --test_output=streamed -t- //acceptance/router_benchmark:test and inspect the measured performance in the test output.

Bug fixes

• daemon: fix docstring for latencies in protobuf file by @mlegner in #4443
• processmetrics: explicit type conversion to support arm64 by @mlegner in #4446
• bazel: update bazelisk and support arm64 by @mlegner in #4447
• prometheus: fix copying of metrics labels by @sustrik in #4450
• pkg/log: fix panic when using custom Logger by @lukedirtwalker in #4452
• daemon: error out when using drkey endpoints without configured drkey by @rohrerj in #4453
• tools: fix wireshark dissector TLV options without data by @marcodermatt in #4458

Full Changelog

v0.9.1...v0.10.0

New Contributors

• @marcodermatt made their first contribution in #4458

v0.9.1

What's Changed

• Update google.golang.org/grpc dependency and set MaxConcurrentStreams, to address gRPC-Go HTTP/2 Rapid Reset vulnerability.

Full Changelog: v0.9.0...v0.9.1

v0.9.0 "Bürgenstock"

What's Changed

Peering links

Peering links in the topology are supported, in both the control plane (control) and the data plane (router).
Configuring a peering link requires setting the interface ID in the remote AS, see remote_interface_id in the configuration manual.

Router Performance Improvements and Slow-Path Packet Handling

An internal restructuring of the router decouples receiving, processing and forwarding packets. Directly, this restructuring brings modest performance improvements, and enables a special, lower priority processing of any exceptional cases (SCMP traceroute requests, and SCMP error messages).
This will be the basis for more performance tuning in the future.

Receive and send buffer sizes, batch sizes as well as the number of packet processing goroutines can now be tuned. See router in the router configuration manual.

DRKey and SPAO

Dynamically-Recreatable Key (DRKey) is a system to establish shared symmetric keys between any two hosts in SCION, based on a key-derivation hierarchy that requires explicit key exchange only on the level of ASes. These keys are intended to be used primarily for packet authentication, in the form of the SCION Packet Authentication Option (SPAO) in the end-to-end packet extension header.

The control service now includes an implementation of the DRKey infrastructure. This system is still somewhat experimental and is disabled by default. See drkey in the control service configuration manual.

The AS-level key exchanges in DRKey rely on TLS for authentication, based on the SCION control-plane-PKI AS certificates.
As a side-effect of this, all other RPC invocations between control services now use the CP-PKI AS certificates, too. Previously, this had not been required, as all other RPCs control messages that were directly authenticated.

The router includes an experimental and somewhat incomplete implementation of SPAO-based authentication of SCMP messages. This, too, is disabled by default.

Command line tools

• scion ping set payload size appropriately if --max-mtu is set (#4250) and and add new option --packet-size that allows setting the final packet size (#4251).
• Add machine readable output (json/yaml) for scion ping scion traceroute and scion showpaths with the new format option (#4287).
• Use the same emoji encoding mapping as smallstep in scion-pki certificate fingerprint --format emoji (#4252).
• Add scion-pki key fingerprint command to calculate SubjectKeyID (#4253).

Go packages:

• pkg/snet: support URI style UDPAddr encoding (#4254).
• pkg/addr: replace addr.HostAddr hierarchy with tagged union addr.Host.
  Additionally, add a new addr.Addr type representing a full SCION address (ISD, AS and host address), including parsing functionality. This definition is identical to the snet.SCIONAddress type, which is now only kept as a type alias for compatibility (#4346).

sqlite Implementation and Platform Compatibility

By default, the SCION components now use a pure Go implementation of sqlite (modernc.org/sqlite) and build without CGo. This allows to build the SCION components as statically linked binaries, removing any dependence on a minimum libc or libresolv version.

Gobra CI

All pull-requests now run through formal program verification using Gobra. Only a small fraction of the source code carries the annotations that enable the verification, but already some bugs in edge cases could be discovered and fixed.

Full Changelog

v0.8.0...v0.9.0

Upgrading

router

• router now validates that the source IP address of transit packets match the IP address of the corresponding other router (#4157). This could be incompatible with certain asymmetric NAT setups.

Configuration

• toml key trustengine.cache.expiration now expects a formatted duration string, instead of an integer number of nanoseconds.

Go package API

• pkg/snet: IntraASPathQuerier has been removed (moved to internal library) as it was not working correctly and not widely used.
• pkg/addr: replace addr.HostAddr hierarchy with tagged union addr.Host (#4346).
  The attached gopatch file can automatically patch some of the affected consumer code, but some manual changes are likely still necessary.
• pkg/slayers: SetNetworkLayerForChecksum now only accepts a type-safe *slayers.SCION.
• pkg/slayers/path: MaxTTL is now a time.Duration instead of an int number of seconds.

Deprecations

• topology.json: the AS attributes authoritative, voting, and issuing are ineffective and should no longer be used (#4333).
• scion showpaths: the --json flag is deprecated in favor of the --format=json option.

New Contributors

• @gavinleroy made their first contribution in #4229
• @kmavromati made their first contribution in #4237
• @jcp19 made their first contribution in #4187
• @bunert made their first contribution in #4250
• @fstreun made their first contribution in #4289
• @VickyMerzOwn made their first contribution in #4292
• @marcfrei made their first contribution in #4298
• @rohrerj made their first contribution in #4304
• @dependabot made their first contribution in #4316
• @MrR0b0t14 made their first contribution in #4341
• @steffenfritz made their first contribution in #4345
• @jBainMartincoit made their first contribution in #4349
• @HawkCorrigan made their first contribution in #4358
• @uniquefine made their first contribution in #4367
• @jiceatscion made their first contribution in #4373
• @edoardottt made their first contribution in #4419

v0.8.0

Full Changelog: v0.7.0...v0.8.0

What's Changed

The repository is completely restructured. We follow a more idomatic pattern and
make the separation between code that is private and code that is importable by
external parties more obvious.

The overall structure was discussed in #4076.

• Each service and command line tool gets a top-level directory. (e.g. daemon)
• Packages that are shared across multiple applications are grouped in the private directory.
  This should indicate that these packages are not intended to be used by external
  parties, and that semantic versioning will not apply to these packages.
• Project local developer tools are grouped in the tools directory.
• Code that is intended to be consumed by external third parties is grouped in the pkg directory.

To smoothen transition, we kept track of the move in a gist :

• shuffle.yml: lists all the moved packages and their targets.
• go-imports.sh: fixes the imports.

New Contributors

• @Hygster made their first contribution in #4204

v0.7.0

Full Changelog: v0.6.0...v0.7.0

v0.6.0

Release notes

This release uses the new application names. The changes are as follows:

• BR is now referred to as (POSIX) Router
• SIG is now referred to as (POSIX) Gateway
• SCIOND/SD is now referred to as Daemon

Note that the binary/docker container names are slightly different (e.g.,
the Control Service/CS is called control).

New features

• daemon: modify default db connection values to

    [trust_db]
      connection = "/share/data/sd.trust.db"
    [path_db]
      connection = "/share/cache/sd.path.db"

• cmd/scion: path lists for showpaths, ping, and traceroute are now sorted.

• cmd/scion: path lists for showpaths, ping, and traceroute are colored by
  default. The coloring can be turned off by specifying the --no-color flag.

• cmd/scion: path lists for showpaths can be filtered based on a sequence flag input.

• control: Use gRPC for all RPCs that the control service is involved in.

  CS to CS communication is achieved with gRPC over QUIC/SCION. Router to CS,
  and SCION Daemon to CS communication is established with gRPC over TCP/IP.

• control: CA Control Services will now periodically pick up new client certificates
  from disk.

• daemon: Use gRPC over TCP/IP for RPCs to the control service.

• all: add log/level HTTP API endpoint to all services. The endpoint allows querying and setting
  the log level dynamically.

  # GET shows the current log level.
  $ curl <ip:port>/log/level
  {"level":"debug"}
  
  # PUT sets the current log level.
  $ curl -X PUT <ip:port>/log/level -d '{"level":"info"}'
  {"level":"info"}
  

• gateway: Query SCION daemon for local ISD-AS. This allows the
  gateway to infer the local ISD-AS without it being configured in the
  config file.

• gateway: Infer local IP if not configured in the config file.

• router: Routers now establish intra-AS and
  inter-AS Bidirectional Forwarding Detection sessions. Between ASes, one
  session is established for each pair of SCION Interface IDs. Inside ASes,
  one session is established for each pair of routers.

• router: Metric names have changed.

• Allow BFD configuration for external interfaces through the topology file.

• Gateway can be configured to use different control and data IP addresses.

• cmd/scion: More granular exit codes.

  ping now exits with code 1 if no reply packet was received. If at least one
  packet was received, the exit code is 0. If any other error occurred, the exit
  code is 2.

  traceroute now exits with code 1 if any packet is dropped. If any other
  error occurred, the exit code is 2.

  showpaths now exits with code 1 if no path is alive and probing is not
  disabled. If probing is disabled, and at least one path is found, the exit
  code is 0. If any other error occurred, the exit code is 2.

• router: list of interfaces in /status page is now sorted

• control/daemon: The new path lookup strategy is now implemented. This
  is a breaking change as the wire format of control messages has been changed.
  Segment synchronization in the core is no longer needed. Instead in the lookup
  we fetch down segments from each core we want to have down segments from.
  All connected daemons/control services should be updated at the same time.

• Allow BFD configuration for external interfaces through the topology file.

• Gateway can be configured to use different control and data addresses.

• Daemon: Use the default SCION Daemon API port (30255) if the address in the
  config toml does not specify a port or uses zero.

• cmd/scion: More granular exit codes.

  ping now exits with code 1 if no reply packet was received. If at least one
  packet was received, the exit code is 0. If any other error occurred, the exit
  code is 2.

  traceroute now exits with code 1 if any packet is dropped. If any other
  error occurred, the exit code is 2.

  showpaths now exits with code 1 if no path is alive and probing is not
  disabled. If probing is disabled, and at least one path is found, the exit
  code is 0. If any other error occurred, the exit code is 2.

• log: Add a config option to set the stacktrace level for logging.

• Updated Wireshark SCION dissector plugin.

• router: add two metrics that expose the service instances state as seen by the
  data plane:

  • router_service_instance_changes_total
  • router_service_instance_count

  Consult the router metrics documentation for more information.

• cs: metrics are are more unified. Check the upgrade notes for details.

• gateway: The gateway now has dynamic IP prefix discovery. To manage the IP prefix
  discovery a routing policy file is used. It is described here: Gateway routing policy
  documentation

• gateway: The gateway now supports prefix pinning. To manage the prefix pinning the
  allow_interfaces property in the gateway section of the topology file can be used. A more
  extensive description will follow on the Gateway documentation
  page

Known issues

• There is currently no way to disable the HTTP API without also disabling metrics. If
  there are security concerns about the API (e.g., it's possible to degrade application
  performance without authentication by downgrading logging to debug) it should
  be firewalled. The full APIs can be found in the documentation site:

  • Routers
  • Dispatcher
  • Daemon
  • Control Service
  • Gateway

Upgrade notes

• The format of SCION packets has changed. The new format is incompatible with previous versions.
  This affects all SCION-speaking processes (routers, gateways, control services, dispatchers,
  tooling). This requires a synchronized upgrade of all existing networks.

• The format of SCION control-plane RPCs has changed from capnp messages to gRPC. The new
  format is incompatible with previous versions. The change affects daemons and control services.
  This requires a synchronized upgrade of all existing daemons and control services.

• The formats of Gateway packets and RPCs have changed. The new formats are incompatible with
  previous versions. The change affects gateways. This requires a synchronized upgrade of all gateways.

• The communication patterns of Gateway RPCs have changed.

• Keepalives have been removed and replaced by BFD. See the New features section for more
  information.

• Container names for released applications have changed. The names have changed as follows:

  • scion_cs is now control
  • scion_sciond is now daemon
  • scion_dispatcher is now dispatcher
  • scion_sig is now posix-gateway
  • scion_border is now posix-router

• The scmp command has been deleted. The scion command should cover the functionality, scmp tr
  is now scion tr and scmp echo is now scion ping. Note that the format of the arguments has
  changed, check against the respective --help output.

• The logging format changed (we use a new logging library), if any tools relied
  on the exact log output format they need to adapt. Configuration and
  functionality wise nothing changed.

• cmd/scion: path lists for showpaths, ping, and traceroute now group
  paths by hop count. A grouping header is introduced.

• infra: With the switch to a new messenger stack, all ASes need to be updated in sync.

• control: With the switch to the new gRPC stack, segment requests no longer have the cache_only flag.

• SCION daemon users: The path_count config option was removed from the SCION daemon client
  configuration. The flag was never actually used previously and was thus removed.

• gateway: Field isd_as is removed from the [sig] section of the gateway config file.

• docker: the entrypoint and cmd configurations of containers have changed. The entrypoint
  now contains only the application name, and the cmd contains the arguments.

• logging: file logging support is removed without replacement. It is recommended to use stdout logging at the appropriate level and collect the logs manually via another mechanism (docker, journald, etc.).

• control: The sample config and policy files are now displayed using the sample command:

  cs sample config
  cs sample policy

• control: The open-source Control Service database configurations no longer allow for a backend to specified. The configuration rules for the closed-source Control Service did not change.

• daemon: The sample config is now displayed using the sample command:

  sciond sample config

• daemon: SCION Daemon database configurations no longer allow for a backend to specified. Configurations with trust_db.backend or path_db.backend specified will cause the application to error out on start-up.

• showpaths: The showpaths binary has been removed. All users of it should now use the scion showpaths (scion sp short). It supports the same features but the command line slightly changed, use scion sp help to find details about its usage.

• control: TOML configs must not include certificates for QUIC connections.

  • cert_file = "/share/conf/quic/tls.pem" //removed
  • key_file = "/share/conf/quic/tls.key" //removed

• gateway: TOML configs have to be changed in the following way:

  • The ip...