Releases: Ericsson/paf
v1.1.3
Release v1.1.3 contains the following improvements:
- Allow configuration of system log socket, either specified as a command-line parameter or in the daemon's configuration file.
The pafd manual page is updated to reflect the extensions of the configuration file.
v1.1.2
v1.1.1
Release v1.1.1 comes with the following improvements:
- Allow limiting protocol versions used (issue #49).
- Make max idle time lower bound user-configurable (issue #50).
- Fix log message prefix for named domain.
- Fix pafc bug preventing forcing protocol version.
The pafd manual page is updated to reflect the extensions of the configuration file.
v1.1.0
Release v1.1.0 adds support for Pathfinder protocol version 3, in addition to the existing version 2 support.
Pathfinder protocol version 3 moves the keepalive/heartbeat functionality from the transport protocol (e.g., TCP) into the Pathfinder application-layer protocol itself. See the v3 protocol specification for details.
The Pathfinder protocol has been extended with a new two-way transaction type, which allows for client-initiate "inform" messages, which are the equivalent of the notify message, but for the client to use.
When protocol version 3 is in used, pafd uses a notion of a per-connection maximum idle time. When nothing has been heard from a client for about ~50% of the max idle time, the server will send a track query to the client. If the client fails to respond for the remaining half of the max idle time, the connection will be considered down, and the server will close it.
The default max idle time is 30 s, which may be override by setting the max_idle_time key in the configuration file. See the pafd manual page for details.
The server takes time-to-live (TTL) of client-owned services into account when computing the effective max idle time for a connection. Hence, it becomes important to configure an appropriate TTL. Low TTLs will cause a fair amount of keepalive signaling. The amount of network traffic is always lower in protocol v3 compared to protocol v2, but the cost of processing a single heartbeat is much higher in v3 than in v2.
The minimum maximum idle time ever used is 4 seconds. This results in a "dead peer detection" latency roughly equivalent to that of the legacy (v2) TCP keepalive-based approach.
The server will also issue a track query in case a client hello request is encountered (and rejected), where an already-in-use client id is provided. This allows the server to more quickly detect stale connections.
paf.client and pafc are extended with support for protocol version 3. Both may still be made to operate in protocol v2 mode. The paf.client API remains largely unchanged, with the exception of the new "track" command and the extended "clients" command.
pafbench is updated with protocol v3 support.
The Pathfinder data model remains the same and protocol v2 and protocol v3 clients may be connected to the same server and domain.
v1.0.6
Release v1.0.6 includes the following changes:
- The leaf certificate, private key, trusted CA bundle, and CRL bundle are made (optionally) configurable in the server's configuration file. Certificate and key configuration requires XCM v1.2.0 or later and certificate revocation checking requires XCM v1.9.0. XCM versions as old as v1.1.0 are still supported, provided the configuration file does not include any TLS credential-related elements.
- A domain may now be given a name in the configuration file. The name is used for debugging/documentation purposes, and is included in every syslog entry. It's not visible to Pathfinder protocol clients connected to the server, and serves no functional purpose.
- pafd manual page has been updated to reflect the (backward compatible) extensions to the server configuration file format.
- The server now supports logging directly to a file (useful in a context where no syslog daemon is running, e.g., in a container).
- The service discovery domain logic has been refactored in preparation for liveness tracking being moved to the Pathfinder protocol level in some future Pathfinder protocol version.
- Bug fixed in pafc, which would make the program leave the terminal in a bad state after exiting.
v1.0.5
v1.0.4
Release v1.0.4 includes the following changes:
- pafd manual page added.
- pafc manual page added.
- Version information command-line option added to pafd.
- pafc now accepts the -h help option.
- pafc help command output is made more consistent.
- pafc is able to list servers in a particular domain.
- pafc may be instructed to connect to a server with a particular index in the list of servers, for a particular domain.
- Various updates to the test suite, allowing it to run reasonably reliably on very small systems (e.g., Raspberry Pi).
- Various minor improvements to the protocol specification.
- Fix issue which would cause reconnecting clients to keep orphaned services owned by a previous client with the same client id but a different user id from being removed. This situation may occur in case the client X.509 certificate is being replaced.
v1.0.3
Release v1.0.3 includes the following changes:
- Fix server crash triggered by a client's failure to reclaim an orphaned service
- Correctly include owning user in permission related log entry
v1.0.2
v1.0.1
Release v1.0.1 includes the following changes:
- The server now categorizes log messages to be of either the 'security', 'protocol', 'core' or 'internal' type, to allow for RFC 5424 type logging.
- A hook for user-defined log handlers is added (issue #11).
- Support for the new JSON domain file format in
paf.client
and the command-line programs (such aspafc
) added (issue #28). - Optimized server orphan handling, which improves responsiveness in case clients with large number of services published disconnect.
- Limit the number of
pafbench
concurrent transaction (to make it more behave like a typical client). - Fixed bug in source IP-based (i.e., insecure) user classification.
- Fixed bug which allowed for too-large, or too-small integers being sent or received on the Pathfinder protocol level (issue #14).
- Various updates to comply to coding style.