ION 4.2.0-a.1 - Alpha Release 1

This release contains an integrated prototype of the Bundle Security Library (BSL).

The native BPSec implementation, available in ION since ION 4.1.3s, remains the default implementation. Users can experiment with BSL by using the --enable-bsl switch in the configure script. BSL is now available on the default integration branch.

For detailed instruction, please see documentation here: https://ion-dtn.readthedocs.io/en/ion-open-source-4.2.0-a.1/BSL-Build-Install-Guide/

ION Open Source 4.1.4 Stable Release

%%%%%%%%%%%%%%%%%%%%%%%%%%
= NOTES ON RELEASE 4.1.4 =
%%%%%%%%%%%%%%%%%%%%%%%%%%

This final release of ION 4.1.4 represents the culmination of extensive security
hardening, protocol enhancements, and platform portability improvements since the
4.1.4-b.1 beta release. The release includes 288 commits addressing critical security
vulnerabilities, implementing CCSDS Orange Book custody transfer specifications, adding
new convergence layer adapters, and improving system stability across all supported
platforms.

Critical Security Fixes

• File Transfer Security: Fixed multiple critical vulnerabilities in sendfile/recvfile:

  • Path traversal vulnerability allowing access outside designated directories
  • Stack overflow in file path handling
  • Time-of-check/time-of-use (TOCTOU) race conditions
  • Resource leaks and improper memory cleanup
  • Added input validation and secure path canonicalization

• BPSec Policy Engine: Added NULL checks for security policy radix trees to prevent
  crashes during rule lookup with missing or invalid policy configurations.

• Input Validation: Enhanced validation throughout the codebase including:

  • Canonical extension block number validation (must be < 255)
  • Stricter sscanf return value checking to prevent buffer overflows
  • Improved error handling for malformed configuration inputs

Custody Transfer and Bundle Management (CCSDS Orange Book Compliance)

• Aggregate Custody Signals (CBR/CT): Complete implementation of CCSDS Custody
  Transfer and Bundle Refusal specifications:

  • CTEB (Custody Transfer Extension Block) for custody metadata
  • CREB (Custody Refusal Extension Block) for refusal reasons
  • CRS (Compressed Reporting Signals) using CBOR encoding
  • Custody-originated tracking and bundle detention mechanisms
  • Support for non-zero sequence IDs in custody signals
  • Comprehensive test suite with isolated subtests for each feature
  • Full API documentation and man pages

• Bundle Lifecycle Management: Enhanced bundle state tracking throughout custody
  transfer operations with proper validation of custody acceptance/refusal conditions.

New Convergence Layer Adapters

• File CLA: Production implementation of file-based convergence layer adapter
  for applications requiring file system-based bundle exchange, with complete
  documentation and man pages.

• SPP/EPP CLA Prototypes: Initial prototypes for specialized convergence layers:

  • SPP (Space Packet Protocol) CLA with loopback provider stub
  • EPP (Encapsulation Packet Protocol) CLA with loopback provider stub
  • Regression test templates and online documentation
  • Error handling improvements for transmission success/failure cases

LTP Protocol Enhancements

• Statistics Collection: Implemented C11 atomic operations for lock-free LTP
  statistics batching, significantly improving performance under high load.

• Session Management:

  • Fixed checkpoint timer cancellation when receiving partial segment coverage,
    preventing sender from getting stuck in limbo state
  • Added import session inactivity timeout to prevent denial-of-service from
    incomplete sessions
  • Improved LTP cancel segment acknowledgment for completed sessions

• Monitoring Tools:

  • New ltpstats utility for real-time LTP performance monitoring
  • Enhanced ltpwatch with improved reporting capabilities

Bundle Protocol (BP) Improvements

• Statistics and Monitoring:

  • Implemented C11 atomic operations for lock-free BP statistics collection
  • Fixed BP statistics naming inconsistencies
  • Exposed numBundlesDeleted counter in bpnmtest
  • Corrected bpstats delivery (dlv) reporting

• Extension Block Management:

  • Fixed extension block number duplication when cloning bundles for multicast
    or fragmentation
  • Added verification that payload block number is always 1
  • Improved extension block documentation explaining ION's behavior and rationales
  • Removed obsolete HIRR (Hop-in-Route-Record) code

• Routing Enhancements:

  • Allow best-effort bundles to use reliable CLAs when no unreliable CLA available
  • Fixed TOCTOU race in contact state checking during bundle transmission
  • Fixed egress plan configuration errors

SDR (Simple Data Recorder) Enhancements

• Performance Instrumentation: Added comprehensive SDR transaction performance
  monitoring controlled by --enable-sdr-perf configure option:

  • Transaction timing and throughput measurement
  • Caller tracking for performance profiling
  • Improved diagnostics for SDR modification sources

• Reversibility and Recovery:

  • Enhanced ionrestart recovery with defensive checks for transaction cancellation
  • Fixed SDR owner mismatch during ionrestart
  • Improved sdr_exit_xn to trigger proper cancellation instead of aborting
  • Converted fatal CHKZERO assertions in sdr_list operations to defensive warnings
  • Added documentation on SDR reversibility mechanisms

Error Handling and Reliability

• CHK Assertion Improvements:

  • Added fail-fast mode for CHK assertion macros
  • Implemented stack trace support for FreeBSD, macOS, and Linux
  • Graceful error handling for CHK assertions during shutdown/ionrestart
  • Defensive ownership checks before SDR writes to handle transaction cancellation

• Daemon Management:

  • Daemonized psmwatch and sdrwatch with automatic configuration detection
  • Fixed ionrestart race conditions in daemon startup
  • Improved ionexit hang handling after TCP outduct stop/start
  • Enhanced monitoring utility descriptions and usage documentation

• Semaphore Management:

  • Fixed POSIX named semaphore race conditions causing segmentation faults in bpcp
  • Implemented reference counting and deferred deletion for semaphores
  • Fixed sm_SemTake to return 0 when semaphore is ended
  • Resolved semaphore cleanup ordering issues

CFDP (File Delivery Protocol) Improvements

• Race Condition Fixes:

  • Fixed CFDP event queue race condition with producer-consumer mutex pattern
  • Proper semaphore state management and cleanup ordering
  • Fixed event_wait_id handling to prevent segmentation faults

• Compilation Fixes:

  • Fixed checksum function signature compatibility with --enable-high-speed option

Network Management and Administration APIs

• Bulk Removal APIs: Added runtime reconfiguration capabilities for:

  • Outducts and inducts
  • Endpoints and spans
  • Seats and egress plans
  • Complete test coverage in admin_public_api/bulk_removal

• AMP/NM Enhancements:

  • Fixed bp_agent ADM type mismatches with ION-specific extensions
  • Fixed zero timestamp in AMP agent registration messages
  • Updated conformance test infrastructure with Python 3.9+ requirement

Platform Portability

• macOS:

  • Added newline to ltpcancel.c to quiet compiler warnings
  • Fixed watchdog test termination issues
  • Fixed ipaddr-caching tests for mDNS-enabled systems

• FreeBSD:

  • Fixed date command syntax compatibility
  • Improved backtrace linking
  • Updated stack trace support
  • Fixed LTP cancel tests with prerequisite checks
  • Excluded problematic CFDP tcputa tests due to timing issues

• Solaris:

  • Replaced bzero with memset for POSIX compliance (gf-complete build)
  • Fixed grep compatibility for POSIX compliance
  • Improved UDP buffer handling for larger Solaris defaults
  • Added Solaris-specific test adjustments

Testing Infrastructure

• Test Framework Enhancements:

  • Added --from and --to options to runtests for selective test execution
  • Implemented stress test mode for debugging
  • Added timeout support to prevent tests from hanging
  • Improved test cleanup scripts and IPC artifact management
  • Skip tests gracefully when required tools or conditions are missing

• CI/CD Improvements:

  • Added Fedora 42 to BETR platform regression testing
  • Added merge queue support to required CI workflows
  • Updated RTEMS regression test PR status reporting
  • Improved workflow permissions for security compliance

Build System and Dependencies

• Third-Party Libraries:

  • Switched from ZFEC to Jerasure and GF-Complete libraries for erasure coding
  • Updated licensing terms and TC README for third-party dependencies
  • Added pkg-config support with comprehensive documentation

• Code Quality:

  • Added EditorConfig and clang-format configuration files
  • Enforced .git-blame-ignore-revs for mass formatting changes
  • Removed obsolete code (BPv6 references, ACS infrastructure, ECLSA v2)
  • Fixed hundreds of compiler warnings across all warning levels

Documentation Improvements

• Man Pages:

  • Fixed cross-references and formatting across all man pages
  • Corrected DTPC typos to DTPC throughout documentation
  • Added missing man pages for CBR/CT APIs
  • Enhanced ionsecadmin, ionrc, ipnadmin, and other admin utility documentation
  • Improved CFDP, TC, and DTKA utility documentation

• Technical Documentation:

  • Added SDR reversibility documents
  • Reorganized documentation categorization
  • Added IPN name transition document
  • Enhanced documentation on monitoring tools usage
  • Added regression test documentation for EXPERT setting

Code Cleanup

• Standards Compliance:

  • Compliant #include guard names throughout codebase
  • Proper #endif comments for all include guards
  • Fixed header inclusion ordering and dependencies
  • Removed redundant and commented-out code

• Removed Legacy Code:

  • Removed all BPv6-related code and configuration
  • Removed bpversion utility (superseded by version commands in admin tools)
  • Removed bprecvfile2 (obsolete)
  • Removed duplicate source files (ams/library crypt.c and marshal.c)
  • Cleaned up obsolete demos and re...

ION 4.1.4-b.2 (beta build 2)

Beta Build 2:

• Fixed multiple race conditions within bpcp, CFDP event queue, and tcpcli.
• Improved stability of the semaphore synchronization and reference-counting implementation for better shutdown coordination among processes/threads waiting on the same semaphore.
• Updates on bpcp and TCPCL-related regression tests.

ION Open Source Release 4.1.4-b.1 (Beta Release)

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
= NOTES ON RELEASE 4.1.4-b.1 =
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

This beta release represents a major milestone with the completion of the RTEMS 6.1
port, significant improvements to code quality and portability, new networking
capabilities, and enhanced utilities for bundle management and CFDP file transfers.

RTEMS 6.1 Real-Time Operating System Port

• Full RTEMS 6.1 Port: ION has been successfully ported to RTEMS 6.1 for ARM64
  (AArch64) platforms, featuring:
  • Support for RTEMS libbsd (FreeBSD network stack) integration
  • UDP-based LTP networking tested and verified in QEMU simulation
  • 64-bit addressing support (SPACE_ORDER=3)
  • ION Admin Public API for configuration (no configuration files required)
  • Comprehensive documentation in arch-rtems/ directory
  • Template implementation for adaptation to specific hardware platforms
  • CI/CD workflow integration for RTEMS builds

Dual-Stack IPv4/IPv6 Networking Support

IMPORTANT NOTE ON DUAL-STACK NETWORKING: The dual-stack IPv4/IPv6 capability
will automatically use the network address family returned by hostname resolution.
Most operating systems return IPv6 addresses first when available, and ION's network
stack will use the first entry returned. If a host is not properly configured for
the returned address family, this may cause network address family conflicts,
resulting in connection failures for TCP, UDP, and LTPCLA (which runs over UDP).
The most reliable approach is to use explicit IP addresses if known. If using
hostnames, ensure all hosts resolve to the correct address family as the first entry
in DNS resolution.

• LTPCL Dual-Stack: Added experimental dual-stack IPv4 and IPv6 support for the
  LTP Convergence Layer, allowing nodes to communicate over both protocol versions
  simultaneously.

• TCPCL Dual-Stack: Implemented dual-stack IPv4 and IPv6 support for the TCP
  Convergence Layer with regression tests.

• UDPCL Dual-Stack: Previously introduced in 4.1.4-a.2, further refined and tested
  for production use.

New Bundle Management Utilities

• bpinspect: New utility for inspecting, filtering, and managing bundles in ION's
  custody. Features include:

  • Bundle listing with detailed metadata
  • Filtering by source, destination, creation time, and other attributes
  • Suspend and resume operations for selective bundle processing
  • Critical bug fix for bp_suspend functionality

• bptracker: Enhanced interactive mode for demonstration of bundle tracking
  capabilities, providing fine-grained control over individual bundles with:

  • Flexible send syntax
  • Real-time bundle status monitoring
  • Source routing record (SRR) parsing improvements

• bpcrash_hard: New testing utility for validating ION's crash recovery and
  reversibility features under extreme failure conditions.

CFDP Enhancements

• Enhanced cfdptest Utility: Major improvements to the CFDP testing tool:

  • Transaction tracking and summary display
  • Per-transaction control commands (cancel, suspend, resume)
  • Terminology updates (ack → closure-reqt) for RFC compliance
  • Reset command (R) to clear source/destination filenames
  • Version command (v) for build information
  • Updated man pages and usage documentation

• Empty File Transfer: ION now correctly handles CFDP transfers of zero-byte files.

• Automatic Proxy Launch: CFDP server proxy (bpcpd) can now be automatically
  launched through cfdprc configuration file.

• Event Reporting: Enhanced CFDP event reporting API with more detailed file
  transfer status and progress information, including closureRequested field.

LTP Protocol Improvements

• Dynamic Parameter Control: New capability for direct configuration of LTP
  maxRetries and segment loss rate parameters with updated regression tests.

• Default Value Behavior: Updated default parameter handling for improved
  reliability and performance.

Code Quality and Standards Compliance

• C18/C99 Compliance: Updated build system to prefer C18 (ISO 9899:2018) standard
  with fallback to C99, ensuring maximum portability and standards compliance.

• Strict Compiler Warnings: Enforced -Wextra, -Wstrict-prototypes, and -pedantic
  compiler flags across the entire codebase, resolving hundreds of warnings to
  improve code quality and catch potential bugs.

• Thread Safety: Implemented thread-safe versions of iToa, uToa, vastToa, and
  uvastToa functions with proper type-specific conversions for 32-bit systems.

• POSIX Compliance: Refactored POSIX named semaphore implementation with reference
  counting and deferred deletion to mitigate race conditions, particularly for
  bpcp utility.

Security and Stability Fixes

• Extension Block Overflow: Fixed buffer overflow vulnerability when processing
  non-standard extension blocks. Added regression test for memory allocation
  vulnerabilities.

• BPSec Configuration: Corrected handling of bundles with no CRC and no BIB,
  with tests to verify proper rejection of invalid security configurations.

• NULL Source EID Handling: Fixed bug in handling NULL source EIDs and state
  changes between bundle list and cancel operations.

• Race Condition Fixes: Addressed semaphore cleanup race conditions in bpcp and
  resource lock initialization issues.

Contact Graph Routing (CGR) Enhancements

• Adjacent Contact Support: Prototype support for adjacent contact routing with
  documentation and test cases.

• Routing Visualization: Automated generation of routing visualization data
  through cgrfetch utility improvements, enabling graphical analysis of routing
  decisions.

• CGR Analysis Tools: Refactored cgr-test and asymmetric-range tests to produce
  sample CGR analysis data with comprehensive usage documentation.

Platform Portability Improvements

• macOS Compatibility: Resolved multiple platform-specific issues including
  compilation syntax errors and system() call restrictions with active child
  processes.

• FreeBSD Support: Updated for compatibility with FreeBSD networking stack and
  build environment, including tar-over-ssh deployment for CI/CD.

• Solaris Support: Addressed compiler warnings specific to Solaris and added
  timeout protections for test suite stability.

• ARM Architecture: Fixed ARM default unsigned char issues in tcpcli.c and other
  platform-specific type handling.

• MUSL libc: Enhanced compatibility with MUSL C library and Clang compiler, though
  semaphore limitations require single-instance deployment per host.

Build System Enhancements

• Configure Options: New options to selectively disable DGR and BSSP modules
  (--disable-dgr, --disable-bssp) for minimal builds.

• ion-core Build: Per-extension build options for customized ion-core package
  configurations.

• Development Makefiles: Continued maintenance and updates to manual Makefile.dev
  system for i86_64-fedora platform, including support for new executables:

  • SPP convergence layer (sppcli, sppclo)
  • New test utilities (entropy_test, sdr_test_util)
  • Bundle inspection tool (bpinspect)
  • Additional diagnostic tools

Testing and CI/CD Improvements

• Regression Test Suite: Enhanced test infrastructure with:

  • Optional test designation for non-critical tests
  • Improved cleanup handling for failed tests
  • Timeout mechanisms to prevent hanging tests
  • Preservation of test logs (PRESERVE_TEST_LOG default to 1)
  • Automated ION security database initialization

• GitHub Actions Workflows: Updated CI/CD pipelines with:

  • RTEMS-specific build workflow
  • Submodule initialization improvements
  • Workspace cleanup between runs
  • ion.log capture and custom timeout support
  • JSON dependency validation

• Cross-Platform Testing: Expanded test coverage across Linux, macOS, FreeBSD,
  and Solaris platforms with platform-specific accommodations.

Documentation Updates

• Public API Documentation: Added comprehensive online documentation for ION's
  public administrative API set.

• RTEMS Documentation: Complete documentation package for RTEMS 6.1 port in
  arch-rtems/ directory, including:

  • Installation and build instructions
  • Key fixes and troubleshooting guide (KEY-FIXES-SUMMARY.md)
  • UDP network status and configuration (UDP-NETWORK-STATUS.md)
  • Platform-specific customization guidelines

• Man Page Updates: Updated documentation for LTP maxRetries parameter
  clarification and deprecated maxber usage in regression tests.

Deprecations and Cleanup

• maxber Parameter: Deprecated use of maxber in regression tests; updated
  documentation to clarify proper usage.

• Legacy Code Removal: Continued cleanup of obsolete code including old dtnperf
  (now part of dtnsuite).

• SBSP References: Removed confusing SBSP references from build flags and include
  paths.

Known Issues and Limitations

• MUSL libc: Named semaphore limitations restrict deployment to one ION instance
  per host; many regression tests will fail due to this constraint.

• RTEMS Port: Template implementation requires adaptation to specific hardware
  platforms and BSPs; loopback testing defaults to 127.0.0.1.

• Dual-Stack Networking: IPv4/IPv6 dual-stack features remain experimental;
  production deployments should be thoroughly tested.

Developer Notes

• Thread Synchronization: Refactored libams to use platform abstraction layer for
  thread synchronization.

• Type Conversions: Created type-specific ToString functions (vastToa, uvastToa,
  size_tToa) for improved type safety and 32/64-bit compatibility.

This beta release includes 162 commits since ION 4.1.4-a.2, representing extensive
testing, refinement, and new capabilities. Users are encouraged to test thoroughly
in their environments and report any issues through the GitHub issue tracker.

ION Open Source 4.1.3s

%%%%%%%%%%%%%%%%%%%%%%%%%%%
= NOTES ON RELEASE 4.1.3s =
%%%%%%%%%%%%%%%%%%%%%%%%%%%

Beginning with the ION 4.1.3s release, ION will include support for compilation
with Mbed TLS cryptographic library. ION version 4.1.3s includes support for Mbed TLS version 2.28.

To enable use of Mbed TLS cryptogrpahic library in ION, you must have already built the Mbed TLS
version 2.28.x shared libraries with #define MBEDTLS_NIST_KW_C enabled (see mbedtls/include/mbedtls/config.h).

Make sure the Mbed TLS assets are installed in /usr/local/include/ and
/usr/local/lib with correct permissions, or you can define alternate
locations by running:
./configure --enable-crypto-mbedtls MBED_LIB_PATH=/path/to/libraries MBED_INC_PATH=/path/to/includes

To build Mbed TLS:

1. Download the Mbed-TLS 2.28.2 source code.
2. Open mbedtls-2.28.x/include/mbedtls/config.h and uncomment the line
   that has #define MBEDTLS_NIST_KW_C commented out by default.
3. Run the following commands:
   Linux and MacOS)
   make SHARED=1
   sudo make install
   Windows 7)
   make CC="gcc -std=c99" WINDOWS_BUILD=1 SHARED=1
   make CC="gcc -std=c99" WINDOWS_BUILD=1 install
   • NOTE: this should install things in /msys/local which is okay

To compile ION with MBEDTLS_SUITES configure with:
./configure --enable-crypto-mbedtls

To enable BPSec logging (recommended for verification of BPSec functionality and required by BPSec regression tests)
use the following configuration flag:
--enable-bpsec-debugging

The following code changes have been made to support this option:

• Added ici/MBEDTLS_SUITES folder.
• Updated configure.ac and Makefile.am to allow for linking against
  MBEDTLS libraries.

ION 4.1.3s provides a 'enable_manual_build.sh' script that switches ION from autoconf build system (the default)
to the manual developmental build system based consisting of a Makefile at the root of ION source tree and a set of Makefiles
under the directories of individual components of ION. See the online documentation for more details.

Branches included in this release:

update-4.1.3s-ion-documentation

• Update ION documentation files.

update-4.1.3s-bpcounter-delivery-release

• Updates the bpcounter.c program so it releases the pilot bundle.

update-4.1.3s-dtnnone-vulnerability

• Addresses a vulnerability that freezes ION if a bundle with
  null-endpoint were injected into ION node.

update-4.1.3s-imc-pnb-extblock-crash

• Fixes a vulnerability when a pnb extension block contains invalid eid
  (or say imc scheme for a node that does not recognize it) causing a crash
  of the bundle acquisition process.

update-4.1.4-test-suite

• General improvements to the test scripts.

update-4.1.3s-cgrfetch

• Fixes a segfault at the end of cgrfetch call.

update-4.1.3s_libmetadata_libsecypt

• Includes branch update-4.1.3s_bpsec_updates and also update-4.1.3s_secfix_testfix

feature-msys2-update

• Adds autoconf build process for Windows 10 using msys2 and mingw64.
• This update is experimental and has not been tested against MBEDTLS_SUITES
  (just NULL crypto suites).

update-4.1.3s-bpcp-and-test

• Support for how ion-core builds bpcp.
• Creates tests that can imported into ion-core for LTP and STCP
  convergence layers.

4.1.3s_makefile_correction

• Remove incorrect inclusions of libsecrypt and libmetadata from libbp.

update-4.1.4-extension-block-crc16

• Turn on CRC16 for all blocks.

bpsec-fixes-5-27-2024

• APL fix for a specific case where BPSec may allow a bundle to fail BIB/BCB
  but still be accepted.
• Allow relay nodes not to have a policy.

bpsec-fix-1-June-2024

• Fix accounting issue with ZCO when using BIBE with BPSec.

update-4.1.4-ionstart-upgrade

• Update start script to support syntax that allows multiple ionrc files
  to be specified.

update-4.1.4-bssrecv

• Updates to bssrecv program and documentation.

integration-4.1.3s-util-signals-fix

• Added signal handler for SIGINT to properly shut down child processes.
• Added signal handler for SIGTERM for graceful termination of the process.

integration-4.1.3s-smart-file-update

• Updated smart file transfer utilities with file size reporting and improved
  message logging.