Changelog

All notable changes to RAVEN are recorded here.

v0.3.2 (2026-06-16)

Demo lab: all docker exec calls in demo-master.sh now use sudo (silent injection failures occurred when run without root)
Demo lab: setup() now injects LEAK-PREFIX prefix-list into running FRR containers via vtysh post-deploy; Containerlab mounts frr.conf but FRR does not reload on redeploy, causing the leak scenario to fail on cold start
Demo lab: Routinator 0.15.1 changed CLI syntax; --config flag must now be passed as a global flag before the subcommand (routinator -c ~/.routinator.conf server) not after it
Grafana: BGP Peers panel filtered to IPv4-only peers and panel height increased (IPv6 peer additions doubled tile count, causing overflow)

IPv6 route monitoring via BMP (MP_REACH_NLRI / MP_UNREACH_NLRI parsing)
IPv6 ROV validation
IPv6 origin hijack scenario in demo lab (./demo-master.sh hijack6)
TLS support for BMP listener and RTR client; skip TCP buffer tuning (SetReadBuffer/SetWriteBuffer) for TLS connections (WSL2 compatibility)

Demo lab: lacnic scenario 4 route leak used inline LEAK-INJECT route-map with wrong prepend ASN (AS64496 → ROV:Invalid); replaced with permanent ROUTE-LEAK route-map (prepend AS1199 → ROV:Valid, ASPA:Invalid, posture:path-suspect as intended)
Demo lab: leak and hijack6 vtysh commands converted to heredoc syntax (docker exec ... bash -c "vtysh << 'VTYSH' ... VTYSH") to fix silent failures caused by leading spaces in -c arguments
Demo lab: leak scenario prefix corrected to 193.0.0.0/21 (AS3333 / RIPE NCC); SLURM ASPA assertion added for AS3333 with provider AS1103 (excluding AS65000 to trigger path-suspect)

Demo lab internet router ASN changed from AS2121 to AS64496 to avoid spurious path-suspect at baseline caused by real-world RPKI/ASPA records for AS2121

Event Engine: configurable triggers on posture changes (ROV state change, new route with specific posture, RTR cache failure) with webhook HTTP POST and file log actions
Flowspec lifecycle management: detect origin-invalid route → generate Flowspec rule → inject via GoBGP → monitor → expire after configurable TTL. Dry-run mode and approval webhook supported.
raven audit — full security posture report for a router: per-peer posture breakdown, ROV/ASPA coverage, recommendations. Outputs table, JSON, or markdown.
raven check stealthy — detect stealthy BGP hijacks by comparing BMP control-plane view against data-plane forwarding via probes
Warm-start persistence: snapshot route table and RPKI caches to disk on shutdown, restore on startup
OpenTelemetry OTLP metrics export alongside Prometheus
RTR-over-TLS: configure transport: tls and optional CA cert under any RTR cache entry
BMP listener TLS: optional TLS termination on the BMP listener with mutual TLS support
Event Engine ASN triggers: asn and protected_asn trigger types (contributed by Orange/AS3215)

RTR rtr-version config field now correctly wired through to the client (was previously ignored)
TCP socket buffer tuning skipped for TLS connections (prevented TLS sessions from establishing on some platforms)

ASPA path verification per draft-ietf-sidrops-aspa-verification-24
Combined security posture matrix: Secured / Origin-Only / Path-Suspect / Path-Only / Unverified / Origin-Invalid
ASPA store populated via RTR v2 ASPA PDUs; re-validation on ASPA store updates via dirty-set propagation
raven aspa — show ASPA records for an ASN
raven aspa recommend — suggest ASPA objects based on observed paths
raven what-if — simulate impact of reject-invalid or ASPA enforcement
raven watch — stream live validation state changes
Prometheus posture metrics reflect full ROV × ASPA matrix

Initial public release — Phase 1 (Foundation) complete.

raven serve — start daemon
raven status — BMP peer and RTR cache health
raven peers — list BMP peers
raven routes — query route table with filters (prefix, origin-asn, peer, posture)
raven validate — one-shot prefix validation