Loading doc/bird.sgml +91 −0 Original line number Original line Diff line number Diff line Loading @@ -3485,6 +3485,97 @@ protocol rip { } } </code> </code> <sect>RPKI <p>The Resource Public Key Infrastructure (RPKI) to Router Protocol (RFC 6810) is a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data from a trusted cache. It is possible to configure only one cache server per protocol yet. <code> protocol rpki [<name>] { roa table <name>; cache <ip> | "<domain>" { port <num>; ssh encryption { bird private key "</path/to/id_rsa>"; cache public key "</path/to/known_host>"; user "<name>"; }; }; } </code> <sect1>RPKI protocol options <descrip> <tag>roa table <m/name/</tag> Specifies the roa table into which will import the routes from cache. This option is required. <tag>cache <m/ip/ | "<m/domain/" [ { <m/cache options.../ } ]</tag> Specifies a destination address of the cache server. Can be specified by an IP address or by full domain name. By default there is no encryption in transport. Only one cache can be specified per protocol. </descrip> <sect1>Cache options <descrip> <tag>port <m/num/</tag> Specifies the port number. The default port number is 8282 for transpoert without any encryption and 22 for transport with SSH encryption. <tag>ssh encryption { <m/ssh encryption options.../ }</tag> This enables a SSH encryption. </descrip> <sect1>SSH encryption options <descrip> <tag>bird private key "<m///path/to/id_rsa"</tag> A path to the BIRD's private SSH key for authentication. It can be a <cf/id_rsa/ file. <tag>cache public key "<m///path/to/known_host"</tag> A path to the cache's public SSH key for verification identity of the cache server. It could be a <cf/known_host/ file. <tag>user "<m/name/"</tag> A SSH user name for authentication. This option is a required. </descrip> <sect1>Examples <p>A simple configuration without transport encryption: <code> roa table my_roa_table; protocol rpki { debug all; roa table my_roa_table; cache "rpki-validator.realmv6.org"; } </code> <p>A configuration using SSHv2 transport encryption: <code> roa table my_roa_table; protocol rpki { debug all; roa table my_roa_table; cache 127.0.0.1 { port 2345; ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; cache public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; }; } </code> <sect>Static <sect>Static Loading proto/rpki/Doc +6 −1 Original line number Original line Diff line number Diff line C rpki.c S rpki.c S packets.c S rtr.c S transport.c S tcp_transport.c S ssh_transport.c No newline at end of file proto/rpki/packets.c +2 −2 Original line number Original line Diff line number Diff line Loading @@ -495,7 +495,7 @@ rtr_check_receive_packet(struct rpki_cache *cache, void *pdu, const size_t len) return RTR_ERROR; return RTR_ERROR; } } // Do dont handle error PDUs here, leave this task to rtr_handle_error_pdu() // Do not handle error PDUs here, leave this task to rtr_handle_error_pdu() if (header.ver != rtr_socket->version && header.type != ERROR) if (header.ver != rtr_socket->version && header.type != ERROR) { { // If this is the first PDU we have received -> Downgrade. // If this is the first PDU we have received -> Downgrade. Loading proto/rpki/rpki.c +3 −3 Original line number Original line Diff line number Diff line Loading @@ -3,7 +3,7 @@ * * * (c) 2015 CZ.NIC * (c) 2015 CZ.NIC * * * Using RTRLib: http://rpki.realmv6.org/ * Using RTRlib: http://rpki.realmv6.org/ * * * Can be freely distributed and used under the terms of the GNU GPL. * Can be freely distributed and used under the terms of the GNU GPL. */ */ Loading Loading @@ -319,12 +319,12 @@ rpki_free_cache(struct rpki_cache *cache) mb_free(cache->rtr_socket->tr_socket); mb_free(cache->rtr_socket->tr_socket); mb_free(cache->rtr_socket); mb_free(cache->rtr_socket); /* Timers */ /* timers */ tm_stop(cache->retry_timer); tm_stop(cache->retry_timer); tm_stop(cache->refresh_timer); tm_stop(cache->refresh_timer); tm_stop(cache->expire_timer); tm_stop(cache->expire_timer); rfree(cache->retry_timer); rfree(cache->retry_timer); rfree(cache->refresh_timer); rfree(cache->refresh_timer); rfree(cache->expire_timer); rfree(cache->expire_timer); Loading proto/rpki/rpki.h +1 −1 Original line number Original line Diff line number Diff line Loading @@ -3,7 +3,7 @@ * * * (c) 2015 CZ.NIC * (c) 2015 CZ.NIC * * * Using RTRLib: http://rpki.realmv6.org/ * Using RTRlib: http://rpki.realmv6.org/ * * * Can be freely distributed and used under the terms of the GNU GPL. * Can be freely distributed and used under the terms of the GNU GPL. */ */ Loading Loading
doc/bird.sgml +91 −0 Original line number Original line Diff line number Diff line Loading @@ -3485,6 +3485,97 @@ protocol rip { } } </code> </code> <sect>RPKI <p>The Resource Public Key Infrastructure (RPKI) to Router Protocol (RFC 6810) is a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data from a trusted cache. It is possible to configure only one cache server per protocol yet. <code> protocol rpki [<name>] { roa table <name>; cache <ip> | "<domain>" { port <num>; ssh encryption { bird private key "</path/to/id_rsa>"; cache public key "</path/to/known_host>"; user "<name>"; }; }; } </code> <sect1>RPKI protocol options <descrip> <tag>roa table <m/name/</tag> Specifies the roa table into which will import the routes from cache. This option is required. <tag>cache <m/ip/ | "<m/domain/" [ { <m/cache options.../ } ]</tag> Specifies a destination address of the cache server. Can be specified by an IP address or by full domain name. By default there is no encryption in transport. Only one cache can be specified per protocol. </descrip> <sect1>Cache options <descrip> <tag>port <m/num/</tag> Specifies the port number. The default port number is 8282 for transpoert without any encryption and 22 for transport with SSH encryption. <tag>ssh encryption { <m/ssh encryption options.../ }</tag> This enables a SSH encryption. </descrip> <sect1>SSH encryption options <descrip> <tag>bird private key "<m///path/to/id_rsa"</tag> A path to the BIRD's private SSH key for authentication. It can be a <cf/id_rsa/ file. <tag>cache public key "<m///path/to/known_host"</tag> A path to the cache's public SSH key for verification identity of the cache server. It could be a <cf/known_host/ file. <tag>user "<m/name/"</tag> A SSH user name for authentication. This option is a required. </descrip> <sect1>Examples <p>A simple configuration without transport encryption: <code> roa table my_roa_table; protocol rpki { debug all; roa table my_roa_table; cache "rpki-validator.realmv6.org"; } </code> <p>A configuration using SSHv2 transport encryption: <code> roa table my_roa_table; protocol rpki { debug all; roa table my_roa_table; cache 127.0.0.1 { port 2345; ssh encryption { bird private key "/home/birdgeek/.ssh/id_rsa"; cache public key "/home/birdgeek/.ssh/known_hosts"; user "birdgeek"; }; }; } </code> <sect>Static <sect>Static Loading
proto/rpki/Doc +6 −1 Original line number Original line Diff line number Diff line C rpki.c S rpki.c S packets.c S rtr.c S transport.c S tcp_transport.c S ssh_transport.c No newline at end of file
proto/rpki/packets.c +2 −2 Original line number Original line Diff line number Diff line Loading @@ -495,7 +495,7 @@ rtr_check_receive_packet(struct rpki_cache *cache, void *pdu, const size_t len) return RTR_ERROR; return RTR_ERROR; } } // Do dont handle error PDUs here, leave this task to rtr_handle_error_pdu() // Do not handle error PDUs here, leave this task to rtr_handle_error_pdu() if (header.ver != rtr_socket->version && header.type != ERROR) if (header.ver != rtr_socket->version && header.type != ERROR) { { // If this is the first PDU we have received -> Downgrade. // If this is the first PDU we have received -> Downgrade. Loading
proto/rpki/rpki.c +3 −3 Original line number Original line Diff line number Diff line Loading @@ -3,7 +3,7 @@ * * * (c) 2015 CZ.NIC * (c) 2015 CZ.NIC * * * Using RTRLib: http://rpki.realmv6.org/ * Using RTRlib: http://rpki.realmv6.org/ * * * Can be freely distributed and used under the terms of the GNU GPL. * Can be freely distributed and used under the terms of the GNU GPL. */ */ Loading Loading @@ -319,12 +319,12 @@ rpki_free_cache(struct rpki_cache *cache) mb_free(cache->rtr_socket->tr_socket); mb_free(cache->rtr_socket->tr_socket); mb_free(cache->rtr_socket); mb_free(cache->rtr_socket); /* Timers */ /* timers */ tm_stop(cache->retry_timer); tm_stop(cache->retry_timer); tm_stop(cache->refresh_timer); tm_stop(cache->refresh_timer); tm_stop(cache->expire_timer); tm_stop(cache->expire_timer); rfree(cache->retry_timer); rfree(cache->retry_timer); rfree(cache->refresh_timer); rfree(cache->refresh_timer); rfree(cache->expire_timer); rfree(cache->expire_timer); Loading
proto/rpki/rpki.h +1 −1 Original line number Original line Diff line number Diff line Loading @@ -3,7 +3,7 @@ * * * (c) 2015 CZ.NIC * (c) 2015 CZ.NIC * * * Using RTRLib: http://rpki.realmv6.org/ * Using RTRlib: http://rpki.realmv6.org/ * * * Can be freely distributed and used under the terms of the GNU GPL. * Can be freely distributed and used under the terms of the GNU GPL. */ */ Loading
