}
</code>
+<sect>RPKI
+
+<p>The Resource Public Key Infrastructure (RPKI) to Router Protocol (RFC 6810)
+is a simple but reliable mechanism to receive Resource Public Key
+Infrastructure (RFC 6480) prefix origin data from a trusted cache.
+
+It is possible to configure only one cache server per protocol yet.
+
+<code>
+protocol rpki [<name>] {
+ roa table <name>;
+ cache <ip> | "<domain>" {
+ port <num>;
+ ssh encryption {
+ bird private key "</path/to/id_rsa>";
+ cache public key "</path/to/known_host>";
+ user "<name>";
+ };
+ };
+}
+</code>
+
+<sect1>RPKI protocol options
+<descrip>
+ <tag>roa table <m/name/</tag>
+ Specifies the roa table into which will import the routes from cache.
+ This option is required.
+
+ <tag>cache <m/ip/ | "<m/domain/" [ { <m/cache options.../ } ]</tag>
+ Specifies a destination address of the cache server.
+ Can be specified by an IP address or by full domain name.
+ By default there is no encryption in transport.
+ Only one cache can be specified per protocol.
+</descrip>
+
+<sect1>Cache options
+<descrip>
+ <tag>port <m/num/</tag>
+ Specifies the port number.
+ The default port number is 8282 for transpoert without any encryption
+ and 22 for transport with SSH encryption.
+
+ <tag>ssh encryption { <m/ssh encryption options.../ }</tag>
+ This enables a SSH encryption.
+</descrip>
+
+<sect1>SSH encryption options
+<descrip>
+ <tag>bird private key "<m///path/to/id_rsa"</tag>
+ A path to the BIRD's private SSH key for authentication.
+ It can be a <cf/id_rsa/ file.
+
+ <tag>cache public key "<m///path/to/known_host"</tag>
+ A path to the cache's public SSH key for verification identity
+ of the cache server. It could be a <cf/known_host/ file.
+
+ <tag>user "<m/name/"</tag>
+ A SSH user name for authentication. This option is a required.
+</descrip>
+
+<sect1>Examples
+<p>A simple configuration without transport encryption:
+<code>
+roa table my_roa_table;
+protocol rpki {
+ debug all;
+ roa table my_roa_table;
+
+ cache "rpki-validator.realmv6.org";
+}
+</code>
+
+<p>A configuration using SSHv2 transport encryption:
+<code>
+roa table my_roa_table;
+protocol rpki {
+ debug all;
+ roa table my_roa_table;
+
+ cache 127.0.0.1 {
+ port 2345;
+ ssh encryption {
+ bird private key "/home/birdgeek/.ssh/id_rsa";
+ cache public key "/home/birdgeek/.ssh/known_hosts";
+ user "birdgeek";
+ };
+ };
+}
+</code>
+
+
<sect>Static
struct rpki_proto *p = cache->p;
int error = RTR_SUCCESS;
- //header in hostbyte order, retain original received pdu, in case we need to detach it to an error pdu
+ // header in hostbyte order, retain original received pdu, in case we need to detach it to an error pdu
struct pdu_header header;
memcpy(&header, pdu, sizeof(header));
rtr_pdu_header_to_host_byte_order(&header);
return RTR_ERROR;
}
- // Do dont handle error PDUs here, leave this task to rtr_handle_error_pdu()
+ // Do not handle error PDUs here, leave this task to rtr_handle_error_pdu()
if (header.ver != rtr_socket->version && header.type != ERROR)
{
// If this is the first PDU we have received -> Downgrade.
*
* (c) 2015 CZ.NIC
*
- * Using RTRLib: http://rpki.realmv6.org/
+ * Using RTRlib: http://rpki.realmv6.org/
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
mb_free(cache->rtr_socket->tr_socket);
mb_free(cache->rtr_socket);
- /* Timers */
+ /* timers */
tm_stop(cache->retry_timer);
tm_stop(cache->refresh_timer);
tm_stop(cache->expire_timer);
-
rfree(cache->retry_timer);
+
rfree(cache->refresh_timer);
rfree(cache->expire_timer);
}
pfx_table_src_remove(cache);
- CACHE_TRACE(D_EVENTS, cache, "Remove outdated records from pfx_table");
+ CACHE_TRACE(D_EVENTS, cache, "All ROA records from %s expired", get_cache_ident(cache));
rtr_socket->request_session_id = true;
rtr_socket->serial_number = 0;
rtr_socket->last_update = 0;
case RTR_CONNECTING:
case RTR_SYNC:
- /* Wait small amout of time to transite state */
+ /* Wait a small amount of time to the end of transitive state */
tm_start(tm, 1);
break;
projects / thirdparty / bird.git / commitdiff
