Ondrej Zajicek (work)
fc1e3211b1
RPKI: Add 'ignore max length' option
...
Add 'ignore max length' option to RPKI protocol, which ignores received
max length in ROA records and instead uses max value (32 or 128). This
may be useful for implementing loose RPKI check for blackholes.
2020-10-11 01:00:54 +02:00
Maria Matejka
5f60d14ede
RPKI: fixed rare va_list leak
2020-05-01 15:19:12 +02:00
Ondrej Zajicek (work)
d59c1a2958
RPKI: Update to new timers
2017-12-07 13:52:21 +01:00
Ondrej Zajicek (work)
eeba61ccd5
Minor cleanups
2016-12-13 20:18:11 +01:00
Jan Moskyto Matejka
b94e5e58db
RPKI: fixed some of the extended warnings
2016-12-07 15:35:35 +01:00
Jan Moskyto Matejka
af62c0f9f1
LibSSH may be switched off together with RPKI
2016-12-07 14:15:35 +01:00
Pavel Tvrdík
65d2a88dd2
RPKI protocol with one cache server per protocol
...
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/ ) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
2016-12-07 09:35:24 +01:00