RPKI: Add a documentation

doc/bird.sgml

@@ -3485,6 +3485,97 @@ protocol rip {
 }
 </code>
 
+<sect>RPKI
+
+<p>The Resource Public Key Infrastructure (RPKI) to Router Protocol (RFC 6810)
+is a simple but reliable mechanism to receive Resource Public Key
+Infrastructure (RFC 6480) prefix origin data from a trusted cache.
+
+It is possible to configure only one cache server per protocol yet.
+
+<code>
+protocol rpki [&lt;name&gt;] {
+        roa table &lt;name&gt;;
+        cache &lt;ip&gt; | "&lt;domain&gt;" {
+                port &lt;num&gt;;
+                ssh encryption {
+                        bird private key "&lt;/path/to/id_rsa&gt;";
+                        cache public key "&lt;/path/to/known_host&gt;";
+                        user "&lt;name&gt;";
+                };
+        };
+}
+</code>
+
+<sect1>RPKI protocol options
+<descrip>
+	<tag>roa table <m/name/</tag>
+	Specifies the roa table into which will import the routes from cache.
+	This option is required.
+
+	<tag>cache <m/ip/ | "<m/domain/" [ { <m/cache options.../ } ]</tag>
+	Specifies a destination address of the cache server.
+	Can be specified by an IP address or by full domain name.
+	By default there is no encryption in transport.
+	Only one cache can be specified per protocol.
+</descrip>
+
+<sect1>Cache options
+<descrip>
+	<tag>port <m/num/</tag>
+	Specifies the port number.
+	The default port number is 8282 for transpoert without any encryption
+	and 22 for transport with SSH encryption.
+
+	<tag>ssh encryption { <m/ssh encryption options.../ }</tag>
+	This enables a SSH encryption.
+</descrip>
+
+<sect1>SSH encryption options
+<descrip>
+	<tag>bird private key "<m///path/to/id_rsa"</tag>
+	A path to the BIRD's private SSH key for authentication.
+	It can be a <cf/id_rsa/ file.
+
+	<tag>cache public key "<m///path/to/known_host"</tag>
+	A path to the cache's public SSH key for verification identity
+	of the cache server. It could be a <cf/known_host/ file.
+
+	<tag>user "<m/name/"</tag>
+	A SSH user name for authentication. This option is a required.
+</descrip>
+
+<sect1>Examples
+<p>A simple configuration without transport encryption:
+<code>
+roa table my_roa_table;
+protocol rpki {
+        debug all;
+        roa table my_roa_table;
+
+        cache "rpki-validator.realmv6.org";
+}
+</code>
+
+<p>A configuration using SSHv2 transport encryption:
+<code>
+roa table my_roa_table;
+protocol rpki {
+        debug all;
+        roa table my_roa_table;
+
+        cache 127.0.0.1 {
+                port 2345;
+                ssh encryption {
+                        bird private key "/home/birdgeek/.ssh/id_rsa";
+                        cache public key "/home/birdgeek/.ssh/known_hosts";
+                        user "birdgeek";
+                };
+        };
+}
+</code>
+
+
 
 <sect>Static
 

proto/rpki/Doc

@@ -1 +1,6 @@
-C rpki.c
+S rpki.c
+S packets.c
+S rtr.c
+S transport.c
+S tcp_transport.c
+S ssh_transport.c

proto/rpki/packets.c

@@ -483,7 +483,7 @@ rtr_check_receive_packet(struct rpki_cache *cache, void *pdu, const size_t len)
   struct rpki_proto *p = cache->p;
   int error = RTR_SUCCESS;
 
-  //header in hostbyte order, retain original received pdu, in case we need to detach it to an error pdu
+  // header in hostbyte order, retain original received pdu, in case we need to detach it to an error pdu
   struct pdu_header header;
   memcpy(&header, pdu, sizeof(header));
   rtr_pdu_header_to_host_byte_order(&header);
@@ -495,7 +495,7 @@ rtr_check_receive_packet(struct rpki_cache *cache, void *pdu, const size_t len)
     return RTR_ERROR;
   }
 
-  // Do dont handle error PDUs here, leave this task to rtr_handle_error_pdu()
+  // Do not handle error PDUs here, leave this task to rtr_handle_error_pdu()
   if (header.ver != rtr_socket->version && header.type != ERROR)
   {
     // If this is the first PDU we have received -> Downgrade.

proto/rpki/rpki.c

@@ -3,7 +3,7 @@
  *
  *	(c) 2015 CZ.NIC
  *
- *	Using RTRLib: http://rpki.realmv6.org/
+ *	Using RTRlib: http://rpki.realmv6.org/
  *
  *	Can be freely distributed and used under the terms of the GNU GPL.
  */
@@ -319,12 +319,12 @@ rpki_free_cache(struct rpki_cache *cache)
   mb_free(cache->rtr_socket->tr_socket);
   mb_free(cache->rtr_socket);
 
-  /* Timers */
+  /* timers */
   tm_stop(cache->retry_timer);
   tm_stop(cache->refresh_timer);
   tm_stop(cache->expire_timer);
-
   rfree(cache->retry_timer);
+
   rfree(cache->refresh_timer);
   rfree(cache->expire_timer);
 

proto/rpki/rpki.h

@@ -3,7 +3,7 @@
  *
  *	(c) 2015 CZ.NIC
  *
- *	Using RTRLib: http://rpki.realmv6.org/
+ *	Using RTRlib: http://rpki.realmv6.org/
  *
  *	Can be freely distributed and used under the terms of the GNU GPL.
  */

proto/rpki/rtr.c

@@ -76,7 +76,7 @@ rtr_purge_records_if_outdated(struct rpki_cache *cache)
     }
 
     pfx_table_src_remove(cache);
-    CACHE_TRACE(D_EVENTS, cache, "Remove outdated records from pfx_table");
+    CACHE_TRACE(D_EVENTS, cache, "All ROA records from %s expired", get_cache_ident(cache));
     rtr_socket->request_session_id = true;
     rtr_socket->serial_number = 0;
     rtr_socket->last_update = 0;
@@ -288,7 +288,7 @@ rpki_refresh_hook(struct timer *tm)
 
     case RTR_CONNECTING:
     case RTR_SYNC:
-      /* Wait small amout of time to transite state */
+      /* Wait a small amount of time to the end of transitive state */
       tm_start(tm, 1);
       break;