Maria Matejka
2c4b368176
RPKI socket read is prioritized over other sockets
2024-06-26 11:29:43 +02:00
Ondrej Zajicek
f27d1bae0f
Merge commit '26dd61ee7f91c15157601b2404de5b6500a6061c' into thread-next
2024-04-01 03:01:59 +02:00
Job Snijders
e2728c8078
RPKI: Add 'local address' configuration option
...
Allow to explicitly configure the source IP address for RPKI-To-Router
sessions. Predictable source addresses are useful for minimizing the
holes to be poked in ACLs.
Changed from 'source address' to 'local address' by committer.
2024-02-22 14:58:29 +01:00
Maria Matejka
b3f805ce29
Socket closing has its dedicated function
2023-04-22 20:48:42 +02:00
Maria Matejka
836e857b30
Sockets: Unified API for main and other loops
...
Now sk_open() requires an explicit IO loop to open the socket in. Also
specific functions for socket RX pause / resume are added to allow for
BGP corking.
And last but not least, socket reloop is now synchronous to resolve
weird cases of the target loop stopping before actually picking up the
relooped socket. Now the caller must ensure that both loops are locked
while relooping, and this way all sockets always have their respective
loop.
2023-04-04 17:00:59 +02:00
Maria Matejka
7901c40500
Merge commit '3fd1f461' into thread-next
...
closes #16
closes #17
closes #18
2022-09-26 12:21:33 +02:00
Luiz Amaral
9a9439d5e1
RPKI: Implement VRF support
2022-05-19 19:43:59 +02:00
Maria Matejka
3fd1f46184
RPKI has its own loop
2021-11-22 19:05:44 +01:00
Ondrej Zajicek (work)
454ae30445
RPKI: Improve error handling of DNS resolver
2021-03-17 17:24:00 +01:00
Ondrej Zajicek (work)
4e23b49969
RPKI: Fix handling of IPv6 cache addresses
...
The old code used just sizeof(struct sockaddr) bytes of IP address.
2019-10-19 03:39:07 +02:00
Pavel Tvrdík
65d2a88dd2
RPKI protocol with one cache server per protocol
...
The RPKI protocol (RFC 6810) using the RTRLib
(http://rpki.realmv6.org/ ) that is integrated inside
the BIRD's code.
Implemeted transports are:
- unprotected transport over TCP
- secure transport over SSHv2
Example configuration of bird.conf:
...
roa4 table r4;
roa6 table r6;
protocol rpki {
debug all;
# Import both IPv4 and IPv6 ROAs
roa4 { table r4; };
roa6 { table r6; };
# Set cache server (validator) address,
# overwrite default port 323
remote "rpki-validator.realmv6.org" port 8282;
# Overwrite default time intervals
retry 10; # Default 600 seconds
refresh 60; # Default 3600 seconds
expire 600; # Default 7200 seconds
}
protocol rpki {
debug all;
# Import only IPv4 routes
roa4 { table r4; };
# Set cache server address to localhost,
# use default ports tcp => 323 or ssh => 22
remote 127.0.0.1;
# Use SSH transport instead of unprotected transport over TCP
ssh encryption {
bird private key "/home/birdgeek/.ssh/id_rsa";
remote public key "/home/birdgeek/.ssh/known_hosts";
user "birdgeek";
};
}
...
2016-12-07 09:35:24 +01:00