RTRlib
Loading...
Searching...
No Matches
BGPsec AS path validation

BGPsec allows for validation of the BGPsec_PATH attribute of a BGPsec update. More...

Data Structures

struct  rtr_secure_path_seg
 A single Secure Path Segment. More...
 
struct  rtr_signature_seg
 A single Signature Segment. More...
 
struct  rtr_bgpsec_nlri
 This struct contains the Network Layer Reachability Information (NLRI). More...
 
struct  rtr_bgpsec
 The data that is passed to the rtr_mgr_bgpsec_validate_as_path function. More...
 

Macros

#define BGPSEC_IPV4   1
 
#define BGPSEC_IPV6   2
 

Enumerations

enum  rtr_bgpsec_algorithm_suites { RTR_BGPSEC_ALGORITHM_SUITE_1 = 1 }
 All supported algorithm suites. More...
 
enum  rtr_bgpsec_rtvals {
  RTR_BGPSEC_NOT_VALID = 2 , RTR_BGPSEC_VALID = 1 , RTR_BGPSEC_SUCCESS = 0 , RTR_BGPSEC_ERROR = -1 ,
  RTR_BGPSEC_LOAD_PUB_KEY_ERROR = -2 , RTR_BGPSEC_LOAD_PRIV_KEY_ERROR = -3 , RTR_BGPSEC_ROUTER_KEY_NOT_FOUND = -4 , RTR_BGPSEC_SIGNING_ERROR = -5 ,
  RTR_BGPSEC_UNSUPPORTED_ALGORITHM_SUITE = -6 , RTR_BGPSEC_UNSUPPORTED_AFI = -7 , RTR_BGPSEC_WRONG_SEGMENT_COUNT = -8 , RTR_BGPSEC_INVALID_ARGUMENTS = -9
}
 Status codes for various cases. More...
 

Functions

int rtr_bgpsec_validate_as_path (const struct rtr_bgpsec *data, struct spki_table *table)
 Validation function for AS path validation.
 
int rtr_bgpsec_generate_signature (const struct rtr_bgpsec *data, uint8_t *private_key, struct rtr_signature_seg **new_signature)
 Signing function for a BGPsec_PATH.
 
int rtr_bgpsec_get_version (void)
 Returns the highest supported BGPsec version.
 
int rtr_bgpsec_has_algorithm_suite (uint8_t alg_suite)
 Check, if an algorithm suite is supported by RTRlib.
 
int rtr_bgpsec_get_algorithm_suites (const uint8_t **algs_arr)
 Returns a pointer to a list that holds all supported algorithm suites.
 
void rtr_bgpsec_free_signatures (struct rtr_signature_seg *seg)
 Free a signature and any signatures that are pointed to.
 
struct rtr_secure_path_segrtr_bgpsec_new_secure_path_seg (uint8_t pcount, uint8_t flags, uint32_t asn)
 Return an allocated and initialized Secure Path Segment.
 
void rtr_bgpsec_prepend_sec_path_seg (struct rtr_bgpsec *bgpsec, struct rtr_secure_path_seg *new_seg)
 Prepend a given Secure Path Segment to rtr_bgpsec::path.
 
struct rtr_signature_segrtr_bgpsec_new_signature_seg (uint8_t *ski, uint16_t sig_len, uint8_t *signature)
 Return an allocated and initialized Signature.
 
int rtr_bgpsec_prepend_sig_seg (struct rtr_bgpsec *bgpsec, struct rtr_signature_seg *new_seg)
 Prepend a given Signature Segment to rtr_bgpsec::sigs.
 
struct rtr_bgpsecrtr_bgpsec_new (uint8_t alg, uint8_t safi, uint16_t afi, uint32_t my_as, uint32_t target_as, struct rtr_bgpsec_nlri *nlri)
 Initializes and returns a pointer to a rtr_bgpsec struct.
 
struct rtr_bgpsec_nlrirtr_bgpsec_nlri_new (int nlri_len)
 Allocate memory for a rtr_bgpsec_nlri struct.
 
void rtr_bgpsec_nlri_free (struct rtr_bgpsec_nlri *nlri)
 Free a rtr_bgpsec_nlri struct.
 
void rtr_bgpsec_free (struct rtr_bgpsec *bgpsec)
 Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.
 
void rtr_bgpsec_free_secure_path (struct rtr_secure_path_seg *seg)
 Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.
 
struct rtr_signature_segrtr_bgpsec_pop_signature_seg (struct rtr_bgpsec *bgpsec)
 Pop off the first Signature Segment from a given rtr_bgpsec struct and return this Signature Segment.
 
struct rtr_secure_path_segrtr_bgpsec_pop_secure_path_seg (struct rtr_bgpsec *bgpsec)
 Pop off the first Secure Path Segment from a given rtr_bgpsec struct and return this Secure Path Segment.
 
int rtr_bgpsec_append_sig_seg (struct rtr_bgpsec *bgpsec, struct rtr_signature_seg *new_seg)
 Append a Signature Segment to the end of the rtr_bgpsec::sigs of a given rtr_bgpsec struct.
 
void rtr_bgpsec_append_sec_path_seg (struct rtr_bgpsec *bgpsec, struct rtr_secure_path_seg *new_seg)
 Append a Secure Path Segment to the end of the rtr_bgpsec::path of a given rtr_bgpsec struct.
 
void rtr_bgpsec_add_spki_record (struct spki_table *table, struct spki_record *record)
 Manually add a SPKI record into the SPKI table.
 
int rtr_mgr_bgpsec_validate_as_path (const struct rtr_bgpsec *data, struct rtr_mgr_config *config)
 Validation function for AS path validation.
 
int rtr_mgr_bgpsec_generate_signature (const struct rtr_bgpsec *data, uint8_t *private_key, struct rtr_signature_seg **new_signature)
 Signing function for a BGPsec_PATH.
 
int rtr_mgr_bgpsec_get_version (void)
 Returns the highest supported BGPsec version.
 
int rtr_mgr_bgpsec_has_algorithm_suite (uint8_t alg_suite)
 Check, if an algorithm suite is supported by RTRlib.
 
int rtr_mgr_bgpsec_get_algorithm_suites (const uint8_t **algs_arr)
 Returns pointer to a list that holds all supported algorithm suites.
 
void rtr_mgr_bgpsec_free_signatures (struct rtr_signature_seg *seg)
 Free a signature and any signatures that are pointed to.
 
struct rtr_secure_path_segrtr_mgr_bgpsec_new_secure_path_seg (uint8_t pcount, uint8_t flags, uint32_t asn)
 Return an allocated and initialized Secure Path Segment.
 
void rtr_mgr_bgpsec_prepend_sec_path_seg (struct rtr_bgpsec *bgpsec, struct rtr_secure_path_seg *new_seg)
 Prepend a given Secure Path Segment to rtr_bgpsec::path.
 
struct rtr_signature_segrtr_mgr_bgpsec_new_signature_seg (uint8_t *ski, uint16_t sig_len, uint8_t *signature)
 Return an allocated and initialized Signature.
 
int rtr_mgr_bgpsec_prepend_sig_seg (struct rtr_bgpsec *bgpsec, struct rtr_signature_seg *new_seg)
 Prepend a given Signature Segment to rtr_bgpsec::sigs.
 
struct rtr_bgpsecrtr_mgr_bgpsec_new (uint8_t alg, uint8_t safi, uint16_t afi, uint32_t my_as, uint32_t target_as, struct rtr_bgpsec_nlri *nlri)
 Initializes and returns a pointer to a rtr_bgpsec struct.
 
void rtr_mgr_bgpsec_free (struct rtr_bgpsec *bgpsec)
 Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.
 
void rtr_mgr_free_secure_path (struct rtr_secure_path_seg *seg)
 Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.
 
struct rtr_secure_path_segrtr_mgr_bgpsec_pop_secure_path_seg (struct rtr_bgpsec *bgpsec)
 Retrieve a pointer to the last appended Secure Path Segment from a bgpsec struct.
 
struct rtr_signature_segrtr_mgr_bgpsec_pop_signature_seg (struct rtr_bgpsec *bgpsec)
 Retrieve a pointer to the last appended Signature Segment from a bgpsec struct.
 
void rtr_mgr_bgpsec_append_sec_path_seg (struct rtr_bgpsec *bgpsec, struct rtr_secure_path_seg *new_seg)
 
int rtr_mgr_bgpsec_append_sig_seg (struct rtr_bgpsec *bgpsec, struct rtr_signature_seg *new_seg)
 
struct rtr_bgpsec_nlrirtr_mgr_bgpsec_nlri_new (int nlri_len)
 
void rtr_mgr_bgpsec_nlri_free (struct rtr_bgpsec_nlri *nlri)
 
void rtr_mgr_bgpsec_add_spki_record (struct rtr_mgr_config *config, struct spki_record *record)
 

Variables

struct rtr_secure_path_segrtr_secure_path_seg::next
 Reference to the next Secure Path Segment (do not edit manually).
 
uint8_t rtr_secure_path_seg::pcount
 
uint8_t rtr_secure_path_seg::flags
 
uint32_t rtr_secure_path_seg::asn
 
struct rtr_signature_segrtr_signature_seg::next
 
uint8_t rtr_signature_seg::ski [20]
 
uint16_t rtr_signature_seg::sig_len
 
uint8_t * rtr_signature_seg::signature
 The signature of the segment.
 
uint16_t rtr_bgpsec_nlri::afi
 
uint8_t rtr_bgpsec_nlri::safi
 
uint8_t rtr_bgpsec_nlri::nlri_len
 
uint8_t * rtr_bgpsec_nlri::nlri
 
uint8_t rtr_bgpsec::alg
 
uint8_t rtr_bgpsec::safi
 
uint16_t rtr_bgpsec::afi
 
uint32_t rtr_bgpsec::my_as
 
uint32_t rtr_bgpsec::target_as
 
uint16_t rtr_bgpsec::sigs_len
 Count of Signature Segments (do not edit manually).
 
uint8_t rtr_bgpsec::path_len
 Count of Secure Path Segments (do not edit manually).
 
struct rtr_bgpsec_nlrirtr_bgpsec::nlri
 
struct rtr_signature_segrtr_bgpsec::sigs
 Reference to the Signature Segments.
 
struct rtr_secure_path_segrtr_bgpsec::path
 Reference to the Secure Path Segments.
 

Detailed Description

BGPsec allows for validation of the BGPsec_PATH attribute of a BGPsec update.

Macro Definition Documentation

◆ BGPSEC_IPV4

#define BGPSEC_IPV4   1

◆ BGPSEC_IPV6

#define BGPSEC_IPV6   2

Enumeration Type Documentation

◆ rtr_bgpsec_algorithm_suites

#include <rtrlib/bgpsec/bgpsec.h>

All supported algorithm suites.

Enumerator
RTR_BGPSEC_ALGORITHM_SUITE_1 

Algorithm suite 1.

◆ rtr_bgpsec_rtvals

#include <rtrlib/bgpsec/bgpsec.h>

Status codes for various cases.

Enumerator
RTR_BGPSEC_NOT_VALID 

At least one signature is not valid.

RTR_BGPSEC_VALID 

All signatures are valid.

RTR_BGPSEC_SUCCESS 

An operation was successful.

RTR_BGPSEC_ERROR 

An operation was not successful.

RTR_BGPSEC_LOAD_PUB_KEY_ERROR 

The public key could not be loaded.

RTR_BGPSEC_LOAD_PRIV_KEY_ERROR 

The private key could not be loaded.

RTR_BGPSEC_ROUTER_KEY_NOT_FOUND 

The SKI for a router key was not found.

RTR_BGPSEC_SIGNING_ERROR 

An error during signing occurred.

RTR_BGPSEC_UNSUPPORTED_ALGORITHM_SUITE 

The specified algorithm suite is not supported by RTRlib.

RTR_BGPSEC_UNSUPPORTED_AFI 

The specified AFI is not supported by BGPsec.

RTR_BGPSEC_WRONG_SEGMENT_COUNT 

The count of signature and secure path segments are not equal.

RTR_BGPSEC_INVALID_ARGUMENTS 

There is data missing for validation or signing.

Function Documentation

◆ rtr_bgpsec_add_spki_record()

void rtr_bgpsec_add_spki_record ( struct spki_table table,
struct spki_record record 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Manually add a SPKI record into the SPKI table.

Parameters
[in]tableThe SPKI table holding the SPKI data.
[in]recordThe new record that will be added to the SPKI table.

◆ rtr_bgpsec_append_sec_path_seg()

void rtr_bgpsec_append_sec_path_seg ( struct rtr_bgpsec bgpsec,
struct rtr_secure_path_seg new_seg 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Append a Secure Path Segment to the end of the rtr_bgpsec::path of a given rtr_bgpsec struct.

Parameters
[in]bgpsecThe rtr_bgpsec struct with the rtr_bgpsec::path to append the Secure Path Segment to.
[in]new_segThe Secure Path Segments that will be appended.

◆ rtr_bgpsec_append_sig_seg()

int rtr_bgpsec_append_sig_seg ( struct rtr_bgpsec bgpsec,
struct rtr_signature_seg new_seg 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Append a Signature Segment to the end of the rtr_bgpsec::sigs of a given rtr_bgpsec struct.

Parameters
[in]bgpsecThe rtr_bgpsec struct with the rtr_bgpsec::sigs to append the Signature Segment to.
[in]new_segThe Signature Segments that will be appended.
Returns
RTR_BGPSEC_SUCCESS If the Signature Segment was successfully appended.
RTR_BGPSEC_ERROR If an error occurred in the proccess.

◆ rtr_bgpsec_free()

void rtr_bgpsec_free ( struct rtr_bgpsec bgpsec)

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.

Parameters
[in]bgpsecThe rtr_bgpsec struct that is to be freed.

◆ rtr_bgpsec_free_secure_path()

void rtr_bgpsec_free_secure_path ( struct rtr_secure_path_seg seg)

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.

Parameters
[in]segThe Secure Path Segment that is to be freed.

◆ rtr_bgpsec_free_signatures()

void rtr_bgpsec_free_signatures ( struct rtr_signature_seg seg)

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a signature and any signatures that are pointed to.

Parameters
[in]segThe signature that has been passed to the signing function.

◆ rtr_bgpsec_generate_signature()

int rtr_bgpsec_generate_signature ( const struct rtr_bgpsec data,
uint8_t *  private_key,
struct rtr_signature_seg **  new_signature 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Signing function for a BGPsec_PATH.

Parameters
[in]dataData required for AS path validation. See rtr_bgpsec.
[in]private_keyThe raw bytes of the private key that is used for signing.
[out]new_signatureContains the generated signature and its length if successful. Must not be allocated.
Returns
RTR_BGPSEC_SUCCESS If the signature was successfully generated.
RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_bgpsec_get_algorithm_suites()

int rtr_bgpsec_get_algorithm_suites ( const uint8_t **  algs_arr)

#include <rtrlib/bgpsec/bgpsec_private.h>

Returns a pointer to a list that holds all supported algorithm suites.

Parameters
[out]algs_arrA char pointer that contains all supported suites.
Returns
ALGORITHM_SUITES_COUNT The size of algs_arr

◆ rtr_bgpsec_get_version()

int rtr_bgpsec_get_version ( void  )

#include <rtrlib/bgpsec/bgpsec_private.h>

Returns the highest supported BGPsec version.

Returns
RTR_BGPSEC_VERSION The currently supported BGPsec version.

◆ rtr_bgpsec_has_algorithm_suite()

int rtr_bgpsec_has_algorithm_suite ( uint8_t  alg_suite)

#include <rtrlib/bgpsec/bgpsec_private.h>

Check, if an algorithm suite is supported by RTRlib.

Parameters
[in]alg_suiteThe algorithm suite that is to be checked.
Returns
RTR_BGPSEC_SUCCESS If the algorithm suite is supported.
RTR_BGPSEC_ERROR If the algorithm suite is not supported.

◆ rtr_bgpsec_new()

struct rtr_bgpsec * rtr_bgpsec_new ( uint8_t  alg,
uint8_t  safi,
uint16_t  afi,
uint32_t  my_as,
uint32_t  target_as,
struct rtr_bgpsec_nlri nlri 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Initializes and returns a pointer to a rtr_bgpsec struct.

Parameters
[in]algThe Algorithm Suite Identifier.
[in]safiThe Subsequent Address Family Identifier.
[in]afiThe Address Family Identifier.
[in]my_asThe AS that is currently performing validation (you).
[in]target_asThe AS where the update should be sent to.
[in]nlriThe Network Layer Reachability Information.
Returns
A pointer to an initialized rtr_bgpsec struct.

◆ rtr_bgpsec_new_secure_path_seg()

struct rtr_secure_path_seg * rtr_bgpsec_new_secure_path_seg ( uint8_t  pcount,
uint8_t  flags,
uint32_t  asn 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Return an allocated and initialized Secure Path Segment.

Parameters
[in]pcountThe pcount field.
[in]flagsThe flags field.
[in]asnThe ASN of the segment.
Returns
A pointer to an initialized rtr_secure_path_seg struct or NULL if an error occurred, e.g. the memory allocation failed.

◆ rtr_bgpsec_new_signature_seg()

struct rtr_signature_seg * rtr_bgpsec_new_signature_seg ( uint8_t *  ski,
uint16_t  sig_len,
uint8_t *  signature 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Return an allocated and initialized Signature.

Parameters
[in]skiThe Subject Key Identifier as byte representation.
[in]sig_lenThe length of the signature.
[in]signatureThe signature itself.
Returns
A pointer to an initialized rtr_secure_path_seg struct. rtr_signature_seg::signature is allocated with sig_len bytes.

◆ rtr_bgpsec_nlri_free()

void rtr_bgpsec_nlri_free ( struct rtr_bgpsec_nlri nlri)

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a rtr_bgpsec_nlri struct.

Parameters
[in]nlriThe rtr_bgpsec_nlri struct that is to be freed.

◆ rtr_bgpsec_nlri_new()

struct rtr_bgpsec_nlri * rtr_bgpsec_nlri_new ( int  nlri_len)

#include <rtrlib/bgpsec/bgpsec_private.h>

Allocate memory for a rtr_bgpsec_nlri struct.

Returns
A pointer to an allocated rtr_bgpsec_nlri struct or NULL if the memory allocation failed.

◆ rtr_bgpsec_pop_secure_path_seg()

struct rtr_secure_path_seg * rtr_bgpsec_pop_secure_path_seg ( struct rtr_bgpsec bgpsec)

#include <rtrlib/bgpsec/bgpsec_private.h>

Pop off the first Secure Path Segment from a given rtr_bgpsec struct and return this Secure Path Segment.

Parameters
[in]bgpsecThe rtr_bgpsec struct containing the Secure Path Segments rtr_bgpsec::path.
Returns
The Secure Path Segment that was popped off from rtr_bgpsec::path.

◆ rtr_bgpsec_pop_signature_seg()

struct rtr_signature_seg * rtr_bgpsec_pop_signature_seg ( struct rtr_bgpsec bgpsec)

#include <rtrlib/bgpsec/bgpsec_private.h>

Pop off the first Signature Segment from a given rtr_bgpsec struct and return this Signature Segment.

Parameters
[in]bgpsecThe rtr_bgpsec struct containing the Signature Segments rtr_bgpsec::sigs.
Returns
The Signature Segment that was popped off from rtr_bgpsec::sigs.

◆ rtr_bgpsec_prepend_sec_path_seg()

void rtr_bgpsec_prepend_sec_path_seg ( struct rtr_bgpsec bgpsec,
struct rtr_secure_path_seg new_seg 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Prepend a given Secure Path Segment to rtr_bgpsec::path.

Parameters
[in]bgpsecThe rtr_bgpsec struct that holds the path.
[in]new_segThe Secure Path Segment that is appended to the path.

◆ rtr_bgpsec_prepend_sig_seg()

int rtr_bgpsec_prepend_sig_seg ( struct rtr_bgpsec bgpsec,
struct rtr_signature_seg new_seg 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Prepend a given Signature Segment to rtr_bgpsec::sigs.

All fields of the new_seg must be filled.

Parameters
[in]bgpsecThe rtr_bgpsec struct that holds the signatures.
[in]new_segThe Signature Segment that is appended to the signatures.
Returns
RTR_BGPSEC_SUCCESS If the signature was successfully prepended.
RTR_BGPSEC_ERROR If an error occurred during prepending, e.g. one or more fields of new_seg was missing.

◆ rtr_bgpsec_validate_as_path()

int rtr_bgpsec_validate_as_path ( const struct rtr_bgpsec data,
struct spki_table table 
)

#include <rtrlib/bgpsec/bgpsec_private.h>

Validation function for AS path validation.

Parameters
[in]dataData required for AS path validation. See rtr_bgpsec.
[in]tableThe SPKI table that contains the router keys.
Returns
RTR_BGPSEC_VALID If the AS path was valid.
RTR_BGPSEC_NOT_VALID If the AS path was not valid.
RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_mgr_bgpsec_add_spki_record()

void rtr_mgr_bgpsec_add_spki_record ( struct rtr_mgr_config config,
struct spki_record record 
)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_append_sec_path_seg()

void rtr_mgr_bgpsec_append_sec_path_seg ( struct rtr_bgpsec bgpsec,
struct rtr_secure_path_seg new_seg 
)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_append_sig_seg()

int rtr_mgr_bgpsec_append_sig_seg ( struct rtr_bgpsec bgpsec,
struct rtr_signature_seg new_seg 
)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_free()

void rtr_mgr_bgpsec_free ( struct rtr_bgpsec bgpsec)

#include <rtrlib/rtr_mgr.h>

Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.

Parameters
[in]bgpsecThe rtr_bgpsec struct that is to be freed.

◆ rtr_mgr_bgpsec_free_signatures()

void rtr_mgr_bgpsec_free_signatures ( struct rtr_signature_seg seg)

#include <rtrlib/rtr_mgr.h>

Free a signature and any signatures that are pointed to.

Parameters
[in]segThe signature that has been passed to the signing function.

◆ rtr_mgr_bgpsec_generate_signature()

int rtr_mgr_bgpsec_generate_signature ( const struct rtr_bgpsec data,
uint8_t *  private_key,
struct rtr_signature_seg **  new_signature 
)

#include <rtrlib/rtr_mgr.h>

Signing function for a BGPsec_PATH.

Parameters
[in]dataData required for AS path validation. See rtr_bgpsec.
[in]private_keyThe raw bytes of the private key that is used for signing.
[out]new_signatureContains the generated signature and its length if successful. Must not be allocated.
Returns
RTR_BGPSEC_SUCCESS If the signature was successfully generated.
RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_mgr_bgpsec_get_algorithm_suites()

int rtr_mgr_bgpsec_get_algorithm_suites ( const uint8_t **  algs_arr)

#include <rtrlib/rtr_mgr.h>

Returns pointer to a list that holds all supported algorithm suites.

Parameters
[out]algs_arrA char pointer that contains all supported suites.
Returns
ALGORITHM_SUITES_COUNT The size of algs_arr

◆ rtr_mgr_bgpsec_get_version()

int rtr_mgr_bgpsec_get_version ( void  )

#include <rtrlib/rtr_mgr.h>

Returns the highest supported BGPsec version.

Returns
RTR_BGPSEC_VERSION The currently supported BGPsec version.

◆ rtr_mgr_bgpsec_has_algorithm_suite()

int rtr_mgr_bgpsec_has_algorithm_suite ( uint8_t  alg_suite)

#include <rtrlib/rtr_mgr.h>

Check, if an algorithm suite is supported by RTRlib.

Parameters
[in]alg_suiteThe algorithm suite that is to be checked.
Returns
RTR_BGPSEC_SUCCESS If the algorithm suite is supported.
RTR_BGPSEC_ERROR If the algorithm suite is not supported.

◆ rtr_mgr_bgpsec_new()

struct rtr_bgpsec * rtr_mgr_bgpsec_new ( uint8_t  alg,
uint8_t  safi,
uint16_t  afi,
uint32_t  my_as,
uint32_t  target_as,
struct rtr_bgpsec_nlri nlri 
)

#include <rtrlib/rtr_mgr.h>

Initializes and returns a pointer to a rtr_bgpsec struct.

Parameters
[in]algThe Algorithm Suite Identifier.
[in]safiThe Subsequent Address Family Identifier.
[in]afiThe Address Family Identifier.
[in]my_asThe AS that is currently performing validation (you).
[in]target_asThe AS where the update should be sent to.
[in]nlriThe Network Layer Reachability Information.
Returns
A pointer to an initialized rtr_bgpsec struct.

◆ rtr_mgr_bgpsec_new_secure_path_seg()

struct rtr_secure_path_seg * rtr_mgr_bgpsec_new_secure_path_seg ( uint8_t  pcount,
uint8_t  flags,
uint32_t  asn 
)

#include <rtrlib/rtr_mgr.h>

Return an allocated and initialized Secure Path Segment.

Parameters
[in]pcountThe pcount field.
[in]flagsThe flags field.
[in]asnThe ASN of the segment.
Returns
A pointer to an initialized rtr_secure_path_seg struct or NULL if an error occurred, e.g. the memory allocation failed.

◆ rtr_mgr_bgpsec_new_signature_seg()

struct rtr_signature_seg * rtr_mgr_bgpsec_new_signature_seg ( uint8_t *  ski,
uint16_t  sig_len,
uint8_t *  signature 
)

#include <rtrlib/rtr_mgr.h>

Return an allocated and initialized Signature.

Parameters
[in]skiThe Subject Key Identifier as byte representation.
[in]sig_lenThe length of the signature.
[in]signatureThe signature itself.
Returns
A pointer to an initialized rtr_secure_path_seg struct. rtr_signature_seg::signature is allocated with sig_len bytes.

◆ rtr_mgr_bgpsec_nlri_free()

void rtr_mgr_bgpsec_nlri_free ( struct rtr_bgpsec_nlri nlri)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_nlri_new()

struct rtr_bgpsec_nlri * rtr_mgr_bgpsec_nlri_new ( int  nlri_len)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_pop_secure_path_seg()

struct rtr_secure_path_seg * rtr_mgr_bgpsec_pop_secure_path_seg ( struct rtr_bgpsec bgpsec)

#include <rtrlib/rtr_mgr.h>

Retrieve a pointer to the last appended Secure Path Segment from a bgpsec struct.

Parameters
[in]bgpsecThe bgpsec struct that contains the Secure Path.
Returns
*rtr_secure_path_seg If rtr_bgpsec::path_len > 0.
NULL If rtr_bgpsec::path_len = 0.

◆ rtr_mgr_bgpsec_pop_signature_seg()

struct rtr_signature_seg * rtr_mgr_bgpsec_pop_signature_seg ( struct rtr_bgpsec bgpsec)

#include <rtrlib/rtr_mgr.h>

Retrieve a pointer to the last appended Signature Segment from a bgpsec struct.

Parameters
[in]bgpsecThe bgpsec struct that contains the Signatures.
Returns
*rtr_signature_seg If rtr_bgpsec::sigs_len > 0.
NULL if rtr_bgpsec::sigs_len = 0.

◆ rtr_mgr_bgpsec_prepend_sec_path_seg()

void rtr_mgr_bgpsec_prepend_sec_path_seg ( struct rtr_bgpsec bgpsec,
struct rtr_secure_path_seg new_seg 
)

#include <rtrlib/rtr_mgr.h>

Prepend a given Secure Path Segment to rtr_bgpsec::path.

Parameters
[in]bgpsecThe rtr_bgpsec struct that holds the path.
[in]new_segThe Secure Path Segment that is appended to the path.

◆ rtr_mgr_bgpsec_prepend_sig_seg()

int rtr_mgr_bgpsec_prepend_sig_seg ( struct rtr_bgpsec bgpsec,
struct rtr_signature_seg new_seg 
)

#include <rtrlib/rtr_mgr.h>

Prepend a given Signature Segment to rtr_bgpsec::sigs.

All fields of the new_seg must be filled.

Parameters
[in]bgpsecThe rtr_bgpsec struct that holds the signatures.
[in]new_segThe Signature Segment that is appended to the signatures.
Returns
RTR_BGPSEC_SUCCESS If the signature was successfully prepended.
RTR_BGPSEC_ERROR If an error occurred during prepending, e.g. one or more fields of new_seg was missing.

◆ rtr_mgr_bgpsec_validate_as_path()

int rtr_mgr_bgpsec_validate_as_path ( const struct rtr_bgpsec data,
struct rtr_mgr_config config 
)

#include <rtrlib/rtr_mgr.h>

Validation function for AS path validation.

Parameters
[in]dataData required for AS path validation. See rtr_bgpsec.
[in]configThe rtr_mgr_config containing a SPKI table.
Returns
RTR_BGPSEC_VALID If the AS path was valid.
RTR_BGPSEC_NOT_VALID If the AS path was not valid.
RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_mgr_free_secure_path()

void rtr_mgr_free_secure_path ( struct rtr_secure_path_seg seg)

#include <rtrlib/rtr_mgr.h>

Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.

Parameters
[in]segThe Secure Path Segment that is to be freed.

Variable Documentation

◆ afi [1/2]

uint16_t rtr_bgpsec_nlri::afi

◆ afi [2/2]

uint16_t rtr_bgpsec::afi

◆ alg

uint8_t rtr_bgpsec::alg

◆ asn

uint32_t rtr_secure_path_seg::asn

◆ flags

uint8_t rtr_secure_path_seg::flags

◆ my_as

uint32_t rtr_bgpsec::my_as

◆ next [1/2]

struct rtr_secure_path_seg* rtr_secure_path_seg::next

Reference to the next Secure Path Segment (do not edit manually).

◆ next [2/2]

struct rtr_signature_seg* rtr_signature_seg::next

◆ nlri [1/2]

uint8_t* rtr_bgpsec_nlri::nlri

◆ nlri [2/2]

struct rtr_bgpsec_nlri* rtr_bgpsec::nlri

◆ nlri_len

uint8_t rtr_bgpsec_nlri::nlri_len

◆ path

struct rtr_secure_path_seg* rtr_bgpsec::path

Reference to the Secure Path Segments.

◆ path_len

uint8_t rtr_bgpsec::path_len

Count of Secure Path Segments (do not edit manually).

◆ pcount

uint8_t rtr_secure_path_seg::pcount

◆ safi [1/2]

uint8_t rtr_bgpsec_nlri::safi

◆ safi [2/2]

uint8_t rtr_bgpsec::safi

◆ sig_len

uint16_t rtr_signature_seg::sig_len

◆ signature

uint8_t* rtr_signature_seg::signature

The signature of the segment.

◆ sigs

struct rtr_signature_seg* rtr_bgpsec::sigs

Reference to the Signature Segments.

◆ sigs_len

uint16_t rtr_bgpsec::sigs_len

Count of Signature Segments (do not edit manually).

◆ ski

uint8_t rtr_signature_seg::ski[20]

◆ target_as

uint32_t rtr_bgpsec::target_as