BGPsec allows for validation of the BGPsec_PATH attribute of a BGPsec update. More...

Data Structures
struct	rtr_secure_path_seg
	A single Secure Path Segment. More...

struct	rtr_signature_seg
	A single Signature Segment. More...

struct	rtr_bgpsec_nlri
	This struct contains the Network Layer Reachability Information (NLRI). More...

struct	rtr_bgpsec
	The data that is passed to the rtr_mgr_bgpsec_validate_as_path function. More...

Macros
#define	BGPSEC_IPV4 1

#define	BGPSEC_IPV6 2

Enumerations
enum	rtr_bgpsec_algorithm_suites { RTR_BGPSEC_ALGORITHM_SUITE_1 = 1 }
	All supported algorithm suites. More...

enum	rtr_bgpsec_rtvals { RTR_BGPSEC_NOT_VALID = 2 , RTR_BGPSEC_VALID = 1 , RTR_BGPSEC_SUCCESS = 0 , RTR_BGPSEC_ERROR = -1 , RTR_BGPSEC_LOAD_PUB_KEY_ERROR = -2 , RTR_BGPSEC_LOAD_PRIV_KEY_ERROR = -3 , RTR_BGPSEC_ROUTER_KEY_NOT_FOUND = -4 , RTR_BGPSEC_SIGNING_ERROR = -5 , RTR_BGPSEC_UNSUPPORTED_ALGORITHM_SUITE = -6 , RTR_BGPSEC_UNSUPPORTED_AFI = -7 , RTR_BGPSEC_WRONG_SEGMENT_COUNT = -8 , RTR_BGPSEC_INVALID_ARGUMENTS = -9 }
	Status codes for various cases. More...

Functions
int	rtr_bgpsec_validate_as_path (const struct rtr_bgpsec data, struct spki_table table)
	Validation function for AS path validation.

int	rtr_bgpsec_generate_signature (const struct rtr_bgpsec data, uint8_t private_key, struct rtr_signature_seg **new_signature)
	Signing function for a BGPsec_PATH.

int	rtr_bgpsec_get_version (void)
	Returns the highest supported BGPsec version.

int	rtr_bgpsec_has_algorithm_suite (uint8_t alg_suite)
	Check, if an algorithm suite is supported by RTRlib.

int	rtr_bgpsec_get_algorithm_suites (const uint8_t **algs_arr)
	Returns a pointer to a list that holds all supported algorithm suites.

void	rtr_bgpsec_free_signatures (struct rtr_signature_seg *seg)
	Free a signature and any signatures that are pointed to.

struct rtr_secure_path_seg *	rtr_bgpsec_new_secure_path_seg (uint8_t pcount, uint8_t flags, uint32_t asn)
	Return an allocated and initialized Secure Path Segment.

void	rtr_bgpsec_prepend_sec_path_seg (struct rtr_bgpsec bgpsec, struct rtr_secure_path_seg new_seg)
	Prepend a given Secure Path Segment to rtr_bgpsec::path.

struct rtr_signature_seg *	rtr_bgpsec_new_signature_seg (uint8_t ski, uint16_t sig_len, uint8_t signature)
	Return an allocated and initialized Signature.

int	rtr_bgpsec_prepend_sig_seg (struct rtr_bgpsec bgpsec, struct rtr_signature_seg new_seg)
	Prepend a given Signature Segment to rtr_bgpsec::sigs.

struct rtr_bgpsec *	rtr_bgpsec_new (uint8_t alg, uint8_t safi, uint16_t afi, uint32_t my_as, uint32_t target_as, struct rtr_bgpsec_nlri *nlri)
	Initializes and returns a pointer to a rtr_bgpsec struct.

struct rtr_bgpsec_nlri *	rtr_bgpsec_nlri_new (int nlri_len)
	Allocate memory for a rtr_bgpsec_nlri struct.

void	rtr_bgpsec_nlri_free (struct rtr_bgpsec_nlri *nlri)
	Free a rtr_bgpsec_nlri struct.

void	rtr_bgpsec_free (struct rtr_bgpsec *bgpsec)
	Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.

void	rtr_bgpsec_free_secure_path (struct rtr_secure_path_seg *seg)
	Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.

struct rtr_signature_seg *	rtr_bgpsec_pop_signature_seg (struct rtr_bgpsec *bgpsec)
	Pop off the first Signature Segment from a given rtr_bgpsec struct and return this Signature Segment.

struct rtr_secure_path_seg *	rtr_bgpsec_pop_secure_path_seg (struct rtr_bgpsec *bgpsec)
	Pop off the first Secure Path Segment from a given rtr_bgpsec struct and return this Secure Path Segment.

int	rtr_bgpsec_append_sig_seg (struct rtr_bgpsec bgpsec, struct rtr_signature_seg new_seg)
	Append a Signature Segment to the end of the rtr_bgpsec::sigs of a given rtr_bgpsec struct.

void	rtr_bgpsec_append_sec_path_seg (struct rtr_bgpsec bgpsec, struct rtr_secure_path_seg new_seg)
	Append a Secure Path Segment to the end of the rtr_bgpsec::path of a given rtr_bgpsec struct.

void	rtr_bgpsec_add_spki_record (struct spki_table table, struct spki_record record)
	Manually add a SPKI record into the SPKI table.

int	rtr_mgr_bgpsec_validate_as_path (const struct rtr_bgpsec data, struct rtr_mgr_config config)
	Validation function for AS path validation.

int	rtr_mgr_bgpsec_generate_signature (const struct rtr_bgpsec data, uint8_t private_key, struct rtr_signature_seg **new_signature)
	Signing function for a BGPsec_PATH.

int	rtr_mgr_bgpsec_get_version (void)
	Returns the highest supported BGPsec version.

int	rtr_mgr_bgpsec_has_algorithm_suite (uint8_t alg_suite)
	Check, if an algorithm suite is supported by RTRlib.

int	rtr_mgr_bgpsec_get_algorithm_suites (const uint8_t **algs_arr)
	Returns pointer to a list that holds all supported algorithm suites.

void	rtr_mgr_bgpsec_free_signatures (struct rtr_signature_seg *seg)
	Free a signature and any signatures that are pointed to.

struct rtr_secure_path_seg *	rtr_mgr_bgpsec_new_secure_path_seg (uint8_t pcount, uint8_t flags, uint32_t asn)
	Return an allocated and initialized Secure Path Segment.

void	rtr_mgr_bgpsec_prepend_sec_path_seg (struct rtr_bgpsec bgpsec, struct rtr_secure_path_seg new_seg)
	Prepend a given Secure Path Segment to rtr_bgpsec::path.

struct rtr_signature_seg *	rtr_mgr_bgpsec_new_signature_seg (uint8_t ski, uint16_t sig_len, uint8_t signature)
	Return an allocated and initialized Signature.

int	rtr_mgr_bgpsec_prepend_sig_seg (struct rtr_bgpsec bgpsec, struct rtr_signature_seg new_seg)
	Prepend a given Signature Segment to rtr_bgpsec::sigs.

struct rtr_bgpsec *	rtr_mgr_bgpsec_new (uint8_t alg, uint8_t safi, uint16_t afi, uint32_t my_as, uint32_t target_as, struct rtr_bgpsec_nlri *nlri)
	Initializes and returns a pointer to a rtr_bgpsec struct.

void	rtr_mgr_bgpsec_free (struct rtr_bgpsec *bgpsec)
	Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.

void	rtr_mgr_free_secure_path (struct rtr_secure_path_seg *seg)
	Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.

struct rtr_secure_path_seg *	rtr_mgr_bgpsec_pop_secure_path_seg (struct rtr_bgpsec *bgpsec)
	Retrieve a pointer to the last appended Secure Path Segment from a bgpsec struct.

struct rtr_signature_seg *	rtr_mgr_bgpsec_pop_signature_seg (struct rtr_bgpsec *bgpsec)
	Retrieve a pointer to the last appended Signature Segment from a bgpsec struct.

void	rtr_mgr_bgpsec_append_sec_path_seg (struct rtr_bgpsec bgpsec, struct rtr_secure_path_seg new_seg)

int	rtr_mgr_bgpsec_append_sig_seg (struct rtr_bgpsec bgpsec, struct rtr_signature_seg new_seg)

struct rtr_bgpsec_nlri *	rtr_mgr_bgpsec_nlri_new (int nlri_len)

void	rtr_mgr_bgpsec_nlri_free (struct rtr_bgpsec_nlri *nlri)

void	rtr_mgr_bgpsec_add_spki_record (struct rtr_mgr_config config, struct spki_record record)

Variables
struct rtr_secure_path_seg *	rtr_secure_path_seg::next
	Reference to the next Secure Path Segment (do not edit manually).

uint8_t	rtr_secure_path_seg::pcount

uint8_t	rtr_secure_path_seg::flags

uint32_t	rtr_secure_path_seg::asn

struct rtr_signature_seg *	rtr_signature_seg::next

uint8_t	rtr_signature_seg::ski [20]

uint16_t	rtr_signature_seg::sig_len

uint8_t *	rtr_signature_seg::signature
	The signature of the segment.

uint16_t	rtr_bgpsec_nlri::afi

uint8_t	rtr_bgpsec_nlri::safi

uint8_t	rtr_bgpsec_nlri::nlri_len

uint8_t *	rtr_bgpsec_nlri::nlri

uint8_t	rtr_bgpsec::alg

uint8_t	rtr_bgpsec::safi

uint16_t	rtr_bgpsec::afi

uint32_t	rtr_bgpsec::my_as

uint32_t	rtr_bgpsec::target_as

uint16_t	rtr_bgpsec::sigs_len
	Count of Signature Segments (do not edit manually).

uint8_t	rtr_bgpsec::path_len
	Count of Secure Path Segments (do not edit manually).

struct rtr_bgpsec_nlri *	rtr_bgpsec::nlri

struct rtr_signature_seg *	rtr_bgpsec::sigs
	Reference to the Signature Segments.

struct rtr_secure_path_seg *	rtr_bgpsec::path
	Reference to the Secure Path Segments.

Detailed Description

BGPsec allows for validation of the BGPsec_PATH attribute of a BGPsec update.

Macro Definition Documentation

◆ BGPSEC_IPV4

#define BGPSEC_IPV4 1

#include <rtrlib/bgpsec/bgpsec.h>

◆ BGPSEC_IPV6

#define BGPSEC_IPV6 2

#include <rtrlib/bgpsec/bgpsec.h>

Enumeration Type Documentation

◆ rtr_bgpsec_algorithm_suites

enum rtr_bgpsec_algorithm_suites

#include <rtrlib/bgpsec/bgpsec.h>

All supported algorithm suites.

Enumerator
RTR_BGPSEC_ALGORITHM_SUITE_1	Algorithm suite 1.

◆ rtr_bgpsec_rtvals

enum rtr_bgpsec_rtvals

#include <rtrlib/bgpsec/bgpsec.h>

Status codes for various cases.

Enumerator
RTR_BGPSEC_NOT_VALID	At least one signature is not valid.
RTR_BGPSEC_VALID	All signatures are valid.
RTR_BGPSEC_SUCCESS	An operation was successful.
RTR_BGPSEC_ERROR	An operation was not successful.
RTR_BGPSEC_LOAD_PUB_KEY_ERROR	The public key could not be loaded.
RTR_BGPSEC_LOAD_PRIV_KEY_ERROR	The private key could not be loaded.
RTR_BGPSEC_ROUTER_KEY_NOT_FOUND	The SKI for a router key was not found.
RTR_BGPSEC_SIGNING_ERROR	An error during signing occurred.
RTR_BGPSEC_UNSUPPORTED_ALGORITHM_SUITE	The specified algorithm suite is not supported by RTRlib.
RTR_BGPSEC_UNSUPPORTED_AFI	The specified AFI is not supported by BGPsec.
RTR_BGPSEC_WRONG_SEGMENT_COUNT	The count of signature and secure path segments are not equal.
RTR_BGPSEC_INVALID_ARGUMENTS	There is data missing for validation or signing.

Function Documentation

◆ rtr_bgpsec_add_spki_record()

void rtr_bgpsec_add_spki_record	(	struct spki_table *	table,
		struct spki_record *	record
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Manually add a SPKI record into the SPKI table.

Parameters

[in]	table	The SPKI table holding the SPKI data.
[in]	record	The new record that will be added to the SPKI table.

◆ rtr_bgpsec_append_sec_path_seg()

void rtr_bgpsec_append_sec_path_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_secure_path_seg *	new_seg
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Append a Secure Path Segment to the end of the rtr_bgpsec::path of a given rtr_bgpsec struct.

Parameters

[in]	bgpsec	The rtr_bgpsec struct with the rtr_bgpsec::path to append the Secure Path Segment to.
[in]	new_seg	The Secure Path Segments that will be appended.

◆ rtr_bgpsec_append_sig_seg()

int rtr_bgpsec_append_sig_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_signature_seg *	new_seg
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Append a Signature Segment to the end of the rtr_bgpsec::sigs of a given rtr_bgpsec struct.

Parameters

[in]	bgpsec	The rtr_bgpsec struct with the rtr_bgpsec::sigs to append the Signature Segment to.
[in]	new_seg	The Signature Segments that will be appended.

Returns: RTR_BGPSEC_SUCCESS If the Signature Segment was successfully appended.; RTR_BGPSEC_ERROR If an error occurred in the proccess.

◆ rtr_bgpsec_free()

void rtr_bgpsec_free ( struct rtr_bgpsec * bgpsec )

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.

Parameters

[in] bgpsec The rtr_bgpsec struct that is to be freed.

◆ rtr_bgpsec_free_secure_path()

void rtr_bgpsec_free_secure_path ( struct rtr_secure_path_seg * seg )

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.

Parameters

[in] seg The Secure Path Segment that is to be freed.

◆ rtr_bgpsec_free_signatures()

void rtr_bgpsec_free_signatures ( struct rtr_signature_seg * seg )

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a signature and any signatures that are pointed to.

Parameters

[in] seg The signature that has been passed to the signing function.

◆ rtr_bgpsec_generate_signature()

int rtr_bgpsec_generate_signature	(	const struct rtr_bgpsec *	data,
		uint8_t *	private_key,
		struct rtr_signature_seg **	new_signature
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Signing function for a BGPsec_PATH.

Parameters

[in]	data	Data required for AS path validation. See rtr_bgpsec.
[in]	private_key	The raw bytes of the private key that is used for signing.
[out]	new_signature	Contains the generated signature and its length if successful. Must not be allocated.

Returns: RTR_BGPSEC_SUCCESS If the signature was successfully generated.; RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_bgpsec_get_algorithm_suites()

int rtr_bgpsec_get_algorithm_suites ( const uint8_t ** algs_arr )

#include <rtrlib/bgpsec/bgpsec_private.h>

Returns a pointer to a list that holds all supported algorithm suites.

Parameters

[out] algs_arr A char pointer that contains all supported suites.

Returns: ALGORITHM_SUITES_COUNT The size of algs_arr

◆ rtr_bgpsec_get_version()

int rtr_bgpsec_get_version ( void )

#include <rtrlib/bgpsec/bgpsec_private.h>

Returns the highest supported BGPsec version.

Returns: RTR_BGPSEC_VERSION The currently supported BGPsec version.

◆ rtr_bgpsec_has_algorithm_suite()

int rtr_bgpsec_has_algorithm_suite ( uint8_t alg_suite )

#include <rtrlib/bgpsec/bgpsec_private.h>

Check, if an algorithm suite is supported by RTRlib.

Parameters

[in] alg_suite The algorithm suite that is to be checked.

Returns: RTR_BGPSEC_SUCCESS If the algorithm suite is supported.; RTR_BGPSEC_ERROR If the algorithm suite is not supported.

◆ rtr_bgpsec_new()

struct rtr_bgpsec * rtr_bgpsec_new	(	uint8_t	alg,
		uint8_t	safi,
		uint16_t	afi,
		uint32_t	my_as,
		uint32_t	target_as,
		struct rtr_bgpsec_nlri *	nlri
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Initializes and returns a pointer to a rtr_bgpsec struct.

Parameters

[in]	alg	The Algorithm Suite Identifier.
[in]	safi	The Subsequent Address Family Identifier.
[in]	afi	The Address Family Identifier.
[in]	my_as	The AS that is currently performing validation (you).
[in]	target_as	The AS where the update should be sent to.
[in]	nlri	The Network Layer Reachability Information.

Returns: A pointer to an initialized rtr_bgpsec struct.

◆ rtr_bgpsec_new_secure_path_seg()

struct rtr_secure_path_seg * rtr_bgpsec_new_secure_path_seg	(	uint8_t	pcount,
		uint8_t	flags,
		uint32_t	asn
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Return an allocated and initialized Secure Path Segment.

Parameters

[in]	pcount	The pcount field.
[in]	flags	The flags field.
[in]	asn	The ASN of the segment.

Returns: A pointer to an initialized rtr_secure_path_seg struct or NULL if an error occurred, e.g. the memory allocation failed.

◆ rtr_bgpsec_new_signature_seg()

struct rtr_signature_seg * rtr_bgpsec_new_signature_seg	(	uint8_t *	ski,
		uint16_t	sig_len,
		uint8_t *	signature
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Return an allocated and initialized Signature.

Parameters

[in]	ski	The Subject Key Identifier as byte representation.
[in]	sig_len	The length of the signature.
[in]	signature	The signature itself.

Returns: A pointer to an initialized rtr_secure_path_seg struct. rtr_signature_seg::signature is allocated with sig_len bytes.

◆ rtr_bgpsec_nlri_free()

void rtr_bgpsec_nlri_free ( struct rtr_bgpsec_nlri * nlri )

#include <rtrlib/bgpsec/bgpsec_private.h>

Free a rtr_bgpsec_nlri struct.

Parameters

[in] nlri The rtr_bgpsec_nlri struct that is to be freed.

◆ rtr_bgpsec_nlri_new()

struct rtr_bgpsec_nlri * rtr_bgpsec_nlri_new ( int nlri_len )

#include <rtrlib/bgpsec/bgpsec_private.h>

Allocate memory for a rtr_bgpsec_nlri struct.

Returns: A pointer to an allocated rtr_bgpsec_nlri struct or NULL if the memory allocation failed.

◆ rtr_bgpsec_pop_secure_path_seg()

struct rtr_secure_path_seg * rtr_bgpsec_pop_secure_path_seg ( struct rtr_bgpsec * bgpsec )

#include <rtrlib/bgpsec/bgpsec_private.h>

Pop off the first Secure Path Segment from a given rtr_bgpsec struct and return this Secure Path Segment.

Parameters

[in] bgpsec The rtr_bgpsec struct containing the Secure Path Segments rtr_bgpsec::path.

Returns: The Secure Path Segment that was popped off from rtr_bgpsec::path.

◆ rtr_bgpsec_pop_signature_seg()

struct rtr_signature_seg * rtr_bgpsec_pop_signature_seg ( struct rtr_bgpsec * bgpsec )

#include <rtrlib/bgpsec/bgpsec_private.h>

Pop off the first Signature Segment from a given rtr_bgpsec struct and return this Signature Segment.

Parameters

[in] bgpsec The rtr_bgpsec struct containing the Signature Segments rtr_bgpsec::sigs.

Returns: The Signature Segment that was popped off from rtr_bgpsec::sigs.

◆ rtr_bgpsec_prepend_sec_path_seg()

void rtr_bgpsec_prepend_sec_path_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_secure_path_seg *	new_seg
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Prepend a given Secure Path Segment to rtr_bgpsec::path.

Parameters

[in]	bgpsec	The rtr_bgpsec struct that holds the path.
[in]	new_seg	The Secure Path Segment that is appended to the path.

◆ rtr_bgpsec_prepend_sig_seg()

int rtr_bgpsec_prepend_sig_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_signature_seg *	new_seg
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Prepend a given Signature Segment to rtr_bgpsec::sigs.

All fields of the new_seg must be filled.

Parameters

[in]	bgpsec	The rtr_bgpsec struct that holds the signatures.
[in]	new_seg	The Signature Segment that is appended to the signatures.

Returns: RTR_BGPSEC_SUCCESS If the signature was successfully prepended.; RTR_BGPSEC_ERROR If an error occurred during prepending, e.g. one or more fields of new_seg was missing.

◆ rtr_bgpsec_validate_as_path()

int rtr_bgpsec_validate_as_path	(	const struct rtr_bgpsec *	data,
		struct spki_table *	table
	)

#include <rtrlib/bgpsec/bgpsec_private.h>

Validation function for AS path validation.

Parameters

[in]	data	Data required for AS path validation. See rtr_bgpsec.
[in]	table	The SPKI table that contains the router keys.

Returns: RTR_BGPSEC_VALID If the AS path was valid.; RTR_BGPSEC_NOT_VALID If the AS path was not valid.; RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_mgr_bgpsec_add_spki_record()

void rtr_mgr_bgpsec_add_spki_record	(	struct rtr_mgr_config *	config,
		struct spki_record *	record
	)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_append_sec_path_seg()

void rtr_mgr_bgpsec_append_sec_path_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_secure_path_seg *	new_seg
	)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_append_sig_seg()

int rtr_mgr_bgpsec_append_sig_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_signature_seg *	new_seg
	)

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_free()

void rtr_mgr_bgpsec_free ( struct rtr_bgpsec * bgpsec )

#include <rtrlib/rtr_mgr.h>

Free a rtr_bgpsec struct and any Secure Path and Signature Segments it holds.

Parameters

[in] bgpsec The rtr_bgpsec struct that is to be freed.

◆ rtr_mgr_bgpsec_free_signatures()

void rtr_mgr_bgpsec_free_signatures ( struct rtr_signature_seg * seg )

#include <rtrlib/rtr_mgr.h>

Free a signature and any signatures that are pointed to.

Parameters

[in] seg The signature that has been passed to the signing function.

◆ rtr_mgr_bgpsec_generate_signature()

int rtr_mgr_bgpsec_generate_signature	(	const struct rtr_bgpsec *	data,
		uint8_t *	private_key,
		struct rtr_signature_seg **	new_signature
	)

#include <rtrlib/rtr_mgr.h>

Signing function for a BGPsec_PATH.

Parameters

[in]	data	Data required for AS path validation. See rtr_bgpsec.
[in]	private_key	The raw bytes of the private key that is used for signing.
[out]	new_signature	Contains the generated signature and its length if successful. Must not be allocated.

Returns: RTR_BGPSEC_SUCCESS If the signature was successfully generated.; RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_mgr_bgpsec_get_algorithm_suites()

int rtr_mgr_bgpsec_get_algorithm_suites ( const uint8_t ** algs_arr )

#include <rtrlib/rtr_mgr.h>

Returns pointer to a list that holds all supported algorithm suites.

Parameters

[out] algs_arr A char pointer that contains all supported suites.

Returns: ALGORITHM_SUITES_COUNT The size of algs_arr

◆ rtr_mgr_bgpsec_get_version()

int rtr_mgr_bgpsec_get_version ( void )

#include <rtrlib/rtr_mgr.h>

Returns the highest supported BGPsec version.

Returns: RTR_BGPSEC_VERSION The currently supported BGPsec version.

◆ rtr_mgr_bgpsec_has_algorithm_suite()

int rtr_mgr_bgpsec_has_algorithm_suite ( uint8_t alg_suite )

#include <rtrlib/rtr_mgr.h>

Check, if an algorithm suite is supported by RTRlib.

Parameters

[in] alg_suite The algorithm suite that is to be checked.

Returns: RTR_BGPSEC_SUCCESS If the algorithm suite is supported.; RTR_BGPSEC_ERROR If the algorithm suite is not supported.

◆ rtr_mgr_bgpsec_new()

struct rtr_bgpsec * rtr_mgr_bgpsec_new	(	uint8_t	alg,
		uint8_t	safi,
		uint16_t	afi,
		uint32_t	my_as,
		uint32_t	target_as,
		struct rtr_bgpsec_nlri *	nlri
	)

#include <rtrlib/rtr_mgr.h>

Initializes and returns a pointer to a rtr_bgpsec struct.

Parameters

[in]	alg	The Algorithm Suite Identifier.
[in]	safi	The Subsequent Address Family Identifier.
[in]	afi	The Address Family Identifier.
[in]	my_as	The AS that is currently performing validation (you).
[in]	target_as	The AS where the update should be sent to.
[in]	nlri	The Network Layer Reachability Information.

Returns: A pointer to an initialized rtr_bgpsec struct.

◆ rtr_mgr_bgpsec_new_secure_path_seg()

struct rtr_secure_path_seg * rtr_mgr_bgpsec_new_secure_path_seg	(	uint8_t	pcount,
		uint8_t	flags,
		uint32_t	asn
	)

#include <rtrlib/rtr_mgr.h>

Return an allocated and initialized Secure Path Segment.

Parameters

[in]	pcount	The pcount field.
[in]	flags	The flags field.
[in]	asn	The ASN of the segment.

Returns: A pointer to an initialized rtr_secure_path_seg struct or NULL if an error occurred, e.g. the memory allocation failed.

◆ rtr_mgr_bgpsec_new_signature_seg()

struct rtr_signature_seg * rtr_mgr_bgpsec_new_signature_seg	(	uint8_t *	ski,
		uint16_t	sig_len,
		uint8_t *	signature
	)

#include <rtrlib/rtr_mgr.h>

Return an allocated and initialized Signature.

Parameters

[in]	ski	The Subject Key Identifier as byte representation.
[in]	sig_len	The length of the signature.
[in]	signature	The signature itself.

Returns: A pointer to an initialized rtr_secure_path_seg struct. rtr_signature_seg::signature is allocated with sig_len bytes.

◆ rtr_mgr_bgpsec_nlri_free()

void rtr_mgr_bgpsec_nlri_free ( struct rtr_bgpsec_nlri * nlri )

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_nlri_new()

struct rtr_bgpsec_nlri * rtr_mgr_bgpsec_nlri_new ( int nlri_len )

#include <rtrlib/rtr_mgr.h>

◆ rtr_mgr_bgpsec_pop_secure_path_seg()

struct rtr_secure_path_seg * rtr_mgr_bgpsec_pop_secure_path_seg ( struct rtr_bgpsec * bgpsec )

#include <rtrlib/rtr_mgr.h>

Retrieve a pointer to the last appended Secure Path Segment from a bgpsec struct.

Parameters

[in] bgpsec The bgpsec struct that contains the Secure Path.

Returns: *rtr_secure_path_seg If rtr_bgpsec::path_len > 0.; NULL If rtr_bgpsec::path_len = 0.

◆ rtr_mgr_bgpsec_pop_signature_seg()

struct rtr_signature_seg * rtr_mgr_bgpsec_pop_signature_seg ( struct rtr_bgpsec * bgpsec )

#include <rtrlib/rtr_mgr.h>

Retrieve a pointer to the last appended Signature Segment from a bgpsec struct.

Parameters

[in] bgpsec The bgpsec struct that contains the Signatures.

Returns: *rtr_signature_seg If rtr_bgpsec::sigs_len > 0.; NULL if rtr_bgpsec::sigs_len = 0.

◆ rtr_mgr_bgpsec_prepend_sec_path_seg()

void rtr_mgr_bgpsec_prepend_sec_path_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_secure_path_seg *	new_seg
	)

#include <rtrlib/rtr_mgr.h>

Prepend a given Secure Path Segment to rtr_bgpsec::path.

Parameters

[in]	bgpsec	The rtr_bgpsec struct that holds the path.
[in]	new_seg	The Secure Path Segment that is appended to the path.

◆ rtr_mgr_bgpsec_prepend_sig_seg()

int rtr_mgr_bgpsec_prepend_sig_seg	(	struct rtr_bgpsec *	bgpsec,
		struct rtr_signature_seg *	new_seg
	)

#include <rtrlib/rtr_mgr.h>

Prepend a given Signature Segment to rtr_bgpsec::sigs.

All fields of the new_seg must be filled.

Parameters

[in]	bgpsec	The rtr_bgpsec struct that holds the signatures.
[in]	new_seg	The Signature Segment that is appended to the signatures.

Returns: RTR_BGPSEC_SUCCESS If the signature was successfully prepended.; RTR_BGPSEC_ERROR If an error occurred during prepending, e.g. one or more fields of new_seg was missing.

◆ rtr_mgr_bgpsec_validate_as_path()

int rtr_mgr_bgpsec_validate_as_path	(	const struct rtr_bgpsec *	data,
		struct rtr_mgr_config *	config
	)

#include <rtrlib/rtr_mgr.h>

Validation function for AS path validation.

Parameters

[in]	data	Data required for AS path validation. See rtr_bgpsec.
[in]	config	The rtr_mgr_config containing a SPKI table.

Returns: RTR_BGPSEC_VALID If the AS path was valid.; RTR_BGPSEC_NOT_VALID If the AS path was not valid.; RTR_BGPSEC_ERROR If an error occurred. Refer to error codes for more details.

◆ rtr_mgr_free_secure_path()

void rtr_mgr_free_secure_path ( struct rtr_secure_path_seg * seg )

#include <rtrlib/rtr_mgr.h>

Free a Secure Path Segment and any segments that are pointed to by rtr_secure_path_seg::next.

Parameters

[in] seg The Secure Path Segment that is to be freed.

Variable Documentation

◆ afi [1/2]

uint16_t rtr_bgpsec_nlri::afi

◆ afi [2/2]

uint16_t rtr_bgpsec::afi

◆ alg

uint8_t rtr_bgpsec::alg

◆ asn

uint32_t rtr_secure_path_seg::asn

◆ flags

uint8_t rtr_secure_path_seg::flags

◆ my_as

uint32_t rtr_bgpsec::my_as

◆ next [1/2]

struct rtr_secure_path_seg* rtr_secure_path_seg::next

Reference to the next Secure Path Segment (do not edit manually).

◆ next [2/2]

struct rtr_signature_seg* rtr_signature_seg::next

◆ nlri [1/2]

uint8_t* rtr_bgpsec_nlri::nlri

◆ nlri [2/2]

struct rtr_bgpsec_nlri* rtr_bgpsec::nlri

◆ nlri_len

uint8_t rtr_bgpsec_nlri::nlri_len

◆ path

struct rtr_secure_path_seg* rtr_bgpsec::path

Reference to the Secure Path Segments.

◆ path_len

uint8_t rtr_bgpsec::path_len

Count of Secure Path Segments (do not edit manually).

◆ pcount

uint8_t rtr_secure_path_seg::pcount

◆ safi [1/2]

uint8_t rtr_bgpsec_nlri::safi

◆ safi [2/2]

uint8_t rtr_bgpsec::safi

◆ sig_len

uint16_t rtr_signature_seg::sig_len

◆ signature

uint8_t* rtr_signature_seg::signature

The signature of the segment.

◆ sigs

struct rtr_signature_seg* rtr_bgpsec::sigs

Reference to the Signature Segments.

◆ sigs_len

uint16_t rtr_bgpsec::sigs_len

Count of Signature Segments (do not edit manually).

◆ ski

uint8_t rtr_signature_seg::ski[20]

◆ target_as

uint32_t rtr_bgpsec::target_as

Data Structures

Macros

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ BGPSEC_IPV4

◆ BGPSEC_IPV6

Enumeration Type Documentation

◆ rtr_bgpsec_algorithm_suites

◆ rtr_bgpsec_rtvals

Function Documentation

◆ rtr_bgpsec_add_spki_record()

◆ rtr_bgpsec_append_sec_path_seg()

◆ rtr_bgpsec_append_sig_seg()

◆ rtr_bgpsec_free()

◆ rtr_bgpsec_free_secure_path()

◆ rtr_bgpsec_free_signatures()

◆ rtr_bgpsec_generate_signature()

◆ rtr_bgpsec_get_algorithm_suites()

◆ rtr_bgpsec_get_version()

◆ rtr_bgpsec_has_algorithm_suite()

◆ rtr_bgpsec_new()

◆ rtr_bgpsec_new_secure_path_seg()

◆ rtr_bgpsec_new_signature_seg()

◆ rtr_bgpsec_nlri_free()

◆ rtr_bgpsec_nlri_new()

◆ rtr_bgpsec_pop_secure_path_seg()

◆ rtr_bgpsec_pop_signature_seg()

◆ rtr_bgpsec_prepend_sec_path_seg()

◆ rtr_bgpsec_prepend_sig_seg()

◆ rtr_bgpsec_validate_as_path()

◆ rtr_mgr_bgpsec_add_spki_record()

◆ rtr_mgr_bgpsec_append_sec_path_seg()

◆ rtr_mgr_bgpsec_append_sig_seg()

◆ rtr_mgr_bgpsec_free()

◆ rtr_mgr_bgpsec_free_signatures()

◆ rtr_mgr_bgpsec_generate_signature()

◆ rtr_mgr_bgpsec_get_algorithm_suites()

◆ rtr_mgr_bgpsec_get_version()

◆ rtr_mgr_bgpsec_has_algorithm_suite()

◆ rtr_mgr_bgpsec_new()

◆ rtr_mgr_bgpsec_new_secure_path_seg()

◆ rtr_mgr_bgpsec_new_signature_seg()

◆ rtr_mgr_bgpsec_nlri_free()

◆ rtr_mgr_bgpsec_nlri_new()

◆ rtr_mgr_bgpsec_pop_secure_path_seg()

◆ rtr_mgr_bgpsec_pop_signature_seg()

◆ rtr_mgr_bgpsec_prepend_sec_path_seg()

◆ rtr_mgr_bgpsec_prepend_sig_seg()

◆ rtr_mgr_bgpsec_validate_as_path()

◆ rtr_mgr_free_secure_path()

Variable Documentation

◆ afi [1/2]

◆ afi [2/2]

◆ alg

◆ asn

◆ flags

◆ my_as

◆ next [1/2]

◆ next [2/2]

◆ nlri [1/2]

◆ nlri [2/2]

◆ nlri_len

◆ path

◆ path_len

◆ pcount

◆ safi [1/2]

◆ safi [2/2]

◆ sig_len

◆ signature

◆ sigs

◆ sigs_len

◆ ski

◆ target_as