blob: 89fad50fd0788f80f7ce41b0e559edb2b32099c2 [file] [log] [blame]
; the general section contains all the general settings for router
$GENERAL_SECTION
; the neighbors section contains the configuration for router's neighbors and hello's behavior
$NEIGHBORS_SECTION
; the hyperbolic section contains the configuration settings of enabling a router to calculate
; routing table using [hyperbolic routing table calculation](http://arxiv.org/abs/0805.1266) method
$HYPERBOLIC_SECTION
; the fib section is used to configure fib entry's type to ndn FIB updated by NLSR
$FIB_SECTION
; the advertising section contains the configuration settings of the name prefixes
; hosted by this router
$ADVERTISING_SECTION
security
{
validator
{
rule
{
id "NSLR Hello Rule"
for data
filter
{
type name
regex ^[^<NLSR><INFO>]*<NLSR><INFO><><>$
}
checker
{
type customized
sig-type rsa-sha256
key-locator
{
type name
hyper-relation
{
k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
k-expand \\1
h-relation equal
p-regex ^([^<NLSR><INFO>]*)<NLSR><INFO><><>$
p-expand \\1
}
}
}
}
rule
{
id "NSLR LSA Rule"
for data
filter
{
type name
regex ^[^<NLSR><LSA>]*<NLSR><LSA>
}
checker
{
type customized
sig-type rsa-sha256
key-locator
{
type name
hyper-relation
{
k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
k-expand \\1
h-relation equal
p-regex ^([^<NLSR><LSA>]*)<NLSR><LSA>(<>*)<><><>$
p-expand \\1\\2
}
}
}
}
rule
{
id "NSLR Hierarchy Exception Rule"
for data
filter
{
type name
regex ^[^<KEY><%C1.Router>]*<%C1.Router>[^<KEY><NLSR>]*<KEY><ksk-.*><ID-CERT><>$
}
checker
{
type customized
sig-type rsa-sha256
key-locator
{
type name
hyper-relation
{
k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
k-expand \\1
h-relation equal
p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
p-expand \\1
}
}
}
}
rule
{
id "NSLR Hierarchical Rule"
for data
filter
{
type name
regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
}
checker
{
type hierarchical
sig-type rsa-sha256
}
}
trust-anchor
{
type any
file-name "root.cert"
}
}
; cert-to-publish "root.cert" ; optional, a file containing the root certificate
; Only the router that is designated to publish the root cert
; needs to specify this
; cert-to-publish "site.cert" ; optional, a file containing the site certificate
; Only the router that is designated to publish the site cert
; needs to specify this
; cert-to-publish "operator.cert" ; optional, a file containing the operator certificate
; Only the router that is designated to publish the operator
; cert needs to specify this
; cert-to-publish "router.cert" ; required, a file containing the router certificate.
}