Add automatic NLSR security configuration
refs: #3050
Change-Id: I218f96a2cb11dd35de99c4a9eab056f0fed890aa
diff --git a/ndn_utils/nlsr.conf b/ndn_utils/nlsr.conf
index 1eb56de..492ee0d 100644
--- a/ndn_utils/nlsr.conf
+++ b/ndn_utils/nlsr.conf
@@ -21,174 +21,4 @@
$ADVERTISING_SECTION
-security
-{
- validator
- {
- rule
- {
- id "NSLR Hello Rule"
- for data
- filter
- {
- type name
- regex ^[^<NLSR><INFO>]*<NLSR><INFO><><>$
- }
- checker
- {
- type customized
- sig-type rsa-sha256
- key-locator
- {
- type name
- hyper-relation
- {
- k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
- k-expand \\1
- h-relation equal
- p-regex ^([^<NLSR><INFO>]*)<NLSR><INFO><><>$
- p-expand \\1
- }
- }
- }
- }
-
- rule
- {
- id "NSLR LSA Rule"
- for data
- filter
- {
- type name
- regex ^[^<NLSR><LSA>]*<NLSR><LSA>
- }
- checker
- {
- type customized
- sig-type rsa-sha256
- key-locator
- {
- type name
- hyper-relation
- {
- k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
- k-expand \\1
- h-relation equal
- p-regex ^([^<NLSR><LSA>]*)<NLSR><LSA>(<>*)<><><>$
- p-expand \\1\\2
- }
- }
- }
- }
-
- rule
- {
- id "NSLR Hierarchy Exception Rule"
- for data
- filter
- {
- type name
- regex ^[^<KEY><%C1.Router>]*<%C1.Router>[^<KEY><NLSR>]*<KEY><ksk-.*><ID-CERT><>$
- }
- checker
- {
- type customized
- sig-type rsa-sha256
- key-locator
- {
- type name
- hyper-relation
- {
- k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
- k-expand \\1
- h-relation equal
- p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
- p-expand \\1
- }
- }
- }
- }
-
- rule
- {
- id "NSLR Hierarchical Rule"
- for data
- filter
- {
- type name
- regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
- }
- checker
- {
- type hierarchical
- sig-type rsa-sha256
- }
- }
-
- trust-anchor
- {
- type any
- file-name "root.cert"
- }
- }
-
- prefix-update-validator
- {
- rule
- {
- id "NLSR ControlCommand Rule"
- for interest
- filter
- {
- type name
- regex ^<localhost><nlsr><prefix-update>[<advertise><withdraw>]<>$
- }
- checker
- {
- type customized
- sig-type rsa-sha256
- key-locator
- {
- type name
- regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
- }
- }
- }
-
- rule
- {
- id "NLSR Hierarchy Rule"
- for data
- filter
- {
- type name
- regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
- }
- checker
- {
- type hierarchical
- sig-type rsa-sha256
- }
- }
-
- trust-anchor
- {
- type any
- file-name "site.cert"
- }
- }
-
- ; cert-to-publish "root.cert" ; optional, a file containing the root certificate
- ; Only the router that is designated to publish the root cert
- ; needs to specify this
-
- ; cert-to-publish "site.cert" ; optional, a file containing the site certificate
- ; Only the router that is designated to publish the site cert
- ; needs to specify this
-
- ; cert-to-publish "operator.cert" ; optional, a file containing the operator certificate
- ; Only the router that is designated to publish the operator
- ; cert needs to specify this
-
- ; cert-to-publish "router.cert" ; required, a file containing the router certificate.
-}
+$SECURITY_SECTION