ndn_utils/nlsr.conf - mini-ndn - Gitiles

 ; the general section contains all the general settings for router

 $GENERAL_SECTION

 ; the neighbors section contains the configuration for router's neighbors and hello's behavior

 $NEIGHBORS_SECTION

 ; the hyperbolic section contains the configuration settings of enabling a router to calculate
 ; routing table using [hyperbolic routing table calculation](http://arxiv.org/abs/0805.1266) method

 $HYPERBOLIC_SECTION


 ; the fib section is used to configure fib entry's type to ndn FIB updated by NLSR

 $FIB_SECTION

 ; the advertising section contains the configuration settings of the name prefixes
 ; hosted by this router

 $ADVERTISING_SECTION

 security
 {
   validator
   {
     rule
     {
       id "NSLR Hello Rule"
       for data
       filter
       {
         type name
         regex ^[^<NLSR><INFO>]*<NLSR><INFO><><>$
       }
       checker
       {
         type customized
         sig-type rsa-sha256
         key-locator
         {
           type name
           hyper-relation
           {
             k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
             k-expand \\1
             h-relation equal
             p-regex ^([^<NLSR><INFO>]*)<NLSR><INFO><><>$
             p-expand \\1
           }
         }
       }
     }

     rule
     {
       id "NSLR LSA Rule"
       for data
       filter
       {
         type name
         regex ^[^<NLSR><LSA>]*<NLSR><LSA>
       }
       checker
       {
         type customized
         sig-type rsa-sha256
         key-locator
         {
           type name
           hyper-relation
           {
             k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
             k-expand \\1
             h-relation equal
             p-regex ^([^<NLSR><LSA>]*)<NLSR><LSA>(<>*)<><><>$
             p-expand \\1\\2
           }
         }
       }
     }

     rule
     {
       id "NSLR Hierarchy Exception Rule"
       for data
       filter
       {
         type name
         regex ^[^<KEY><%C1.Router>]*<%C1.Router>[^<KEY><NLSR>]*<KEY><ksk-.*><ID-CERT><>$
       }
       checker
       {
         type customized
         sig-type rsa-sha256
         key-locator
         {
           type name
           hyper-relation
           {
 	    k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
             k-expand \\1
             h-relation equal
             p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
             p-expand \\1
           }
         }
       }
     }

     rule
     {
       id "NSLR Hierarchical Rule"
       for data
       filter
       {
         type name
         regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
       }
       checker
       {
         type hierarchical
         sig-type rsa-sha256
       }
     }

     trust-anchor
     {
       type any
       file-name "root.cert"
     }
   }

   prefix-update-validator
   {
     rule
     {
       id "NLSR ControlCommand Rule"
       for interest
       filter
       {
         type name
         regex ^<localhost><nlsr><prefix-update>[<advertise><withdraw>]<>$
       }
       checker
       {
         type customized
         sig-type rsa-sha256
         key-locator
         {
           type name
           regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
         }
       }
     }

     rule
     {
       id "NLSR Hierarchy Rule"
       for data
       filter
       {
         type name
         regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
       }
       checker
       {
         type hierarchical
         sig-type rsa-sha256
       }
     }

     trust-anchor
     {
       type any
       file-name "site.cert"
     }
   }

   ; cert-to-publish "root.cert"  ; optional, a file containing the root certificate
                                  ; Only the router that is designated to publish the root cert
                                  ; needs to specify this

   ; cert-to-publish "site.cert"  ; optional, a file containing the site certificate
                                  ; Only the router that is designated to publish the site cert
                                  ; needs to specify this

   ; cert-to-publish "operator.cert" ; optional, a file containing the operator certificate
                                     ; Only the router that is designated to publish the operator
                                     ; cert needs to specify this

   ; cert-to-publish "router.cert"  ; required, a file containing the router certificate.
 }
	; the general section contains all the general settings for router

	$GENERAL_SECTION

	; the neighbors section contains the configuration for router's neighbors and hello's behavior

	$NEIGHBORS_SECTION

	; the hyperbolic section contains the configuration settings of enabling a router to calculate
	; routing table using [hyperbolic routing table calculation](http://arxiv.org/abs/0805.1266) method

	$HYPERBOLIC_SECTION


	; the fib section is used to configure fib entry's type to ndn FIB updated by NLSR

	$FIB_SECTION

	; the advertising section contains the configuration settings of the name prefixes
	; hosted by this router

	$ADVERTISING_SECTION

	security
	{
	validator
	{
	rule
	{
	id "NSLR Hello Rule"
	for data
	filter
	{
	type name
	regex ^[^<NLSR><INFO>]*<NLSR><INFO><><>$
	}
	checker
	{
	type customized
	sig-type rsa-sha256
	key-locator
	{
	type name
	hyper-relation
	{
	k-regex ^([^<KEY><NLSR>])<NLSR><KEY><ksk-.><ID-CERT>$
	k-expand \\1
	h-relation equal
	p-regex ^([^<NLSR><INFO>]*)<NLSR><INFO><><>$
	p-expand \\1
	}
	}
	}
	}

	rule
	{
	id "NSLR LSA Rule"
	for data
	filter
	{
	type name
	regex ^[^<NLSR><LSA>]*<NLSR><LSA>
	}
	checker
	{
	type customized
	sig-type rsa-sha256
	key-locator
	{
	type name
	hyper-relation
	{
	k-regex ^([^<KEY><NLSR>])<NLSR><KEY><ksk-.><ID-CERT>$
	k-expand \\1
	h-relation equal
	p-regex ^([^<NLSR><LSA>])<NLSR><LSA>(<>)<><><>$
	p-expand \\1\\2
	}
	}
	}
	}

	rule
	{
	id "NSLR Hierarchy Exception Rule"
	for data
	filter
	{
	type name
	regex ^[^<KEY><%C1.Router>]<%C1.Router>[^<KEY><NLSR>]<KEY><ksk-.*><ID-CERT><>$
	}
	checker
	{
	type customized
	sig-type rsa-sha256
	key-locator
	{
	type name
	hyper-relation
	{
	k-regex ^([^<KEY><%C1.Operator>])<%C1.Operator>[^<KEY>]<KEY><ksk-.*><ID-CERT>$
	k-expand \\1
	h-relation equal
	p-regex ^([^<KEY><%C1.Router>])<%C1.Router>[^<KEY>]<KEY><ksk-.*><ID-CERT><>$
	p-expand \\1
	}
	}
	}
	}

	rule
	{
	id "NSLR Hierarchical Rule"
	for data
	filter
	{
	type name
	regex ^[^<KEY>]<KEY><ksk-.><ID-CERT><>$
	}
	checker
	{
	type hierarchical
	sig-type rsa-sha256
	}
	}

	trust-anchor
	{
	type any
	file-name "root.cert"
	}
	}

	prefix-update-validator
	{
	rule
	{
	id "NLSR ControlCommand Rule"
	for interest
	filter
	{
	type name
	regex ^<localhost><nlsr><prefix-update>[<advertise><withdraw>]<>$
	}
	checker
	{
	type customized
	sig-type rsa-sha256
	key-locator
	{
	type name
	regex ^([^<KEY><%C1.Operator>])<%C1.Operator>[^<KEY>]<KEY><ksk-.*><ID-CERT>$
	}
	}
	}

	rule
	{
	id "NLSR Hierarchy Rule"
	for data
	filter
	{
	type name
	regex ^[^<KEY>]<KEY><ksk-.><ID-CERT><>$
	}
	checker
	{
	type hierarchical
	sig-type rsa-sha256
	}
	}

	trust-anchor
	{
	type any
	file-name "site.cert"
	}
	}

	; cert-to-publish "root.cert" ; optional, a file containing the root certificate
	; Only the router that is designated to publish the root cert
	; needs to specify this

	; cert-to-publish "site.cert" ; optional, a file containing the site certificate
	; Only the router that is designated to publish the site cert
	; needs to specify this

	; cert-to-publish "operator.cert" ; optional, a file containing the operator certificate
	; Only the router that is designated to publish the operator
	; cert needs to specify this

	; cert-to-publish "router.cert" ; required, a file containing the router certificate.
	}