NASP/rpki
60
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 5 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
xiuting.xu 03c0ab0ec7 补充rtr-client,完善tls连接等
2026-03-25 10:08:40 +08:00
data
补充rtr-client,完善tls连接等
2026-03-25 10:08:40 +08:00
specs
RTR server
2026-03-09 11:25:42 +08:00
src
补充rtr-client,完善tls连接等
2026-03-25 10:08:40 +08:00
tests
补充rtr-client,完善tls连接等
2026-03-25 10:08:40 +08:00
.gitignore
RTR server以及client的开发、test的补充
2026-03-17 16:36:42 +08:00
Cargo.toml
补充rtr-client,完善tls连接等
2026-03-25 10:08:40 +08:00
README.md
补充rtr-client,完善tls连接等
2026-03-25 10:08:40 +08:00

README.md

RPKI RTR Server

Default runtime target: Ubuntu/Linux. Windows is only used during development.

Tests

cargo test

To show test output:

cargo test -- --nocapture

RTR Server

The RTR server binary reads its runtime configuration from environment variables. If an environment variable is not set, the built-in default from src/main.rs is used.

Environment Variables

Variable Description Example
RPKI_RTR_ENABLE_TLS Enable TLS listener in addition to TCP. Accepts true/false, 1/0, yes/no, on/off. true
RPKI_RTR_TCP_ADDR TCP bind address. 0.0.0.0:3323
RPKI_RTR_TLS_ADDR TLS bind address. 0.0.0.0:3324
RPKI_RTR_DB_PATH RTR RocksDB path. ./rtr-db
RPKI_RTR_VRP_FILE Input VRP file path. ./data/vrps.txt
RPKI_RTR_TLS_CERT_PATH TLS server certificate path. ./certs/server.crt
RPKI_RTR_TLS_KEY_PATH TLS server private key path. ./certs/server.key
RPKI_RTR_TLS_CLIENT_CA_PATH Client CA certificate path used to verify router certificates. ./certs/client-ca.crt
RPKI_RTR_MAX_DELTA Maximum retained delta count. 100
RPKI_RTR_REFRESH_INTERVAL_SECS VRP reload interval in seconds. 300
RPKI_RTR_MAX_CONNECTIONS Maximum concurrent RTR connections. 512
RPKI_RTR_NOTIFY_QUEUE_SIZE Broadcast queue size for serial notify events. 1024
RPKI_RTR_TCP_KEEPALIVE_SECS TCP keepalive time in seconds. Set 0 to disable. 60
RPKI_RTR_WARN_INSECURE_TCP Emit a warning when plain TCP is enabled. Accepts boolean values. true
RPKI_RTR_REQUIRE_TLS_SERVER_DNS_NAME_SAN Strict mode: reject TLS server certificates that do not contain a subjectAltName dNSName. Accepts boolean values. false

Notes

  • Plain TCP should only be used on a trusted and controlled network.
  • TLS mode requires client certificate authentication.
  • In strict TLS server certificate mode, a server certificate without subjectAltName dNSName will be rejected during startup.
  • RPKI_RTR_TCP_KEEPALIVE_SECS=0 disables TCP keepalive. Any non-zero value enables keepalive for the lifetime of each accepted socket.

Example Startup

Bash

export RPKI_RTR_ENABLE_TLS=true
export RPKI_RTR_TCP_ADDR=0.0.0.0:3323
export RPKI_RTR_TLS_ADDR=0.0.0.0:3324
export RPKI_RTR_DB_PATH=./rtr-db
export RPKI_RTR_VRP_FILE=./data/vrps.txt
export RPKI_RTR_TLS_CERT_PATH=./certs/server-dns.crt
export RPKI_RTR_TLS_KEY_PATH=./certs/server-dns.key
export RPKI_RTR_TLS_CLIENT_CA_PATH=./certs/client-ca.crt
export RPKI_RTR_TCP_KEEPALIVE_SECS=60
export RPKI_RTR_WARN_INSECURE_TCP=true
export RPKI_RTR_REQUIRE_TLS_SERVER_DNS_NAME_SAN=true

cargo run

A ready-to-edit example script is provided at scripts/start-rtr-server.sh.

Description
No description provided
Readme 36 MiB
Languages
Rust 100%