RPKI: Add 'ignore max length' option

Add 'ignore max length' option to RPKI protocol, which ignores received max length in ROA records and instead uses max value (32 or 128). This may be useful for implementing loose RPKI check for blackholes.
author: Ondrej Zajicek (work) <santiago@crfreenet.org> 2020-10-11 00:53:19 +0200
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2020-10-11 01:00:54 +0200
commit: fc1e3211b109400c0e96f889829c9f5145ac7226 (patch)
tree: 3419096c119b0f8146f165e91d4b399eb854b920 /doc
parent: 6c11dbcf28faa145cfb7310310a2a261fd4dd1f2 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index ffc22218..aa16c227 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -4826,6 +4826,11 @@ specify both channels.
         suppresses updating this value by a cache server.
         Default: 7200 seconds
 
+	<tag>ignore max length <m/switch/</tag>
+	Ignore received max length in ROA records and use max value (32 or 128)
+	instead. This may be useful for implementing loose RPKI check for
+	blackholes. Default: disabled.
+
         <tag>transport tcp</tag> Unprotected transport over TCP. It's a default
         transport. Should be used only on secure private networks.
         Default: tcp
author	Ondrej Zajicek (work) <santiago@crfreenet.org>	2020-10-11 00:53:19 +0200
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2020-10-11 01:00:54 +0200
commit	fc1e3211b109400c0e96f889829c9f5145ac7226 (patch)
tree	3419096c119b0f8146f165e91d4b399eb854b920 /doc
parent	6c11dbcf28faa145cfb7310310a2a261fd4dd1f2 (diff)