summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOndrej Filip <feela@network.cz>2004-06-27 00:52:39 +0200
committerOndrej Filip <feela@network.cz>2004-06-27 00:52:39 +0200
commitea357b8b6de387a55930a3fc831b8ccbcef24582 (patch)
tree3378c06c03ce2519398a55b34aa5d597a232a323
parent3e2bd0f17aab3d2bd460d5f7aef4d3bc152ea1ab (diff)
downloadbird-ea357b8b6de387a55930a3fc831b8ccbcef24582.tar
bird-ea357b8b6de387a55930a3fc831b8ccbcef24582.zip
Update of the documentation. (passwords and md5).
Option for md5 auth in config.
-rw-r--r--doc/bird.sgml33
-rw-r--r--proto/ospf/config.Y3
2 files changed, 34 insertions, 2 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 00b449d..a25d8b7 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1029,6 +1029,15 @@ protocol ospf &lt;name&gt; {
strict nonbroadcast &lt;switch&gt;;
authentication [none|simple];
password "&lt;text&gt;";
+ passwords {
+ password "&lt;text&gt;" {
+ id &lt;num&gt;;
+ generate from &lt;date&gt;;
+ generate to &lt;date&gt;;
+ accept from &lt;date&gt;;
+ accept to &lt;date&gt;;
+ };
+ };
neighbors {
&lt;ip&gt;;
&lt;ip&gt; eligible;
@@ -1143,8 +1152,30 @@ protocol ospf &lt;name&gt; {
lacking this password are ignored. This authentication mechanism is
very weak.
+ <tag>authentication cryptographic</tag>
+ 16-byte long md5 digest is appended to every packet. For the digest
+ generation 16-byte long passwords are used. Those passwords are
+ not sent via network, so this mechanismus is quite secure.
+ Packets can still be read by an attacker.
+
<tag>password "<M>text</M>"</tag>
- An 8-byte password used for authentication.
+ An 8-byte or 16-byte password used for authentication.
+
+ <tag>id <M>num</M></tag>
+ ID of the password, (0-255). If it's not used, BIRD will choose
+ some automatically.
+
+ <tag>generate from <M>date</M></tag>
+ The start time of the usage of the password for packet signing.
+
+ <tag>generate to <M>date</M></tag>
+ The last time of the usage of the password for packet signing.
+
+ <tag>accept from <M>date</M></tag>
+ The start time of the usage of the password for packet verification.
+
+ <tag>accept to <M>date</M></tag>
+ The last time of the usage of the password for packet verification.
<tag>neighbors { <m/set/ } </tag>
A set of neighbors to which Hello messages on nonbroadcast networks
diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y
index f6ad5bc..c595175 100644
--- a/proto/ospf/config.Y
+++ b/proto/ospf/config.Y
@@ -24,7 +24,7 @@ CF_DECLS
CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
-CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT)
+CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC)
CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
%type <t> opttext
@@ -135,6 +135,7 @@ ospf_iface_item:
| NEIGHBORS '{' ipa_list '}'
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
+ | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
| password_list {OSPF_PATT->passwords = $1; }
;