summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/bird.sgml33
-rw-r--r--proto/ospf/config.Y3
2 files changed, 34 insertions, 2 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 00b449d..a25d8b7 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1029,6 +1029,15 @@ protocol ospf <name> {
strict nonbroadcast <switch>;
authentication [none|simple];
password "<text>";
+ passwords {
+ password "<text>" {
+ id <num>;
+ generate from <date>;
+ generate to <date>;
+ accept from <date>;
+ accept to <date>;
+ };
+ };
neighbors {
<ip>;
<ip> eligible;
@@ -1143,8 +1152,30 @@ protocol ospf <name> {
lacking this password are ignored. This authentication mechanism is
very weak.
+ <tag>authentication cryptographic</tag>
+ 16-byte long md5 digest is appended to every packet. For the digest
+ generation 16-byte long passwords are used. Those passwords are
+ not sent via network, so this mechanismus is quite secure.
+ Packets can still be read by an attacker.
+
<tag>password "<M>text</M>"</tag>
- An 8-byte password used for authentication.
+ An 8-byte or 16-byte password used for authentication.
+
+ <tag>id <M>num</M></tag>
+ ID of the password, (0-255). If it's not used, BIRD will choose
+ some automatically.
+
+ <tag>generate from <M>date</M></tag>
+ The start time of the usage of the password for packet signing.
+
+ <tag>generate to <M>date</M></tag>
+ The last time of the usage of the password for packet signing.
+
+ <tag>accept from <M>date</M></tag>
+ The start time of the usage of the password for packet verification.
+
+ <tag>accept to <M>date</M></tag>
+ The last time of the usage of the password for packet verification.
<tag>neighbors { <m/set/ } </tag>
A set of neighbors to which Hello messages on nonbroadcast networks
diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y
index f6ad5bc..c595175 100644
--- a/proto/ospf/config.Y
+++ b/proto/ospf/config.Y
@@ -24,7 +24,7 @@ CF_DECLS
CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
-CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT)
+CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC)
CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
%type <t> opttext
@@ -135,6 +135,7 @@ ospf_iface_item:
| NEIGHBORS '{' ipa_list '}'
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
+ | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
| password_list {OSPF_PATT->passwords = $1; }
;