diff options
-rw-r--r-- | doc/bird.sgml | 33 | ||||
-rw-r--r-- | proto/ospf/config.Y | 3 |
2 files changed, 34 insertions, 2 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index 00b449d..a25d8b7 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -1029,6 +1029,15 @@ protocol ospf <name> { strict nonbroadcast <switch>; authentication [none|simple]; password "<text>"; + passwords { + password "<text>" { + id <num>; + generate from <date>; + generate to <date>; + accept from <date>; + accept to <date>; + }; + }; neighbors { <ip>; <ip> eligible; @@ -1143,8 +1152,30 @@ protocol ospf <name> { lacking this password are ignored. This authentication mechanism is very weak. + <tag>authentication cryptographic</tag> + 16-byte long md5 digest is appended to every packet. For the digest + generation 16-byte long passwords are used. Those passwords are + not sent via network, so this mechanismus is quite secure. + Packets can still be read by an attacker. + <tag>password "<M>text</M>"</tag> - An 8-byte password used for authentication. + An 8-byte or 16-byte password used for authentication. + + <tag>id <M>num</M></tag> + ID of the password, (0-255). If it's not used, BIRD will choose + some automatically. + + <tag>generate from <M>date</M></tag> + The start time of the usage of the password for packet signing. + + <tag>generate to <M>date</M></tag> + The last time of the usage of the password for packet signing. + + <tag>accept from <M>date</M></tag> + The start time of the usage of the password for packet verification. + + <tag>accept to <M>date</M></tag> + The last time of the usage of the password for packet verification. <tag>neighbors { <m/set/ } </tag> A set of neighbors to which Hello messages on nonbroadcast networks diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y index f6ad5bc..c595175 100644 --- a/proto/ospf/config.Y +++ b/proto/ospf/config.Y @@ -24,7 +24,7 @@ CF_DECLS CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG) CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT) CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE) -CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT) +CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC) CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK) %type <t> opttext @@ -135,6 +135,7 @@ ospf_iface_item: | NEIGHBORS '{' ipa_list '}' | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; } | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; } + | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; } | password_list {OSPF_PATT->passwords = $1; } ; |