diff options
| author | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2021-06-06 15:22:59 +0200 |
|---|---|---|
| committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2021-06-06 16:28:18 +0200 |
| commit | b174cc0abc0a9d7e84cc6fae46d9e19b714fbcfb (patch) | |
| tree | 8bb6d9099e7139a38634e230b8d7ec003cba298d /doc | |
| parent | b218a28f61e1e9a93c3a4f2e180590f85df62e79 (diff) | |
Babel: Add MAC authentication support - update
Some cleanups and bugfixes to the previous patch, including:
- Fix rate limiting in index mismatch check
- Fix missing BABEL_AUTH_INDEX_LEN in auth_tx_overhead computation
- Fix missing auth_tx_overhead recalculation during reconfiguration
- Fix pseudoheader construction in babel_auth_sign() (sport vs fport)
- Fix typecasts for ptrdiffs in log messages
- Make auth log messages similar to corresponding RIP/OSPF ones
- Change auth log messages for events that happen during regular
operation to debug messages
- Switch meaning of babel_auth_check*() functions for consistency
with corresponding RIP/OSPF ones
- Remove requirement for min/max key length, only those required by
given MAC code are enforced
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/bird.sgml | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index 8235740e..15085874 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -1827,8 +1827,8 @@ protocol babel [<name>] { accept to "<date>"; from "<date>"; to "<date>"; - algorithm ( hmac sha1 | hmac sha256 | hmac sha384 | hmac - sha512 | blake2s | blake2b ); + algorithm ( hmac sha1 | hmac sha256 | hmac sha384 | + hmac sha512 | blake2s128 | blake2s256 | blake2b256 | blake2b512 ); }; }; } @@ -1932,13 +1932,12 @@ protocol babel [<name>] { authentication is selected, a key must be specified with the <cf/password/ configuration option. Default: none. - <tag><label id="babel-password">password "<m/text/"</tag> Specifies a - password used for authentication. See the <ref id="proto-pass" + <tag><label id="babel-password">password "<m/text/"</tag> + Specifies a password used for authentication. See the <ref id="proto-pass" name="password"> common option for a detailed description. The Babel protocol will only accept HMAC-based algorithms or one of the Blake algorithms, and the length of the supplied password string must match the key size used by the selected algorithm. - </descrip> <sect1>Attributes |