diff options
Diffstat (limited to 'doc/bird.sgml')
-rw-r--r-- | doc/bird.sgml | 176 |
1 files changed, 121 insertions, 55 deletions
diff --git a/doc/bird.sgml b/doc/bird.sgml index f62881c3..c73872b7 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -206,6 +206,7 @@ protocol device { protocol rip { export all; import all; + interface "*"; } </code> @@ -298,19 +299,88 @@ to zero to disable it. An empty <cf><m/switch/</cf> is equivalent to <cf/on/ <p>There are several options that give sense only with certain protocols: <descrip> - <tag>passwords { password "<m/password/" from <m/time/ to <m/time/ passive <m/time/ id - <m/num/ [...] }</tag> Specifies passwords to be used with this protocol. <cf>Passive <m/time/</cf> is - time from which the password is not used for sending, but it is recognized on reception. <cf/id/ is password ID as needed by - certain protocols. Format of <cf><m/time/</cf> is <tt>dd-mm-yyyy HH:MM:SS</tt>. - - <tag>interface "<m/mask/"|<m/prefix/ [ { <m/option/ ; [...] } ]</tag> Specifies which - interfaces is this protocol active on and allows you to set options on a - per-interface basis. Mask is specified as in shell-like patterns, thus <cf>interface - "*" { mode broadcast; };</cf> will start the protocol on all interfaces with <cf>mode - broadcast;</cf> option. If the first character of mask is <cf/-/, such interfaces are - excluded. Masks are parsed left-to-right, thus <cf/interface "-eth*", "*";/ means all but - the ethernets. Default: none. + <tag><label id="dsc-iface">interface [-] [ "<m/mask/" ] [ <m/prefix/ ] [, ...] [ { <m/option/ ; [...] } ]</tag> + + Specifies a set of interfaces on which the protocol is activated with + given interface-specific options. A set of interfaces specified by one + interface option is described using an interface pattern. The + interface pattern consists of a sequence of clauses (separted by + commas), each clause may contain a mask, a prefix, or both of them. An + interface matches the clause if its name matches the mask (if + specified) and its address matches the prefix (if specified). Mask is + specified as shell-like pattern. + + An interface matches the pattern if it matches any of its + clauses. If the clause begins with <cf/-/, matching interfaces are + excluded. Patterns are parsed left-to-right, thus + <cf/interface "eth0", -"eth*", "*";/ means eth0 and all + non-ethernets. + + An interface option can be used more times with different + interfaces-specific options, in that case for given interface + the first matching interface option is used. + + This option is allowed in Direct, OSPF and RIP protocols, + but in OSPF protocol it is used in <cf/area/ subsection. + + Default: none. + + Examples: + + <cf>interface "*" { type broadcast; };</cf> - start the protocol on all interfaces with + <cf>type broadcast</cf> option. + + <cf>interface "eth1", "eth4", "eth5" { type pointopoint; };</cf> - start the protocol + on enumerated interfaces with <cf>type pointopoint</cf> option. + + <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol on all + interfaces that have address from 192.168.0.0/16, but not + from 192.168.1.0/24. + + <cf>interface -192.168.1.0/24, 192.168.0.0/16;</cf> - start the protocol on all + interfaces that have address from 192.168.0.0/16, but not + from 192.168.1.0/24. + + <cf>interface "eth*" 192.168.1.0/24;</cf> - start the protocol on all + ethernet interfaces that have address from 192.168.1.0/24. + + <tag><label id="dsc-pass">password "<m/password/" [ { id <m/num/; generate from <m/time/; generate to <m/time/; accept from <m/time/; accept to <m/time/; } ]</tag> + Specifies a password that can be used by the protocol. Password option can + be used more times to specify more passwords. If more passwords are + specified, it is a protocol-dependent decision which one is really + used. Specifying passwords does not mean that authentication is + enabled, authentication can be enabled by separate, protocol-dependent + <cf/authentication/ option. + + This option is allowed in OSPF and RIP protocols. BGP has also + <cf/password/ option, but it is slightly different and described + separately. + + Default: none. +</descrip> + +<p>Password option can contain section with some (not necessary all) password sub-options: + +<descrip> + <tag>id <M>num</M></tag> + ID of the password, (0-255). If it's not used, BIRD will choose + ID based on an order of the password item in the interface. For + example, second password item in one interface will have default + ID 2. ID is used by some routing protocols to identify which + password was used to authenticate protocol packets. + + <tag>generate from "<m/time/"</tag> + The start time of the usage of the password for packet signing. + The format of <cf><m/time/</cf> is <tt>dd-mm-yyyy HH:MM:SS</tt>. + + <tag>generate to "<m/time/"</tag> + The last time of the usage of the password for packet signing. + + <tag>accept from "<m/time/"</tag> + The start time of the usage of the password for packet verification. + <tag>accept to "<m/time/"</tag> + The last time of the usage of the password for packet verification. </descrip> <chapt>Remote control @@ -327,6 +397,9 @@ codes along with the messages. You do not necessarily need to use <file/birdc/ t own applications could do that, too -- the format of communication between BIRD and <file/birdc/ is stable (see the programmer's documentation). +Many commands have the <m/name/ of the protocol instance as an argument. +This argument can be omitted if there exists only a single instance. + <p>Here is a brief list of supported functions: <descrip> @@ -339,12 +412,23 @@ BIRD and <file/birdc/ is stable (see the programmer's documentation). <tag>show protocols [all]</tag> Show list of protocol instances along with tables they are connected to and protocol status, possibly giving verbose information, if <cf/all/ is specified. - <tag>show ospf [interface|neighbors] [<m/name/] ["<m/interface/"]</tag> - Show detailed information about OSPF protocol, possibly giving a verbose list of interfaces and neighbors. The <m/name/ of the protocol instance can be omitted if there exists only a single instance. + <tag>show ospf interface [<m/name/] ["<m/interface/"]</tag> + Show detailed information about OSPF interfaces. + + <tag>show ospf neighbors [<m/name/] ["<m/interface/"]</tag> + Show a list of OSPF neighbors and a state of adjacency to them. + + <tag>show ospf state [<m/name/]</tag> + Show detailed information about OSPF areas based on a content of link-state database. + It shows network topology, aggregated networks and routers from other areas and external routes. + + <tag>show ospf topology [<m/name/]</tag> + Show a topology of OSPF areas based on a content of link-state database. + It is just a stripped-down version of 'show ospf state'. <tag>show static [<m/name/]</tag> - Show detailed information about static routes. The <m/name/ of the protocol instance can be omitted if there exists only a single instance. - + Show detailed information about static routes. + <tag>show interfaces [summary]</tag> Show the list of interfaces. For each interface, print its type, state, MTU and addresses assigned. @@ -367,7 +451,7 @@ BIRD and <file/birdc/ is stable (see the programmer's documentation). a given filter (<cf>filter <m/name/</cf> or <cf>filter { <m/filter/ } </cf> or matching a given condition (<cf>where <m/condition/</cf>). The <cf/import/ and <cf/preimport/ switches ask for printing of entries - that are imported to the specified protocol. With <cf/preimport/, the + that are imported to the specified protocol. With <cf/preimport/, the import filter of the protocol is skipped. <p>You can also select just routes added by a specific protocol. @@ -515,14 +599,14 @@ incompatible with each other (that is to prevent you from shooting in the foot). Sets of prefixes are special: their literals does not allow ranges, but allows prefix patterns that are written as <cf><M>ipaddress</M>/<M>pxlen</M>{<M>low</M>,<M>high</M>}</cf>. - Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>, <m>h</m>}</cf> iff - the first <cf>min(len1, len2)</cf> bits of <cf/ip1/> and <cf/ip2/ are identical and <cf>len1 ≤ ip1 ≤ len2</cf>. - A valid prefix pattern has to satisfy <cf/low ≤ high/, but <cf/pxlen/ is not constrained by <cf/low/ + Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>,<m>h</m>}</cf> iff + the first <cf>min(len1, len2)</cf> bits of <cf/ip1/ and <cf/ip2/ are identical and <cf>len1 <= ip1 <= len2</cf>. + A valid prefix pattern has to satisfy <cf>low <= high</cf>, but <cf/pxlen/ is not constrained by <cf/low/ or <cf/high/. Obviously, a prefix matches a prefix set literal iff it matches any prefix pattern in the prefix set literal. There are also two shorthands for prefix patterns: <cf><m>address</m>/<m/len/+</cf> is a shorthand for - <cf><m>address</m>/<m/len/{<m/len/,<m/maxlen/}</cf> (where <cf><m>maxlen</m></c> is 32 for IPv4 and 128 for IPv6), + <cf><m>address</m>/<m/len/{<m/len/,<m/maxlen/}</cf> (where <cf><m>maxlen</m></cf> is 32 for IPv4 and 128 for IPv6), that means network prefix <cf><m>address</m>/<m/len/</cf> and all its subnets. <cf><m>address</m>/<m/len/-</cf> is a shorthand for <cf><m>address</m>/<m/len/{0,<m/len/}</cf>, that means network prefix <cf><m>address</m>/<m/len/</cf> and all its supernets (network prefixes that contain it). @@ -531,7 +615,7 @@ incompatible with each other (that is to prevent you from shooting in the foot). prefix <cf>1.0.0.0/8</cf>, all subprefixes of <cf>2.0.0.0/8</cf>, all superprefixes of <cf>3.0.0.0/8</cf> and prefixes <cf/4.X.X.X/ whose prefix length is 16 to 24. <cf>[ 0.0.0.0/0{20,24} ]</cf> matches all prefixes (regardless of IP address) whose prefix length is 20 to 24, <cf>[ 1.2.3.4/32- ]</cf> matches any prefix that contains IP address - <cf>1.2.3.4</cf>. <cf>1.2.0.0/16 ˜ [ 1.0.0.0/8{ 15 , 17 } ]</cf> is true, + <cf>1.2.3.4</cf>. <cf>1.2.0.0/16 ˜ [ 1.0.0.0/8{15,17} ]</cf> is true, but <cf>1.0.0.0/16 ˜ [ 1.0.0.0/8- ]</cf> is false. Cisco-style patterns like <cf>10.0.0.0/8 ge 16 le 24</cf> can be expressed @@ -1175,6 +1259,7 @@ protocol ospf <name> { <tag>interface <M>pattern</M></tag> Defines that the specified interfaces belong to the area being defined. + See <ref id="dsc-iface" name="interface"> common option for detailed description. <tag>virtual link <M>id</M></tag> Virtual link to router with the router id. Virtual link acts as a @@ -1260,24 +1345,7 @@ protocol ospf <name> { <tag>password "<M>text</M>"</tag> An 8-byte or 16-byte password used for authentication. - - <tag>id <M>num</M></tag> - ID of the password, (0-255). If it's not used, BIRD will choose - ID based on an order of the password item in the interface. For - example, second password item in one interface will have default - ID 2. - - <tag>generate from <M>date</M></tag> - The start time of the usage of the password for packet signing. - - <tag>generate to <M>date</M></tag> - The last time of the usage of the password for packet signing. - - <tag>accept from <M>date</M></tag> - The start time of the usage of the password for packet verification. - - <tag>accept to <M>date</M></tag> - The last time of the usage of the password for packet verification. + See <ref id="dsc-pass" name="password"> common option for detailed description. <tag>neighbors { <m/set/ } </tag> A set of neighbors to which Hello messages on nonbroadcast networks @@ -1313,7 +1381,7 @@ protocol ospf MyOSPF { accept; } reject; - }; + }; area 0.0.0.0 { interface "eth*" { cost 11; @@ -1326,17 +1394,15 @@ protocol ospf MyOSPF { interface "ppp*" { cost 100; authentication cryptographic; - passwords { - password "abc" { - id 1; - generate to "22-04-2003 11:00:06"; - accept from "17-01-2001 12:01:05"; - }; - password "def" { - id 2; - generate to "22-07-2005 17:03:21"; - accept from "22-02-2001 11:34:06"; - }; + password "abc" { + id 1; + generate to "22-04-2003 11:00:06"; + accept from "17-01-2001 12:01:05"; + }; + password "def" { + id 2; + generate to "22-07-2005 17:03:21"; + accept from "22-02-2001 11:34:06"; }; }; interface "arc0" { @@ -1500,7 +1566,7 @@ because there are no good implementations of OSPFv3. <tag/authentication none|plaintext|md5/ selects authentication method to be used. <cf/none/ means that packets are not authenticated at all, <cf/plaintext/ means that a plaintext password is embedded into each packet, and <cf/md5/ means that packets are authenticated using a MD5 cryptographic - hash. If you set authentication to not-none, it is a good idea to add <cf>passwords { }</cf> + hash. If you set authentication to not-none, it is a good idea to add <cf>password</cf> section. Default: none. <tag>honor always|neighbor|never </tag>specifies when should requests for dumping routing table @@ -1565,8 +1631,8 @@ protocol rip MyRIP_test { port 1520; period 10; garbage time 60; - interface "eth0" { metric 3; mode multicast; } - "eth1" { metric 2; mode broadcast; }; + interface "eth0" { metric 3; mode multicast; }; + interface "eth*" { metric 2; mode broadcast; }; honor neighbor; authentication none; import filter { print "importing"; accept; }; |