From ea357b8b6de387a55930a3fc831b8ccbcef24582 Mon Sep 17 00:00:00 2001 From: Ondrej Filip Date: Sat, 26 Jun 2004 22:52:39 +0000 Subject: Update of the documentation. (passwords and md5). Option for md5 auth in config. --- doc/bird.sgml | 33 ++++++++++++++++++++++++++++++++- proto/ospf/config.Y | 3 ++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/doc/bird.sgml b/doc/bird.sgml index 00b449da..a25d8b78 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -1029,6 +1029,15 @@ protocol ospf <name> { strict nonbroadcast <switch>; authentication [none|simple]; password "<text>"; + passwords { + password "<text>" { + id <num>; + generate from <date>; + generate to <date>; + accept from <date>; + accept to <date>; + }; + }; neighbors { <ip>; <ip> eligible; @@ -1143,8 +1152,30 @@ protocol ospf <name> { lacking this password are ignored. This authentication mechanism is very weak. + authentication cryptographic + 16-byte long md5 digest is appended to every packet. For the digest + generation 16-byte long passwords are used. Those passwords are + not sent via network, so this mechanismus is quite secure. + Packets can still be read by an attacker. + password "text" - An 8-byte password used for authentication. + An 8-byte or 16-byte password used for authentication. + + id num + ID of the password, (0-255). If it's not used, BIRD will choose + some automatically. + + generate from date + The start time of the usage of the password for packet signing. + + generate to date + The last time of the usage of the password for packet signing. + + accept from date + The start time of the usage of the password for packet verification. + + accept to date + The last time of the usage of the password for packet verification. neighbors { A set of neighbors to which Hello messages on nonbroadcast networks diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y index f6ad5bc3..c5951758 100644 --- a/proto/ospf/config.Y +++ b/proto/ospf/config.Y @@ -24,7 +24,7 @@ CF_DECLS CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG) CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT) CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE) -CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT) +CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC) CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK) %type opttext @@ -135,6 +135,7 @@ ospf_iface_item: | NEIGHBORS '{' ipa_list '}' | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; } | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; } + | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; } | password_list {OSPF_PATT->passwords = $1; } ; -- cgit v1.2.3