Update of the documentation. (passwords and md5).
Option for md5 auth in config.
This commit is contained in:
parent
3e2bd0f17a
commit
ea357b8b6d
2 changed files with 34 additions and 2 deletions
|
@ -1029,6 +1029,15 @@ protocol ospf <name> {
|
||||||
strict nonbroadcast <switch>;
|
strict nonbroadcast <switch>;
|
||||||
authentication [none|simple];
|
authentication [none|simple];
|
||||||
password "<text>";
|
password "<text>";
|
||||||
|
passwords {
|
||||||
|
password "<text>" {
|
||||||
|
id <num>;
|
||||||
|
generate from <date>;
|
||||||
|
generate to <date>;
|
||||||
|
accept from <date>;
|
||||||
|
accept to <date>;
|
||||||
|
};
|
||||||
|
};
|
||||||
neighbors {
|
neighbors {
|
||||||
<ip>;
|
<ip>;
|
||||||
<ip> eligible;
|
<ip> eligible;
|
||||||
|
@ -1143,8 +1152,30 @@ protocol ospf <name> {
|
||||||
lacking this password are ignored. This authentication mechanism is
|
lacking this password are ignored. This authentication mechanism is
|
||||||
very weak.
|
very weak.
|
||||||
|
|
||||||
|
<tag>authentication cryptographic</tag>
|
||||||
|
16-byte long md5 digest is appended to every packet. For the digest
|
||||||
|
generation 16-byte long passwords are used. Those passwords are
|
||||||
|
not sent via network, so this mechanismus is quite secure.
|
||||||
|
Packets can still be read by an attacker.
|
||||||
|
|
||||||
<tag>password "<M>text</M>"</tag>
|
<tag>password "<M>text</M>"</tag>
|
||||||
An 8-byte password used for authentication.
|
An 8-byte or 16-byte password used for authentication.
|
||||||
|
|
||||||
|
<tag>id <M>num</M></tag>
|
||||||
|
ID of the password, (0-255). If it's not used, BIRD will choose
|
||||||
|
some automatically.
|
||||||
|
|
||||||
|
<tag>generate from <M>date</M></tag>
|
||||||
|
The start time of the usage of the password for packet signing.
|
||||||
|
|
||||||
|
<tag>generate to <M>date</M></tag>
|
||||||
|
The last time of the usage of the password for packet signing.
|
||||||
|
|
||||||
|
<tag>accept from <M>date</M></tag>
|
||||||
|
The start time of the usage of the password for packet verification.
|
||||||
|
|
||||||
|
<tag>accept to <M>date</M></tag>
|
||||||
|
The last time of the usage of the password for packet verification.
|
||||||
|
|
||||||
<tag>neighbors { <m/set/ } </tag>
|
<tag>neighbors { <m/set/ } </tag>
|
||||||
A set of neighbors to which Hello messages on nonbroadcast networks
|
A set of neighbors to which Hello messages on nonbroadcast networks
|
||||||
|
|
|
@ -24,7 +24,7 @@ CF_DECLS
|
||||||
CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
|
CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
|
||||||
CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
|
CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
|
||||||
CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
|
CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
|
||||||
CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT)
|
CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC)
|
||||||
CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
|
CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
|
||||||
|
|
||||||
%type <t> opttext
|
%type <t> opttext
|
||||||
|
@ -135,6 +135,7 @@ ospf_iface_item:
|
||||||
| NEIGHBORS '{' ipa_list '}'
|
| NEIGHBORS '{' ipa_list '}'
|
||||||
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
|
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
|
||||||
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
|
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
|
||||||
|
| AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
|
||||||
| password_list {OSPF_PATT->passwords = $1; }
|
| password_list {OSPF_PATT->passwords = $1; }
|
||||||
;
|
;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue