Update of the documentation. (passwords and md5).

Option for md5 auth in config.

diff --git a/doc/bird.sgml b/doc/bird.sgml
index 00b449daa99c5eef77f2a7448998d3aa6506de9f..a25d8b789e20aeb68c36702d96345a02c77ef625 100644 (file)
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -1029,6 +1029,15 @@ protocol ospf <name> {
                        strict nonbroadcast <switch>;
                        authentication [none|simple];
                        password "<text>";
+                       passwords {
+                               password "<text>" {
+                                       id <num>;
+                                       generate from <date>;
+                                       generate to <date>;
+                                       accept from <date>;
+                                       accept to <date>;
+                               };
+                       };
                        neighbors {
                                <ip>;
                                <ip> eligible;
@@ -1143,8 +1152,30 @@ protocol ospf <name> {
         lacking this password are ignored. This authentication mechanism is
         very weak.
 
+       <tag>authentication cryptographic</tag>
+        16-byte long md5 digest is appended to every packet. For the digest
+         generation 16-byte long passwords are used. Those passwords are 
+         not sent via network, so this mechanismus is quite secure.
+         Packets can still be read by an attacker.
+
        <tag>password "<M>text</M>"</tag>
-        An 8-byte password used for authentication.
+        An 8-byte or 16-byte password used for authentication.
+
+       <tag>id <M>num</M></tag>
+        ID of the password, (0-255). If it's not used, BIRD will choose
+        some automatically.
+
+       <tag>generate from <M>date</M></tag>
+        The start time of the usage of the password for packet signing.
+
+       <tag>generate to <M>date</M></tag>
+        The last time of the usage of the password for packet signing.
+
+       <tag>accept from <M>date</M></tag>
+        The start time of the usage of the password for packet verification.
+
+       <tag>accept to <M>date</M></tag>
+        The last time of the usage of the password for packet verification.
 
        <tag>neighbors { <m/set/ } </tag>
         A set of neighbors to which Hello messages on nonbroadcast networks

diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y
index f6ad5bc30e351ac0cc42b1e31ca472f2008eee50..c59517581a42d46ec9df5c39703644a1aed1033f 100644 (file)
--- a/proto/ospf/config.Y
+++ b/proto/ospf/config.Y
@@ -24,7 +24,7 @@ CF_DECLS
 CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG)
 CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT)
 CF_KEYWORDS(HELLO, TRANSMIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE)
-CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT)
+CF_KEYWORDS(NONE, SIMPLE, AUTHENTICATION, STRICT, CRYPTOGRAPHIC)
 CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, LINK)
 
 %type <t> opttext
@@ -135,6 +135,7 @@ ospf_iface_item:
  | NEIGHBORS '{' ipa_list '}'
  | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
  | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
+ | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
  | password_list {OSPF_PATT->passwords = $1; }
  ;