From 466c96562c6e39596dc441c30420b335f83f01ea Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Mon, 26 Jun 2006 12:55:58 +0000 Subject: [doc] OSPF MD5 keyid documentation, fix texinfo warnings in bgpd.texi 2006-06-26 Paul Jakma * ospfd.texi: Document that MD5 keyid is part of the protocol. * bgpd.texi: shut texinfo warnings up by replacing brackets in variable with angle brackets. --- doc/ChangeLog | 6 ++++++ doc/bgpd.texi | 2 +- doc/ospfd.texi | 12 +++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/ChangeLog b/doc/ChangeLog index 569f8ff3..488ea309 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +2006-06-26 Paul Jakma + + * ospfd.texi: Document that MD5 keyid is part of the protocol. + * bgpd.texi: shut texinfo warnings up by replacing brackets in + variable with angle brackets. + 2006-05-23 Paul Jakma * bgpd.texi: Document the update-source command. diff --git a/doc/bgpd.texi b/doc/bgpd.texi index 8c64d78f..d82f6c37 100644 --- a/doc/bgpd.texi +++ b/doc/bgpd.texi @@ -277,7 +277,7 @@ This command specifies an announced route's nexthop as being equivalent to the address of the bgp router. @end deffn -@deffn {BGP} {neighbor @var{peer} update-source @var{(ifname|address)}} {} +@deffn {BGP} {neighbor @var{peer} update-source @var{}} {} @deffnx {BGP} {no neighbor @var{peer} update-source} {} Specify the IPv4 source address to use for the @acronym{BGP} session to this neighbour, may be specified as either an IPv4 address directly or diff --git a/doc/ospfd.texi b/doc/ospfd.texi index 65d4e845..ff0d78b9 100644 --- a/doc/ospfd.texi +++ b/doc/ospfd.texi @@ -378,14 +378,20 @@ all OSPF packets are authenticated. @var{AUTH_KEY} has length up to 8 chars. @deffn {Interface Command} {ip ospf message-digest-key KEYID md5 KEY} {} @deffnx {Interface Command} {no ip ospf message-digest-key} {} Set OSPF authentication key to a cryptographic password. The cryptographic -algorithm is MD5. KEYID identifies secret key used to create the message -digest. KEY is the actual message digest key up to 16 chars. +algorithm is MD5. + +KEYID identifies secret key used to create the message digest. This ID +is part of the protocol and must be consistent across routers on a +link. + +KEY is the actual message digest key, of up to 16 chars (larger strings +will be truncated), and is associated with the given KEYID. Note that OSPF MD5 authentication requires that time never go backwards (correct time is NOT important, only that it never goes backwards), even across resets, if ospfd is to be able to promptly reestabish adjacencies with its neighbours after restarts/reboots. The host should have system -time be set at boot from an external source (eg battery backed clock, NTP, +time be set at boot from an external or non-volatile source (eg battery backed clock, NTP, etc.) or else the system clock should be periodically saved to non-volative storage and restored at boot if MD5 authentication is to be expected to work reliably. -- cgit v1.2.1