thx so much! Do you have a good time to discuss our testing options via videoconference? I happen to be in
https://tun.taht.net:8443/group/bufferbloat discussing ipv6 and starlink related testing right now, and should be there much of the day, most of the time. Let me know a good time. My biggest issue, after this, was somehow getting all of babel to work over unicast tunnels. On Sun, May 30, 2021 at 1:53 PM Juliusz Chroboczek <[email protected]> wrote: > > Dear all, > > I've just merged the hmac branch into master, that implements MAC > authentication for Babel (RFC 8967). Many, many thanks to Antonin Décimo, > who did a lot of the work needed to clean up the code for inclusion in > babeld. > > Here's an example configuration: > > key id k type hmac-sha256 value > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > interface wlan0 key k > > The "key" statement defines a key called "k". The interface statement > "key" option requests that packets be signed with key "k", and that all > incoming packets be verified with the key. > > I've checked interoperability with Bird for key type "hmac-sha256". > I wasn't able to confirm interoperability for key type "blake2s", I still > need to understand what's the problem. > > There's one major feature I haven't merged yet, it's support for key > rotation: only one key is supported, and you cannot change keys at > runtime. Antonin did implement these features, but I find his > implementation confusing, so I'll wait until grokking comes. > > While the protocol has been proved correct, we make no claims beyond the > ones in RFC 8967 Section 1.2; please make sure that you understand the > protocol's limitations. What is more, while we have tried to be careful, > this code is experimental and might have bugs. In addition, we only > secure the Babel control traffic: ARP, ND, ICMP and of course user traffic > need to be secured by other means. > > Please test, and send complaints and patches. > > -- Juliusz > > _______________________________________________ > Babel-users mailing list > [email protected] > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users -- Latest Podcast: https://www.linkedin.com/feed/update/urn:li:activity:6791014284936785920/ Dave Täht CTO, TekLibre, LLC _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
