Hello friends, running current BIRD2 on FreeBSD, 2.17.1. Starting a few updates ago I get a nagging warning in my log files for BGP sessions that carry a password, namely: --- /usr/local/etc/bird.peers:94:1: Missing authentication option, assuming MD5 --- Yet, when I try to add the algo option, like this: --- protocol bgp <nei> from <templ> { neighbor <ip>; password "<pass>" { algorithm MD5; }; }; --- BIRD still hates on me: --- /usr/local/etc/bird.peers:94:20 syntax error, unexpected '{', expecting ';' --- I suppose this only works with BIRD 3? BIRD2 documents as follows: --- password string Use this password for MD5 authentication of BGP sessions (RFC 2385). When used on BSD systems, see also setkey option below. Default: no authentication. --- So - how do I fix this? Thanks for any help, Elmar.
On 27 Aug 2025, at 10:05, Elmar K. Bins <elmi@noir.de> wrote:
password "<pass>" { algorithm MD5; };
Hello, On Linux (but that shouldn't change the option's syntax) we use: authentication md5; password "<REDACTED>"; The way I read the doc, that is still valid on BSD, you may just need an extra "setkey" line. -- Radu-Adrian FEURDEAN Web : www.franceix.net
Hey Radu, rafeurdean@franceix.net (Radu-Adrian Feurdean) wrote:
On Linux (but that shouldn't change the option's syntax) we use:
authentication md5; password "<REDACTED>";
That works, thanks! Could simply not find that in the docs. I have a question for the devs - if it's the default, and people want to use the default, why do you need to put out warnings? Or can I switch that warning stuff off? Elmar.
On Wed, 27 Aug 2025, Elmar K. Bins wrote:
rafeurdean@franceix.net (Radu-Adrian Feurdean) wrote:
On Linux (but that shouldn't change the option's syntax) we use:
authentication md5; password "<REDACTED>";
That works, thanks! Could simply not find that in the docs.
https://bird.nic.cz/doc/bird-2.17.1.html#bgp - it's in the documentation, if you scroll down a bit. But yes, I overlooked that also initially :) Regards, Robert
Re Robert, bird@robert-scheck.de (Robert Scheck) wrote:
https://bird.nic.cz/doc/bird-2.17.1.html#bgp - it's in the documentation, if you scroll down a bit. But yes, I overlooked that also initially :)
thanks for the pointer. BIRD documentation is so difficult to use sometimes... Still wanting an answer to the "why warn on defaults" thing, devs? Cheers, Elmar.
On Wed, Aug 27, 2025 at 09:56:01AM +0100, Elmar K. Bins wrote:
Hey Radu,
rafeurdean@franceix.net (Radu-Adrian Feurdean) wrote:
On Linux (but that shouldn't change the option's syntax) we use:
authentication md5; password "<REDACTED>";
That works, thanks! Could simply not find that in the docs.
I have a question for the devs - if it's the default, and people want to use the default, why do you need to put out warnings? Or can I switch that warning stuff off?
Hi In the rest of BIRD, we use 'authentication' option to specify a method of authentication, while the 'password' / 'key' options to set specific keys. In BGP, we used just 'password' option for MD5 auth, but now we also have TCP-AO auth, which use 'keys' block with 'key' statements for specific keys. It is silly to distinguish auth method based on 'password' or 'key' options, especially when in the rest of BIRD these keywords are treated as synonyms, therefore we itroduced the 'authentication' option to BGP to have explicit and consistent behavior, but we also keep (for now) the old behavior of just setting the 'password', but it is encouraged to use the explicit option, as this may change in the future. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) "To err is human -- to blame it on a computer is even more so."
participants (4)
-
Elmar K. Bins -
Ondrej Zajicek -
Radu-Adrian Feurdean -
Robert Scheck