> This is the present babel conf file format: > key id key1 type sha1 value deadbeefdeadbeefdeadbeefdeadbeefdeadbeef > key id key2 type sha1 value dea2f0d01a57b0071057a11da7adeadbeeffffff > interface enp7s0 unicast false hmac key1 > interface wg1 hmac key2
Right. It currently cannot be updated dynamically, but the plan is that it will at some point before HMAC get merged into mainline. > so we invent a new keyword "serial". > a key rollover is initiated by adding a new key with the same name and a > larger serial number than the old one. I don't understand what problem you're trying to solve. You're happily HMACing your packets: key id key1 type sha1 value ... interface wlan0 hmac key1 At some point, you decide to start using a new key: key id key2 type sha1 value ... interface wlan0 hmac key1 hmac key2 You deploy the new key on all routers, then you delete the old key: interface wlan0 hmac key2 Why do you need a serial number? -- Juliusz _______________________________________________ Babel-users mailing list Babel-users@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users