Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

repair missing paths on unveil failure

allocate enough space in start_child() argv for all possible flags
ok claudio@

Kill log_procnames and properly define ldpd_process.

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.

Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.

OK deraadt@

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Several fixes in the config reload handling.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Create network sockets on the parent process.

We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Split merge_config() into smaller functions to improve readability.

The merge code will get bigger when we introduce IPv6 support, so we
better prepare the ground for it.

Move some code around.

This patch doesn't introduce any logical change.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Replace manually written function names with __func__.

Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

EAGAIN handling for imsg_read. OK henning@ benno@

Call control_cleanup() from the ldpe process, where it belongs.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Add configuration reload support.

ok claudio@

More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Close connections when msgbuf_write() returns 0.

ok claudio@

deal with msgbuf_write EAGAIN, ok gilles benno

Fix whitespace and other style issues.
OK claudio@

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

Filter out route messages we don't need and log kernel messages in
super verbose mode.
From Renato Westphal

fix a use after free
ok sthen@ jung@ fgsch@

Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange
since it does not care that much about reachability of routes. The idea is
to have diverse LSP in the kernel and the kernel should then decide which
path should be used.
OK michele@

Kill IMSG_KLABEL_INSERT and all the related functions around it.
IMSG_KLABEL_CHANGE is smart enough to know when something is a change
or an insert.

MPLSCTL_ENABLE is gone, no need to check for it. There is also no real
reason why ldpd needs to check for ip forwarding so remove that check
as well. Reminded by phessler@

Rename some imsg bits to make namespace collisions less likely buf to
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.

ok henning gilles claudio jacekm deraadt

Rework the kroute code by stealing some code from ospfd and massaging it
a lot more. Main reason for this is to add priority support. Additionally
add some additional NO_LABEL fixes.
OK michele@

Do not use bufferevent for something that's already covered in the imsg
buffer API. This fixes a few possible problems in session_read and does
some further cleanup in various places. Wrap msgbuf into evbuf to add
libevent functionality and use buf_read to handle the read side of a
session. OK michele@ and dlg@ did not see anything evil

More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().

remove an unimplemented flag from both usage() and getopt(3)'s
option string.

ok claudio@, michele@

Get rid of the multipath code, as it is not needed.

ok claudio@ laurent@

make ldpd imsg-in-a-lib ready too.

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

repair missing paths on unveil failure

allocate enough space in start_child() argv for all possible flags
ok claudio@

Kill log_procnames and properly define ldpd_process.

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.

Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.

OK deraadt@

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Several fixes in the config reload handling.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Create network sockets on the parent process.

We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Split merge_config() into smaller functions to improve readability.

The merge code will get bigger when we introduce IPv6 support, so we
better prepare the ground for it.

Move some code around.

This patch doesn't introduce any logical change.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Replace manually written function names with __func__.

Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

EAGAIN handling for imsg_read. OK henning@ benno@

Call control_cleanup() from the ldpe process, where it belongs.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Add configuration reload support.

ok claudio@

More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Close connections when msgbuf_write() returns 0.

ok claudio@

deal with msgbuf_write EAGAIN, ok gilles benno

Fix whitespace and other style issues.
OK claudio@

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

Filter out route messages we don't need and log kernel messages in
super verbose mode.
From Renato Westphal

fix a use after free
ok sthen@ jung@ fgsch@

Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange
since it does not care that much about reachability of routes. The idea is
to have diverse LSP in the kernel and the kernel should then decide which
path should be used.
OK michele@

Kill IMSG_KLABEL_INSERT and all the related functions around it.
IMSG_KLABEL_CHANGE is smart enough to know when something is a change
or an insert.

MPLSCTL_ENABLE is gone, no need to check for it. There is also no real
reason why ldpd needs to check for ip forwarding so remove that check
as well. Reminded by phessler@

Rename some imsg bits to make namespace collisions less likely buf to
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.

ok henning gilles claudio jacekm deraadt

Rework the kroute code by stealing some code from ospfd and massaging it
a lot more. Main reason for this is to add priority support. Additionally
add some additional NO_LABEL fixes.
OK michele@

Do not use bufferevent for something that's already covered in the imsg
buffer API. This fixes a few possible problems in session_read and does
some further cleanup in various places. Wrap msgbuf into evbuf to add
libevent functionality and use buf_read to handle the read side of a
session. OK michele@ and dlg@ did not see anything evil

More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().

remove an unimplemented flag from both usage() and getopt(3)'s
option string.

ok claudio@, michele@

Get rid of the multipath code, as it is not needed.

ok claudio@ laurent@

make ldpd imsg-in-a-lib ready too.

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

allocate enough space in start_child() argv for all possible flags
ok claudio@

Kill log_procnames and properly define ldpd_process.

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.

Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.

OK deraadt@

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Several fixes in the config reload handling.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Create network sockets on the parent process.

We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Split merge_config() into smaller functions to improve readability.

The merge code will get bigger when we introduce IPv6 support, so we
better prepare the ground for it.

Move some code around.

This patch doesn't introduce any logical change.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Replace manually written function names with __func__.

Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

EAGAIN handling for imsg_read. OK henning@ benno@

Call control_cleanup() from the ldpe process, where it belongs.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Add configuration reload support.

ok claudio@

More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Close connections when msgbuf_write() returns 0.

ok claudio@

deal with msgbuf_write EAGAIN, ok gilles benno

Fix whitespace and other style issues.
OK claudio@

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

Filter out route messages we don't need and log kernel messages in
super verbose mode.
From Renato Westphal

fix a use after free
ok sthen@ jung@ fgsch@

Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange
since it does not care that much about reachability of routes. The idea is
to have diverse LSP in the kernel and the kernel should then decide which
path should be used.
OK michele@

Kill IMSG_KLABEL_INSERT and all the related functions around it.
IMSG_KLABEL_CHANGE is smart enough to know when something is a change
or an insert.

MPLSCTL_ENABLE is gone, no need to check for it. There is also no real
reason why ldpd needs to check for ip forwarding so remove that check
as well. Reminded by phessler@

Rename some imsg bits to make namespace collisions less likely buf to
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.

ok henning gilles claudio jacekm deraadt

Rework the kroute code by stealing some code from ospfd and massaging it
a lot more. Main reason for this is to add priority support. Additionally
add some additional NO_LABEL fixes.
OK michele@

Do not use bufferevent for something that's already covered in the imsg
buffer API. This fixes a few possible problems in session_read and does
some further cleanup in various places. Wrap msgbuf into evbuf to add
libevent functionality and use buf_read to handle the read side of a
session. OK michele@ and dlg@ did not see anything evil

More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().

remove an unimplemented flag from both usage() and getopt(3)'s
option string.

ok claudio@, michele@

Get rid of the multipath code, as it is not needed.

ok claudio@ laurent@

make ldpd imsg-in-a-lib ready too.

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

Kill log_procnames and properly define ldpd_process.

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.

Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.

OK deraadt@

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Several fixes in the config reload handling.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Create network sockets on the parent process.

We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Split merge_config() into smaller functions to improve readability.

The merge code will get bigger when we introduce IPv6 support, so we
better prepare the ground for it.

Move some code around.

This patch doesn't introduce any logical change.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Replace manually written function names with __func__.

Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

EAGAIN handling for imsg_read. OK henning@ benno@

Call control_cleanup() from the ldpe process, where it belongs.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Add configuration reload support.

ok claudio@

More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Close connections when msgbuf_write() returns 0.

ok claudio@

deal with msgbuf_write EAGAIN, ok gilles benno

Fix whitespace and other style issues.
OK claudio@

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

Filter out route messages we don't need and log kernel messages in
super verbose mode.
From Renato Westphal

fix a use after free
ok sthen@ jung@ fgsch@

Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange
since it does not care that much about reachability of routes. The idea is
to have diverse LSP in the kernel and the kernel should then decide which
path should be used.
OK michele@

Kill IMSG_KLABEL_INSERT and all the related functions around it.
IMSG_KLABEL_CHANGE is smart enough to know when something is a change
or an insert.

MPLSCTL_ENABLE is gone, no need to check for it. There is also no real
reason why ldpd needs to check for ip forwarding so remove that check
as well. Reminded by phessler@

Rename some imsg bits to make namespace collisions less likely buf to
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.

ok henning gilles claudio jacekm deraadt

Rework the kroute code by stealing some code from ospfd and massaging it
a lot more. Main reason for this is to add priority support. Additionally
add some additional NO_LABEL fixes.
OK michele@

Do not use bufferevent for something that's already covered in the imsg
buffer API. This fixes a few possible problems in session_read and does
some further cleanup in various places. Wrap msgbuf into evbuf to add
libevent functionality and use buf_read to handle the read side of a
session. OK michele@ and dlg@ did not see anything evil

More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().

remove an unimplemented flag from both usage() and getopt(3)'s
option string.

ok claudio@, michele@

Get rid of the multipath code, as it is not needed.

ok claudio@ laurent@

make ldpd imsg-in-a-lib ready too.

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.

Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.

OK deraadt@

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Several fixes in the config reload handling.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Create network sockets on the parent process.

We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Split merge_config() into smaller functions to improve readability.

The merge code will get bigger when we introduce IPv6 support, so we
better prepare the ground for it.

Move some code around.

This patch doesn't introduce any logical change.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Replace manually written function names with __func__.

Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

EAGAIN handling for imsg_read. OK henning@ benno@

Call control_cleanup() from the ldpe process, where it belongs.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Add configuration reload support.

ok claudio@

More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Close connections when msgbuf_write() returns 0.

ok claudio@

deal with msgbuf_write EAGAIN, ok gilles benno

Fix whitespace and other style issues.
OK claudio@

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

Filter out route messages we don't need and log kernel messages in
super verbose mode.
From Renato Westphal

fix a use after free
ok sthen@ jung@ fgsch@

Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange
since it does not care that much about reachability of routes. The idea is
to have diverse LSP in the kernel and the kernel should then decide which
path should be used.
OK michele@

Kill IMSG_KLABEL_INSERT and all the related functions around it.
IMSG_KLABEL_CHANGE is smart enough to know when something is a change
or an insert.

MPLSCTL_ENABLE is gone, no need to check for it. There is also no real
reason why ldpd needs to check for ip forwarding so remove that check
as well. Reminded by phessler@

Rename some imsg bits to make namespace collisions less likely buf to
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.

ok henning gilles claudio jacekm deraadt

Rework the kroute code by stealing some code from ospfd and massaging it
a lot more. Main reason for this is to add priority support. Additionally
add some additional NO_LABEL fixes.
OK michele@

Do not use bufferevent for something that's already covered in the imsg
buffer API. This fixes a few possible problems in session_read and does
some further cleanup in various places. Wrap msgbuf into evbuf to add
libevent functionality and use buf_read to handle the read side of a
session. OK michele@ and dlg@ did not see anything evil

More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().

remove an unimplemented flag from both usage() and getopt(3)'s
option string.

ok claudio@, michele@

Get rid of the multipath code, as it is not needed.

ok claudio@ laurent@

make ldpd imsg-in-a-lib ready too.

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Several fixes in the config reload handling.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Create network sockets on the parent process.

We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Split merge_config() into smaller functions to improve readability.

The merge code will get bigger when we introduce IPv6 support, so we
better prepare the ground for it.

Move some code around.

This patch doesn't introduce any logical change.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Replace manually written function names with __func__.

Remove setproctitle() for the parent process. Because rc.d(8) uses process
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@

EAGAIN handling for imsg_read. OK henning@ benno@

Call control_cleanup() from the ldpe process, where it belongs.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Add configuration reload support.

ok claudio@

More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Close connections when msgbuf_write() returns 0.

ok claudio@

deal with msgbuf_write EAGAIN, ok gilles benno

Fix whitespace and other style issues.
OK claudio@

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

Filter out route messages we don't need and log kernel messages in
super verbose mode.
From Renato Westphal

fix a use after free
ok sthen@ jung@ fgsch@

Decouple log_verbose() from log_init() so the verbose flag stays set with
"-v" (previously only "-vd" worked). Similar to recent ospfd commit.
ok claudio@

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange
since it does not care that much about reachability of routes. The idea is
to have diverse LSP in the kernel and the kernel should then decide which
path should be used.
OK michele@

Kill IMSG_KLABEL_INSERT and all the related functions around it.
IMSG_KLABEL_CHANGE is smart enough to know when something is a change
or an insert.

MPLSCTL_ENABLE is gone, no need to check for it. There is also no real
reason why ldpd needs to check for ip forwarding so remove that check
as well. Reminded by phessler@

Rename some imsg bits to make namespace collisions less likely buf to
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.

ok henning gilles claudio jacekm deraadt