#
1.69 |
|
08-Mar-2023 |
guenther |
Delete obsolete /* ARGSUSED */ lint comments.
ok miod@ millert@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.68 |
|
06-Sep-2021 |
deraadt |
repair missing paths on unveil failure
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.67 |
|
01-Mar-2021 |
jsg |
allocate enough space in start_child() argv for all possible flags ok claudio@
|
#
1.66 |
|
19-Jan-2021 |
claudio |
Kill log_procnames and properly define ldpd_process.
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.65 |
|
10-Aug-2019 |
mestre |
Like we did on other daemons that cannot be pledged due to forbidden ioctls the main process can be unveiled to restrict filesystem access. In this case we can restrict it to only read, although it must be the entire / since the daemon is able to include config files from anywhere.
Additionally the ldpe process currently has cpath promise to unlink the socket, nevertheless the socket is actually unlinked from the main proc so this permission can be removed. As we discussed before, leaving the socket behind doesn't do any harm that's why I didn't unveil it in the main proc.
OK deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.64 |
|
31-Mar-2019 |
yasuoka |
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec().
ok tedu florian
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.68 |
|
06-Sep-2021 |
deraadt |
repair missing paths on unveil failure
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.67 |
|
01-Mar-2021 |
jsg |
allocate enough space in start_child() argv for all possible flags ok claudio@
|
#
1.66 |
|
19-Jan-2021 |
claudio |
Kill log_procnames and properly define ldpd_process.
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.65 |
|
10-Aug-2019 |
mestre |
Like we did on other daemons that cannot be pledged due to forbidden ioctls the main process can be unveiled to restrict filesystem access. In this case we can restrict it to only read, although it must be the entire / since the daemon is able to include config files from anywhere.
Additionally the ldpe process currently has cpath promise to unlink the socket, nevertheless the socket is actually unlinked from the main proc so this permission can be removed. As we discussed before, leaving the socket behind doesn't do any harm that's why I didn't unveil it in the main proc.
OK deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.64 |
|
31-Mar-2019 |
yasuoka |
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec().
ok tedu florian
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.67 |
|
01-Mar-2021 |
jsg |
allocate enough space in start_child() argv for all possible flags ok claudio@
|
#
1.66 |
|
19-Jan-2021 |
claudio |
Kill log_procnames and properly define ldpd_process.
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.65 |
|
10-Aug-2019 |
mestre |
Like we did on other daemons that cannot be pledged due to forbidden ioctls the main process can be unveiled to restrict filesystem access. In this case we can restrict it to only read, although it must be the entire / since the daemon is able to include config files from anywhere.
Additionally the ldpe process currently has cpath promise to unlink the socket, nevertheless the socket is actually unlinked from the main proc so this permission can be removed. As we discussed before, leaving the socket behind doesn't do any harm that's why I didn't unveil it in the main proc.
OK deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.64 |
|
31-Mar-2019 |
yasuoka |
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec().
ok tedu florian
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.66 |
|
19-Jan-2021 |
claudio |
Kill log_procnames and properly define ldpd_process.
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.65 |
|
10-Aug-2019 |
mestre |
Like we did on other daemons that cannot be pledged due to forbidden ioctls the main process can be unveiled to restrict filesystem access. In this case we can restrict it to only read, although it must be the entire / since the daemon is able to include config files from anywhere.
Additionally the ldpe process currently has cpath promise to unlink the socket, nevertheless the socket is actually unlinked from the main proc so this permission can be removed. As we discussed before, leaving the socket behind doesn't do any harm that's why I didn't unveil it in the main proc.
OK deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.64 |
|
31-Mar-2019 |
yasuoka |
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec().
ok tedu florian
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.65 |
|
10-Aug-2019 |
mestre |
Like we did on other daemons that cannot be pledged due to forbidden ioctls the main process can be unveiled to restrict filesystem access. In this case we can restrict it to only read, although it must be the entire / since the daemon is able to include config files from anywhere.
Additionally the ldpe process currently has cpath promise to unlink the socket, nevertheless the socket is actually unlinked from the main proc so this permission can be removed. As we discussed before, leaving the socket behind doesn't do any harm that's why I didn't unveil it in the main proc.
OK deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.64 |
|
31-Mar-2019 |
yasuoka |
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec().
ok tedu florian
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.64 |
|
31-Mar-2019 |
yasuoka |
Avoid calling dup2(oldd, newd) when oldd == newd. In that case the descriptor keeps CLOEXEC flag then it will be closed unexpectedly by exec().
ok tedu florian
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.63 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.62 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.61 |
|
03-Mar-2017 |
renato |
Allow to specify an alternate control socket.
This is required to run multiple instances of ldpd.
OK claudio@
|
#
1.60 |
|
20-Jan-2017 |
benno |
work on making log.c similar in all daemons:
move daemon-local functions into new logmsg.c, and reduce the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
#
1.59 |
|
28-Sep-2016 |
krw |
'unneded stuff' -> 'unneeded stuff' in comments.
|
#
1.58 |
|
02-Sep-2016 |
renato |
Simplify shutdown process.
On shutdown, there's no need to use kill(2) to kill the child processes. Just closing the IPC sockets will make the children receive an EOF, break out from the event loop and then exit.
Tha advantages of this "pipe teardown" are: * simpler code; * no need to pledge "proc" in the parent process; * removal of a (hard to trigger) PID reuse race condition.
ok claudio@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
15-Jul-2016 |
renato |
Update per-neighbor GTSM options on config reload.
|
#
1.56 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.55 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.54 |
|
18-Jun-2016 |
renato |
Fix memory leak found with valgrind.
|
#
1.53 |
|
18-Jun-2016 |
renato |
Use log_warnx() instead of log_warn() when appropriate.
|
#
1.52 |
|
13-Jun-2016 |
renato |
Do not create sockets for disabled address-families.
|
#
1.51 |
|
08-Jun-2016 |
renato |
Fix quick reconnect when the transport address is changed.
When the transport address is changed, we can't try to reconnect to the neighbors inside merge_af() because the ldpe process still didn't receive the new network sockets from the parent at this point. To resolve this, try to reconnect just after we receive these sockets.
|
#
1.50 |
|
06-Jun-2016 |
renato |
Fix imsg parameter passing
When ldpe requests new network sockets to the parent process (after the transport-address is changed), it must specify the desired address-family (IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr structure for this. Use 'pid' for convenience (no need to extend the wrapper function, ldpe_imsg_compose_parent()).
|
#
1.49 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.48 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.47 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.46 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.45 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.44 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.43 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.42 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.41 |
|
23-May-2016 |
renato |
Several fixes in the config reload handling.
|
#
1.40 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.39 |
|
23-May-2016 |
renato |
Create network sockets on the parent process.
We drop our privileges in ldpe right after we create the network sockets. The problem is that we might want to change the transport-address and reload the config, in which case we need new sockets. To allow that, always create the network sockets in the parent process and pass them to ldpe via imsg.
|
#
1.38 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.37 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.36 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.35 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.34 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.33 |
|
23-May-2016 |
renato |
Split merge_config() into smaller functions to improve readability.
The merge code will get bigger when we introduce IPv6 support, so we better prepare the ground for it.
|
#
1.32 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.31 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.30 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.29 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.28 |
|
02-Feb-2016 |
sthen |
Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
|
#
1.27 |
|
05-Dec-2015 |
claudio |
EAGAIN handling for imsg_read. OK henning@ benno@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.26 |
|
21-Jul-2015 |
renato |
Call control_cleanup() from the ldpe process, where it belongs.
ok claudio@
|
#
1.25 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.24 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.23 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.22 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.21 |
|
16-Jan-2015 |
deraadt |
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
12-Jul-2014 |
krw |
Close connections when msgbuf_write() returns 0.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.19 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.18 |
|
15-Oct-2013 |
renato |
Fix whitespace and other style issues. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.15 |
|
01-Jun-2013 |
claudio |
Filter out route messages we don't need and log kernel messages in super verbose mode. From Renato Westphal
|
#
1.14 |
|
04-May-2013 |
jsg |
fix a use after free ok sthen@ jung@ fgsch@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.13 |
|
20-Aug-2011 |
sthen |
Decouple log_verbose() from log_init() so the verbose flag stays set with "-v" (previously only "-vd" worked). Similar to recent ospfd commit. ok claudio@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.12 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.11 |
|
08-Jul-2010 |
claudio |
Kill more code in kroute.c that is unneeded in ldpd. ldpd is a bit strange since it does not care that much about reachability of routes. The idea is to have diverse LSP in the kernel and the kernel should then decide which path should be used. OK michele@
|
#
1.10 |
|
30-Jun-2010 |
claudio |
Kill IMSG_KLABEL_INSERT and all the related functions around it. IMSG_KLABEL_CHANGE is smart enough to know when something is a change or an insert.
|
#
1.9 |
|
02-Jun-2010 |
claudio |
MPLSCTL_ENABLE is gone, no need to check for it. There is also no real reason why ldpd needs to check for ip forwarding so remove that check as well. Reminded by phessler@
|
#
1.8 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.7 |
|
03-Mar-2010 |
claudio |
Rework the kroute code by stealing some code from ospfd and massaging it a lot more. Main reason for this is to add priority support. Additionally add some additional NO_LABEL fixes. OK michele@
|
#
1.6 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.5 |
|
02-Nov-2009 |
claudio |
More IMSG_CTL_LOG_VERBOSE, still doing the same toggeling of log_debug().
|
#
1.4 |
|
28-Oct-2009 |
sobrado |
remove an unimplemented flag from both usage() and getopt(3)'s option string.
ok claudio@, michele@
|
#
1.3 |
|
13-Jul-2009 |
michele |
Get rid of the multipath code, as it is not needed.
ok claudio@ laurent@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
06-Jun-2009 |
pyr |
make ldpd imsg-in-a-lib ready too.
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|