#
1.72 |
|
19-Jan-2021 |
claudio |
Adjust the disc_recv_packet() code to not use IBUF_READ_SIZE and to use a local recv_buf that is allocated on first call with malloc(). The memory returned from malloc() is properly aligned which may not be the case for bss or stack memory.
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.71 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.70 |
|
04-Mar-2017 |
renato |
Implement RFC 5561 (LDP Capabilities).
This patch per-se doesn't introduce any useful functionality, but prepares the ground for new enhancements to ldpd (i.e. implementation of new RFCs that make use of LDP capabilities).
|
#
1.69 |
|
03-Mar-2017 |
renato |
Kill send_notification_nbr().
Be more clever and trigger the PDU SENT event inside send_notification() when tcp->nbr is set. This way we can eliminate send_notification_nbr() and always use send_notification() instead.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.68 |
|
16-Jul-2016 |
renato |
Remove potential overflow when validating message's length.
Also, use uint16_t for msg_type on gen_msg_hdr().
|
#
1.67 |
|
01-Jul-2016 |
renato |
More renaming and whitespace cleanup.
No binary change after "strip -s".
|
#
1.66 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.65 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.64 |
|
18-Jun-2016 |
renato |
Fix removal of dual-stack neighbors.
|
#
1.63 |
|
13-Jun-2016 |
renato |
Implement a timeout for the session initialization FSM.
This prevents neighbors stuck in the initialization FSM to linger forever as long as the associated transport connection is up.
This timeout can be seen in the 'Session Initialization State Transition Diagram' of RFC 5036. The RFC, however, doesn't specify how much we should wait. Let's use 180 seconds for that, the default LDP hold time.
Fixes IxANVL LDP test 6.15.
|
#
1.62 |
|
13-Jun-2016 |
renato |
Rework the handling of Hello packets.
With the introduction of IPv6 support by RFC 7552, the handling of Hello packets in ldpd became something incredibly complex. Neighbors can change from single-stack LDP to dual-stack and vice-versa. They can change their transport preference, their transport addresses (IPv4 and IPv6) and even start or stop sending the Dual-Stack TLV. We also have to take care to reject things like multiple adjacencies advertising different transport-addresses for the same neighbor. ldpd was failing for some of the cases mentioned above, this patch fixes these issues and attempts to make the code easier to read.
|
#
1.61 |
|
09-Jun-2016 |
renato |
Do set the Message ID for Hello messages too.
In the original LDP specification, there was no circumstance where a Notification message could be sent in response to a Hello message. So setting the Message ID field for Hello packets was useless.
This changed with RFC 7552, where Hello packets can trigger the "Transport Connection Mismatch" notification when the local and remote transport preferences doesn't match. In this case, having a meaningful Message ID in the Hello packets can aid in testing and troubleshooting.
|
#
1.60 |
|
09-Jun-2016 |
renato |
Do not shut down the session upon receiving unknown messages.
RFC 5036 says the following about the receipt of unknown messages: "Unknown message bit. Upon receipt of an unknown message, if U is clear (=0), a notification is returned to the message originator; if U is set (=1), the unknown message is silently ignored".
We were correctly ignoring unknown messages when the U-bit was set. But when this bit was not set, we were shutting down the session when the correct thing to do is to just send a non-fatal notification message.
Fix IxANVL LDP test 22.13.
|
#
1.59 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.58 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.57 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.56 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.55 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.54 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.53 |
|
23-May-2016 |
renato |
Move setsockopt helper functions to a separate file.
IPv6 support is coming and we don't want to pollute the interface.c file with too many of these helper functions.
Also, rename these functions from if_set_* to sock_set_*.
|
#
1.52 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.51 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.50 |
|
23-May-2016 |
renato |
Rework the way we handle income connection requests.
The logic of the previous code was to accept all TCP connection requests (destined to port 646) and create a tcp_conn structure for each them. Once the first packet of a connection was received, we would analyze the LDP Initialization message and identify its origin by looking at the LSR-ID field.
When parsing a received TCP packet, we would need to distinguish between two cases: tcp packet from an LDP neighbor and tcp packet from a newborn connection (not associated with any neighbor yet). For this reason, the session_read() function was quite complicated.
Also, we were not keeping track of the allocated tcp_conn structures. So, we were subject to memory leaks and even DOS attacks.
With this patch, we also accept all TCP connection requests, but with two major differences: * We identify the neighbor by the source address of the SYN packet. This is possible because we don't support label spaces, so the transport-address by itself is enough to identify a neighbor, we don't need to wait for the Initialization message; * If there's no matching adjacency for this neighbor, then we start a timer of 5 seconds. If we receive a Hello packet from this neighbor within this interval, then we stop this timer and move on in the Initialization state machine. Otherwise, we send a No Hello Notification message and close the socket. We try to avoid sending the No Hello notification as much as possible because it triggers the backoff exponential in the remote peer, which considerably slow down the session establishment process.
In summary, this new approach allows for a simpler code and fixes the memory leak problem mentioned before.
|
#
1.49 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.48 |
|
23-May-2016 |
renato |
Don't ignore notification messages before the session is operational.
This was preventing us from triggering the backoff exponential timer after receiving a 'No Hello' notification.
|
#
1.47 |
|
23-May-2016 |
renato |
Improve the parser of TCP/session packets.
Add more safeguards against malformed packets and fix existing ones. Also, rename a few variables and constants to match their real meaning. For example, rename gen_msg_tlv() to gen_msg_hdr() because this function generates an LDP header, not a TLV.
Finally, clean-up all the send_* functions so they all follow the same pattern.
|
#
1.46 |
|
23-May-2016 |
renato |
Respect the received Max PDU Length field.
|
#
1.45 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.44 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.43 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
#
1.42 |
|
23-May-2016 |
renato |
Call accept_unpause() when any TCP socket is closed.
We were calling accept_unpause() only when an LDP session is shut down. But, during the LDP session establishment process, we may have TCP sockets that are not associated with any neighbor. If we close one of these sockets, we must call accept_unpause() too.
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.41 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
#
1.40 |
|
21-Jul-2015 |
renato |
Improve handling of addresses on ldpe.
This is a preliminary work for the the next patch (sigup config reload). We want to make sure that the ldpe process can handle duplicated addresses.
The idea is to alloc two different if_addr structures for each address, and link one in the global list of addresses (used to send address messages) and link the other to the associated interface list of addresses.
Doing that we will be able to call kif_redistribute() after reloading the config file and activate the new LDP enabled interfaces.
NOTE: Interfaces are created at config parse time and the child processes inherit them on fork() so there's no need to send a status update at startup.
ok claudio@
|
#
1.39 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.38 |
|
04-Apr-2015 |
renato |
Give more detailed information on a couple of debug messages.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.37 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.36 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
12-Jul-2014 |
krw |
msgbuf_write() <= 0 for a few more daemons.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.33 |
|
17-Oct-2013 |
renato |
Improve parsing of label mapping messages and merge all recv_label* functions into a single generic function.
Add a few error checks and implement parsing of optional tlvs. Putting it all together helps avoid to code duplication and improve maintainability.
|
#
1.32 |
|
15-Oct-2013 |
renato |
Improve debug and error logs. OK claudio@
|
#
1.31 |
|
15-Oct-2013 |
renato |
Generate the NBR_EVT_PDU_RCVD event in a single point. OK claudio@
|
#
1.30 |
|
15-Oct-2013 |
renato |
Improve parsing of LDP messages. Add more sanity checks and send proper notification messages on error conditions. OK claudio@
|
#
1.29 |
|
15-Oct-2013 |
renato |
Ignore messages that have Unknown flag set. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.28 |
|
05-Jun-2013 |
miod |
Fix build on vax
|
#
1.27 |
|
04-Jun-2013 |
claudio |
Always accept TCP connection requests and identify to which neighbor it belongs only _after_ receiving an Initialization message containing the information we need. Before an Initialization message is received, the TCP connection shouldn't be associated with any neighbor/adjacency. Therefor refactor that part into a own module. From Renato Westphal
|
#
1.26 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.25 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.24 |
|
01-Jun-2013 |
claudio |
Improve error handling on session_read * Don't try to send a Shutdown message if the connection is already closed or a read error occured; * As per RFC 5036, send a Shutdown message if an unexpected message is received during the initialization process; * Check if the whole LSR ID of received messages is correct; * On ldpe_dispatch_main(), ignore the messages from the lde process whose associated neighbor is not in the operational state. Diff from Renato Westphal
|
#
1.23 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.22 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.21 |
|
01-Jun-2013 |
claudio |
Use the nbr_stop_[*]timer functions Diff from Renato Westphal
|
#
1.20 |
|
01-Jun-2013 |
claudio |
After returning from accept, we got a TCP connection not a LDP session. Rename event/actions in the discovery FSM to avoid confusion * NBR_EVT_SESSION_UP -> NBR_EVT_CONNECT_UP * NBR_ACT_SESSION_EST -> NBR_ACT_CONNECT_SETUP * nbr_act_session_establish -> nbr_act_connect_setup * NBR_ACT_INIT_SEND -> NBR_ACT_PASSIVE_INIT * NBR_ACT_STRT_KTIMER -> NBR_ACT_SESSION_EST Diff by Renato Westphal
|
#
1.19 |
|
01-Jun-2013 |
claudio |
Don't set the Message ID for hello messages. The Message ID field is used by notification messages to identify a given message. This is the behavior adopted by Cisco IOS. Diff from Renato Westphal
|
#
1.18 |
|
30-May-2013 |
claudio |
Improve sanity checks on received UDP messages The actual meaning of the "PDU Length" field is the total length of the LDP PDU, excluding the "Version" and "PDU Length" fields (as per RFC 5036, section 3.1). Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.17 |
|
11-Mar-2013 |
deraadt |
handle ECONNABORTED errors from accept(). In many code blocks they can be ignored silently and without aborting, much like EINTR and EWOULDBLOCK are. ok's from various maintainers of these directories...
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.16 |
|
12-Apr-2012 |
claudio |
accept pacing ldpd way. Since this daemon has multiple listening fds we add them all to a accept queue that does the pacing with the accept_pause() and accept_unpause() calls. With and OK deraadt@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.15 |
|
12-Mar-2011 |
claudio |
Log the fact that a session was not accepted because of missing HELLOs.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.14 |
|
10-Jan-2011 |
claudio |
Fix a bad heritage from ospfd. Make neighbors independent of interfaces. They are not bound as strongly as in ospf and causes problems when the TCP connection is established from an not connected IP (e.g. a loopback). Use three RB trees to sort the neighbor list by id, addr and peerid. More cleanup is needed but this makes ldpd work against peers using loopback IPs. Problem found, reported and fix tested again by Marcel Wiget.
|
#
1.13 |
|
04-Nov-2010 |
claudio |
Rewrite all packet parsers to be more careful about alignment. Until now ldpd had no chance to run on a strict alignment architecture but this makes ldpd happy on sparc64. Be careful to do all needed overflow checks and try to make all parsing functions look similar. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
#
1.11 |
|
14-May-2010 |
claudio |
Do not send notifications directly onto the wire. Decide in the caller how to send the notification. On accept use write() else queue message and try to send the queued messages out via msgbuf_write(). This may still fail but is better then the code beforehands. OK michele@
|
#
1.10 |
|
01-May-2010 |
jsg |
split up a multiple assignment so we aren't casting an lvalue. ok michele@ claudio@
|
#
1.9 |
|
29-Apr-2010 |
claudio |
Remove some more ospfd-ism from the interface code. This time remove of most of the IF_TYPE_ special cases and most interface types. Point-to-point and broadcast still present because of find_iface() which needs addtional fixing. OK michele@
|
#
1.8 |
|
15-Apr-2010 |
claudio |
session_shutdown() issues a NBR_EVT_CLOSE_SESSION and therefore a session_close() which does the event_del(&nbr->rev) so no need to do it twice. There is also no need to send two S_SHUTDOWN messages. OK michele@
|
#
1.7 |
|
15-Apr-2010 |
claudio |
Fix fd leak in error case. OK michele@
|
#
1.6 |
|
15-Apr-2010 |
claudio |
Instead of having three ways of setting fds non-blocking use session_socket_blockmode() everywhere. Additionally make two fatal() distinguishable. OK michele@
|
#
1.5 |
|
26-Mar-2010 |
claudio |
event_del() the read event when hitting a read error or when closing the file descriptor. If not done, we will loop forever on this event. OK michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.4 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.3 |
|
01-Nov-2009 |
michele |
Initialize "len" before using it in accept(2).
Found by Christophe Fillot
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
05-Jun-2009 |
michele |
Correctly send notification messages when errors occur.
ok claudio@ laurent@
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.71 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.70 |
|
04-Mar-2017 |
renato |
Implement RFC 5561 (LDP Capabilities).
This patch per-se doesn't introduce any useful functionality, but prepares the ground for new enhancements to ldpd (i.e. implementation of new RFCs that make use of LDP capabilities).
|
#
1.69 |
|
03-Mar-2017 |
renato |
Kill send_notification_nbr().
Be more clever and trigger the PDU SENT event inside send_notification() when tcp->nbr is set. This way we can eliminate send_notification_nbr() and always use send_notification() instead.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.68 |
|
16-Jul-2016 |
renato |
Remove potential overflow when validating message's length.
Also, use uint16_t for msg_type on gen_msg_hdr().
|
#
1.67 |
|
01-Jul-2016 |
renato |
More renaming and whitespace cleanup.
No binary change after "strip -s".
|
#
1.66 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.65 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.64 |
|
18-Jun-2016 |
renato |
Fix removal of dual-stack neighbors.
|
#
1.63 |
|
13-Jun-2016 |
renato |
Implement a timeout for the session initialization FSM.
This prevents neighbors stuck in the initialization FSM to linger forever as long as the associated transport connection is up.
This timeout can be seen in the 'Session Initialization State Transition Diagram' of RFC 5036. The RFC, however, doesn't specify how much we should wait. Let's use 180 seconds for that, the default LDP hold time.
Fixes IxANVL LDP test 6.15.
|
#
1.62 |
|
13-Jun-2016 |
renato |
Rework the handling of Hello packets.
With the introduction of IPv6 support by RFC 7552, the handling of Hello packets in ldpd became something incredibly complex. Neighbors can change from single-stack LDP to dual-stack and vice-versa. They can change their transport preference, their transport addresses (IPv4 and IPv6) and even start or stop sending the Dual-Stack TLV. We also have to take care to reject things like multiple adjacencies advertising different transport-addresses for the same neighbor. ldpd was failing for some of the cases mentioned above, this patch fixes these issues and attempts to make the code easier to read.
|
#
1.61 |
|
09-Jun-2016 |
renato |
Do set the Message ID for Hello messages too.
In the original LDP specification, there was no circumstance where a Notification message could be sent in response to a Hello message. So setting the Message ID field for Hello packets was useless.
This changed with RFC 7552, where Hello packets can trigger the "Transport Connection Mismatch" notification when the local and remote transport preferences doesn't match. In this case, having a meaningful Message ID in the Hello packets can aid in testing and troubleshooting.
|
#
1.60 |
|
09-Jun-2016 |
renato |
Do not shut down the session upon receiving unknown messages.
RFC 5036 says the following about the receipt of unknown messages: "Unknown message bit. Upon receipt of an unknown message, if U is clear (=0), a notification is returned to the message originator; if U is set (=1), the unknown message is silently ignored".
We were correctly ignoring unknown messages when the U-bit was set. But when this bit was not set, we were shutting down the session when the correct thing to do is to just send a non-fatal notification message.
Fix IxANVL LDP test 22.13.
|
#
1.59 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.58 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.57 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.56 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.55 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.54 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.53 |
|
23-May-2016 |
renato |
Move setsockopt helper functions to a separate file.
IPv6 support is coming and we don't want to pollute the interface.c file with too many of these helper functions.
Also, rename these functions from if_set_* to sock_set_*.
|
#
1.52 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.51 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.50 |
|
23-May-2016 |
renato |
Rework the way we handle income connection requests.
The logic of the previous code was to accept all TCP connection requests (destined to port 646) and create a tcp_conn structure for each them. Once the first packet of a connection was received, we would analyze the LDP Initialization message and identify its origin by looking at the LSR-ID field.
When parsing a received TCP packet, we would need to distinguish between two cases: tcp packet from an LDP neighbor and tcp packet from a newborn connection (not associated with any neighbor yet). For this reason, the session_read() function was quite complicated.
Also, we were not keeping track of the allocated tcp_conn structures. So, we were subject to memory leaks and even DOS attacks.
With this patch, we also accept all TCP connection requests, but with two major differences: * We identify the neighbor by the source address of the SYN packet. This is possible because we don't support label spaces, so the transport-address by itself is enough to identify a neighbor, we don't need to wait for the Initialization message; * If there's no matching adjacency for this neighbor, then we start a timer of 5 seconds. If we receive a Hello packet from this neighbor within this interval, then we stop this timer and move on in the Initialization state machine. Otherwise, we send a No Hello Notification message and close the socket. We try to avoid sending the No Hello notification as much as possible because it triggers the backoff exponential in the remote peer, which considerably slow down the session establishment process.
In summary, this new approach allows for a simpler code and fixes the memory leak problem mentioned before.
|
#
1.49 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.48 |
|
23-May-2016 |
renato |
Don't ignore notification messages before the session is operational.
This was preventing us from triggering the backoff exponential timer after receiving a 'No Hello' notification.
|
#
1.47 |
|
23-May-2016 |
renato |
Improve the parser of TCP/session packets.
Add more safeguards against malformed packets and fix existing ones. Also, rename a few variables and constants to match their real meaning. For example, rename gen_msg_tlv() to gen_msg_hdr() because this function generates an LDP header, not a TLV.
Finally, clean-up all the send_* functions so they all follow the same pattern.
|
#
1.46 |
|
23-May-2016 |
renato |
Respect the received Max PDU Length field.
|
#
1.45 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.44 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.43 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
#
1.42 |
|
23-May-2016 |
renato |
Call accept_unpause() when any TCP socket is closed.
We were calling accept_unpause() only when an LDP session is shut down. But, during the LDP session establishment process, we may have TCP sockets that are not associated with any neighbor. If we close one of these sockets, we must call accept_unpause() too.
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.41 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
#
1.40 |
|
21-Jul-2015 |
renato |
Improve handling of addresses on ldpe.
This is a preliminary work for the the next patch (sigup config reload). We want to make sure that the ldpe process can handle duplicated addresses.
The idea is to alloc two different if_addr structures for each address, and link one in the global list of addresses (used to send address messages) and link the other to the associated interface list of addresses.
Doing that we will be able to call kif_redistribute() after reloading the config file and activate the new LDP enabled interfaces.
NOTE: Interfaces are created at config parse time and the child processes inherit them on fork() so there's no need to send a status update at startup.
ok claudio@
|
#
1.39 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.38 |
|
04-Apr-2015 |
renato |
Give more detailed information on a couple of debug messages.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.37 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.36 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
12-Jul-2014 |
krw |
msgbuf_write() <= 0 for a few more daemons.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.33 |
|
17-Oct-2013 |
renato |
Improve parsing of label mapping messages and merge all recv_label* functions into a single generic function.
Add a few error checks and implement parsing of optional tlvs. Putting it all together helps avoid to code duplication and improve maintainability.
|
#
1.32 |
|
15-Oct-2013 |
renato |
Improve debug and error logs. OK claudio@
|
#
1.31 |
|
15-Oct-2013 |
renato |
Generate the NBR_EVT_PDU_RCVD event in a single point. OK claudio@
|
#
1.30 |
|
15-Oct-2013 |
renato |
Improve parsing of LDP messages. Add more sanity checks and send proper notification messages on error conditions. OK claudio@
|
#
1.29 |
|
15-Oct-2013 |
renato |
Ignore messages that have Unknown flag set. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.28 |
|
05-Jun-2013 |
miod |
Fix build on vax
|
#
1.27 |
|
04-Jun-2013 |
claudio |
Always accept TCP connection requests and identify to which neighbor it belongs only _after_ receiving an Initialization message containing the information we need. Before an Initialization message is received, the TCP connection shouldn't be associated with any neighbor/adjacency. Therefor refactor that part into a own module. From Renato Westphal
|
#
1.26 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.25 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.24 |
|
01-Jun-2013 |
claudio |
Improve error handling on session_read * Don't try to send a Shutdown message if the connection is already closed or a read error occured; * As per RFC 5036, send a Shutdown message if an unexpected message is received during the initialization process; * Check if the whole LSR ID of received messages is correct; * On ldpe_dispatch_main(), ignore the messages from the lde process whose associated neighbor is not in the operational state. Diff from Renato Westphal
|
#
1.23 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.22 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.21 |
|
01-Jun-2013 |
claudio |
Use the nbr_stop_[*]timer functions Diff from Renato Westphal
|
#
1.20 |
|
01-Jun-2013 |
claudio |
After returning from accept, we got a TCP connection not a LDP session. Rename event/actions in the discovery FSM to avoid confusion * NBR_EVT_SESSION_UP -> NBR_EVT_CONNECT_UP * NBR_ACT_SESSION_EST -> NBR_ACT_CONNECT_SETUP * nbr_act_session_establish -> nbr_act_connect_setup * NBR_ACT_INIT_SEND -> NBR_ACT_PASSIVE_INIT * NBR_ACT_STRT_KTIMER -> NBR_ACT_SESSION_EST Diff by Renato Westphal
|
#
1.19 |
|
01-Jun-2013 |
claudio |
Don't set the Message ID for hello messages. The Message ID field is used by notification messages to identify a given message. This is the behavior adopted by Cisco IOS. Diff from Renato Westphal
|
#
1.18 |
|
30-May-2013 |
claudio |
Improve sanity checks on received UDP messages The actual meaning of the "PDU Length" field is the total length of the LDP PDU, excluding the "Version" and "PDU Length" fields (as per RFC 5036, section 3.1). Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.17 |
|
11-Mar-2013 |
deraadt |
handle ECONNABORTED errors from accept(). In many code blocks they can be ignored silently and without aborting, much like EINTR and EWOULDBLOCK are. ok's from various maintainers of these directories...
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.16 |
|
12-Apr-2012 |
claudio |
accept pacing ldpd way. Since this daemon has multiple listening fds we add them all to a accept queue that does the pacing with the accept_pause() and accept_unpause() calls. With and OK deraadt@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.15 |
|
12-Mar-2011 |
claudio |
Log the fact that a session was not accepted because of missing HELLOs.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.14 |
|
10-Jan-2011 |
claudio |
Fix a bad heritage from ospfd. Make neighbors independent of interfaces. They are not bound as strongly as in ospf and causes problems when the TCP connection is established from an not connected IP (e.g. a loopback). Use three RB trees to sort the neighbor list by id, addr and peerid. More cleanup is needed but this makes ldpd work against peers using loopback IPs. Problem found, reported and fix tested again by Marcel Wiget.
|
#
1.13 |
|
04-Nov-2010 |
claudio |
Rewrite all packet parsers to be more careful about alignment. Until now ldpd had no chance to run on a strict alignment architecture but this makes ldpd happy on sparc64. Be careful to do all needed overflow checks and try to make all parsing functions look similar. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
#
1.11 |
|
14-May-2010 |
claudio |
Do not send notifications directly onto the wire. Decide in the caller how to send the notification. On accept use write() else queue message and try to send the queued messages out via msgbuf_write(). This may still fail but is better then the code beforehands. OK michele@
|
#
1.10 |
|
01-May-2010 |
jsg |
split up a multiple assignment so we aren't casting an lvalue. ok michele@ claudio@
|
#
1.9 |
|
29-Apr-2010 |
claudio |
Remove some more ospfd-ism from the interface code. This time remove of most of the IF_TYPE_ special cases and most interface types. Point-to-point and broadcast still present because of find_iface() which needs addtional fixing. OK michele@
|
#
1.8 |
|
15-Apr-2010 |
claudio |
session_shutdown() issues a NBR_EVT_CLOSE_SESSION and therefore a session_close() which does the event_del(&nbr->rev) so no need to do it twice. There is also no need to send two S_SHUTDOWN messages. OK michele@
|
#
1.7 |
|
15-Apr-2010 |
claudio |
Fix fd leak in error case. OK michele@
|
#
1.6 |
|
15-Apr-2010 |
claudio |
Instead of having three ways of setting fds non-blocking use session_socket_blockmode() everywhere. Additionally make two fatal() distinguishable. OK michele@
|
#
1.5 |
|
26-Mar-2010 |
claudio |
event_del() the read event when hitting a read error or when closing the file descriptor. If not done, we will loop forever on this event. OK michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.4 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.3 |
|
01-Nov-2009 |
michele |
Initialize "len" before using it in accept(2).
Found by Christophe Fillot
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
05-Jun-2009 |
michele |
Correctly send notification messages when errors occur.
ok claudio@ laurent@
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.70 |
|
04-Mar-2017 |
renato |
Implement RFC 5561 (LDP Capabilities).
This patch per-se doesn't introduce any useful functionality, but prepares the ground for new enhancements to ldpd (i.e. implementation of new RFCs that make use of LDP capabilities).
|
#
1.69 |
|
03-Mar-2017 |
renato |
Kill send_notification_nbr().
Be more clever and trigger the PDU SENT event inside send_notification() when tcp->nbr is set. This way we can eliminate send_notification_nbr() and always use send_notification() instead.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.68 |
|
16-Jul-2016 |
renato |
Remove potential overflow when validating message's length.
Also, use uint16_t for msg_type on gen_msg_hdr().
|
#
1.67 |
|
01-Jul-2016 |
renato |
More renaming and whitespace cleanup.
No binary change after "strip -s".
|
#
1.66 |
|
01-Jul-2016 |
renato |
Several minor tweaks.
|
#
1.65 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.64 |
|
18-Jun-2016 |
renato |
Fix removal of dual-stack neighbors.
|
#
1.63 |
|
13-Jun-2016 |
renato |
Implement a timeout for the session initialization FSM.
This prevents neighbors stuck in the initialization FSM to linger forever as long as the associated transport connection is up.
This timeout can be seen in the 'Session Initialization State Transition Diagram' of RFC 5036. The RFC, however, doesn't specify how much we should wait. Let's use 180 seconds for that, the default LDP hold time.
Fixes IxANVL LDP test 6.15.
|
#
1.62 |
|
13-Jun-2016 |
renato |
Rework the handling of Hello packets.
With the introduction of IPv6 support by RFC 7552, the handling of Hello packets in ldpd became something incredibly complex. Neighbors can change from single-stack LDP to dual-stack and vice-versa. They can change their transport preference, their transport addresses (IPv4 and IPv6) and even start or stop sending the Dual-Stack TLV. We also have to take care to reject things like multiple adjacencies advertising different transport-addresses for the same neighbor. ldpd was failing for some of the cases mentioned above, this patch fixes these issues and attempts to make the code easier to read.
|
#
1.61 |
|
09-Jun-2016 |
renato |
Do set the Message ID for Hello messages too.
In the original LDP specification, there was no circumstance where a Notification message could be sent in response to a Hello message. So setting the Message ID field for Hello packets was useless.
This changed with RFC 7552, where Hello packets can trigger the "Transport Connection Mismatch" notification when the local and remote transport preferences doesn't match. In this case, having a meaningful Message ID in the Hello packets can aid in testing and troubleshooting.
|
#
1.60 |
|
09-Jun-2016 |
renato |
Do not shut down the session upon receiving unknown messages.
RFC 5036 says the following about the receipt of unknown messages: "Unknown message bit. Upon receipt of an unknown message, if U is clear (=0), a notification is returned to the message originator; if U is set (=1), the unknown message is silently ignored".
We were correctly ignoring unknown messages when the U-bit was set. But when this bit was not set, we were shutting down the session when the correct thing to do is to just send a non-fatal notification message.
Fix IxANVL LDP test 22.13.
|
#
1.59 |
|
06-Jun-2016 |
renato |
Speed up session establishment after config reload.
If we change a neighbor's password or the global transport-address, cancel the affected pending connects and, when playing the active role of the session establishment process, try to connect again right away with the new password and/or transport-address.
Without this patch we have to wait for the timeout of the pending connects, which might be a lot of time.
|
#
1.58 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.57 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.56 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.55 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.54 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.53 |
|
23-May-2016 |
renato |
Move setsockopt helper functions to a separate file.
IPv6 support is coming and we don't want to pollute the interface.c file with too many of these helper functions.
Also, rename these functions from if_set_* to sock_set_*.
|
#
1.52 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.51 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.50 |
|
23-May-2016 |
renato |
Rework the way we handle income connection requests.
The logic of the previous code was to accept all TCP connection requests (destined to port 646) and create a tcp_conn structure for each them. Once the first packet of a connection was received, we would analyze the LDP Initialization message and identify its origin by looking at the LSR-ID field.
When parsing a received TCP packet, we would need to distinguish between two cases: tcp packet from an LDP neighbor and tcp packet from a newborn connection (not associated with any neighbor yet). For this reason, the session_read() function was quite complicated.
Also, we were not keeping track of the allocated tcp_conn structures. So, we were subject to memory leaks and even DOS attacks.
With this patch, we also accept all TCP connection requests, but with two major differences: * We identify the neighbor by the source address of the SYN packet. This is possible because we don't support label spaces, so the transport-address by itself is enough to identify a neighbor, we don't need to wait for the Initialization message; * If there's no matching adjacency for this neighbor, then we start a timer of 5 seconds. If we receive a Hello packet from this neighbor within this interval, then we stop this timer and move on in the Initialization state machine. Otherwise, we send a No Hello Notification message and close the socket. We try to avoid sending the No Hello notification as much as possible because it triggers the backoff exponential in the remote peer, which considerably slow down the session establishment process.
In summary, this new approach allows for a simpler code and fixes the memory leak problem mentioned before.
|
#
1.49 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.48 |
|
23-May-2016 |
renato |
Don't ignore notification messages before the session is operational.
This was preventing us from triggering the backoff exponential timer after receiving a 'No Hello' notification.
|
#
1.47 |
|
23-May-2016 |
renato |
Improve the parser of TCP/session packets.
Add more safeguards against malformed packets and fix existing ones. Also, rename a few variables and constants to match their real meaning. For example, rename gen_msg_tlv() to gen_msg_hdr() because this function generates an LDP header, not a TLV.
Finally, clean-up all the send_* functions so they all follow the same pattern.
|
#
1.46 |
|
23-May-2016 |
renato |
Respect the received Max PDU Length field.
|
#
1.45 |
|
23-May-2016 |
renato |
Move some code around.
This patch doesn't introduce any logical change.
|
#
1.44 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.43 |
|
23-May-2016 |
renato |
Replace manually written function names with __func__.
|
#
1.42 |
|
23-May-2016 |
renato |
Call accept_unpause() when any TCP socket is closed.
We were calling accept_unpause() only when an LDP session is shut down. But, during the LDP session establishment process, we may have TCP sockets that are not associated with any neighbor. If we close one of these sockets, we must call accept_unpause() too.
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.41 |
|
21-Jul-2015 |
renato |
Add configuration reload support.
ok claudio@
|
#
1.40 |
|
21-Jul-2015 |
renato |
Improve handling of addresses on ldpe.
This is a preliminary work for the the next patch (sigup config reload). We want to make sure that the ldpe process can handle duplicated addresses.
The idea is to alloc two different if_addr structures for each address, and link one in the global list of addresses (used to send address messages) and link the other to the associated interface list of addresses.
Doing that we will be able to call kif_redistribute() after reloading the config file and activate the new LDP enabled interfaces.
NOTE: Interfaces are created at config parse time and the child processes inherit them on fork() so there's no need to send a status update at startup.
ok claudio@
|
#
1.39 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.38 |
|
04-Apr-2015 |
renato |
Give more detailed information on a couple of debug messages.
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.37 |
|
09-Feb-2015 |
claudio |
More SOCK_NONBLOCK | SOCK_CLOEXEC love and one less session_socket_blockmode
|
#
1.36 |
|
25-Oct-2014 |
lteo |
Remove unnecessary netinet/in_systm.h include.
ok millert@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.35 |
|
12-Jul-2014 |
krw |
msgbuf_write() <= 0 for a few more daemons.
ok claudio@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
26-Nov-2013 |
henning |
deal with msgbuf_write EAGAIN, ok gilles benno
|
#
1.33 |
|
17-Oct-2013 |
renato |
Improve parsing of label mapping messages and merge all recv_label* functions into a single generic function.
Add a few error checks and implement parsing of optional tlvs. Putting it all together helps avoid to code duplication and improve maintainability.
|
#
1.32 |
|
15-Oct-2013 |
renato |
Improve debug and error logs. OK claudio@
|
#
1.31 |
|
15-Oct-2013 |
renato |
Generate the NBR_EVT_PDU_RCVD event in a single point. OK claudio@
|
#
1.30 |
|
15-Oct-2013 |
renato |
Improve parsing of LDP messages. Add more sanity checks and send proper notification messages on error conditions. OK claudio@
|
#
1.29 |
|
15-Oct-2013 |
renato |
Ignore messages that have Unknown flag set. OK claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.28 |
|
05-Jun-2013 |
miod |
Fix build on vax
|
#
1.27 |
|
04-Jun-2013 |
claudio |
Always accept TCP connection requests and identify to which neighbor it belongs only _after_ receiving an Initialization message containing the information we need. Before an Initialization message is received, the TCP connection shouldn't be associated with any neighbor/adjacency. Therefor refactor that part into a own module. From Renato Westphal
|
#
1.26 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.25 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.24 |
|
01-Jun-2013 |
claudio |
Improve error handling on session_read * Don't try to send a Shutdown message if the connection is already closed or a read error occured; * As per RFC 5036, send a Shutdown message if an unexpected message is received during the initialization process; * Check if the whole LSR ID of received messages is correct; * On ldpe_dispatch_main(), ignore the messages from the lde process whose associated neighbor is not in the operational state. Diff from Renato Westphal
|
#
1.23 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.22 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.21 |
|
01-Jun-2013 |
claudio |
Use the nbr_stop_[*]timer functions Diff from Renato Westphal
|
#
1.20 |
|
01-Jun-2013 |
claudio |
After returning from accept, we got a TCP connection not a LDP session. Rename event/actions in the discovery FSM to avoid confusion * NBR_EVT_SESSION_UP -> NBR_EVT_CONNECT_UP * NBR_ACT_SESSION_EST -> NBR_ACT_CONNECT_SETUP * nbr_act_session_establish -> nbr_act_connect_setup * NBR_ACT_INIT_SEND -> NBR_ACT_PASSIVE_INIT * NBR_ACT_STRT_KTIMER -> NBR_ACT_SESSION_EST Diff by Renato Westphal
|
#
1.19 |
|
01-Jun-2013 |
claudio |
Don't set the Message ID for hello messages. The Message ID field is used by notification messages to identify a given message. This is the behavior adopted by Cisco IOS. Diff from Renato Westphal
|
#
1.18 |
|
30-May-2013 |
claudio |
Improve sanity checks on received UDP messages The actual meaning of the "PDU Length" field is the total length of the LDP PDU, excluding the "Version" and "PDU Length" fields (as per RFC 5036, section 3.1). Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.17 |
|
11-Mar-2013 |
deraadt |
handle ECONNABORTED errors from accept(). In many code blocks they can be ignored silently and without aborting, much like EINTR and EWOULDBLOCK are. ok's from various maintainers of these directories...
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.16 |
|
12-Apr-2012 |
claudio |
accept pacing ldpd way. Since this daemon has multiple listening fds we add them all to a accept queue that does the pacing with the accept_pause() and accept_unpause() calls. With and OK deraadt@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.15 |
|
12-Mar-2011 |
claudio |
Log the fact that a session was not accepted because of missing HELLOs.
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.14 |
|
10-Jan-2011 |
claudio |
Fix a bad heritage from ospfd. Make neighbors independent of interfaces. They are not bound as strongly as in ospf and causes problems when the TCP connection is established from an not connected IP (e.g. a loopback). Use three RB trees to sort the neighbor list by id, addr and peerid. More cleanup is needed but this makes ldpd work against peers using loopback IPs. Problem found, reported and fix tested again by Marcel Wiget.
|
#
1.13 |
|
04-Nov-2010 |
claudio |
Rewrite all packet parsers to be more careful about alignment. Until now ldpd had no chance to run on a strict alignment architecture but this makes ldpd happy on sparc64. Be careful to do all needed overflow checks and try to make all parsing functions look similar. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.12 |
|
26-May-2010 |
nicm |
Rename some imsg bits to make namespace collisions less likely buf to ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
#
1.11 |
|
14-May-2010 |
claudio |
Do not send notifications directly onto the wire. Decide in the caller how to send the notification. On accept use write() else queue message and try to send the queued messages out via msgbuf_write(). This may still fail but is better then the code beforehands. OK michele@
|
#
1.10 |
|
01-May-2010 |
jsg |
split up a multiple assignment so we aren't casting an lvalue. ok michele@ claudio@
|
#
1.9 |
|
29-Apr-2010 |
claudio |
Remove some more ospfd-ism from the interface code. This time remove of most of the IF_TYPE_ special cases and most interface types. Point-to-point and broadcast still present because of find_iface() which needs addtional fixing. OK michele@
|
#
1.8 |
|
15-Apr-2010 |
claudio |
session_shutdown() issues a NBR_EVT_CLOSE_SESSION and therefore a session_close() which does the event_del(&nbr->rev) so no need to do it twice. There is also no need to send two S_SHUTDOWN messages. OK michele@
|
#
1.7 |
|
15-Apr-2010 |
claudio |
Fix fd leak in error case. OK michele@
|
#
1.6 |
|
15-Apr-2010 |
claudio |
Instead of having three ways of setting fds non-blocking use session_socket_blockmode() everywhere. Additionally make two fatal() distinguishable. OK michele@
|
#
1.5 |
|
26-Mar-2010 |
claudio |
event_del() the read event when hitting a read error or when closing the file descriptor. If not done, we will loop forever on this event. OK michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.4 |
|
25-Feb-2010 |
claudio |
Do not use bufferevent for something that's already covered in the imsg buffer API. This fixes a few possible problems in session_read and does some further cleanup in various places. Wrap msgbuf into evbuf to add libevent functionality and use buf_read to handle the read side of a session. OK michele@ and dlg@ did not see anything evil
|
#
1.3 |
|
01-Nov-2009 |
michele |
Initialize "len" before using it in accept(2).
Found by Christophe Fillot
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.2 |
|
05-Jun-2009 |
michele |
Correctly send notification messages when errors occur.
ok claudio@ laurent@
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|