Don't declare variables as "unsigned char *" that are passed to
functions that take "char *" arguments. Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to unsigned char.

For OpenBSD's clang, -Wpointer-sign has been disabled by default,
but when the parse.y code was built elsewhere, the compiler would
complain.

With help from millert@
ok benno@ deraadt@

(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno

teach ldpd to ask if a potential pseudowire interface can do pwe3

this makes ldpd open the ioctl socket early so the config parser
can run the SIOCGPWE3 ioctl against the requested interface.

ok claudio@

factor out parsing of ldp router ids by making it part of the grammar

this way we do the inet_aton and bad address check in one place,
and just reuse it in the router-id, neighbor, and pseudowire bits.

ok claudio@

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

- odd condition/test in PF lexer
(and other lexers too)

This commit rectifies earlier change:

in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).

OK deraadt@, OK millert@

replace malloc()+strlcpy() with strndup() in cmdline_symset().

"looks good" gilles@ halex@

Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.

ok henning@

No need to mention which memory allocation entry point failed (malloc,
calloc or strdup), we just need to log that we ran out of memory in a
particular function.

Recommended by florian@ and deraadt@

ok benno@ henning@ tb@

Fix an off-by-one line count when using include statements.

Thanks to otto@ for the initial diff.

OK benno@

Plug leak in error case of the common 'varset' implementations.

ok benno@

Minor tweaks.

Allow to run on a non-default rdomain.

OK claudio@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

Do not allow configuring the same interface for both LDP and VPLS.

Configuring an interface for both LDP signaling and as a member of a
VPLS instance doesn't cause any harm as far as ldpd is concerned. But
it certainly doesn't make any sense, so it's better to reject the
configuration and warn the user instead of ignoring this silently.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Fix bugs in pseudowire parameters negotiation.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

clear_config() should only deallocate memory and nothing else.

clear_config() is called when the parser fails (at startup or config
reload). While cleaning up the allocated memory, the parser should not
log anything, after all the daemon's running configuration is untouched.
So, in this case, we se should clear the partial config by hand and
avoid functions like if_del().

Do not accept incomplete pseudowires in the configuration.

There's no point on keeping in the config something that can not be used,
it just adds unnecessary complexity. Also, it's better to warn the user
that there's something wrong rather than play nice and ignore the problem.

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Add support for including additional configuration files.

Pulled from ospfd. Original author: dlg@

Fix router-id selection if static router-id is not given.

First convert IP addresses to host byte-order before checking which one
is smaller. Additionally fix the check to find the lowest configured IP
as suggested by the RFC.

Pulled from ospfd. Original author: claudio@

Bring in the findeol() fix from pfctl.

Pulled from ospfd. Original author: henning@

As done for bgpd recently, rename if_mediatype to if_type in ldpd.
And some ifmedia64 fixes.
"move forward" deraadt@

Validate ip addresses on configuration.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Assorted fixes and code cleanup for targeted neighbors.

ok claudio@

Add missing LIST_INIT's.

ok claudio@

Implement md5 authentication support.

ok claudio@

Remove incomplete support for unnecessary modes of operation.

LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.

For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.

As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.

The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.

ok claudio@

Don't allow embedded nul characters in strings.
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.

pfctl parse.y patch from and ok deraadt@

Add gcc printf format attributes to yyerror() in parse.y files.
No yyerror() calls needed to be changed.

ok bluhm@

Convert the logic in yyerror(). Instead of creating a temporary
format string, create a temporary message.
OK claudio@

relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

use u_char for buffers in yylex, for ctype calls
found by millert@, ok deraadt@

Since a targeted neighbor can be created both by configuration and
on runtime, the ldpd_conf structure used should be passed as an
argument to avoid segfaults.

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Fix bug in the fib-update command
The "fib-update" directive wasn't accepting "no" as an option.
Diff by Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

The keepalive timeout should be configured on a global basis and not per
interface.
Remove the iface pointer from the 'nbr' structure because it's not
needed anymore.
Diff from Renato Westphal

Drop support for per-interface labelspaces.
Support for per-interface labelspaces is only necessary for legacy ATM/FR
interfaces running in cell-mode. We shouldn't worry about this.
For platform-wide label spaces the label space id is always 0.
Diff by Renato Westphal

Drop support for passive interfaces.
Support for passive interfaces was inherited from ospfd but it doesn't
make any sense at all for ldpd.
Diff from Renato Westphal

A bit nicer error message.

Don't allow enabling LDP on loopback and carp interfaces.
LDP should be allowed only on physical or tunnel interfaces.
Diff by Renato Westphal

Do not use a carp address as ldp router id because it is not unique.
Pulled from ospfd.
Diff from Renato Westphal [renatowestphal at gmail.com]

as done in ospf{,6}d/relayd, sync yyerror in various other daemons with
that from bgpd, so that it logs to syslog when daemonized.

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

fix linecount bug with comments spanning multiple lines
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?

Requiring { } blocks for interfaces is dumb since most don't need any
additional options.

Remove another leftover from ospfd. ldpd does not have a concept of ext_tag
and so there is no need to carry ext_tag and rtlabels around.
"Yes! kill kill kill" michele@

Set the correct defaults for label advertisement, retention and distribution.

ok claudio@

Plug a memory leak in pushfile().

ok claudio@

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno

teach ldpd to ask if a potential pseudowire interface can do pwe3

this makes ldpd open the ioctl socket early so the config parser
can run the SIOCGPWE3 ioctl against the requested interface.

ok claudio@

factor out parsing of ldp router ids by making it part of the grammar

this way we do the inet_aton and bad address check in one place,
and just reuse it in the router-id, neighbor, and pseudowire bits.

ok claudio@

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

- odd condition/test in PF lexer
(and other lexers too)

This commit rectifies earlier change:

in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).

OK deraadt@, OK millert@

replace malloc()+strlcpy() with strndup() in cmdline_symset().

"looks good" gilles@ halex@

Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.

ok henning@

No need to mention which memory allocation entry point failed (malloc,
calloc or strdup), we just need to log that we ran out of memory in a
particular function.

Recommended by florian@ and deraadt@

ok benno@ henning@ tb@

Fix an off-by-one line count when using include statements.

Thanks to otto@ for the initial diff.

OK benno@

Plug leak in error case of the common 'varset' implementations.

ok benno@

Minor tweaks.

Allow to run on a non-default rdomain.

OK claudio@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

Do not allow configuring the same interface for both LDP and VPLS.

Configuring an interface for both LDP signaling and as a member of a
VPLS instance doesn't cause any harm as far as ldpd is concerned. But
it certainly doesn't make any sense, so it's better to reject the
configuration and warn the user instead of ignoring this silently.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Fix bugs in pseudowire parameters negotiation.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

clear_config() should only deallocate memory and nothing else.

clear_config() is called when the parser fails (at startup or config
reload). While cleaning up the allocated memory, the parser should not
log anything, after all the daemon's running configuration is untouched.
So, in this case, we se should clear the partial config by hand and
avoid functions like if_del().

Do not accept incomplete pseudowires in the configuration.

There's no point on keeping in the config something that can not be used,
it just adds unnecessary complexity. Also, it's better to warn the user
that there's something wrong rather than play nice and ignore the problem.

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Add support for including additional configuration files.

Pulled from ospfd. Original author: dlg@

Fix router-id selection if static router-id is not given.

First convert IP addresses to host byte-order before checking which one
is smaller. Additionally fix the check to find the lowest configured IP
as suggested by the RFC.

Pulled from ospfd. Original author: claudio@

Bring in the findeol() fix from pfctl.

Pulled from ospfd. Original author: henning@

As done for bgpd recently, rename if_mediatype to if_type in ldpd.
And some ifmedia64 fixes.
"move forward" deraadt@

Validate ip addresses on configuration.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Assorted fixes and code cleanup for targeted neighbors.

ok claudio@

Add missing LIST_INIT's.

ok claudio@

Implement md5 authentication support.

ok claudio@

Remove incomplete support for unnecessary modes of operation.

LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.

For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.

As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.

The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.

ok claudio@

Don't allow embedded nul characters in strings.
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.

pfctl parse.y patch from and ok deraadt@

Add gcc printf format attributes to yyerror() in parse.y files.
No yyerror() calls needed to be changed.

ok bluhm@

Convert the logic in yyerror(). Instead of creating a temporary
format string, create a temporary message.
OK claudio@

relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

use u_char for buffers in yylex, for ctype calls
found by millert@, ok deraadt@

Since a targeted neighbor can be created both by configuration and
on runtime, the ldpd_conf structure used should be passed as an
argument to avoid segfaults.

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Fix bug in the fib-update command
The "fib-update" directive wasn't accepting "no" as an option.
Diff by Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

The keepalive timeout should be configured on a global basis and not per
interface.
Remove the iface pointer from the 'nbr' structure because it's not
needed anymore.
Diff from Renato Westphal

Drop support for per-interface labelspaces.
Support for per-interface labelspaces is only necessary for legacy ATM/FR
interfaces running in cell-mode. We shouldn't worry about this.
For platform-wide label spaces the label space id is always 0.
Diff by Renato Westphal

Drop support for passive interfaces.
Support for passive interfaces was inherited from ospfd but it doesn't
make any sense at all for ldpd.
Diff from Renato Westphal

A bit nicer error message.

Don't allow enabling LDP on loopback and carp interfaces.
LDP should be allowed only on physical or tunnel interfaces.
Diff by Renato Westphal

Do not use a carp address as ldp router id because it is not unique.
Pulled from ospfd.
Diff from Renato Westphal [renatowestphal at gmail.com]

as done in ospf{,6}d/relayd, sync yyerror in various other daemons with
that from bgpd, so that it logs to syslog when daemonized.

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

fix linecount bug with comments spanning multiple lines
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?

Requiring { } blocks for interfaces is dumb since most don't need any
additional options.

Remove another leftover from ospfd. ldpd does not have a concept of ext_tag
and so there is no need to carry ext_tag and rtlabels around.
"Yes! kill kill kill" michele@

Set the correct defaults for label advertisement, retention and distribution.

ok claudio@

Plug a memory leak in pushfile().

ok claudio@

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

teach ldpd to ask if a potential pseudowire interface can do pwe3

this makes ldpd open the ioctl socket early so the config parser
can run the SIOCGPWE3 ioctl against the requested interface.

ok claudio@

factor out parsing of ldp router ids by making it part of the grammar

this way we do the inet_aton and bad address check in one place,
and just reuse it in the router-id, neighbor, and pseudowire bits.

ok claudio@

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

- odd condition/test in PF lexer
(and other lexers too)

This commit rectifies earlier change:

in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).

OK deraadt@, OK millert@

replace malloc()+strlcpy() with strndup() in cmdline_symset().

"looks good" gilles@ halex@

Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.

ok henning@

No need to mention which memory allocation entry point failed (malloc,
calloc or strdup), we just need to log that we ran out of memory in a
particular function.

Recommended by florian@ and deraadt@

ok benno@ henning@ tb@

Fix an off-by-one line count when using include statements.

Thanks to otto@ for the initial diff.

OK benno@

Plug leak in error case of the common 'varset' implementations.

ok benno@

Minor tweaks.

Allow to run on a non-default rdomain.

OK claudio@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

Do not allow configuring the same interface for both LDP and VPLS.

Configuring an interface for both LDP signaling and as a member of a
VPLS instance doesn't cause any harm as far as ldpd is concerned. But
it certainly doesn't make any sense, so it's better to reject the
configuration and warn the user instead of ignoring this silently.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Fix bugs in pseudowire parameters negotiation.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

clear_config() should only deallocate memory and nothing else.

clear_config() is called when the parser fails (at startup or config
reload). While cleaning up the allocated memory, the parser should not
log anything, after all the daemon's running configuration is untouched.
So, in this case, we se should clear the partial config by hand and
avoid functions like if_del().

Do not accept incomplete pseudowires in the configuration.

There's no point on keeping in the config something that can not be used,
it just adds unnecessary complexity. Also, it's better to warn the user
that there's something wrong rather than play nice and ignore the problem.

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Add support for including additional configuration files.

Pulled from ospfd. Original author: dlg@

Fix router-id selection if static router-id is not given.

First convert IP addresses to host byte-order before checking which one
is smaller. Additionally fix the check to find the lowest configured IP
as suggested by the RFC.

Pulled from ospfd. Original author: claudio@

Bring in the findeol() fix from pfctl.

Pulled from ospfd. Original author: henning@

As done for bgpd recently, rename if_mediatype to if_type in ldpd.
And some ifmedia64 fixes.
"move forward" deraadt@

Validate ip addresses on configuration.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Assorted fixes and code cleanup for targeted neighbors.

ok claudio@

Add missing LIST_INIT's.

ok claudio@

Implement md5 authentication support.

ok claudio@

Remove incomplete support for unnecessary modes of operation.

LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.

For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.

As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.

The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.

ok claudio@

Don't allow embedded nul characters in strings.
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.

pfctl parse.y patch from and ok deraadt@

Add gcc printf format attributes to yyerror() in parse.y files.
No yyerror() calls needed to be changed.

ok bluhm@

Convert the logic in yyerror(). Instead of creating a temporary
format string, create a temporary message.
OK claudio@

relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

use u_char for buffers in yylex, for ctype calls
found by millert@, ok deraadt@

Since a targeted neighbor can be created both by configuration and
on runtime, the ldpd_conf structure used should be passed as an
argument to avoid segfaults.

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Fix bug in the fib-update command
The "fib-update" directive wasn't accepting "no" as an option.
Diff by Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

The keepalive timeout should be configured on a global basis and not per
interface.
Remove the iface pointer from the 'nbr' structure because it's not
needed anymore.
Diff from Renato Westphal

Drop support for per-interface labelspaces.
Support for per-interface labelspaces is only necessary for legacy ATM/FR
interfaces running in cell-mode. We shouldn't worry about this.
For platform-wide label spaces the label space id is always 0.
Diff by Renato Westphal

Drop support for passive interfaces.
Support for passive interfaces was inherited from ospfd but it doesn't
make any sense at all for ldpd.
Diff from Renato Westphal

A bit nicer error message.

Don't allow enabling LDP on loopback and carp interfaces.
LDP should be allowed only on physical or tunnel interfaces.
Diff by Renato Westphal

Do not use a carp address as ldp router id because it is not unique.
Pulled from ospfd.
Diff from Renato Westphal [renatowestphal at gmail.com]

as done in ospf{,6}d/relayd, sync yyerror in various other daemons with
that from bgpd, so that it logs to syslog when daemonized.

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

fix linecount bug with comments spanning multiple lines
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?

Requiring { } blocks for interfaces is dumb since most don't need any
additional options.

Remove another leftover from ospfd. ldpd does not have a concept of ext_tag
and so there is no need to carry ext_tag and rtlabels around.
"Yes! kill kill kill" michele@

Set the correct defaults for label advertisement, retention and distribution.

ok claudio@

Plug a memory leak in pushfile().

ok claudio@

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

- odd condition/test in PF lexer
(and other lexers too)

This commit rectifies earlier change:

in the lex... even inside quotes, a \ followed by space or tab should
expand to space or tab, and a \ followed by newline should be ignored
(as a line continuation). compatible with the needs of hoststated
(which has the most strict quoted string requirements), and ifstated
(where one commonly does line continuations in strings).

OK deraadt@, OK millert@

replace malloc()+strlcpy() with strndup() in cmdline_symset().

"looks good" gilles@ halex@

Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.

ok henning@

No need to mention which memory allocation entry point failed (malloc,
calloc or strdup), we just need to log that we ran out of memory in a
particular function.

Recommended by florian@ and deraadt@

ok benno@ henning@ tb@

Fix an off-by-one line count when using include statements.

Thanks to otto@ for the initial diff.

OK benno@

Plug leak in error case of the common 'varset' implementations.

ok benno@

Minor tweaks.

Allow to run on a non-default rdomain.

OK claudio@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

Do not allow configuring the same interface for both LDP and VPLS.

Configuring an interface for both LDP signaling and as a member of a
VPLS instance doesn't cause any harm as far as ldpd is concerned. But
it certainly doesn't make any sense, so it's better to reject the
configuration and warn the user instead of ignoring this silently.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Fix bugs in pseudowire parameters negotiation.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

clear_config() should only deallocate memory and nothing else.

clear_config() is called when the parser fails (at startup or config
reload). While cleaning up the allocated memory, the parser should not
log anything, after all the daemon's running configuration is untouched.
So, in this case, we se should clear the partial config by hand and
avoid functions like if_del().

Do not accept incomplete pseudowires in the configuration.

There's no point on keeping in the config something that can not be used,
it just adds unnecessary complexity. Also, it's better to warn the user
that there's something wrong rather than play nice and ignore the problem.

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Add support for including additional configuration files.

Pulled from ospfd. Original author: dlg@

Fix router-id selection if static router-id is not given.

First convert IP addresses to host byte-order before checking which one
is smaller. Additionally fix the check to find the lowest configured IP
as suggested by the RFC.

Pulled from ospfd. Original author: claudio@

Bring in the findeol() fix from pfctl.

Pulled from ospfd. Original author: henning@

As done for bgpd recently, rename if_mediatype to if_type in ldpd.
And some ifmedia64 fixes.
"move forward" deraadt@

Validate ip addresses on configuration.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Assorted fixes and code cleanup for targeted neighbors.

ok claudio@

Add missing LIST_INIT's.

ok claudio@

Implement md5 authentication support.

ok claudio@

Remove incomplete support for unnecessary modes of operation.

LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.

For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.

As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.

The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.

ok claudio@

Don't allow embedded nul characters in strings.
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.

pfctl parse.y patch from and ok deraadt@

Add gcc printf format attributes to yyerror() in parse.y files.
No yyerror() calls needed to be changed.

ok bluhm@

Convert the logic in yyerror(). Instead of creating a temporary
format string, create a temporary message.
OK claudio@

relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

use u_char for buffers in yylex, for ctype calls
found by millert@, ok deraadt@

Since a targeted neighbor can be created both by configuration and
on runtime, the ldpd_conf structure used should be passed as an
argument to avoid segfaults.

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Fix bug in the fib-update command
The "fib-update" directive wasn't accepting "no" as an option.
Diff by Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

The keepalive timeout should be configured on a global basis and not per
interface.
Remove the iface pointer from the 'nbr' structure because it's not
needed anymore.
Diff from Renato Westphal

Drop support for per-interface labelspaces.
Support for per-interface labelspaces is only necessary for legacy ATM/FR
interfaces running in cell-mode. We shouldn't worry about this.
For platform-wide label spaces the label space id is always 0.
Diff by Renato Westphal

Drop support for passive interfaces.
Support for passive interfaces was inherited from ospfd but it doesn't
make any sense at all for ldpd.
Diff from Renato Westphal

A bit nicer error message.

Don't allow enabling LDP on loopback and carp interfaces.
LDP should be allowed only on physical or tunnel interfaces.
Diff by Renato Westphal

Do not use a carp address as ldp router id because it is not unique.
Pulled from ospfd.
Diff from Renato Westphal [renatowestphal at gmail.com]

as done in ospf{,6}d/relayd, sync yyerror in various other daemons with
that from bgpd, so that it logs to syslog when daemonized.

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

fix linecount bug with comments spanning multiple lines
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?

Requiring { } blocks for interfaces is dumb since most don't need any
additional options.

Remove another leftover from ospfd. ldpd does not have a concept of ext_tag
and so there is no need to carry ext_tag and rtlabels around.
"Yes! kill kill kill" michele@

Set the correct defaults for label advertisement, retention and distribution.

ok claudio@

Plug a memory leak in pushfile().

ok claudio@

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

replace malloc()+strlcpy() with strndup() in cmdline_symset().

"looks good" gilles@ halex@

Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.

ok henning@

No need to mention which memory allocation entry point failed (malloc,
calloc or strdup), we just need to log that we ran out of memory in a
particular function.

Recommended by florian@ and deraadt@

ok benno@ henning@ tb@

Fix an off-by-one line count when using include statements.

Thanks to otto@ for the initial diff.

OK benno@

Plug leak in error case of the common 'varset' implementations.

ok benno@

Minor tweaks.

Allow to run on a non-default rdomain.

OK claudio@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

Do not allow configuring the same interface for both LDP and VPLS.

Configuring an interface for both LDP signaling and as a member of a
VPLS instance doesn't cause any harm as far as ldpd is concerned. But
it certainly doesn't make any sense, so it's better to reject the
configuration and warn the user instead of ignoring this silently.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Fix bugs in pseudowire parameters negotiation.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

clear_config() should only deallocate memory and nothing else.

clear_config() is called when the parser fails (at startup or config
reload). While cleaning up the allocated memory, the parser should not
log anything, after all the daemon's running configuration is untouched.
So, in this case, we se should clear the partial config by hand and
avoid functions like if_del().

Do not accept incomplete pseudowires in the configuration.

There's no point on keeping in the config something that can not be used,
it just adds unnecessary complexity. Also, it's better to warn the user
that there's something wrong rather than play nice and ignore the problem.

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Add support for including additional configuration files.

Pulled from ospfd. Original author: dlg@

Fix router-id selection if static router-id is not given.

First convert IP addresses to host byte-order before checking which one
is smaller. Additionally fix the check to find the lowest configured IP
as suggested by the RFC.

Pulled from ospfd. Original author: claudio@

Bring in the findeol() fix from pfctl.

Pulled from ospfd. Original author: henning@

As done for bgpd recently, rename if_mediatype to if_type in ldpd.
And some ifmedia64 fixes.
"move forward" deraadt@

Validate ip addresses on configuration.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@

Assorted fixes and code cleanup for targeted neighbors.

ok claudio@

Add missing LIST_INIT's.

ok claudio@

Implement md5 authentication support.

ok claudio@

Remove incomplete support for unnecessary modes of operation.

LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.

For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.

As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.

The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.

ok claudio@

Don't allow embedded nul characters in strings.
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.

pfctl parse.y patch from and ok deraadt@

Add gcc printf format attributes to yyerror() in parse.y files.
No yyerror() calls needed to be changed.

ok bluhm@

Convert the logic in yyerror(). Instead of creating a temporary
format string, create a temporary message.
OK claudio@

relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

use u_char for buffers in yylex, for ctype calls
found by millert@, ok deraadt@

Since a targeted neighbor can be created both by configuration and
on runtime, the ldpd_conf structure used should be passed as an
argument to avoid segfaults.

Implement support for adjacencies and targeted hellos
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal

Fix bug in the fib-update command
The "fib-update" directive wasn't accepting "no" as an option.
Diff by Renato Westphal

Implement support for multiple addresses per interface.
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal

The keepalive timeout should be configured on a global basis and not per
interface.
Remove the iface pointer from the 'nbr' structure because it's not
needed anymore.
Diff from Renato Westphal

Drop support for per-interface labelspaces.
Support for per-interface labelspaces is only necessary for legacy ATM/FR
interfaces running in cell-mode. We shouldn't worry about this.
For platform-wide label spaces the label space id is always 0.
Diff by Renato Westphal

Drop support for passive interfaces.
Support for passive interfaces was inherited from ospfd but it doesn't
make any sense at all for ldpd.
Diff from Renato Westphal

A bit nicer error message.

Don't allow enabling LDP on loopback and carp interfaces.
LDP should be allowed only on physical or tunnel interfaces.
Diff by Renato Westphal

Do not use a carp address as ldp router id because it is not unique.
Pulled from ospfd.
Diff from Renato Westphal [renatowestphal at gmail.com]

as done in ospf{,6}d/relayd, sync yyerror in various other daemons with
that from bgpd, so that it logs to syslog when daemonized.

s/lfib/fib/ for more consitency with the other routing daemons.
This started manly because of ldpctl beeing inconsistent and me misstyping
lfib almost every time.
OK michele@

fix linecount bug with comments spanning multiple lines
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?

Requiring { } blocks for interfaces is dumb since most don't need any
additional options.

Remove another leftover from ospfd. ldpd does not have a concept of ext_tag
and so there is no need to carry ext_tag and rtlabels around.
"Yes! kill kill kill" michele@

Set the correct defaults for label advertisement, retention and distribution.

ok claudio@

Plug a memory leak in pushfile().

ok claudio@

Welcome ldpd, the Label Distribution Protocol daemon.
Built using the imsg/three process framework, its main aim
is to redistribute MPLS labels between peers.

Right now it has some really basic functionalities,
the basic protocol works and peers are able to exchange
labels and insert them in the kernel.
It still does not react to changes of topology.

Not yet connected to the builds.

ok claudio@ deraadt@

Do for most running out of memory err() what was done for most running
out of memory log_warn(). i.e. ("%s", __func__) instead of manual
function names and redundant verbiage about which wrapper detected the
out of memory condition.

ok henning@

No need to mention which memory allocation entry point failed (malloc,
calloc or strdup), we just need to log that we ran out of memory in a
particular function.

Recommended by florian@ and deraadt@

ok benno@ henning@ tb@

Fix an off-by-one line count when using include statements.

Thanks to otto@ for the initial diff.

OK benno@

Plug leak in error case of the common 'varset' implementations.

ok benno@

Minor tweaks.

Allow to run on a non-default rdomain.

OK claudio@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

Do not allow configuring the same interface for both LDP and VPLS.

Configuring an interface for both LDP signaling and as a member of a
VPLS instance doesn't cause any harm as far as ldpd is concerned. But
it certainly doesn't make any sense, so it's better to reject the
configuration and warn the user instead of ignoring this silently.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

Assorted fixes and small cleanup.

Nothing really interesting here.

Enable changing the router-id via config reload.

Now ldpd can start without a router-id, since it can be set later. Since
a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors
will check for a valid router-id in order to be activated.

When the router-id is changed, all the neighborships are reset.

Don't create l2vpn targeted neighbors inside the config parser.

When removing a configured pseudowire, we remove the associated tnbr
in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it
makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things
consistent.

Fix bugs in pseudowire parameters negotiation.

Copy structs by assignment instead of memcpy.

Copying by straight assignment is shorter, easier to read and has a
higher level of abstraction. We'll only avoid it when copying from an
unaligned source (e.g., network buffers).

In addition, copy in_addr structs directly.

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Rework L2VPN code.

clear_config() should only deallocate memory and nothing else.

clear_config() is called when the parser fails (at startup or config
reload). While cleaning up the allocated memory, the parser should not
log anything, after all the daemon's running configuration is untouched.
So, in this case, we se should clear the partial config by hand and
avoid functions like if_del().

Do not accept incomplete pseudowires in the configuration.

There's no point on keeping in the config something that can not be used,
it just adds unnecessary complexity. Also, it's better to warn the user
that there's something wrong rather than play nice and ignore the problem.

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

More renaming.

Rename a few more things to improve readability.

* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

Add knob to configure the transport address.

This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.

Allow setting the session holdtime per neighbor.

Add support for including additional configuration files.

Pulled from ospfd. Original author: dlg@

Fix router-id selection if static router-id is not given.

First convert IP addresses to host byte-order before checking which one
is smaller. Additionally fix the check to find the lowest configured IP
as suggested by the RFC.

Pulled from ospfd. Original author: claudio@

Bring in the findeol() fix from pfctl.

Pulled from ospfd. Original author: henning@

As done for bgpd recently, rename if_mediatype to if_type in ldpd.
And some ifmedia64 fixes.
"move forward" deraadt@

Validate ip addresses on configuration.

ok claudio@

VPLS signaling support.

This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.

As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.

Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).

Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS

ok claudio@

Reuse merge_config() logic to simplify the shutdown of each process.

ok claudio@