#
1.72 |
|
15-Oct-2021 |
naddy |
Don't declare variables as "unsigned char *" that are passed to functions that take "char *" arguments. Where such chars are assigned to int or passed to ctype functions, explicitly cast them to unsigned char.
For OpenBSD's clang, -Wpointer-sign has been disabled by default, but when the parse.y code was built elsewhere, the compiler would complain.
With help from millert@ ok benno@ deraadt@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.71 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.70 |
|
23-Jan-2019 |
dlg |
teach ldpd to ask if a potential pseudowire interface can do pwe3
this makes ldpd open the ioctl socket early so the config parser can run the SIOCGPWE3 ioctl against the requested interface.
ok claudio@
|
#
1.69 |
|
23-Jan-2019 |
dlg |
factor out parsing of ldp router ids by making it part of the grammar
this way we do the inet_aton and bad address check in one place, and just reuse it in the router-id, neighbor, and pseudowire bits.
ok claudio@
|
#
1.68 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
#
1.67 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.66 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.65 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.64 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.71 |
|
13-Feb-2019 |
deraadt |
(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno
|
#
1.70 |
|
23-Jan-2019 |
dlg |
teach ldpd to ask if a potential pseudowire interface can do pwe3
this makes ldpd open the ioctl socket early so the config parser can run the SIOCGPWE3 ioctl against the requested interface.
ok claudio@
|
#
1.69 |
|
23-Jan-2019 |
dlg |
factor out parsing of ldp router ids by making it part of the grammar
this way we do the inet_aton and bad address check in one place, and just reuse it in the router-id, neighbor, and pseudowire bits.
ok claudio@
|
#
1.68 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
#
1.67 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.66 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.65 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.64 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.70 |
|
23-Jan-2019 |
dlg |
teach ldpd to ask if a potential pseudowire interface can do pwe3
this makes ldpd open the ioctl socket early so the config parser can run the SIOCGPWE3 ioctl against the requested interface.
ok claudio@
|
#
1.69 |
|
23-Jan-2019 |
dlg |
factor out parsing of ldp router ids by making it part of the grammar
this way we do the inet_aton and bad address check in one place, and just reuse it in the router-id, neighbor, and pseudowire bits.
ok claudio@
|
#
1.68 |
|
23-Jan-2019 |
dlg |
rework how tcp md5 signatures are configured.
previously ldpd only allowed tcp md5 to be configured against a neighbor (by ldp router id), but other vendors supported configuring tcp md5sig by prefix as well as neighbor. this reworks the config so auth is maintained globally as a list of prefixes that you do and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco test network:
on ios:
mpls ldp password required for MPLS mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH key 1 key-string secret
interface Loopback0 ip address 192.168.0.0 255.255.255.255 end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24 ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25 tcp md5sig password secret 192.168.0.0/24 address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
#
1.67 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.66 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.65 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.64 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.67 |
|
01-Nov-2018 |
sashan |
- odd condition/test in PF lexer (and other lexers too)
This commit rectifies earlier change:
in the lex... even inside quotes, a \ followed by space or tab should expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings).
OK deraadt@, OK millert@
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.66 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.65 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.64 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.66 |
|
07-Sep-2018 |
miko |
replace malloc()+strlcpy() with strndup() in cmdline_symset().
"looks good" gilles@ halex@
|
#
1.65 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.64 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.65 |
|
11-Jul-2018 |
krw |
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
|
#
1.64 |
|
09-Jul-2018 |
krw |
No need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function.
Recommended by florian@ and deraadt@
ok benno@ henning@ tb@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.63 |
|
11-Jun-2018 |
denis |
Fix an off-by-one line count when using include statements.
Thanks to otto@ for the initial diff.
OK benno@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
#
1.62 |
|
26-Apr-2018 |
krw |
Plug leak in error case of the common 'varset' implementations.
ok benno@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.61 |
|
03-Mar-2017 |
renato |
Minor tweaks.
|
#
1.60 |
|
03-Mar-2017 |
renato |
Allow to run on a non-default rdomain.
OK claudio@
|
#
1.59 |
|
05-Jan-2017 |
krw |
Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more modern TAILQ_FOREACH_SAFE().
No intentional functional change.
ok millert@ bluhm@ gilles@
|
#
1.58 |
|
05-Jan-2017 |
krw |
Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ with more modern TAILQ_FOREACH(). This what symget() was already doing.
Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().
No intentional functional change.
ok bluhm@ otto@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.57 |
|
01-Jul-2016 |
renato |
Add GTSM support (RFC 6720).
This also finishes the missing bits from our RFC 7552 implementation because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few knobs to enable/disable GTSM on a per-address-family and per-neighbor basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
#
1.56 |
|
21-Jun-2016 |
benno |
do not allow whitespace in macro names, i.e. "this is" = "a variable". change this in all config parsers in our tree that support macros. problem reported by sven falempin.
feedback from henning@, stsp@, deraadt@ ok florian@ mikeb@
|
#
1.55 |
|
18-Jun-2016 |
renato |
Do not allow configuring the same interface for both LDP and VPLS.
Configuring an interface for both LDP signaling and as a member of a VPLS instance doesn't cause any harm as far as ldpd is concerned. But it certainly doesn't make any sense, so it's better to reject the configuration and warn the user instead of ignoring this silently.
|
#
1.54 |
|
23-May-2016 |
renato |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
#
1.53 |
|
23-May-2016 |
renato |
Update copyright information.
|
#
1.52 |
|
23-May-2016 |
renato |
Remove superfluous includes.
|
#
1.51 |
|
23-May-2016 |
renato |
Make functions and variables static whenever possible.
The benefits of this include: * clean up of the ldpd global namespace; * improved readability; * more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope (function).
All extern variables are now declared in header files to avoid unnecessary duplication.
This patch also cleans up the indentation of all function prototypes and global variables.
|
#
1.50 |
|
23-May-2016 |
renato |
Add support for IPv6 (RFC 7552).
This includes: * Full compliance to RFC 7552; * Support for MD5 on LDPov6 sessions; * Support for pseudowires over IPv6 LSPs (we're probably the world's first implementation doing this); * Support for the IPv6 explicit-null label; * Knob to specify the prefered address-family for TCP transport connections; * Knob to use cisco non-compliant format to send and interpret the Dual-Stack capability TLV.
|
#
1.49 |
|
23-May-2016 |
renato |
Assorted fixes and small cleanup.
Nothing really interesting here.
|
#
1.48 |
|
23-May-2016 |
renato |
Enable changing the router-id via config reload.
Now ldpd can start without a router-id, since it can be set later. Since a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors will check for a valid router-id in order to be activated.
When the router-id is changed, all the neighborships are reset.
|
#
1.47 |
|
23-May-2016 |
renato |
Don't create l2vpn targeted neighbors inside the config parser.
When removing a configured pseudowire, we remove the associated tnbr in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things consistent.
|
#
1.46 |
|
23-May-2016 |
renato |
Fix bugs in pseudowire parameters negotiation.
|
#
1.45 |
|
23-May-2016 |
renato |
Copy structs by assignment instead of memcpy.
Copying by straight assignment is shorter, easier to read and has a higher level of abstraction. We'll only avoid it when copying from an unaligned source (e.g., network buffers).
In addition, copy in_addr structs directly.
|
#
1.44 |
|
23-May-2016 |
renato |
Fix mess caused by my commit script.
I screwed up everything... trying to fix now.
|
#
1.43 |
|
23-May-2016 |
renato |
Rework L2VPN code.
|
#
1.42 |
|
23-May-2016 |
renato |
clear_config() should only deallocate memory and nothing else.
clear_config() is called when the parser fails (at startup or config reload). While cleaning up the allocated memory, the parser should not log anything, after all the daemon's running configuration is untouched. So, in this case, we se should clear the partial config by hand and avoid functions like if_del().
|
#
1.41 |
|
23-May-2016 |
renato |
Do not accept incomplete pseudowires in the configuration.
There's no point on keeping in the config something that can not be used, it just adds unnecessary complexity. Also, it's better to warn the user that there's something wrong rather than play nice and ignore the problem.
|
#
1.40 |
|
23-May-2016 |
renato |
Standardize some log messages and fix some inconsistencies.
We were using several different names for the same thing in our log messages: neighbor, neighbor ID, nbr ID and LSR ID.
Standardize to always use "lsr-id" to refer to a neighbor.
Also: * Use log_warnx() instead of log_warn() when appropriate; * Use fatal(x) instead of err(x) when appropriate; * Fix some inconsistent log messages.
|
#
1.39 |
|
23-May-2016 |
renato |
Make neighbor parameters per lsr-id not per transport-address.
With the advent of IPv6 support, a single neighbor can have two different transport-addresses: one for ipv4 and one for ipv6. In order to define neighbor-specific parameters in an indistinguishable way, define them by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep the same configuration.
|
#
1.38 |
|
23-May-2016 |
renato |
More renaming.
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) * s/lde_nbr_address/lde_addr/ (shorter) * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) * s/ldp_sendboth/main_imsg_compose_both/ (consistency) * s/cons/total/ (makes more sense) * s/kaddr/ka/ (consistency with remaining code) * Always use 'ln' for lde_nbrs (consistency)
|
#
1.37 |
|
23-May-2016 |
renato |
Several improvements in the parsing of UDP/Hello packets.
* Fix check of the packet's size and the "PDU Length" field; * Add check for the "Message Length" field; * Check for invalid labelspace earlier. * Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards: * Check for unicast link hellos; * Check for multicast targeted hellos; * Validate packet's source address; * Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which will be used later for several other things.
|
#
1.36 |
|
23-May-2016 |
renato |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because we'll not be able to use the router-id as the transport-address in this case.
|
#
1.35 |
|
23-May-2016 |
renato |
Allow setting the session holdtime per neighbor.
|
#
1.34 |
|
23-May-2016 |
renato |
Add support for including additional configuration files.
Pulled from ospfd. Original author: dlg@
|
#
1.33 |
|
23-May-2016 |
renato |
Fix router-id selection if static router-id is not given.
First convert IP addresses to host byte-order before checking which one is smaller. Additionally fix the check to find the lowest configured IP as suggested by the RFC.
Pulled from ospfd. Original author: claudio@
|
#
1.32 |
|
23-May-2016 |
renato |
Bring in the findeol() fix from pfctl.
Pulled from ospfd. Original author: henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.31 |
|
27-Sep-2015 |
stsp |
As done for bgpd recently, rename if_mediatype to if_type in ldpd. And some ifmedia64 fixes. "move forward" deraadt@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.30 |
|
21-Jul-2015 |
renato |
Validate ip addresses on configuration.
ok claudio@
|
#
1.29 |
|
21-Jul-2015 |
renato |
VPLS signaling support.
This patch introduces full support for pseudowire signaling in ldpd(8), including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is the same. In the future, when VPWS support is available in the kernel, ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations: * No support for FEC 129, only FEC 128 (more widely deployed); * No support for group withdraws (not widely deployed); * No support for MAC withdraws (not widely deployed).
Related RFCs: * RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3) * RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture * RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN * RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3) * RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) * RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS Networks * RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks * RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
#
1.28 |
|
21-Jul-2015 |
renato |
Reuse merge_config() logic to simplify the shutdown of each process.
ok claudio@
|
#
1.27 |
|
21-Jul-2015 |
renato |
Assorted fixes and code cleanup for targeted neighbors.
ok claudio@
|
#
1.26 |
|
19-Jul-2015 |
renato |
Add missing LIST_INIT's.
ok claudio@
|
#
1.25 |
|
19-Jul-2015 |
renato |
Implement md5 authentication support.
ok claudio@
|
#
1.24 |
|
19-Jul-2015 |
renato |
Remove incomplete support for unnecessary modes of operation.
LDP has several modes of operation, it was designed in that way so it could run on legacy equipment like ATM/FR switches with very strict memory limitations.
For modern hardware there's no point on using either the "Conservative Label Retention" or "Downstream On Demand" modes of operation since they save memory at cost of blackholing traffic when routing changes. Major vendors implement only the "Liberal Label Retention" and "Downstream Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's stick with the first option mainly because it's easier to implement and because it doesn't really matter which control mode is used. For reference, Cisco implements only "Independent Control" and Juniper only "Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation is that it will allow for the writing of a simpler code without removing useful functionality.
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
20-Nov-2014 |
jsg |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
1.22 |
|
14-Nov-2014 |
doug |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
1.21 |
|
03-Nov-2014 |
bluhm |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK claudio@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.20 |
|
22-Jan-2014 |
henning |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
1.19 |
|
25-Nov-2013 |
benno |
use u_char for buffers in yylex, for ctype calls found by millert@, ok deraadt@
|
#
1.18 |
|
15-Oct-2013 |
renato |
Since a targeted neighbor can be created both by configuration and on runtime, the ldpd_conf structure used should be passed as an argument to avoid segfaults.
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.17 |
|
04-Jun-2013 |
claudio |
Implement support for adjacencies and targeted hellos Refactor adjacencies out of the neighbor handling so that it is possible to have more complex topologies with targeted sessions. From Renato Westphal
|
#
1.16 |
|
03-Jun-2013 |
claudio |
Fix bug in the fib-update command The "fib-update" directive wasn't accepting "no" as an option. Diff by Renato Westphal
|
#
1.15 |
|
03-Jun-2013 |
claudio |
Implement support for multiple addresses per interface. This replaces the way addresses and interface are chained together. In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does not have that limitation. Diff from Renato Westphal
|
#
1.14 |
|
01-Jun-2013 |
claudio |
The keepalive timeout should be configured on a global basis and not per interface. Remove the iface pointer from the 'nbr' structure because it's not needed anymore. Diff from Renato Westphal
|
#
1.13 |
|
01-Jun-2013 |
claudio |
Drop support for per-interface labelspaces. Support for per-interface labelspaces is only necessary for legacy ATM/FR interfaces running in cell-mode. We shouldn't worry about this. For platform-wide label spaces the label space id is always 0. Diff by Renato Westphal
|
#
1.12 |
|
01-Jun-2013 |
claudio |
Drop support for passive interfaces. Support for passive interfaces was inherited from ospfd but it doesn't make any sense at all for ldpd. Diff from Renato Westphal
|
#
1.11 |
|
01-Jun-2013 |
claudio |
A bit nicer error message.
|
#
1.10 |
|
01-Jun-2013 |
claudio |
Don't allow enabling LDP on loopback and carp interfaces. LDP should be allowed only on physical or tunnel interfaces. Diff by Renato Westphal
|
#
1.9 |
|
30-May-2013 |
claudio |
Do not use a carp address as ldp router id because it is not unique. Pulled from ospfd. Diff from Renato Westphal [renatowestphal at gmail.com]
|
#
1.8 |
|
06-Mar-2013 |
sthen |
as done in ospf{,6}d/relayd, sync yyerror in various other daemons with that from bgpd, so that it logs to syslog when daemonized.
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.7 |
|
01-Sep-2010 |
claudio |
s/lfib/fib/ for more consitency with the other routing daemons. This started manly because of ldpctl beeing inconsistent and me misstyping lfib almost every time. OK michele@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.6 |
|
03-Aug-2010 |
henning |
fix linecount bug with comments spanning multiple lines problem reported with the obvious fix for bgpd by Sebastian Benoit <benoit-lists at fb12.de>, also PR 6432 applied to all the others by yours truly. ok theo isn't it amazing how far this parser (and more) spread?
|
#
1.5 |
|
21-Jun-2010 |
claudio |
Requiring { } blocks for interfaces is dumb since most don't need any additional options.
|
#
1.4 |
|
25-May-2010 |
claudio |
Remove another leftover from ospfd. ldpd does not have a concept of ext_tag and so there is no need to carry ext_tag and rtlabels around. "Yes! kill kill kill" michele@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.3 |
|
18-Feb-2010 |
michele |
Set the correct defaults for label advertisement, retention and distribution.
ok claudio@
|
#
1.2 |
|
16-Feb-2010 |
michele |
Plug a memory leak in pushfile().
ok claudio@
|
Revision tags: OPENBSD_4_6_BASE
|
#
1.1 |
|
01-Jun-2009 |
michele |
Welcome ldpd, the Label Distribution Protocol daemon. Built using the imsg/three process framework, its main aim is to redistribute MPLS labels between peers.
Right now it has some really basic functionalities, the basic protocol works and peers are able to exchange labels and insert them in the kernel. It still does not react to changes of topology.
Not yet connected to the builds.
ok claudio@ deraadt@
|