Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

repair missing paths on unveil failure

allocate enough space in start_child() argv for all possible flags
ok claudio@

Kill log_procnames and properly define ldpd_process.

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it m

Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict filesystem access. In this case we can
restrict it to only read, although it must be the entire / since the daemon is
able to include config files from anywhere.

Additionally the ldpe process currently has cpath promise to unlink the socket,
nevertheless the socket is actually unlinked from the main proc so this
permission can be removed. As we discussed before, leaving the socket behind
doesn't do any harm that's why I didn't unveil it in the main proc.

OK deraadt@

show more ...

Avoid calling dup2(oldd, newd) when oldd == newd. In that case the
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().

ok tedu florian

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefi

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

show more ...

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

show more ...

'unneded stuff' -> 'unneeded stuff' in comments.

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop

Simplify shutdown process.

On shutdown, there's no need to use kill(2) to kill the child
processes. Just closing the IPC sockets will make the children receive
an EOF, break out from the event loop and then exit.

Tha advantages of this "pipe teardown" are:
* simpler code;
* no need to pledge "proc" in the parent process;
* removal of a (hard to trigger) PID reuse race condition.

ok claudio@

show more ...

Update per-neighbor GTSM options on config reload.

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a f

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

show more ...

Fix memory leak found with valgrind.

Use log_warnx() instead of log_warn() when appropriate.

Do not create sockets for disabled address-families.

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't r

Fix quick reconnect when the transport address is changed.

When the transport address is changed, we can't try to reconnect to the
neighbors inside merge_af() because the ldpe process still didn't receive
the new network sockets from the parent at this point. To resolve this,
try to reconnect just after we receive these sockets.

show more ...

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can us

Fix imsg parameter passing

When ldpe requests new network sockets to the parent process (after the
transport-address is changed), it must specify the desired address-family
(IPv4 or IPv6). We can use the 'pid' or 'peerid' members of the imsg_hdr
structure for this. Use 'pid' for convenience (no need to extend the
wrapper function, ldpe_imsg_compose_parent()).

show more ...

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

show more ...

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

show more ...

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

show more ...