Adjust the disc_recv_packet() code to not use IBUF_READ_SIZE and to
use a local recv_buf that is allocated on first call with malloc().
The memory returned from malloc() is properly aligned which may

Adjust the disc_recv_packet() code to not use IBUF_READ_SIZE and to
use a local recv_buf that is allocated on first call with malloc().
The memory returned from malloc() is properly aligned which may not
be the case for bss or stack memory.

show more ...

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefi

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

show more ...

Implement RFC 5561 (LDP Capabilities).

This patch per-se doesn't introduce any useful functionality, but prepares
the ground for new enhancements to ldpd (i.e. implementation of new RFCs
that make u

Implement RFC 5561 (LDP Capabilities).

This patch per-se doesn't introduce any useful functionality, but prepares
the ground for new enhancements to ldpd (i.e. implementation of new RFCs
that make use of LDP capabilities).

show more ...

Kill send_notification_nbr().

Be more clever and trigger the PDU SENT event inside send_notification()
when tcp->nbr is set. This way we can eliminate send_notification_nbr()
and always use send_not

Kill send_notification_nbr().

Be more clever and trigger the PDU SENT event inside send_notification()
when tcp->nbr is set. This way we can eliminate send_notification_nbr()
and always use send_notification() instead.

show more ...

Remove potential overflow when validating message's length.

Also, use uint16_t for msg_type on gen_msg_hdr().

More renaming and whitespace cleanup.

No binary change after "strip -s".

Several minor tweaks.

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a f

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

show more ...

Fix removal of dual-stack neighbors.

Implement a timeout for the session initialization FSM.

This prevents neighbors stuck in the initialization FSM to linger forever
as long as the associated transport connection is up.

This timeout

Implement a timeout for the session initialization FSM.

This prevents neighbors stuck in the initialization FSM to linger forever
as long as the associated transport connection is up.

This timeout can be seen in the 'Session Initialization State Transition
Diagram' of RFC 5036. The RFC, however, doesn't specify how much we
should wait. Let's use 180 seconds for that, the default LDP hold time.

Fixes IxANVL LDP test 6.15.

show more ...

Rework the handling of Hello packets.

With the introduction of IPv6 support by RFC 7552, the handling of Hello
packets in ldpd became something incredibly complex. Neighbors can change
from single-s

Rework the handling of Hello packets.

With the introduction of IPv6 support by RFC 7552, the handling of Hello
packets in ldpd became something incredibly complex. Neighbors can change
from single-stack LDP to dual-stack and vice-versa. They can change
their transport preference, their transport addresses (IPv4 and IPv6)
and even start or stop sending the Dual-Stack TLV. We also have to take
care to reject things like multiple adjacencies advertising different
transport-addresses for the same neighbor. ldpd was failing for some of
the cases mentioned above, this patch fixes these issues and attempts
to make the code easier to read.

show more ...

Do set the Message ID for Hello messages too.

In the original LDP specification, there was no circumstance where a
Notification message could be sent in response to a Hello message. So
setting the M

Do set the Message ID for Hello messages too.

In the original LDP specification, there was no circumstance where a
Notification message could be sent in response to a Hello message. So
setting the Message ID field for Hello packets was useless.

This changed with RFC 7552, where Hello packets can trigger the "Transport
Connection Mismatch" notification when the local and remote transport
preferences doesn't match. In this case, having a meaningful Message ID
in the Hello packets can aid in testing and troubleshooting.

show more ...

Do not shut down the session upon receiving unknown messages.

RFC 5036 says the following about the receipt of unknown messages:
"Unknown message bit. Upon receipt of an unknown message, if U is

Do not shut down the session upon receiving unknown messages.

RFC 5036 says the following about the receipt of unknown messages:
"Unknown message bit. Upon receipt of an unknown message, if U is
clear (=0), a notification is returned to the message originator;
if U is set (=1), the unknown message is silently ignored".

We were correctly ignoring unknown messages when the U-bit was set. But
when this bit was not set, we were shutting down the session when the
correct thing to do is to just send a non-fatal notification message.

Fix IxANVL LDP test 22.13.

show more ...

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the

Speed up session establishment after config reload.

If we change a neighbor's password or the global transport-address,
cancel the affected pending connects and, when playing the active role
of the session establishment process, try to connect again right away
with the new password and/or transport-address.

Without this patch we have to wait for the timeout of the pending
connects, which might be a lot of time.

show more ...

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

show more ...

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first impl

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

show more ...

Fix mess caused by my commit script.

I screwed up everything... trying to fix now.

Move setsockopt helper functions to a separate file.

IPv6 support is coming and we don't want to pollute the interface.c file
with too many of these helper functions.

Also, rename these functions f

Move setsockopt helper functions to a separate file.

IPv6 support is coming and we don't want to pollute the interface.c file
with too many of these helper functions.

Also, rename these functions from if_set_* to sock_set_*.

show more ...

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to al

Standardize some log messages and fix some inconsistencies.

We were using several different names for the same thing in our log
messages: neighbor, neighbor ID, nbr ID and LSR ID.

Standardize to always use "lsr-id" to refer to a neighbor.

Also:
* Use log_warnx() instead of log_warn() when appropriate;
* Use fatal(x) instead of err(x) when appropriate;
* Fix some inconsistent log messages.

show more ...

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order

Make neighbor parameters per lsr-id not per transport-address.

With the advent of IPv6 support, a single neighbor can have two different
transport-addresses: one for ipv4 and one for ipv6. In order to define
neighbor-specific parameters in an indistinguishable way, define them
by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep
the same configuration.

show more ...

Rework the way we handle income connection requests.

The logic of the previous code was to accept all TCP connection requests
(destined to port 646) and create a tcp_conn structure for each them. On

Rework the way we handle income connection requests.

The logic of the previous code was to accept all TCP connection requests
(destined to port 646) and create a tcp_conn structure for each them. Once
the first packet of a connection was received, we would analyze the
LDP Initialization message and identify its origin by looking at the
LSR-ID field.

When parsing a received TCP packet, we would need to distinguish between
two cases: tcp packet from an LDP neighbor and tcp packet from a newborn
connection (not associated with any neighbor yet). For this reason,
the session_read() function was quite complicated.

Also, we were not keeping track of the allocated tcp_conn structures. So,
we were subject to memory leaks and even DOS attacks.

With this patch, we also accept all TCP connection requests, but with two
major differences:
* We identify the neighbor by the source address of the SYN
packet. This is possible because we don't support label spaces, so
the transport-address by itself is enough to identify a neighbor,
we don't need to wait for the Initialization message;
* If there's no matching adjacency for this neighbor, then we start a
timer of 5 seconds. If we receive a Hello packet from this neighbor
within this interval, then we stop this timer and move on in
the Initialization state machine. Otherwise, we send a No Hello
Notification message and close the socket. We try to avoid sending
the No Hello notification as much as possible because it triggers the
backoff exponential in the remote peer, which considerably slow down
the session establishment process.

In summary, this new approach allows for a simpler code and fixes the
memory leak problem mentioned before.

show more ...

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earl

Several improvements in the parsing of UDP/Hello packets.

* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;

Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.

Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.

show more ...

Don't ignore notification messages before the session is operational.

This was preventing us from triggering the backoff exponential timer
after receiving a 'No Hello' notification.