Adjust the disc_recv_packet() code to not use IBUF_READ_SIZE and to
use a local recv_buf that is allocated on first call with malloc().
The memory returned from malloc() is properly aligned which may

Adjust the disc_recv_packet() code to not use IBUF_READ_SIZE and to
use a local recv_buf that is allocated on first call with malloc().
The memory returned from malloc() is properly aligned which may not
be the case for bss or stack memory.

show more ...

Kill log_procnames and properly define ldpd_process.

teach ldpd to ask if a potential pseudowire interface can do pwe3

this makes ldpd open the ioctl socket early so the config parser
can run the SIOCGPWE3 ioctl against the requested interface.

ok cl

teach ldpd to ask if a potential pseudowire interface can do pwe3

this makes ldpd open the ioctl socket early so the config parser
can run the SIOCGPWE3 ioctl against the requested interface.

ok claudio@

show more ...

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefi

rework how tcp md5 signatures are configured.

previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.

the config statements look more like what is in bgpd.conf now too.

an example of the new config for interoperating with my baby cisco
test network:

on ios:

mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH

key chain LDPAUTH
key 1
key-string secret

interface Loopback0
ip address 192.168.0.0 255.255.255.255
end

ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS

mpls ldp router-id Loopback0 force

and in ldpd.conf:

router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }

this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.

ok (and lots of help from) claudio@

show more ...

Bump the read sockbuf of the routing socket to 2MB, may help reduce some of
the desync cases. OK benno@

Send VPLS MAC withdrawals.

RFC 4762 says that MAC address withdrawal messages can be used to
improve convergence time in VPLS networks. This patch makes ldpd send
MAC withdrawals whenever a non-pseu

Send VPLS MAC withdrawals.

RFC 4762 says that MAC address withdrawal messages can be used to
improve convergence time in VPLS networks. This patch makes ldpd send
MAC withdrawals whenever a non-pseudowire interface pertaining to a
VPLS goes down. The processing of received MAC withdrawals will be
implemented later.

show more ...

Implement RFC 6667 (Typed Wildcard FEC for PWid).

Implement RFC 5918 (Typed Wildcard FEC).

Implement RFC 5561 (LDP Capabilities).

This patch per-se doesn't introduce any useful functionality, but prepares
the ground for new enhancements to ldpd (i.e. implementation of new RFCs
that make u

Implement RFC 5561 (LDP Capabilities).

This patch per-se doesn't introduce any useful functionality, but prepares
the ground for new enhancements to ldpd (i.e. implementation of new RFCs
that make use of LDP capabilities).

show more ...

Allow to run on a non-default rdomain.

OK claudio@

Allow to specify an alternate control socket.

This is required to run multiple instances of ldpd.

OK claudio@

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg

work on making log.c similar in all daemons:

move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.

removal of log_rtmsg() aproved by claudio@

ok claudio@ krw@

show more ...

More renaming and whitespace cleanup.

No binary change after "strip -s".

Be more compliant with RFC 4447.

When sending a label withdraw during the pseudowire Control Word
negotiation, append a "Wrong C-bit" status TLV after the FEC TLV (in
conformance to RFC 4447 section

Be more compliant with RFC 4447.

When sending a label withdraw during the pseudowire Control Word
negotiation, append a "Wrong C-bit" status TLV after the FEC TLV (in
conformance to RFC 4447 section 6.2). Apparently this has no use other
than aiding in troubleshooting.

Also, extend the recv_labelmessage() function to accept Status TLVs and
ignore them instead of shutting down the session.

show more ...

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a f

Add GTSM support (RFC 6720).

This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.

To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.

"reads good" claudio@

show more ...

Implement support for the Configuration Sequence Number TLV.

The Configuration Sequence Number optional TLV is documented in RFC 5036,
pages 53 and 54.

Fixes IxANVL LDP test 23.10.

Add support for manually resetting neighbors.

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.

Based on a similar patch for bgpd, from claudio@

Requested by deraadt@

show more ...

Update copyright information.

Remove superfluous includes.

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate

Make functions and variables static whenever possible.

The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.

Whenever possible, move global static variables to a smaller scope
(function).

All extern variables are now declared in header files to avoid unnecessary
duplication.

This patch also cleans up the indentation of all function prototypes
and global variables.

show more ...

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first impl

Add support for IPv6 (RFC 7552).

This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.

show more ...

Assorted fixes and small cleanup.

Nothing really interesting here.

Use SO_BINDANY before binding sockets to the transport-address.

This allows ldpd to start on a system without any IP address and bind
to the transport-address successfully. Without this patch, we'd

Use SO_BINDANY before binding sockets to the transport-address.

This allows ldpd to start on a system without any IP address and bind
to the transport-address successfully. Without this patch, we'd need to
monitor the new addresses from the kernel and create the network sockets
only when the transport-address is available in the system.

show more ...

Several fixes in the config reload handling.