Rework the way we handle income connection requests.

The logic of the previous code was to accept all TCP connection requests
(destined to port 646) and create a tcp_conn structure for each them. Once
the first packet of a connection was received, we would analyze the
LDP Initialization message and identify its origin by looking at the
LSR-ID field.

When parsing a received TCP packet, we would need to distinguish between
two cases: tcp packet from an LDP neighbor and tcp packet from a newborn
connection (not associated with any neighbor yet). For this reason,
the session_read() function was quite complicated.

Also, we were not keeping track of the allocated tcp_conn structures. So,
we were subject to memory leaks and even DOS attacks.

With this patch, we also accept all TCP connection requests, but with two
major differences:
* We identify the neighbor by the source address of the SYN
  packet. This is possible because we don't support label spaces, so
  the transport-address by itself is enough to identify a neighbor,
  we don't need to wait for the Initialization message;
* If there's no matching adjacency for this neighbor, then we start a
  timer of 5 seconds. If we receive a Hello packet from this neighbor
  within this interval, then we stop this timer and move on in
  the Initialization state machine. Otherwise, we send a No Hello
  Notification message and close the socket. We try to avoid sending
  the No Hello notification as much as possible because it triggers the
  backoff exponential in the remote peer, which considerably slow down
  the session establishment process.

In summary, this new approach allows for a simpler code and fixes the
memory leak problem mentioned before.

1 files changed, 4 insertions, 5 deletions

diff --git a/usr.sbin/ldpd/notification.c b/usr.sbin/ldpd/notification.c
index 2c9118fa0ef..d8b60e84d19 100644
--- a/usr.sbin/ldpd/notification.c
+++ b/usr.sbin/ldpd/notification.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: notification.c,v 1.22 2016/05/23 16:12:28 renato Exp $ */
+/*	$OpenBSD: notification.c,v 1.23 2016/05/23 16:16:44 renato Exp $ */
 
 /*
  * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
@@ -44,10 +44,6 @@ send_notification_full(struct tcp_conn *tcp, struct notify_msg *nm)
 	struct ibuf	*buf;
 	u_int16_t	 size;
 
-	if (tcp->nbr)
-		log_debug("%s: nbr ID %s, status %s", __func__,
-		    inet_ntoa(tcp->nbr->id), notification_name(nm->status));
-
 	/* calculate size */
 	size = LDP_HDR_SIZE + LDP_MSG_SIZE + STATUS_SIZE;
 	if (nm->flags & F_NOTIF_PW_STATUS)
@@ -98,6 +94,9 @@ void
 send_notification_nbr(struct nbr *nbr, u_int32_t status, u_int32_t msgid,
     u_int32_t type)
 {
+	log_debug("%s: nbr ID %s, status %s", __func__, inet_ntoa(nbr->id),
+	     notification_name(status));
+
 	send_notification(status, nbr->tcp, msgid, type);
 	nbr_fsm(nbr, NBR_EVT_PDU_SENT);
 }