| Age | Commit message (Collapse) | Author |
|---|
|
No binary change after "strip -s".
|
|
When sending a label withdraw during the pseudowire Control Word
negotiation, append a "Wrong C-bit" status TLV after the FEC TLV (in
conformance to RFC 4447 section 6.2). Apparently this has no use other
than aiding in troubleshooting.
Also, extend the recv_labelmessage() function to accept Status TLVs and
ignore them instead of shutting down the session.
|
|
This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
|
The Configuration Sequence Number optional TLV is documented in RFC 5036,
pages 53 and 54.
Fixes IxANVL LDP test 23.10.
|
|
|
|
For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
|
|
|
|
|
The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope
(function).
All extern variables are now declared in header files to avoid unnecessary
duplication.
This patch also cleans up the indentation of all function prototypes
and global variables.
|
|
This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.
|
|
Nothing really interesting here.
|
|
This allows ldpd to start on a system without any IP address and bind
to the transport-address successfully. Without this patch, we'd need to
monitor the new addresses from the kernel and create the network sockets
only when the transport-address is available in the system.
|
|
|
|
We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.
|
|
Right now we use three network sockets in ldpd:
* the discovery socket (udp+mcast);
* the extended discovery socket (udp);
* the session socket (tcp).
When we introduce IPv6 support, we'll get three more sockets. In order
to prevent code duplication in the future, add a specialized function
that creates a socket according to the given type (and address-family
later). This also improves readability because it makes it easier to
see the differences between each socket.
|
|
I screwed up everything... trying to fix now.
|
|
IPv6 support is coming and we don't want to pollute the interface.c file
with too many of these helper functions.
Also, rename these functions from if_set_* to sock_set_*.
|
|
|
|
|
|
|
|
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)
|
|
|
|
* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.
|
|
|
|
And some ifmedia64 fixes.
"move forward" deraadt@
|
|
ok claudio@
|
|
This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).
Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
This is a preliminary work for the the next patch (sigup config
reload). We want to make sure that the ldpe process can handle duplicated
addresses.
The idea is to alloc two different if_addr structures for each address,
and link one in the global list of addresses (used to send address
messages) and link the other to the associated interface list of
addresses.
Doing that we will be able to call kif_redistribute() after reloading
the config file and activate the new LDP enabled interfaces.
NOTE: Interfaces are created at config parse time and the child
processes inherit them on fork() so there's no need to send a status
update at startup.
ok claudio@
|
|
ok claudio@
|
|
This patch presents a thoroughly review of the label mapping
algorithms. Most of the changes are minor bug fixes in the handling of
received label messages.
Additional improvements:
* Add a few more references to the Appendix A of the RFC5036 ("LDP
Label Distribution Procedures") into the code;
* Add full multipath support;
* Send label withdraws when appropriate;
* Add label withdraw/release wildcard support.
NOTE: As a result of implementing only the "Liberal Label Retention" and
"Downstream Unsolicited" modes, we will never send a label request
("Request Never"). And that means that we can ignore the following
notification messages: "Label Request Aborted", "No Label Resources",
"No Route" and "Label Resources Available". The following algorithms
mentioned in the RFC can also be ignored: "Timeout of Deferred Label
Request", "Detect Local Label Resources Have Become Available" and
"Receive Label Abort Request".
Now, considering that we only support one combination of all modes of
operation, we can say that we have an almost complete implementation of
the protocol.
ok claudio@
|
|
LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.
For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.
ok claudio@
|
|
This is major rework of the kroute.c code. The idea is remove complexity
from the lde process by making kroute.c advertise only the lowest priority
routes of each prefix.
kroute.c now keeps track of all routes using three different structures:
kroute_prefix, kroute_priority and kroute_node.
kroute_prefix represents a prefix and contains an ordered list of
priorities (kroute_priority) and for each priority there is a list of
nexthops (kroute_node). Arranging the routes using these three structures
allows for the writing of a simpler code, easier to understand.
Whenever a route is removed, if there's another route for the same prefix,
but with a lower priority, this route is immediately sent to lde.
Additional fixes:
* On RTM_CHANGE, remove the old route before installing the new one;
* On IMSG_CTL_KROUTE_ADDR, show all nexthops for multpath routes;
|
|
The LIB is a table where the router keeps all known MPLS labels. So,
we should loop over all the received label mappings from all neighbors
to show the full LIB.
The lde_nbr_is_nexthop() function was introduced to verify if a lib
entry is supposed to be installed in the fib (according to the fib entry's
nexthop and the addresses advertised by the lib entry's nexthop). This is
better than keeping track of lib<->fib entries with pointers and back
pointers because it keeps the lib/fib structures independent of each
other, which in turn makes the code less prone to bugs.
OK claudio@
|
|
In the name of simplicity, remove the interface FSM that was inherited
from ospfd. In ldpd interfaces are just up or down, so keeping a
FSM for that is an overkill. Now instead of calling if_fsm(), just
call if_update() whenever a relevant event occurs (status change,
address addition/removal).
Additional notes:
1 - s/if_act_/if_/
2 - Remove the IMSG_IFUP and IMSG_IFDOWN events. Now whenever an
interface changes its state a IMSG_IFSTATUS event will be generated
with the new status.
kroute.c ldpd.h ldpe.c ldpe.h CVS:
----------------------------------------------------------------------
|
|
|
|
it belongs only _after_ receiving an Initialization message containing
the information we need. Before an Initialization message is received,
the TCP connection shouldn't be associated with any neighbor/adjacency.
Therefor refactor that part into a own module.
From Renato Westphal
|
|
From Renato Westphal
|
|
Refactor adjacencies out of the neighbor handling so that it is possible to
have more complex topologies with targeted sessions.
From Renato Westphal
|
|
* Remove the unused NBR_EVT_DOWN event;
* Print the FSM transitions before performing the appropriate actions. In
this way nested calls to nbr_fsm() won't print the state transitions in
reverse order;
* When playing the active role of the initialization process, transition
from NBA_STA_PRESENT to NBR_STA_INITIAL before going to NBR_STA_OPENSENT;
* Call session_shutdown() on nbr_ktimeout() to remove duplicated code;
* Notify the lde process when a neighbor is deleted (discovery timeout);
* Fix a few memory leaks on nbr_del().
Diff from Renato Westphal.
|
|
Unlike OSPF, LDP has no concept of intermediate states. A session is
either operational or not operational as far as the label distribution
engine (lde) is concerned. In this case, the IMSG_NEIGHBOR_UP and
IMSG_NEIGHBOR_DOWN messages are enough.
Diff by Renato Westphal
|
|
This replaces the way addresses and interface are chained together.
In ospfd there was a 1 to 1 mapping (with iface clones) but LDP does
not have that limitation.
Diff from Renato Westphal
|
|
to send a keepalive packet when a other PDU was sent out.
Also add a missing NBR_EVT_PDU_RCVD call to recv_address() which restarts
the session keepalive timeout. All other places already do that.
Diff by Renato Westphal
|
|
interface.
Remove the iface pointer from the 'nbr' structure because it's not
needed anymore.
Diff from Renato Westphal
|
|
Support for per-interface labelspaces is only necessary for legacy ATM/FR
interfaces running in cell-mode. We shouldn't worry about this.
For platform-wide label spaces the label space id is always 0.
Diff by Renato Westphal
|
|
Support for passive interfaces was inherited from ospfd but it doesn't
make any sense at all for ldpd.
Diff from Renato Westphal
|
|
LDP should be allowed only on physical or tunnel interfaces.
Diff by Renato Westphal
|
|
Rename event/actions in the discovery FSM to avoid confusion
* NBR_EVT_SESSION_UP -> NBR_EVT_CONNECT_UP
* NBR_ACT_SESSION_EST -> NBR_ACT_CONNECT_SETUP
* nbr_act_session_establish -> nbr_act_connect_setup
* NBR_ACT_INIT_SEND -> NBR_ACT_PASSIVE_INIT
* NBR_ACT_STRT_KTIMER -> NBR_ACT_SESSION_EST
Diff by Renato Westphal
|
