| Age | Commit message (Collapse) | Author |
|---|
|
OK tb@
|
|
use a local recv_buf that is allocated on first call with malloc().
The memory returned from malloc() is properly aligned which may not
be the case for bss or stack memory.
|
|
|
|
this makes ldpd open the ioctl socket early so the config parser
can run the SIOCGPWE3 ioctl against the requested interface.
ok claudio@
|
|
previously ldpd only allowed tcp md5 to be configured against a
neighbor (by ldp router id), but other vendors supported configuring
tcp md5sig by prefix as well as neighbor. this reworks the config
so auth is maintained globally as a list of prefixes that you do
and do not want to do tcp md5sig auth with.
the config statements look more like what is in bgpd.conf now too.
an example of the new config for interoperating with my baby cisco
test network:
on ios:
mpls ldp password required for MPLS
mpls ldp password option 1 for MPLS key-chain LDPAUTH
key chain LDPAUTH
key 1
key-string secret
interface Loopback0
ip address 192.168.0.0 255.255.255.255
end
ip prefix-list MPLS seq 5 permit 192.168.0.0/24
ip access-list standard MPLS
mpls ldp router-id Loopback0 force
and in ldpd.conf:
router-id 192.168.0.25
tcp md5sig password secret 192.168.0.0/24
address-family ipv4 { interface vmx1 }
this still supports specifying tcp md5sig on neighbors, but that
is syntactic sugar around adding entries to the list of auths.
ok (and lots of help from) claudio@
|
|
the desync cases. OK benno@
|
|
RFC 4762 says that MAC address withdrawal messages can be used to
improve convergence time in VPLS networks. This patch makes ldpd send
MAC withdrawals whenever a non-pseudowire interface pertaining to a
VPLS goes down. The processing of received MAC withdrawals will be
implemented later.
|
|
|
|
|
|
This patch per-se doesn't introduce any useful functionality, but prepares
the ground for new enhancements to ldpd (i.e. implementation of new RFCs
that make use of LDP capabilities).
|
|
OK claudio@
|
|
This is required to run multiple instances of ldpd.
OK claudio@
|
|
move daemon-local functions into new logmsg.c, and reduce
the (mostly whitespace) differences so that log.c's can be diffed easily.
removal of log_rtmsg() aproved by claudio@
ok claudio@ krw@
|
|
No binary change after "strip -s".
|
|
When sending a label withdraw during the pseudowire Control Word
negotiation, append a "Wrong C-bit" status TLV after the FEC TLV (in
conformance to RFC 4447 section 6.2). Apparently this has no use other
than aiding in troubleshooting.
Also, extend the recv_labelmessage() function to accept Status TLVs and
ignore them instead of shutting down the session.
|
|
This also finishes the missing bits from our RFC 7552 implementation
because GTSM is mandatory for LDPv6.
To avoid any kind of interoperability problems, I included a few
knobs to enable/disable GTSM on a per-address-family and per-neighbor
basis. Cisco's LDPv6 implementation, for instance, doesn't support GTSM.
"reads good" claudio@
|
|
The Configuration Sequence Number optional TLV is documented in RFC 5036,
pages 53 and 54.
Fixes IxANVL LDP test 23.10.
|
|
|
|
For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
|
|
|
|
|
|
The benefits of this include:
* clean up of the ldpd global namespace;
* improved readability;
* more hints to the compiler/linker to generate more efficient code.
Whenever possible, move global static variables to a smaller scope
(function).
All extern variables are now declared in header files to avoid unnecessary
duplication.
This patch also cleans up the indentation of all function prototypes
and global variables.
|
|
This includes:
* Full compliance to RFC 7552;
* Support for MD5 on LDPov6 sessions;
* Support for pseudowires over IPv6 LSPs (we're probably the world's
first implementation doing this);
* Support for the IPv6 explicit-null label;
* Knob to specify the prefered address-family for TCP transport
connections;
* Knob to use cisco non-compliant format to send and interpret the
Dual-Stack capability TLV.
|
|
Nothing really interesting here.
|
|
This allows ldpd to start on a system without any IP address and bind
to the transport-address successfully. Without this patch, we'd need to
monitor the new addresses from the kernel and create the network sockets
only when the transport-address is available in the system.
|
|
|
|
We drop our privileges in ldpe right after we create the network sockets.
The problem is that we might want to change the transport-address and
reload the config, in which case we need new sockets. To allow that,
always create the network sockets in the parent process and pass them
to ldpe via imsg.
|
|
Right now we use three network sockets in ldpd:
* the discovery socket (udp+mcast);
* the extended discovery socket (udp);
* the session socket (tcp).
When we introduce IPv6 support, we'll get three more sockets. In order
to prevent code duplication in the future, add a specialized function
that creates a socket according to the given type (and address-family
later). This also improves readability because it makes it easier to
see the differences between each socket.
|
|
I screwed up everything... trying to fix now.
|
|
IPv6 support is coming and we don't want to pollute the interface.c file
with too many of these helper functions.
Also, rename these functions from if_set_* to sock_set_*.
|
|
|
|
|
|
|
|
Rename a few more things to improve readability.
* s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter)
* s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter)
* s/LDPD_FLAG_*/F_LDPD_*/ (consistency)
* s/lde_nbr_address/lde_addr/ (shorter)
* s/ldp_discovery_socket/ldp_disc_socket/ (shorter)
* s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter)
* s/ldp_sendboth/main_imsg_compose_both/ (consistency)
* s/cons/total/ (makes more sense)
* s/kaddr/ka/ (consistency with remaining code)
* Always use 'ln' for lde_nbrs (consistency)
|
|
|
|
* Fix check of the packet's size and the "PDU Length" field;
* Add check for the "Message Length" field;
* Check for invalid labelspace earlier.
* Use if_lookup() on disc_recv_iface() to reduce one level of identation;
Additionally, add the following safeguards:
* Check for unicast link hellos;
* Check for multicast targeted hellos;
* Validate packet's source address;
* Validate received transport-address.
Put the ancillary function bad_ip_addr() into a new file, util.c, which
will be used later for several other things.
|
|
|
|
And some ifmedia64 fixes.
"move forward" deraadt@
|
|
ok claudio@
|
|
This patch introduces full support for pseudowire signaling in ldpd(8),
including Control Word and Status TLV negotiation.
As of now it's not possible to configure a VPWS, but the signaling is
the same. In the future, when VPWS support is available in the kernel,
ldpd(8) can be extended to support VPWS with only a few modifications.
Limitations:
* No support for FEC 129, only FEC 128 (more widely deployed);
* No support for group withdraws (not widely deployed);
* No support for MAC withdraws (not widely deployed).
Related RFCs:
* RFC 3916: Requirements for Pseudo-Wire Emulation Edge-to-Edge (PWE3)
* RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
* RFC 4385: Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for
Use over an MPLS PSN
* RFC 4446: IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)
* RFC 4447: Pseudowire Setup and Maintenance Using the Label Distribution
Protocol (LDP)
* RFC 4448: Encapsulation Methods for Transport of Ethernet over MPLS
Networks
* RFC 4905: Encapsulation Methods for Transport of Layer 2 Frames over
MPLS Networks
* RFC 4906: Transport of Layer 2 Frames Over MPLS
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
This is a preliminary work for the the next patch (sigup config
reload). We want to make sure that the ldpe process can handle duplicated
addresses.
The idea is to alloc two different if_addr structures for each address,
and link one in the global list of addresses (used to send address
messages) and link the other to the associated interface list of
addresses.
Doing that we will be able to call kif_redistribute() after reloading
the config file and activate the new LDP enabled interfaces.
NOTE: Interfaces are created at config parse time and the child
processes inherit them on fork() so there's no need to send a status
update at startup.
ok claudio@
|
|
ok claudio@
|
|
This patch presents a thoroughly review of the label mapping
algorithms. Most of the changes are minor bug fixes in the handling of
received label messages.
Additional improvements:
* Add a few more references to the Appendix A of the RFC5036 ("LDP
Label Distribution Procedures") into the code;
* Add full multipath support;
* Send label withdraws when appropriate;
* Add label withdraw/release wildcard support.
NOTE: As a result of implementing only the "Liberal Label Retention" and
"Downstream Unsolicited" modes, we will never send a label request
("Request Never"). And that means that we can ignore the following
notification messages: "Label Request Aborted", "No Label Resources",
"No Route" and "Label Resources Available". The following algorithms
mentioned in the RFC can also be ignored: "Timeout of Deferred Label
Request", "Detect Local Label Resources Have Become Available" and
"Receive Label Abort Request".
Now, considering that we only support one combination of all modes of
operation, we can say that we have an almost complete implementation of
the protocol.
ok claudio@
|
|
LDP has several modes of operation, it was designed in that way so it
could run on legacy equipment like ATM/FR switches with very strict
memory limitations.
For modern hardware there's no point on using either the "Conservative
Label Retention" or "Downstream On Demand" modes of operation since they
save memory at cost of blackholing traffic when routing changes. Major
vendors implement only the "Liberal Label Retention" and "Downstream
Unsolicited" modes for non ATM/FR hardware. Let's do that too.
As for using either "Independent Control" or "Ordered Control", let's
stick with the first option mainly because it's easier to implement
and because it doesn't really matter which control mode is used. For
reference, Cisco implements only "Independent Control" and Juniper only
"Ordered Control". Both modes are interoperable.
The point of supporting only one combination of all modes of operation
is that it will allow for the writing of a simpler code without removing
useful functionality.
ok claudio@
|
|
This is major rework of the kroute.c code. The idea is remove complexity
from the lde process by making kroute.c advertise only the lowest priority
routes of each prefix.
kroute.c now keeps track of all routes using three different structures:
kroute_prefix, kroute_priority and kroute_node.
kroute_prefix represents a prefix and contains an ordered list of
priorities (kroute_priority) and for each priority there is a list of
nexthops (kroute_node). Arranging the routes using these three structures
allows for the writing of a simpler code, easier to understand.
Whenever a route is removed, if there's another route for the same prefix,
but with a lower priority, this route is immediately sent to lde.
Additional fixes:
* On RTM_CHANGE, remove the old route before installing the new one;
* On IMSG_CTL_KROUTE_ADDR, show all nexthops for multpath routes;
|
|
The LIB is a table where the router keeps all known MPLS labels. So,
we should loop over all the received label mappings from all neighbors
to show the full LIB.
The lde_nbr_is_nexthop() function was introduced to verify if a lib
entry is supposed to be installed in the fib (according to the fib entry's
nexthop and the addresses advertised by the lib entry's nexthop). This is
better than keeping track of lib<->fib entries with pointers and back
pointers because it keeps the lib/fib structures independent of each
other, which in turn makes the code less prone to bugs.
OK claudio@
|
|
In the name of simplicity, remove the interface FSM that was inherited
from ospfd. In ldpd interfaces are just up or down, so keeping a
FSM for that is an overkill. Now instead of calling if_fsm(), just
call if_update() whenever a relevant event occurs (status change,
address addition/removal).
Additional notes:
1 - s/if_act_/if_/
2 - Remove the IMSG_IFUP and IMSG_IFDOWN events. Now whenever an
interface changes its state a IMSG_IFSTATUS event will be generated
with the new status.
kroute.c ldpd.h ldpe.c ldpe.h CVS:
----------------------------------------------------------------------
|
