Fix #166: drop SSDP entirely from Infix

mDNS-SD was added in Windows 10 Creators Update[1] (build 1703), relased
April 11, 2017.  This makes SSDP no longer critical for finding an Infix
device in Windows, both ping infix-01-02-03.local and using Chrome work.

Since all major operating systems now support mDNS-SD[2] we've decided
to standardize on that and LLDP for Infix and its derivatives.  Other
reasons for dropping it include, but is not limited to: lack of IPv6 in
the implementation we use, and potential security implications[3].

[1]: https://en.wikipedia.org/wiki/Windows_10,_version_1703
[2]: https://techcommunity.microsoft.com/t5/networking-blog/mdns-in-the-enterprise/ba-p/3275777
[3]: https://blog.cloudflare.com/ssdp-100gbps/

Signed-off-by: Joachim Wiberg <[email protected]>

board/classic/rootfs/bin/help

@@ -415,17 +415,11 @@ a printer can publish IPP records with meta data on the printer type and model
 or donwload URL for drivers.  Switches and routers usually publish how they
 can be reached: HTTP/HTTPS and SSH.
 
-Note: there are other mechanisms for device discovery.  Microsoft have been
-      slow to adopt mDNS, having relied on their own SSDP protocol.  For the
-      full experince Apple's "Bonjour" can be installed in Windows.
-
-      mDNS is supported in this product and should be enabled by default.  To
-      verify it works, open the Windows File Explorer (Win+E) and scroll to
-      Network in the left-hand menu.  An icon with a matching hostname can be
-      found there which, when clicked, opens up the device's Web Interface.
-      macOS users have mDNS fully integrated by default.  Linux users can use
-      'mdns-scan' or Avahi, as shown above.  The latter two can also just set
-      their web browsers to https://hostname-01-02-03.local
+mDNS is supported in this product and should be enabled by default.  To
+verify that it works, in Windows, macOS, or Linux, open your web browser
+and point it to <https://hostname-01-02-03.local>.  This is the hostname
+and three last octets of the device's base MAC address.  You can also use
+mDNS browsers or command line tools like mdns-scan
 
 
 $(h2 "VLAN Interfaces")

configs/aarch64_classic_defconfig

@@ -73,7 +73,6 @@ BR2_PACKAGE_NMAP_NMAP=y
 BR2_PACKAGE_NMAP_NPING=y
 BR2_PACKAGE_OPENRESOLV=y
 BR2_PACKAGE_SOCAT=y
-BR2_PACKAGE_SSDP_RESPONDER=y
 BR2_PACKAGE_TCPDUMP=y
 BR2_PACKAGE_TRACEROUTE=y
 BR2_PACKAGE_DIALOG=y

configs/aarch64_defconfig

@@ -78,7 +78,6 @@ BR2_PACKAGE_NMAP_NPING=y
 BR2_PACKAGE_OPENRESOLV=y
 BR2_PACKAGE_OPENSSH=y
 BR2_PACKAGE_SOCAT=y
-BR2_PACKAGE_SSDP_RESPONDER=y
 BR2_PACKAGE_TCPDUMP=y
 BR2_PACKAGE_TRACEROUTE=y
 BR2_PACKAGE_ULOGD=y

configs/x86_64_classic_defconfig

@@ -65,7 +65,6 @@ BR2_PACKAGE_NMAP_NMAP=y
 BR2_PACKAGE_NMAP_NPING=y
 BR2_PACKAGE_OPENRESOLV=y
 BR2_PACKAGE_SOCAT=y
-BR2_PACKAGE_SSDP_RESPONDER=y
 BR2_PACKAGE_TCPDUMP=y
 BR2_PACKAGE_TRACEROUTE=y
 BR2_PACKAGE_DIALOG=y

configs/x86_64_defconfig

@@ -74,7 +74,6 @@ BR2_PACKAGE_NMAP_NPING=y
 BR2_PACKAGE_OPENRESOLV=y
 BR2_PACKAGE_OPENSSH=y
 BR2_PACKAGE_SOCAT=y
-BR2_PACKAGE_SSDP_RESPONDER=y
 BR2_PACKAGE_TCPDUMP=y
 BR2_PACKAGE_TRACEROUTE=y
 BR2_PACKAGE_ULOGD=y

configs/x86_64_minimal_defconfig

@@ -50,7 +50,6 @@ BR2_PACKAGE_ETHTOOL=y
 BR2_PACKAGE_LLDPD=y
 BR2_PACKAGE_OPENRESOLV=y
 BR2_PACKAGE_OPENSSH=y
-BR2_PACKAGE_SSDP_RESPONDER=y
 BR2_PACKAGE_TCPDUMP=y
 BR2_PACKAGE_KMOD_TOOLS=y
 BR2_PACKAGE_BASH_COMPLETION=y

doc/TODO.org

@@ -1,7 +1,7 @@
 * TODO doc: User Guide
 
 - Feature set and scope, e.g.
-  - Device discovery: SSDP, LLDP, mDNS-SD how do they work, interfacing with Windows/macOS/Linux
+  - Device discovery: LLDP, mDNS-SD how do they work, interfacing with Windows/macOS/Linux
   - Network redundancy protocols: STP/RSTP, MRP
 - Configuring the system; using ifupdown2, enabling/disabling services
 - Diagnosing the system; using rmon, port mirroring, debugging services, searching logs

doc/branding.md

@@ -16,7 +16,7 @@ The hostname is used for the system default `/etc/hostname`, which
 is the base name for the "unique:ified" hostname + the last three
 octets of the base MAC[^1] address, e.g., `infix-c0-ff-ee`.  This in
 turn is the hostname that is set at first boot and also advertised
-by device discovery protocols like SSDP, mDNS/SD and LLDP.
+by device discovery protocols like mDNS-SD and LLDP.
 
 See the help texts for the *Infix Branding* settings to understand
 which ones are mandatory and which are optional, menuconfig does not

doc/discovery.md

@@ -41,8 +41,9 @@ admin@infix-00-00-00:~$
 
 ## Discovery mechanisms available in Infix
 
-Infix advertises its presence via the [mDNS](#mdns) and [SSDP](#ssdp) discovery
-protocols in addition to [LLDP](#lldp).
+Infix advertises its presence via the [mDNS](#mdns) and [LLDP](#lldp)
+discovery protocols.
+
 
 ### LLDP
 
@@ -173,29 +174,3 @@ linux-pc:#
 [^2]: [mdns-scan](http://0pointer.de/lennart/projects/mdns-scan/): a
     tool for scanning for mDNS/DNS-SD published services on the local
     network
-
-### SSDP
-
-For Windows clients, Infix advertises itself via the SSDP
-protocol. The Infix unit will appear as a *Network Infrastructure* 
-equipment icon in the *Network* tab of Windows Explorer.
-
-In Linux, the *ssdp-scan*[^3] tool can be used to find Infix units via
-SSDP.
-
-```
-linux-pc:# ssdp-scan tap0
-+ infix-00-00-00                            http://10.0.1.1
-linux-pc:# 
-```
-
-> Note 1: Infix presents itself with a HTTP URL, however, currently no
-> Web server is running. Still, the IP address 10.0.1.1 is discovered
-> and can be used for SSH access, etc.
-
-> Note 2: SSDP is limited to IPv4. Thus, it is only valid as discovery
-> mechanism when Infix as well as the client PC has an IPv4 address
-> assigned.
-
-[^3]: [SSDP Responder for
-    Linux/UNIX](https://github.com/troglobit/ssdp-responder)

src/confd/bin/bootstrap

@@ -161,7 +161,7 @@ sysrepoctl -s $SEARCH							\
 	   -i [email protected] -g wheel -p 0660	\
 	   -i [email protected]	-g wheel -p 0660	\
 	   -i [email protected]	-g wheel -p 0660	\
-	   -i infix-services@2023-08-22.yang	-g wheel -p 0660	\
+	   -i infix-services@2023-10-16.yang	-g wheel -p 0660	\
 	   -I "${INIT_DATA}"
 rc=$?
 

src/confd/share/factory.d/10-system.json

@@ -7,8 +7,5 @@
     },
     "infix-services:mdns": {
 	"enabled": true
-    },
-    "infix-services:ssdp": {
-	"enabled": true
     }
 }

src/confd/src/infix-services.c

@@ -16,7 +16,7 @@
 
 
 static const struct srx_module_requirement reqs[] = {
-	{ .dir = YANG_PATH_, .name = "infix-services",      .rev = "2023-08-22" },
+	{ .dir = YANG_PATH_, .name = "infix-services",      .rev = "2023-10-16" },
 	{ .dir = YANG_PATH_, .name = "ieee802-dot1ab-lldp", .rev = "2022-03-15" },
 	{ .dir = YANG_PATH_, .name = "infix-lldp",          .rev = "2023-08-23" },
 	{ NULL }
@@ -75,12 +75,6 @@ static int mdns_change(sr_session_ctx_t *session, uint32_t sub_id, const char *m
 	return svc_change(session, event, xpath, "mdns", "avahi");
 }
 
-static int ssdp_change(sr_session_ctx_t *session, uint32_t sub_id, const char *module,
-	const char *xpath, sr_event_t event, unsigned request_id, void *_confd)
-{
-	return svc_change(session, event, xpath, "ssdp", "ssdp-responder");
-}
-
 static int lldp_change(sr_session_ctx_t *session, uint32_t sub_id, const char *module,
 	const char *xpath, sr_event_t event, unsigned request_id, void *_confd)
 {
@@ -97,8 +91,6 @@ int infix_services_init(struct confd *confd)
 
 	REGISTER_CHANGE(confd->session, "infix-services", "/infix-services:mdns",
 			0, mdns_change, confd, &confd->sub);
-	REGISTER_CHANGE(confd->session, "infix-services", "/infix-services:ssdp",
-			0, ssdp_change, confd, &confd->sub);
 	REGISTER_CHANGE(confd->session, "ieee802-dot1ab-lldp", "/ieee802-dot1ab-lldp:lldp",
 			0, lldp_change, confd, &confd->sub);
 

src/confd/yang/infix-services@2023-08-22.yang → src/confd/yang/infix-services@2023-10-16.yang

@@ -7,8 +7,13 @@ module infix-services {
   contact      "[email protected]";
   description  "Infix services, generic.";
 
+  revision 2023-10-16 {
+    description "Drop SSDP support, mDNS-SD is now available in Windows 10.";
+    reference "internal";
+  }
+
   revision 2023-08-22 {
-    description "Initial revision, add SSDP and mDNS/SD enable/disable only.";
+    description "Initial revision, add SSDP and mDNS-SD enable/disable only.";
     reference "internal";
   }
 
@@ -24,13 +29,4 @@ module infix-services {
       description "Globally enable or disable mDNS/SD on all interfaces.";
     }
   }
-
-  container ssdp {
-    description "Advertise system over SSDP (Windows uPnP), IPv4 only.";
-
-    leaf enabled {
-      type boolean;
-      description "Globally enable or disable SSDP on all interfaces.";
-    }
-  }
 }

test/case/infix_services/services_basic.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Verify that basic services like SSDP, mDNS and LLDP can be enabled and
+# Verify that basic services like mDNS and LLDP can be enabled and
 # disabled.  We verify operation and non-operation by using tcpdump.
 #
 # XXX: with socat in the Docker container we could speed up the LLDP
@@ -11,15 +11,13 @@
 
 import time
 import infamy
-from infamy.ssdp import SsdpClient
 
 def verify(enabled, sec):
     """Verify service traffic, or no traffic in case service not enabled"""
     _, hport = env.ltop.xlate("host", "data")
 
     with infamy.IsolatedMacVlan(hport) as netns:
-        snif = infamy.Sniffer(netns, "port 1900 or port 5353 or ether proto 0x88cc")
-        ssdp = SsdpClient(netns, retries=sec)
+        snif = infamy.Sniffer(netns, "port 5353 or ether proto 0x88cc")
 
         netns.addip("10.0.0.1")
         netns.addroute("0.0.0.0/0", "10.0.0.1")
@@ -28,9 +26,6 @@ def verify(enabled, sec):
         # LLDP lingers and will send a final shutdown message that
         # otherwise would get in the capture for disable.
         target.put_config_dict("infix-services", {
-            "ssdp": {
-                "enabled": enabled
-            },
             "mdns": {
                 "enabled": enabled
             }
@@ -42,9 +37,7 @@ def verify(enabled, sec):
         })
 
         with snif:
-            ssdp.start()
             time.sleep(sec)
-            ssdp.stop()
 
         return snif.output()
 
@@ -76,9 +69,6 @@ def verify(enabled, sec):
             }
         })
         target.put_config_dict("infix-services", {
-            "ssdp": {
-                "enabled": False
-            },
             "mdns": {
                 "enabled": False
             }
@@ -93,8 +83,6 @@ def verify(enabled, sec):
         rc = verify(True, 25)
         print(rc.stdout)
         # breakpoint()
-        if "10.0.0.10.1900 > 10.0.0.1" not in rc.stdout:
-            test.fail()
         if "10.0.0.10.5353" not in rc.stdout:
             test.fail()
         if "LLDP" not in rc.stdout:
@@ -103,8 +91,6 @@ def verify(enabled, sec):
     with test.step("Disable services on target, verify they're not running anymore ..."):
         rc = verify(False, 20)
         print(rc.stdout)
-        if "10.0.0.10.1900 > 10.0.0.1" in rc.stdout:
-            test.fail()
         if "10.0.0.10.5353" in rc.stdout:
             test.fail()
         if "LLDP" in rc.stdout:

test/docker/pip-requirements.txt

@@ -5,4 +5,3 @@ networkx==3.1
 pydot==1.4.2
 pyyaml==6.0.1
 passlib==1.7.4
-ssdp[cli]==1.3.0