]>
Commit | Line | Data |
---|---|---|
43c02e7b | 1 | lldpd: implementation of IEEE 802.1ab (LLDP) |
00402c76 | 2 | ============================================ |
43c02e7b | 3 | |
ce05de54 VB |
4 | [![Build Status](https://secure.travis-ci.org/vincentbernat/lldpd.png?branch=master)](http://travis-ci.org/vincentbernat/lldpd) |
5 | ||
bf74bdaf | 6 | http://vincentbernat.github.com/lldpd/ |
f0c42642 | 7 | |
4b292b55 VB |
8 | Features |
9 | -------- | |
10 | ||
43c02e7b VB |
11 | LLDP (Link Layer Discovery Protocol) is an industry standard protocol |
12 | designed to supplant proprietary Link-Layer protocols such as | |
13 | Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery | |
14 | Protocol). The goal of LLDP is to provide an inter-vendor compatible | |
15 | mechanism to deliver Link-Layer notifications to adjacent network | |
16 | devices. | |
17 | ||
18 | lldpd implements both reception and sending. It also implements an | |
19 | SNMP subagent for net-snmp to get local and remote LLDP | |
f7f82e1e | 20 | information. The LLDP-MIB is partially implemented but the most useful |
b193e97e | 21 | tables are here. lldpd also partially implements LLDP-MED. |
43c02e7b | 22 | |
f7f82e1e | 23 | lldpd supports bridge, vlan and bonding. |
c0cdd011 | 24 | |
2b35e2d0 VB |
25 | The following OS are supported: |
26 | ||
27 | * FreeBSD | |
28 | * GNU/Linux | |
b9d81025 | 29 | * OS X |
2b35e2d0 VB |
30 | * NetBSD |
31 | * OpenBSD | |
f7f82e1e | 32 | * Solaris |
2b35e2d0 | 33 | |
4b292b55 VB |
34 | Installation |
35 | ------------ | |
36 | ||
ba666663 VB |
37 | For general instructions |
38 | [see the website](http://vincentbernat.github.io/lldpd/installation.html). | |
39 | ||
40 | To compile lldpd from sources, use the following: | |
00402c76 VB |
41 | |
42 | ./configure | |
43 | make | |
44 | sudo make install | |
52ac3f37 | 45 | |
13dce469 VB |
46 | lldpd uses privilege separation to increase its security. Two |
47 | processes, one running as root and doing minimal stuff and the other | |
48 | running as an unprivileged user into a chroot doing most of the stuff, | |
00402c76 VB |
49 | are cooperating. You need to create a user called `_lldpd` in a group |
50 | `_lldpd` (this can be change with `./configure`). You also need to | |
ba666663 VB |
51 | create an empty directory `/usr/local/var/run/lldpd` (it needs to be |
52 | owned by root, not `_lldpd`!). If you get fuzzy timestamps from | |
53 | syslog, copy `/etc/locatime` into the chroot. | |
13dce469 | 54 | |
2b35e2d0 | 55 | `lldpcli` lets one query information collected through the command |
33aced7a | 56 | line. If you don't want to run it as root, just install it setuid or |
00402c76 | 57 | setgid `_lldpd`. |
43c02e7b | 58 | |
b9d81025 | 59 | Installation (OS X) |
e66b7f34 VB |
60 | ----------------------- |
61 | ||
b9d81025 | 62 | The same procedure as above applies for OS X. However, there are |
92f5db08 | 63 | simpler alternatives: |
29e300e5 | 64 | |
92f5db08 | 65 | 1. Use [Homebrew](http://mxcl.github.io/homebrew/): |
e66b7f34 | 66 | |
92f5db08 VB |
67 | brew install lldpd |
68 | # Or, for the latest version: | |
69 | brew install https://raw.github.com/vincentbernat/lldpd/master/osx/lldpd.rb | |
b708297c | 70 | |
b9d81025 | 71 | 2. Build an OS X installer package which should work on the same |
737afb35 | 72 | version of OS X: |
92f5db08 | 73 | |
462d8b6c | 74 | mkdir build && cd build |
87bb9a1b | 75 | ../configure --prefix=/usr/local --localstatedir=/var --sysconfdir=/private/etc --with-embedded-libevent \ |
2cbd5b62 | 76 | --without-json --without-snmp |
737afb35 | 77 | make -C osx pkg |
b708297c | 78 | |
b9d81025 | 79 | If you want to compile for an older version of OS X, you need |
462d8b6c VB |
80 | to find the right SDK and issues commands like those: |
81 | ||
82 | SDK=/Developer/SDKs/MacOSX10.6.sdk | |
83 | mkdir build && cd build | |
87bb9a1b | 84 | ../configure --prefix=/usr/local --localstatedir=/var --sysconfdir=/private/etc --with-embedded-libevent \ |
db04d99f | 85 | --without-json --without-snmp \ |
462d8b6c VB |
86 | CFLAGS="-mmacosx-version-min=10.6 -isysroot $SDK" \ |
87 | LDFLAGS="-mmacosx-version-min=10.6 -isysroot $SDK" | |
737afb35 | 88 | make -C osx pkg |
462d8b6c | 89 | |
92f5db08 VB |
90 | If you don't follow the above procedures, you will have to create the |
91 | user/group `_lldpd`. Have a look at how this is done in | |
92 | `osx/scripts/postinstall`. | |
b708297c | 93 | |
8b0ca98e VB |
94 | Installation (Android) |
95 | ---------------------- | |
96 | ||
97 | You need to download [Android NDK][]. Once unpacked, you can generate | |
98 | a toolchain using the following command: | |
99 | ||
100 | ./build/tools/make-standalone-toolchain.sh \ | |
101 | --platform=android-9 \ | |
102 | --arch=arm \ | |
103 | --install-dir=../android-toolchain | |
104 | export TOOLCHAIN=$PWD/../android-toolchain | |
105 | ||
106 | Then, you can build `lldpd` with the following commands: | |
107 | ||
108 | mkdir build && cd build | |
109 | export PATH=$PATH:$TOOLCHAIN/bin | |
110 | ../configure \ | |
111 | --host=arm-linux-androideabi \ | |
112 | --with-sysroot=$TOOLCHAIN/sysroot | |
113 | ||
114 | [Android NDK]: http://developer.android.com/tools/sdk/ndk/index.html | |
115 | ||
4b292b55 VB |
116 | Usage |
117 | ----- | |
118 | ||
031118c4 VB |
119 | lldpd also implements CDP (Cisco Discovery Protocol), FDP (Foundry |
120 | Discovery Protocol), SONMP (Nortel Discovery Protocol) and EDP | |
121 | (Extreme Discovery Protocol). However, recent versions of IOS should | |
122 | support LLDP and most Extreme stuff support LLDP. When a EDP, CDP or | |
123 | SONMP frame is received on a given interface, lldpd starts sending | |
124 | EDP, CDP, FDP or SONMP frame on this interface. Informations collected | |
125 | through EDP/CDP/FDP/SONMP are integrated with other informations and | |
2b35e2d0 | 126 | can be queried with `lldpcli` or through SNMP. |
43c02e7b | 127 | |
c167357d VB |
128 | More information: |
129 | * http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol | |
130 | * http://standards.ieee.org/getieee802/download/802.1AB-2005.pdf | |
131 | * http://wiki.wireshark.org/LinkLayerDiscoveryProtocol | |
132 | ||
133 | Compatibility with older kernels | |
134 | -------------------------------- | |
135 | ||
136 | If you have a kernel older than Linux 2.6.39, you need to compile | |
137 | lldpd with `--enable-oldies` to enable some compatibility functions: | |
138 | otherwise, lldpd will only rely on Netlink to receive bridge, bond and | |
139 | VLAN information. | |
140 | ||
43c02e7b VB |
141 | For bonding, you need 2.6.24 (in previous version, PACKET_ORIGDEV |
142 | affected only non multicast packets). See: | |
00402c76 VB |
143 | |
144 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80feaacb8a6400a9540a961b6743c69a5896b937 | |
145 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8032b46489e50ef8f3992159abd0349b5b8e476c | |
43c02e7b | 146 | |
c8851c73 | 147 | Otherwise, a packet received on a bond will be affected to all |
c167357d VB |
148 | interfaces of the bond. In this case, lldpd will affect a received |
149 | randomly to one of the interface (so a neighbor may be affected to the | |
150 | wrong interface). | |
43c02e7b VB |
151 | |
152 | On 2.6.27, we are able to receive packets on real interface for bonded | |
21d89e7d | 153 | devices. This allows one to get neighbor information on active/backup |
43c02e7b VB |
154 | bonds. Without the 2.6.27, lldpd won't receive any information on |
155 | inactive slaves. Here are the patchs (thanks to Joe Eykholt): | |
00402c76 VB |
156 | |
157 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d7a3681232f545c6a59f77e60f7667673ef0e93 | |
158 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9bd5cebc0825e0fabc0186ab85806a0891104f | |
159 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f982307f22db96201e41540295f24e8dcc10c78f | |
43c02e7b | 160 | |
63aebf55 VB |
161 | On FreeBSD, only a recent 9 kernel (9.1 or more recent) will allow to |
162 | send LLDP frames on enslaved devices. See this bug report for more | |
163 | information: | |
164 | ||
165 | * http://www.freebsd.org/cgi/query-pr.cgi?pr=138620 | |
166 | ||
c167357d | 167 | Some devices (notably Cisco IOS) send frames tagged with the native |
50724a52 VB |
168 | VLAN while they should send them untagged. If your network card does |
169 | not support accelerated VLAN, you will receive those frames as long as | |
170 | the corresponding interface exists (see below). However, if your | |
171 | network card handles VLAN encapsulation/decapsulation (check with | |
5f7d1cd5 VB |
172 | `ethtool -k`), you need a recent kernel to be able to receive those |
173 | frames without listening on all available VLAN. Starting from Linux | |
174 | 2.6.27, lldpd is able to capture VLAN frames when VLAN acceleration is | |
175 | supported by the network card. Here is the patch: | |
49697208 | 176 | |
50724a52 VB |
177 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc1d0411b804ad190cdadabac48a10067f17b9e6 |
178 | ||
179 | On some other versions, frames are sent on VLAN 1. If this is not the | |
180 | native VLAN and if your network card support accelerated VLAN, you | |
181 | need to subscribe to this VLAN as well. The Linux kernel does not | |
182 | provide any interface for this. The easiest way is to create the VLAN | |
183 | for each port: | |
5f7d1cd5 VB |
184 | |
185 | ip link add link eth0 name eth0.1 type vlan id 1 | |
186 | ip link set up dev eth0.1 | |
187 | ||
188 | You can check both cases using tcpdump: | |
189 | ||
190 | tcpdump -epni eth0 ether host 01:80:c2:00:00:0e | |
191 | tcpdump -eni eth0 ether host 01:80:c2:00:00:0e | |
192 | ||
193 | If the first command does not display received LLDP packets but the | |
194 | second one does, LLDP packets are likely encapsulated into a VLAN: | |
195 | ||
196 | 10:54:06.431154 f0:29:29:1d:7c:01 > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 363: vlan 1, p 7, ethertype LLDP, LLDP, name SW-APP-D07.VTY, length 345 | |
197 | ||
50724a52 VB |
198 | In this case, just create VLAN 1 will fix the situation. There are |
199 | other solutions: | |
200 | ||
201 | 1. Disable VLAN acceleration on the receive side (`ethtool -K eth0 | |
202 | rxvlan off`) but this may or may not work. Check if there are | |
203 | similar properties that could apply with `ethtool -k eth0`. | |
f84199dd VB |
204 | 2. Put the interface in promiscuous mode with `ip link set |
205 | promisc on dev eth0`. | |
50724a52 | 206 | |
f4da5f84 VB |
207 | The last solution can be done directly by `lldpd` (on Linux only) by |
208 | using the option `configure system interface promiscuous`. | |
209 | ||
50724a52 | 210 | On modern networks, the performance impact should be nonexistent. |
5f7d1cd5 | 211 | |
426ee11e VB |
212 | Development |
213 | ----------- | |
214 | ||
215 | During development, you may want to execute lldpd at its current | |
3bd5a878 | 216 | location instead of doing `make install`. The correct way to do this is |
426ee11e VB |
217 | to issue the following command: |
218 | ||
219 | sudo libtool execute src/daemon/lldpd -L $PWD/src/client/lldpcli -d | |
220 | ||
221 | You can append any further arguments. If lldpd is unable to find | |
222 | `lldpcli` it will start in an unconfigured mode and won't send or | |
223 | accept LLDP frames. | |
224 | ||
3ca10086 VB |
225 | You can use [afl](http://lcamtuf.coredump.cx/afl/) to test some |
226 | aspects of lldpd. To test frame decoding, you can do something like | |
227 | that: | |
228 | ||
229 | export AFL_USE_ASAN=1 # only on 32bit arch | |
230 | ./configure CC=afl-gcc | |
231 | make clean check | |
232 | cd tests | |
233 | mkdir inputs | |
234 | mv *.pcap inputs | |
235 | afl-fuzz -i inputs -o outputs ./decode @@ | |
236 | ||
8cd1f2d0 | 237 | There is a general test suite with `make check`. It's also possible to |
583c9a26 VB |
238 | run integration tests with `make integration-tests && sh |
239 | ./integration-tests`. Those are not very flexible and may or may not | |
240 | work depending on your platform. Also check the content of | |
241 | `tests/lldpcli.conf`. It's a configuration file that should cover all | |
242 | commands present in lldpcli. | |
8cd1f2d0 | 243 | |
4b292b55 VB |
244 | Embedding |
245 | --------- | |
246 | ||
247 | To embed lldpd into an existing system, there are two point of entries: | |
248 | ||
249 | 1. If your system does not use standard Linux interface, you can | |
250 | support additional interfaces by implementing the appropriate | |
e12c2365 VB |
251 | `struct lldpd_ops`. You can look at |
252 | `src/daemon/interfaces-linux.c` for examples. Also, have a look at | |
253 | `interfaces_update()` which is responsible for discovering and | |
254 | registering interfaces. | |
4b292b55 | 255 | |
2b35e2d0 | 256 | 2. `lldpcli` provides a convenient way to query `lldpd`. It also |
4b292b55 VB |
257 | comes with various outputs, including XML which allows one to |
258 | parse its output for integration and automation purpose. Another | |
259 | way is to use SNMP support. A third way is to write your own | |
260 | controller using `liblldpctl.so`. Its API is described in | |
261 | `src/lib/lldpctl.h`. The custom binary protocol between | |
262 | `liblldpctl.so` and `lldpd` is not stable. Therefore, the library | |
263 | should always be shipped with `lldpd`. On the other hand, programs | |
264 | using `liblldpctl.so` can rely on the classic ABI rules. | |
265 | ||
22f1ea46 VB |
266 | Troubleshooting |
267 | --------------- | |
268 | ||
269 | You can use `tcpdump` to look after the packets received and send by | |
270 | `lldpd`. To look after LLDPU, use: | |
271 | ||
272 | tcpdump -s0 -vv -pni eth0 ether dst 01:80:c2:00:00:0e | |
273 | ||
4b292b55 VB |
274 | License |
275 | ------- | |
276 | ||
c882a2cf | 277 | lldpd is distributed under the ISC license: |
00402c76 | 278 | |
51434125 | 279 | > Permission to use, copy, modify, and/or distribute this software for any |
00402c76 VB |
280 | > purpose with or without fee is hereby granted, provided that the above |
281 | > copyright notice and this permission notice appear in all copies. | |
282 | > | |
283 | > THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
284 | > WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
285 | > MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
286 | > ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
287 | > WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
288 | > ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
289 | > OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
35f6f4fb VB |
290 | |
291 | Also, `lldpcli` will be linked to GNU Readline (which is GPL licensed) | |
292 | if available. To avoid this, use `--without-readline` as a configure | |
293 | option. |