From: Vincent Bernat <vincent@bernat.im>
Date: Sat, 28 Mar 2015 08:57:43 +0000 (+0100)
Subject: interfaces: management address is set to pattern on exact match
X-Git-Tag: 0.7.14~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=abfea7d0be120ca4bc123431a532658a4637b6d7;p=thirdparty%2Flldpd.git

interfaces: management address is set to pattern on exact match

When the management pattern is an exact IP address, use it as is instead
of trying to match an interface. When a user doesn't want this
behavior (keeping the check), they should use something like
`192.168.1.15,0` or `!*,!!192.168.1.15` instead of the exact IP address.

This feature allows a user to advertise an out-of-band management IP
address.

Closes #103
---

diff --git a/NEWS b/NEWS
index 9f74acef..a2d62951 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 lldpd (0.7.14)
   * Features:
     + Shutdown LLPDU are sent on MSAP change and when lldpd exits.
+    + When an exact IP is provided as a management pattern, use it
+      unconditionally.
   * Fix:
     + Incorrect boundary check when decoding management address and
       protocol identity may lead to lldpd crash when processing
diff --git a/src/client/lldpcli.8.in b/src/client/lldpcli.8.in
index a47784a9..5e1d7045 100644
--- a/src/client/lldpcli.8.in
+++ b/src/client/lldpcli.8.in
@@ -301,10 +301,11 @@ not disable promiscuous mode on interfaces already using this mode.
 .Bd -ragged -offset XXXXXX
 Specify the management addresses of this system. As for interfaces
 (described above), this option can use wildcards and inversions.
-Without this option, the first IPv4 and the first IPv6 are used. If
-only negative patterns are provided, only one IPv4 and one IPv6
-addresses are chosen. Otherwise, many of them can be selected. If you
-want to blacklist IPv6 addresses, you can use
+Without this option, the first IPv4 and the first IPv6 are used. If an
+exact IP address is provided, it is used as a management address
+without any check. If only negative patterns are provided, only one
+IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be
+selected. If you want to blacklist IPv6 addresses, you can use
 .Em !*:* .
 .Ed
 
diff --git a/src/daemon/interfaces.c b/src/daemon/interfaces.c
index 849ed285..3b7a7bba 100644
--- a/src/daemon/interfaces.c
+++ b/src/daemon/interfaces.c
@@ -436,15 +436,47 @@ interfaces_helper_mgmt(struct lldpd *cfg,
 {
 	int allnegative = 0;
 	int af;
+	const char *pattern = cfg->g_config.c_mgmt_pattern;
 
 	lldpd_chassis_mgmt_cleanup(LOCAL_CHASSIS(cfg));
 
+	/* Is the pattern provided an actual IP address? */
+	if (pattern && strpbrk(pattern, "!,*?") == NULL) {
+		struct in6_addr addr;
+		size_t addr_size;
+		for (af = LLDPD_AF_UNSPEC + 1;
+		     af != LLDPD_AF_LAST; af++) {
+			switch (af) {
+			case LLDPD_AF_IPV4: addr_size = sizeof(struct in_addr); break;
+			case LLDPD_AF_IPV6: addr_size = sizeof(struct in6_addr); break;
+			default: assert(0);
+			}
+			if (inet_pton(lldpd_af(af), pattern, &addr) == 1)
+				break;
+		}
+		if (af == LLDPD_AF_LAST) {
+			log_debug("interfaces",
+			    "interface management pattern is an incorrect IP");
+		} else {
+			struct lldpd_mgmt *mgmt;
+			mgmt = lldpd_alloc_mgmt(af, &addr, addr_size, 0);
+			if (mgmt == NULL) {
+				log_warn("interfaces", "out of memory error");
+				return;
+			}
+			log_debug("interfaces", "add exact management address %s",
+				pattern);
+			TAILQ_INSERT_TAIL(&LOCAL_CHASSIS(cfg)->c_mgmt, mgmt, m_entries);
+		}
+		return;
+	}
+
 	/* Is the pattern provided all negative? */
-	if (cfg->g_config.c_mgmt_pattern == NULL) allnegative = 1;
-	else if (cfg->g_config.c_mgmt_pattern[0] == '!') {
+	if (pattern == NULL) allnegative = 1;
+	else if (pattern[0] == '!') {
 		/* If each comma is followed by '!', its an all
 		   negative pattern */
-		char *sep = cfg->g_config.c_mgmt_pattern;
+		const char *sep = pattern;
 		while ((sep = strchr(sep, ',')) &&
 		       (*(++sep) == '!'));
 		if (sep == NULL) allnegative = 1;
diff --git a/src/daemon/lldpd.8.in b/src/daemon/lldpd.8.in
index 695aaa94..4c17b83c 100644
--- a/src/daemon/lldpd.8.in
+++ b/src/daemon/lldpd.8.in
@@ -186,10 +186,11 @@ will not send any frame. It will only listen to neighbors.
 .It Fl m Ar management
 Specify the management addresses of this system. As for interfaces
 (described below), this option can use wildcards and inversions.
-Without this option, the first IPv4 and the first IPv6 are used. If
-only negative patterns are provided, only one IPv4 and one IPv6
-addresses are chosen. Otherwise, many of them can be selected. If you
-want to blacklist IPv6 addresses, you can use
+Without this option, the first IPv4 and the first IPv6 are used. If an
+exact IP address is provided, it is used as a management address
+without any check. If only negative patterns are provided, only one
+IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be
+selected. If you want to blacklist IPv6 addresses, you can use
 .Em !*:* .
 .It Fl u Ar file
 Specify the Unix-domain socket used for communication with