Vincent Bernat [Mon, 13 Jun 2016 07:54:57 +0000 (09:54 +0200)]
build: fix build issue introduced in previous commit
$^ was used for a reason: automake would fix the paths used in
dependencies using VPATH or something similar. For some reason, this
even break with GNU make when not using OOT build. Long story short, we
use a pattern substitution to ensure that the atom files are looked up
in the correct directory.
This use of substitutions is mandated by POSIX (the 2013 version I
think). See:
http://austingroupbugs.net/view.php?id=519
It is however believed that most make implementation had support for
this since a long time.
Patrick McLean [Fri, 10 Jun 2016 17:09:01 +0000 (10:09 -0700)]
seccomp: add fcntl and getsockname to seccomp whitelist
Recent versions of lldpd make calls to fcntl and getsockname, but they
are not in the seccomp whitelist. This patch adds them. Reported by Gentoo
users in these bugs:
Vincent Bernat [Sat, 21 May 2016 10:52:00 +0000 (12:52 +0200)]
compat: ensure ranlib is happy on OSX by providing one symbol
We were already doing that but recent versions of ranlib became smarter
and don't fall in the trap of a static variable. Provide a non-static
version instead.
Vincent Bernat [Thu, 19 May 2016 21:36:24 +0000 (23:36 +0200)]
interfaces/linux: make veth special
veth is always a physical interface. However, it may be hard to detect
because when they are created, lower interface for the first one is none
and lower interface for the second one is the first one. Hence, no loop
detected, hence the second one is not considered as a physical
interface.
Vincent Bernat [Mon, 16 May 2016 06:56:56 +0000 (08:56 +0200)]
log: make a copy of va when logging to both stderr and syslog
On common platform, the copy is cheap. In case it isn't we note that the
copy doesn't happen if using a log handler and syslog cannot be enabled
with debug messages.
Vincent Bernat [Sat, 14 May 2016 17:46:07 +0000 (19:46 +0200)]
interfaces: ensure we don't break strict aliasing rule
Use an union to manipulate IPv4/IPv6 address. Other occurrences are
using memcpy (notably with "struct sockaddr_storage"). This is
preventive since gcc seems to rely more on this strict aliasing rule
since gcc-6.
Vincent Bernat [Fri, 15 Apr 2016 12:12:05 +0000 (14:12 +0200)]
debian: do not remove _lldpd user
While not strictly enforced, it is now considered better to not remove a
user on purge. We have no guarantee that the user is not owning some
files we didn't remove and those files could be attributed to another
user if the current user is removed. Moreover, less code.
Vincent Bernat [Wed, 23 Mar 2016 21:09:55 +0000 (22:09 +0100)]
lib: use C preprocessor to build list of init functions
Because some features can be disabled, we cannot just parse the C file,
we need to run the C preprocessor on them. Hopefully, the GNU make stuff
(filter) should be portable enough.
Vincent Bernat [Wed, 23 Mar 2016 07:33:11 +0000 (08:33 +0100)]
lib: don't rely on constructors
Constructors do not work when compiled as a static libraries. Moreover,
some dynamic linkers have still support for constructors optional (for
example, uclibc). Since this can be tested only at runtime, this is not
possible to detect that during configure when crosscompiling.
Vincent Bernat [Fri, 18 Mar 2016 19:05:03 +0000 (20:05 +0100)]
build: let configure tell us if we have address sanitizer
We cannot really rely on __has_feature or __ADDRESS_SANITIZER__ in code
since we are mostly interested in the leak sanitizer and there is
neither a feature nor a macro for that. Early version of GCC have the
address sanitizer, but not the leak sanitizer. We don't support this
configuration, but we need to build correctly either way. So, the user
is expected to enable address sanitizers only on configuration
supporting also the leak sanitizer.
Vincent Bernat [Fri, 18 Mar 2016 15:52:40 +0000 (16:52 +0100)]
tests/integration: mount /proc in namespaces
Because of the use of a PID namespace, we must mount /proc into the
appropriate namespace. We don't do that directly when creating
namespaces as clone() doesn't account for the namespace change with
setns() when we are still in the same process. We also fork a process to
do the mount as it seems mount() doesn't get that we are in a different
mount namespace either. Obviously, setns() has some drawbacks we need to
workaround.
We also mount /proc in the chroot. It's absolutely not safe to do so,
but that's only for address sanitizer to work as expected.
Vincent Bernat [Fri, 18 Mar 2016 12:43:22 +0000 (13:43 +0100)]
fixedpoint: fix buffer overflow in fixed point computations
This was detected by address sanitizer. This was harmless as we use
exclusively 5-byte buffers and we know the next byte is always unused
due to alignment.