client: Added support to override system capabilities
1) configure system capabilities enabled <capability_0,capability_1,...>
Override system capabilities with the provided value instead of using kernel information. Several capabilities can be specified separated by commas. Only available capabilities can be enabled. Valid capabilities are:
other
repeater
bridge
wlan
router
telephone
docsis
station
Here is an example of use:
lldpcli configure system capabilities enabled bridge,router
2) unconfigure system capabilities enabled
Do not override capabilities and use the kernel information. This option undoes the previous one.
Ignacio Sanchez Navarro (Ignacio.Sanchez@uws.ac.uk) - University of the West of Scotland - Supported by H2020-ICT-2020-2/101017226 6G-BRAINS
lldpd-structs.h
- Added new attribute "c_cap_override" to "lldpd_config" struct
conf-system.c
- Added new function "cmd_capability" for new command to override the chassis capabilities
- Added new function "register_commands_capabilities" to registers new commands to override the chassis capabilities
- Added call to "register_commands_capabilities" in "register_commands_configure_system"
chassis.c
- Added new function "_lldpctl_atom_st_int_chassis" to set "int" type vars in chassis
- Added assignation of ".set_int" function in "chassis" var build
config.c
- Added case for "lldpctl_k_config_chassis_cap_override" to get value of "c_cap_override" in "_lldpctl_atom_get_int_config" function
- Added case for "lldpctl_k_config_chassis_cap_override" to set value of "c_cap_override" in "_lldpctl_atom_set_int_config" function
client.c
- Added changes check for "c_cap_override" var in "client_handle_set_configuration" function
- Added changes check for "c_cap_enabled" var in "client_handle_set_local_chassis" function
lldpctl.h
- Added new enum values un "lldpctl_key_t" enum : "lldpctl_k_chassis_cap_enabled" and "lldpctl_k_config_chassis_cap_override"
- Corrected some typos in previous comments
lldpd.c
- Added check of capabilities override before setting new values in "lldpd_update_localchassis" function
- Added check of capabilities override before setting initial value of "c_cap_enabled" to 0 in "lldpd_loop" function
- Added initial set of "cfg->g_config.c_cap_override" to 0 in "lldpd_main" function
interfaces.c
- Added check of capabilities override before setting new values in "interfaces_helper_chassis" function
display.c
- Added new line to display the status of capabilities override in "show configration" command
lldpcli.8.in
- Added new commands and descriptions to man file
Fixes: 8e9dbbf80918 "lldp: don't send VLANs when there are too many of them
On interface with a lot of vlans, we still have "Too big packet"
notification on version 1.0.14
It looks like retry does exactly the same packet than first try
Vincent Bernat [Sun, 15 May 2022 10:03:52 +0000 (12:03 +0200)]
Revert "lib: update version-info"
This reverts commit e069bba4ec993cc4df14fab3a7108f43e3b66714. My bad,
this should not be changed just because of new stuff in enums. Only
additional functions require an update.
Default inventory information is fetched from dmi table.
Most of embedded devices do not run EFI bootloader hence dmi information
will not be available in /sys/class/dmi
- Add `configure inventory` commands
- Add `unconfigure inventory` commands
- New code is dependent on enable-lldpmed
- Add write support on lldpctl atoms
- Add support for setting inventory configuration in daemon
- Refactor `lldp_med` to assign `c_med_sw` only once.
We have the configurability of inventory information, So
it is not required for daemon to keep assigning `c_med_sw`
Vincent Bernat [Sat, 12 Mar 2022 13:30:06 +0000 (14:30 +0100)]
include: add back include/linux for old distributions
However, we don't ship sys/queue.h and netinet/if_ether.h. At some
point, we may want to explore just shipping uapi directory. This has
been tested with Debian 8.
Vincent Bernat [Sun, 12 Dec 2021 13:25:13 +0000 (14:25 +0100)]
interfaces: detect interface index changes
When an interface is deleted and recreated, we didn't detect any
change and just updated its index. However, the handles we had on this
interface are now invalid. Ensure the interface is correctly
reinitialized in this case.
Vincent Bernat [Sun, 19 Sep 2021 19:18:47 +0000 (21:18 +0200)]
sonmp: fix heap overflow when reading SONMP packets
By sending short SONMP packets, an attacker can make the decoder crash
by reading too much data on the heap. SONMP packets are fixed in size,
just ensure we get the enough bytes to contain a SONMP packet.
lldpcli: remove redundant "ports" parameters from cap and mgmt cmds
The commands below were introduced as global commands, but all of them
except the first one were missing code to ignore "ports" parameter
```
configure lldp capabilities-advertisements
unconfigure lldp capabilities-advertisements
unconfigure lldp management-addresses-advertisements
configure lldp management-addresses-advertisements
```
Vincent Bernat [Sun, 29 Aug 2021 19:57:07 +0000 (21:57 +0200)]
interfaces-bsd: do not consider an interface when it is down
At least on OpenBSD, an interface can be oper down while
`IFF_RUNNING`. Check the link state and removes the `IFF_RUNNING` flag
in this case. Something similar may work with FreeBSD and NetBSD, but
it may not be needed. It does not work with MacOS.
Vincent Bernat [Fri, 4 Jun 2021 16:51:13 +0000 (18:51 +0200)]
lldpcli: require powerpairs for Dot3 power even when PD
This reverts commit 7056d802b9c595dd16f1354649bb7ae2f8b8880c. I may
have been hasty in removing this as my understanding is that the PSE
would impose the value to the PD, but it could be the other way
around. Some implementations do not like to have 0 as the value here
and will ignore the whole TLV.
Vincent Bernat [Tue, 4 May 2021 19:46:30 +0000 (21:46 +0200)]
client: put lock file in the same directory as the socket
The whole deal I was trying to solve is the fact that I cannot put the
lock here because I was unprivileged. Just let lldpd create the lock
in the same way it creates the socket (same privileges).
Vincent Bernat [Tue, 4 May 2021 13:55:21 +0000 (15:55 +0200)]
client: use a dedicated file lock to prevent concurrent changes
We were using a lock on the Unix socket. This was working on Linux but
this is not portable. Therefore, we have to use a dedicated file for
this purpose. We use /var/lock by default.
We don't do a secure creation as the lock file is only opened in
append mode, so a symlink attack could only create empty file or reset
the timestamp of a file. No content can be erased this way.
Vincent Bernat [Fri, 30 Apr 2021 09:03:14 +0000 (11:03 +0200)]
priv: explain why we don't use ethtool
I have tested on a few servers I have access to and none of them
supported the use of this ethtool command. So, keep using sysfs
instead (with the drawback that 1. debugfs should be mounted, 2. we
need to tell systemd we want to tune through sysfs).