Vincent Bernat [Sun, 21 Mar 2021 12:56:19 +0000 (13:56 +0100)]
client: make it easier for Coverity to understand commands_new()
Never returning NULL is not enough to make Coverity understands we
don't leak anything. Remove the branch in commands_new() as it must
never happen, except for the root node.
Vincent Bernat [Sun, 21 Mar 2021 10:32:25 +0000 (11:32 +0100)]
interfaces: use an array of MAC addresses when defining supported protocols
In interfaces.c, we were handling it as a table while in lldpd.c, we
were copy-pasting the same condition three times. This was confusing
for analysis tools.
Vincent Bernat [Sun, 21 Mar 2021 11:05:16 +0000 (12:05 +0100)]
daemon: annotate "daemonisation" to help Coverity
When daemonizing, we need to use /dev/null for stdin, stdout, and
stderr. If one of these file descriptors happen to be already closed,
we need to close the new file descriptor only if > 2. This is
confusing confusing for Coverity, annotate it correctly.
Not all locations are annotated because not all of them are detected,
for some reason.
Vincent Bernat [Tue, 16 Mar 2021 16:36:35 +0000 (17:36 +0100)]
protocols: fix more memory leak when decoding multiple TLVs
In a8d3c90feca5, some memory leaks were fixed when a TLV is present
multiple times. There were other occurrences in LLDP, CDP and EDP
handling. We ensure we free before overwriting with the new TLVs.
John Lindgren [Mon, 8 Mar 2021 17:06:47 +0000 (12:06 -0500)]
Eliminate unused arguments to priv_init() with --disable-privsep.
This seems a bit cleaner than passing dummy values (e.g. 0) that
aren't ever used. Additionally, it means that PRIVSEP_CHROOT no
longer needs to be defined to a dummy value if building with
--disable-privsep.
John Lindgren [Mon, 8 Mar 2021 15:27:23 +0000 (10:27 -0500)]
Fix relative include paths to be more correct and portable.
Some relative include paths in subdirectories (src/daemon/protocols
and src/lib/atoms) were written relative to the parent directories
(src/daemon and src/lib). This was okay in automake builds but
caused errors when porting to other build systems (for example,
Android make).
Vincent Bernat [Wed, 27 Jan 2021 18:19:15 +0000 (19:19 +0100)]
doc: update instructions for Android
Android NDK is a less and less capable toolchain. The standalone
toolchain is deprecated and the new way require you to override a
bunch of variables. Documentation also contains mistakes.
lldpd: override compiler and linker option strings
Compiler and linker option strings contains absolute path, so
replace them with disclaimer. Thos strings used only as
debug information to show not actual compilation options.
routing/linux: check IPv6 forwarding status when enabling Router capa
Consider also IPv6 when deciding whether to enable the Router capability.
This way, if a host is a router for IPv6 only, it will still be
advertised as Router to its neighbours.
Jo-Philipp Wich [Wed, 9 Dec 2020 11:04:04 +0000 (12:04 +0100)]
build: prevent conflict with official AX_LIB_READLINE macro
On systems where the official AX_LIB_READLINE (ax_lib_readline.m4) is
present in a globally shared autoconf include directory, auto(re)conf
will prefer including that offical version over the local variant due
to the offical macro having a higher serial number.
As a consequence, @READLINE_LIBS@ will not be substituted in *.in files,
eventually failing the compilation with errors similar to:
gcc: error: READLINE_LIBS@: No such file or directory
Avoid this problem by renaming the incompatible local macro to
AX_LIB_READLINE_LLDPD which is sufficient to prevent any clashes.
We encountered this problem on OpenWrt which uses GNU autoconf-archive
to provide commonly used M4 macros through a global include directory,
which happens to ship AX_LIB_READLINE as well.
Vincent Bernat [Sun, 6 Dec 2020 13:21:04 +0000 (14:21 +0100)]
lib: fix LLDP-MED location parsing in liblldpctl
Some bounds were not checked correctly when parsing LLDP-MED civic
location fields. This triggers out-of-bound reads (no write) in
lldpcli, ultimately leading to a crash.
Aaron Conole [Tue, 17 Nov 2020 14:28:17 +0000 (09:28 -0500)]
lldp: avoid memory leak from bad packets
A packet that contains multiple instances of certain TLVs will cause
lldpd to continually allocate memory and leak the old memory. As an
example, multiple instances of system name TLV will cause old values
to be dropped by the decoding routine.
Reported-at: https://github.com/openvswitch/ovs/pull/337 Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com> Signed-off-by: Aaron Conole <aconole@redhat.com>
Vincent Bernat [Tue, 27 Oct 2020 17:31:22 +0000 (18:31 +0100)]
interfaces: listen to all incoming packets on Linux, not just LLDP ones
This mostly reverts fc5526dae75f. Listening only on ETH_P_LLDP makes
us miss incoming packets on enslaved interfaces to an Open vSwitch.
Therefore, prefer listening to ETH_P_ALL instead of ETH_P_LLDP. It is
likely that enslaved interfaces do not fully process Ethernet packets
and `type` is not correctly filled.
Vincent Bernat [Mon, 7 Sep 2020 18:10:10 +0000 (20:10 +0200)]
tests: fix tests around XML by canonicalizing XML representation
Since Python 3.8, insertion order is respected for attributes, so we
cannot just compare strings as previously. Python 3.8 also introduces
a `canonicalize()` function to normalize XML for digital signature. We
apply this function if it exists.
Vincent Bernat [Tue, 14 Jul 2020 05:16:47 +0000 (07:16 +0200)]
lib: remove limit on system description length
The limit was introduced in 9c49cedf8e75 while fixing a memory leak.
The state data is used to ensure we don't interleave operations. We
need to handle the case where the value is truncated because it is
larger than the allocated size.
Vincent Bernat [Sat, 23 May 2020 12:32:39 +0000 (14:32 +0200)]
agent: fix SNMP walk on lldpRemTable when missing remote sysName
When enumerating lldpRemSysName (and some others), one row could have
a NULL value because the remote system didn't provide a value. In this
case, we should return the next row.
There was already some code around that but it was not systematically
used. Therefore, we fix the issue for lldpRemTable and
lldpLocalSystemData. To ensure we catch future cases, we ensure
helpers functions use `default: return NULL` when no missing value is
allowed (no `break`, compiler would catch if it was the case) and
therefore, we don't need to try next OID and `default: break` when a
value may be missing and in this case, the caller should try next OID
upon receiving NULL.
Vincent Bernat [Fri, 24 Apr 2020 17:29:36 +0000 (19:29 +0200)]
lib: introduce lldpctl_watch_callback2()
This is similar to `lldpctl_watch_callback()` (which is getting
deprecated), except the callback won't receive the current connection.
This prevents a user to use the connection which is unusable because
it is now dedicated to watch events.
Minor ABI dump due to new function, but everything is
backward-compatible, except you may now get an error if you use the
connection while watching (but this was already not supported).