Vincent Bernat [Fri, 30 Sep 2016 18:00:02 +0000 (20:00 +0200)]
event: correctly free event base
This removes a bunch a false positive in valgrind memcheck where some
allocations where done on the base and not freed when only the
associated events where freed. Related to #192.
Vincent Bernat [Wed, 28 Sep 2016 20:59:34 +0000 (22:59 +0200)]
daemon: better drop privileges earlier
Commit 06d83d0fb35c delayed privilege dropping because we delayed
daemonization. This may made sense to be able to display errors to user
when attached to the console, but this makes little sense from a
security perspective. So, put everything back to the earlier possible
location (just after setting up the socket).
Vincent Bernat [Wed, 28 Sep 2016 20:43:48 +0000 (22:43 +0200)]
daemon: invoke lldpcli after dropping privileges
We don't need to run it as root. Moreover, it will happen after
daemonization and won't clutter the screen in case lldpd dies too
early. On the other hand, if we fail to spawn it, the error message may
be hidden in the logs. Though choice.
Vincent Bernat [Mon, 12 Sep 2016 20:28:50 +0000 (22:28 +0200)]
lldp: only enable LLDP-MED capibility TLV if we have that capability
In fact, we are not quite coherent. With LLDP-MED disabled (lldpd with
"-M" option), we can still set some TLV. We should either disallow that
or at least not send the capability TLV since we cannot build a complete
one (we miss the device type). We chose the later.
Vincent Bernat [Sat, 13 Aug 2016 22:21:00 +0000 (00:21 +0200)]
build: test if libbsd is really usable
It is possible for libbsd to not be usable due to the use of
"-isystem". See for example:
http://autobuild.buildroot.net/results/c8a/c8a6001f437701ecc75f6c9252935645bda8a8c8/lldpd-0.9.4/config.log
Vincent Bernat [Sun, 7 Aug 2016 06:14:43 +0000 (08:14 +0200)]
lldp: update RFC3636 to RFC4836
Unfortunately, RFC4836 still lags behind. For example, no more than 10G
for speeds, no 10GBASE-T. For advertised modes, we try to be more
future-proof by using "other" for any unknown mode. Moreover, document
the fact that we advertise 10GBASE_T as 10GBASE-R and on Linux, we have
to guess when the port is fiber (and we guesss 10GBASE-X).
Vincent Bernat [Tue, 14 Jun 2016 19:44:42 +0000 (21:44 +0200)]
lldp: add ability to control propagation of LLDPDU
In 802.1AB-2009, two additional target addresses were added to allow an
LLDPDU to not be stopped by some equipments. Expose this ability as a
configure command.
Vincent Bernat [Mon, 13 Jun 2016 07:54:57 +0000 (09:54 +0200)]
build: fix build issue introduced in previous commit
$^ was used for a reason: automake would fix the paths used in
dependencies using VPATH or something similar. For some reason, this
even break with GNU make when not using OOT build. Long story short, we
use a pattern substitution to ensure that the atom files are looked up
in the correct directory.
This use of substitutions is mandated by POSIX (the 2013 version I
think). See:
http://austingroupbugs.net/view.php?id=519
It is however believed that most make implementation had support for
this since a long time.
Patrick McLean [Fri, 10 Jun 2016 17:09:01 +0000 (10:09 -0700)]
seccomp: add fcntl and getsockname to seccomp whitelist
Recent versions of lldpd make calls to fcntl and getsockname, but they
are not in the seccomp whitelist. This patch adds them. Reported by Gentoo
users in these bugs:
Vincent Bernat [Sat, 21 May 2016 10:52:00 +0000 (12:52 +0200)]
compat: ensure ranlib is happy on OSX by providing one symbol
We were already doing that but recent versions of ranlib became smarter
and don't fall in the trap of a static variable. Provide a non-static
version instead.
Vincent Bernat [Thu, 19 May 2016 21:36:24 +0000 (23:36 +0200)]
interfaces/linux: make veth special
veth is always a physical interface. However, it may be hard to detect
because when they are created, lower interface for the first one is none
and lower interface for the second one is the first one. Hence, no loop
detected, hence the second one is not considered as a physical
interface.
Vincent Bernat [Mon, 16 May 2016 06:56:56 +0000 (08:56 +0200)]
log: make a copy of va when logging to both stderr and syslog
On common platform, the copy is cheap. In case it isn't we note that the
copy doesn't happen if using a log handler and syslog cannot be enabled
with debug messages.
Vincent Bernat [Sat, 14 May 2016 17:46:07 +0000 (19:46 +0200)]
interfaces: ensure we don't break strict aliasing rule
Use an union to manipulate IPv4/IPv6 address. Other occurrences are
using memcpy (notably with "struct sockaddr_storage"). This is
preventive since gcc seems to rely more on this strict aliasing rule
since gcc-6.
Vincent Bernat [Fri, 15 Apr 2016 12:12:05 +0000 (14:12 +0200)]
debian: do not remove _lldpd user
While not strictly enforced, it is now considered better to not remove a
user on purge. We have no guarantee that the user is not owning some
files we didn't remove and those files could be attributed to another
user if the current user is removed. Moreover, less code.