Vincent Bernat [Tue, 8 Oct 2019 17:35:41 +0000 (19:35 +0200)]
lldp: when receiving a shutdown LLDPU, don't clear chassis information
The chassis may be shared with another port. When the MSAP is known
and we receive a shutdown LLDPDU, just leave the original chassis as
is instead of copying information from the new chassis to the old
chassis.
Vincent Bernat [Tue, 1 Oct 2019 19:42:42 +0000 (21:42 +0200)]
lldp: validate a bit more received LLDP frames
Notably, we ensure the order and unicity of Chassis ID, Port ID and
TTL TLV. For Chassis ID and Port ID, we also ensure the maximum size
does not exceed 256.
Vincent Bernat [Tue, 1 Oct 2019 04:18:52 +0000 (06:18 +0200)]
interfaces: only register protocol handler for LLDP when only LLDP enabled
On Linux, the drop counter is increased on unhandled packets. We are
using a raw socket with ETH_P_ALL, so we get a copy of the packet. The
original packet is ultimately dropped later and this increases the
drop counter associated to the interface on Linux.
When listening only to LLDP, use ETH_P_LLDP instead of ETH_P_ALL to
avoid this.
Vincent Bernat [Sun, 15 Sep 2019 15:45:52 +0000 (17:45 +0200)]
interfaces: enable matching on interface name for management address
We allow the user to match a management address using the interface
name by specifying the interface name as a pattern. The same rules as
for specifying IP patterns apply but there is no notion of exact match
for an interface.
Vincent Bernat [Sat, 27 Jul 2019 17:23:12 +0000 (19:23 +0200)]
build: disable warnings on cast alignments
clang is often wront about it (it increases alignment requirement, but
the surrounding structure ensure the alignment is correct). Dunno if
gcc is smarter or just ignore most of these problems.
Vincent Bernat [Sat, 27 Jul 2019 15:28:01 +0000 (17:28 +0200)]
interfaces: compute interface index for fixed management address
When management address is provided without a pattern, fetch the
appropriate interface index if the interface is known. Thanks to
@kefins for the actual patch.
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.tUWJAJ (%prep)
bogus date in %changelog: Sun Jun 15 2019 Vincent Bernat <bernat@luffy.cx> - 1.0.4-1
Vincent Bernat [Sun, 9 Jun 2019 06:13:06 +0000 (08:13 +0200)]
netlink: handle blocking read from netlink socket
It seems it is possible to run into a condition where the netlink
socket is not available for read. Set the MSG_DONTWAIT flag and fetch
an error if there is any.
Vincent Bernat [Wed, 29 May 2019 16:58:09 +0000 (18:58 +0200)]
snmp: implement lldpRemOrgDefInfoTable for remote custom TLVs
As a simplification, lldpRemOrgDefInfoIndex is 1 for the first custom
TLV of a given port and is increased by 1 for each new TLV. This is
not what is encouraged in the MIB:
> An agent is encouraged to assign monotonically increasing index
> values to new entries, starting with one, after each reboot. It is
> considered unlikely that the lldpRemOrgDefInfoIndex will wrap
> between reboots.
However, it is simpler to implement it this way as we don't need to
record the index inside the `lldpd_custom` structure. Also, the index
will increase even for a different OUI or subtype as we do not want to
sort the custom TLVs.
Vincent Bernat [Sat, 4 May 2019 06:58:38 +0000 (08:58 +0200)]
client: use bold instead of a color for command completions
The color needs to be readable on both light and dark backgrounds and
should be readable on most themes. 1;35m would be a fit, but let's
stay safe by just using bold.
Vincent Bernat [Fri, 15 Mar 2019 07:25:09 +0000 (08:25 +0100)]
lib: use an unique variable as iterator in foreach macro
This lessen the chance of the `iter` variable to shadow a user-defined
variable. This is also a tentative to help #312, even if the scope of
the `iter` variable should ensure we can nest two loops without any
issue.
There used to be specific exemptions carved out for "veth" and "dsa",
which were removed in b8db52bd7c7d ("interfaces/linux: blacklist some
drivers instead of whitelisting"). "veth" was restored in 2958b9d48940
("interfaces/linux: make veth special"). This commit restores the
whitelist for dsa devices as well.
Vincent Bernat [Fri, 30 Nov 2018 21:48:36 +0000 (22:48 +0100)]
daemon: don't enable ProtectSystem by default
If the chroot is in `/usr` (like `/usr/local/var/run/lldpd` which is
the default), neither systemd nor lldpd will be able to create and
write to it. This may be solved with `ReadWritePaths` (unsure if it
would create the directory), but this doesn't exist in older versions
of systemd.
Just comment the directive to let people know it exists and should
work in most cases.
Vincent Bernat [Wed, 28 Nov 2018 13:56:47 +0000 (14:56 +0100)]
interfaces: remove specific handling for bonds except with --enable-oldies
Starting from Linux 4.19, LLDP packets are transmitted back to the
bond devices and it seems the original interface is lost in the
process. Therefore, packets are duplicated to both members. Upstream
commit is:
bonding: pass link-local packets to bonding master also.
Commit b89f04c61efe ("bonding: deliver link-local packets with
skb->dev set to link that packets arrived on") changed the behavior
of how link-local-multicast packets are processed. The change in
the behavior broke some legacy use cases where these packets are
expected to arrive on bonding master device also.
This patch passes the packet to the stack with the link it arrived
on as well as passes to the bonding-master device to preserve the
legacy use case.
Fixes: b89f04c61efe ("bonding: deliver link-local packets with skb->dev set to link that packets arrived on") Reported-by: Michal Soltys <soltys@ziu.info> Signed-off-by: Mahesh Bandewar <maheshb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
The code to handle bond devices is not needed since Linux 2.6.27.
Therefore, move it to the `--enable-oldies` option.
Vincent Bernat [Tue, 2 Oct 2018 18:36:37 +0000 (20:36 +0200)]
daemon: do not explicitely inline functions
As we are using `-Winline`, if it fails, we get a warning. Let the
compiler decide if something has to be inlined. As we use only static
functions, it should be easy to inline if possible.
Vincent Bernat [Wed, 8 Aug 2018 21:06:39 +0000 (23:06 +0200)]
daemon: implement mkdir -p directly in lldpd
It's difficult to know the path to mkdir. If we use the one from
autoconf (@mkdir_p@), we get the path from the host, not the target.
If we hardcode `/bin/mkdir`, we may not work on platforms like NixOS.
See https://github.com/NixOS/nixpkgs/issues/44507.
Gustav Wiklander [Thu, 21 Jun 2018 08:49:37 +0000 (10:49 +0200)]
Add support for PD PoE negotiation.
Power requests refer to the power at the PSE.
Thus the loss offset caused by the cable has to be added
to the power request. Also the power received from the PSE
must subtract the cable loss to be compatible with lldp.
There are three TLVs for CDPv2 PoE negotiation.
Power Consumption: Current maximum power consumption of PD.
Power Request: Wanted maximum power consumption of PD.
Power Available: Power output from PSE.
Only used if lldp PoE is not supported by switch.
A cisco switch which does support both lldp and cdp will
use the protocol which is first to transmit a package.
Vincent Bernat [Sat, 16 Jun 2018 15:59:32 +0000 (17:59 +0200)]
tests: request CAP_DAC_OVERRIDE
CAP_FOWNER is for being able to use chown/chmod. The permission we
need to ignore permissions is CAP_DAC_OVERRIDE. It is quite a large
permission, unfortunately.
Vincent Bernat [Sat, 16 Jun 2018 15:53:33 +0000 (17:53 +0200)]
priv: always request CAP_FOWNER
While setting ifalias has some additional checks to ensure we can do
that with CAP_NET_ADMIN, we also need CAP_FOWNER to pass the sysfs
owner check. And we have to have both as the other test still needs to
pass.
Vincent Bernat [Tue, 12 Jun 2018 21:17:21 +0000 (23:17 +0200)]
priv: drop most privileges in monitor, only keep CAP_NET_RAW/ADMIN
On Linux, we mostly rely on CAP_NET_RAW. Only keep that one. However,
we also write to ifalias, which needs CAP_NET_ADMIN. We could let user
choose at runtime if they want to grant this capability or not.
Currently, a user can turn it on/off at any time.
Access to SNMP socket may also be problematic. We need some solid
solution about that before merging.
Is it safe to use the same UID for the monitored and the unprivileged
process? Signals are mostly harmless. As for ptrace, since the
monitored process as more capabilities, this will not be allowed by
Linux.
Gustav Wiklander [Wed, 13 Jun 2018 09:35:15 +0000 (11:35 +0200)]
Read all notifications in lldpctl_recv.
Can otherwise lead to unbounded growth in input_buffer if
lldp devices send notifications simultaneously thus
a socket callback contains multiple notifications
and only the first one is cleared. This leads to continous
growth of the input buffer and will crash the system.
Vincent Bernat [Sun, 8 Apr 2018 17:26:43 +0000 (19:26 +0200)]
build: don't be picky about deprecated stuff in libevent
This should fix:
evutil_rand.c:177:2: error: 'arc4random_addrandom' is deprecated: first deprecated in macOS 10.12 - use arc4random_stir [-Werror,-Wdeprecated-declarations]
projects / thirdparty / lldpd.git / log
