daemon: config netlink socket buf sizes at build time
I admit it would be nicer to have this configurable at run-time
or better yet, introduce a mechanism for recovering from
overrun situations via polling.
We're starting to see in certain situations that on devices
with many ports (i.e. switches with around ~50 ports) lldpd
info is not always consistent.
I'm not entirely sure that the issue is with netlink
sock buffer sizes.
But we've also recentl addressed some issues for the mstpd
daemon with netlink sock buffer sizes.
So, I'm tempted to think that it's the same issue.
We [especially I] prefer to bump sock buffer sizes where needed
and not via sysctl `net.core.rmem_default` & `net.core.wmem_default`.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Vincent Bernat [Sun, 1 Jan 2017 12:26:08 +0000 (13:26 +0100)]
tests: avoid race condition when linking two namespaces
When creating a link between two namespaces, one lldpd will see the link
and send a LLDPDU before the other one. There is a slight delay for
lldpd to wait before sending the LLDPDU, but when the load is heavy, it
can be expected that the other side didn't configure the interface when
the LLDPDU is received. To solve this, just wait a bit before putting up
the second interface.
Vincent Bernat [Wed, 30 Nov 2016 20:37:36 +0000 (21:37 +0100)]
linux: add support for ethtool GLINKSETTINGS
With a recent enough kernel, one can use GLINKSETTINGS instead of
GSET. This is needed to overcome the limitation on the number of
supported/advertising modes supported by GSET (which is a fixed-length
bitset). We use the same kind of compatibility structure than for
ethtool.
Also, update the list of supported MAU types to support higher speed
interfaces. Unfortunately, while Linux reports the exact
advertised/supported modes, the operational mode of the interface is
only reported with its speed and its kind (copper, fiber, ...). When
this is fiber, we don't know if this is MMF or SMF or the supported
distance. Therefore, we use our best guess (this was already the case,
nothing new here).
Vincent Bernat [Fri, 25 Nov 2016 19:17:58 +0000 (20:17 +0100)]
med: fix parsing of LLDP-MED LCI when TLV size exceeds addr size
Some equipments are sending an address whose size is less than the
declared TLV size. The TLV is padded with 0. We rejected this because of
a size mismatch.
Vincent Bernat [Thu, 6 Oct 2016 06:38:10 +0000 (08:38 +0200)]
client: add an option to use pre-0.9.2 json-c format
The format has been changed in c8b8b858bbba to match the JSON format
used when compiled with Jansson. Some users may want to revert this
change. Add `--enable-json0` option for that.
Vincent Bernat [Fri, 30 Sep 2016 18:00:02 +0000 (20:00 +0200)]
event: correctly free event base
This removes a bunch a false positive in valgrind memcheck where some
allocations where done on the base and not freed when only the
associated events where freed. Related to #192.
Vincent Bernat [Wed, 28 Sep 2016 20:59:34 +0000 (22:59 +0200)]
daemon: better drop privileges earlier
Commit 06d83d0fb35c delayed privilege dropping because we delayed
daemonization. This may made sense to be able to display errors to user
when attached to the console, but this makes little sense from a
security perspective. So, put everything back to the earlier possible
location (just after setting up the socket).
Vincent Bernat [Wed, 28 Sep 2016 20:43:48 +0000 (22:43 +0200)]
daemon: invoke lldpcli after dropping privileges
We don't need to run it as root. Moreover, it will happen after
daemonization and won't clutter the screen in case lldpd dies too
early. On the other hand, if we fail to spawn it, the error message may
be hidden in the logs. Though choice.
Vincent Bernat [Mon, 12 Sep 2016 20:28:50 +0000 (22:28 +0200)]
lldp: only enable LLDP-MED capibility TLV if we have that capability
In fact, we are not quite coherent. With LLDP-MED disabled (lldpd with
"-M" option), we can still set some TLV. We should either disallow that
or at least not send the capability TLV since we cannot build a complete
one (we miss the device type). We chose the later.
Vincent Bernat [Sat, 13 Aug 2016 22:21:00 +0000 (00:21 +0200)]
build: test if libbsd is really usable
It is possible for libbsd to not be usable due to the use of
"-isystem". See for example:
http://autobuild.buildroot.net/results/c8a/c8a6001f437701ecc75f6c9252935645bda8a8c8/lldpd-0.9.4/config.log
Vincent Bernat [Sun, 7 Aug 2016 06:14:43 +0000 (08:14 +0200)]
lldp: update RFC3636 to RFC4836
Unfortunately, RFC4836 still lags behind. For example, no more than 10G
for speeds, no 10GBASE-T. For advertised modes, we try to be more
future-proof by using "other" for any unknown mode. Moreover, document
the fact that we advertise 10GBASE_T as 10GBASE-R and on Linux, we have
to guess when the port is fiber (and we guesss 10GBASE-X).
Vincent Bernat [Tue, 14 Jun 2016 19:44:42 +0000 (21:44 +0200)]
lldp: add ability to control propagation of LLDPDU
In 802.1AB-2009, two additional target addresses were added to allow an
LLDPDU to not be stopped by some equipments. Expose this ability as a
configure command.
Vincent Bernat [Mon, 13 Jun 2016 07:54:57 +0000 (09:54 +0200)]
build: fix build issue introduced in previous commit
$^ was used for a reason: automake would fix the paths used in
dependencies using VPATH or something similar. For some reason, this
even break with GNU make when not using OOT build. Long story short, we
use a pattern substitution to ensure that the atom files are looked up
in the correct directory.
This use of substitutions is mandated by POSIX (the 2013 version I
think). See:
http://austingroupbugs.net/view.php?id=519
It is however believed that most make implementation had support for
this since a long time.
Patrick McLean [Fri, 10 Jun 2016 17:09:01 +0000 (10:09 -0700)]
seccomp: add fcntl and getsockname to seccomp whitelist
Recent versions of lldpd make calls to fcntl and getsockname, but they
are not in the seccomp whitelist. This patch adds them. Reported by Gentoo
users in these bugs: