Issue: Error messages "netlink: 8 bytes leftover after parsing attributes
in process `lldpd'"
Root cause: Root Cause: The length of the netlink message was not being set
properly for non-bridge family type messages. Same length was being used for
both type of messages even though bridge family type message has extra
attribute. This causes 8 extra bytes being left over in the non-bridge
family type netlink messages.
Fix: Calculating and setting the length separately for bridge and non-bridge
family type messages.
(cherry picked from commit aac76966539bf932d5923b165762db370990bf94)
Sam Tannous [Thu, 21 Nov 2019 17:27:27 +0000 (09:27 -0800)]
LLDPD should document system refresh timer (tx-interval * 20)
In LLDPD, each port has its own timer to catch port-related
changes and is modified by changing the tx-interval.
LLDPD also starts another system based refresh timer on each port
for changes like hostname. This is the tx-interval multiplied by
20. This needs to be documented.
Signed-off-by: Sam Tannous <stannous@cumulusnetworks.com>
Vincent Bernat [Thu, 21 Nov 2019 19:13:38 +0000 (20:13 +0100)]
lldp: don't discard the whole LLDPDU when only one TLV is invalid
IEEE802.1AB-2005 says:
> If TLV_type_value is in the range of reserved TLV types in Table
> 9-1, the TLV is unrecognized and may be a basic TLV from a later
> LLDP version. The statsTLVsUnrecognizedTotal counter shall be
> incremented, and the TLV shall be assumed to be validated.
Vincent Bernat [Mon, 11 Nov 2019 08:54:10 +0000 (09:54 +0100)]
lib: fix memory leak when handling I/O
The state data is used to ensure we don't interleave requests of the
same kind (eg requesting data for eth0, then for eth1 while eth0 is
running). The data was freed only when reaching `CONN_STATE_IDLE`
again. Otherwise, there was a memory leak.
To avoid the memory leak, we avoid use a static allocation instead.
Vincent Bernat [Tue, 8 Oct 2019 17:35:41 +0000 (19:35 +0200)]
lldp: when receiving a shutdown LLDPU, don't clear chassis information
The chassis may be shared with another port. When the MSAP is known
and we receive a shutdown LLDPDU, just leave the original chassis as
is instead of copying information from the new chassis to the old
chassis.
Vincent Bernat [Tue, 1 Oct 2019 19:42:42 +0000 (21:42 +0200)]
lldp: validate a bit more received LLDP frames
Notably, we ensure the order and unicity of Chassis ID, Port ID and
TTL TLV. For Chassis ID and Port ID, we also ensure the maximum size
does not exceed 256.
Vincent Bernat [Tue, 1 Oct 2019 04:18:52 +0000 (06:18 +0200)]
interfaces: only register protocol handler for LLDP when only LLDP enabled
On Linux, the drop counter is increased on unhandled packets. We are
using a raw socket with ETH_P_ALL, so we get a copy of the packet. The
original packet is ultimately dropped later and this increases the
drop counter associated to the interface on Linux.
When listening only to LLDP, use ETH_P_LLDP instead of ETH_P_ALL to
avoid this.
Vincent Bernat [Sun, 15 Sep 2019 15:45:52 +0000 (17:45 +0200)]
interfaces: enable matching on interface name for management address
We allow the user to match a management address using the interface
name by specifying the interface name as a pattern. The same rules as
for specifying IP patterns apply but there is no notion of exact match
for an interface.
Vincent Bernat [Sat, 27 Jul 2019 17:23:12 +0000 (19:23 +0200)]
build: disable warnings on cast alignments
clang is often wront about it (it increases alignment requirement, but
the surrounding structure ensure the alignment is correct). Dunno if
gcc is smarter or just ignore most of these problems.
Vincent Bernat [Sat, 27 Jul 2019 15:28:01 +0000 (17:28 +0200)]
interfaces: compute interface index for fixed management address
When management address is provided without a pattern, fetch the
appropriate interface index if the interface is known. Thanks to
@kefins for the actual patch.
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.tUWJAJ (%prep)
bogus date in %changelog: Sun Jun 15 2019 Vincent Bernat <bernat@luffy.cx> - 1.0.4-1
Vincent Bernat [Sun, 9 Jun 2019 06:13:06 +0000 (08:13 +0200)]
netlink: handle blocking read from netlink socket
It seems it is possible to run into a condition where the netlink
socket is not available for read. Set the MSG_DONTWAIT flag and fetch
an error if there is any.
Vincent Bernat [Wed, 29 May 2019 16:58:09 +0000 (18:58 +0200)]
snmp: implement lldpRemOrgDefInfoTable for remote custom TLVs
As a simplification, lldpRemOrgDefInfoIndex is 1 for the first custom
TLV of a given port and is increased by 1 for each new TLV. This is
not what is encouraged in the MIB:
> An agent is encouraged to assign monotonically increasing index
> values to new entries, starting with one, after each reboot. It is
> considered unlikely that the lldpRemOrgDefInfoIndex will wrap
> between reboots.
However, it is simpler to implement it this way as we don't need to
record the index inside the `lldpd_custom` structure. Also, the index
will increase even for a different OUI or subtype as we do not want to
sort the custom TLVs.
Vincent Bernat [Sat, 4 May 2019 06:58:38 +0000 (08:58 +0200)]
client: use bold instead of a color for command completions
The color needs to be readable on both light and dark backgrounds and
should be readable on most themes. 1;35m would be a fit, but let's
stay safe by just using bold.
Vincent Bernat [Fri, 15 Mar 2019 07:25:09 +0000 (08:25 +0100)]
lib: use an unique variable as iterator in foreach macro
This lessen the chance of the `iter` variable to shadow a user-defined
variable. This is also a tentative to help #312, even if the scope of
the `iter` variable should ensure we can nest two loops without any
issue.
There used to be specific exemptions carved out for "veth" and "dsa",
which were removed in b8db52bd7c7d ("interfaces/linux: blacklist some
drivers instead of whitelisting"). "veth" was restored in 2958b9d48940
("interfaces/linux: make veth special"). This commit restores the
whitelist for dsa devices as well.
Vincent Bernat [Fri, 30 Nov 2018 21:48:36 +0000 (22:48 +0100)]
daemon: don't enable ProtectSystem by default
If the chroot is in `/usr` (like `/usr/local/var/run/lldpd` which is
the default), neither systemd nor lldpd will be able to create and
write to it. This may be solved with `ReadWritePaths` (unsure if it
would create the directory), but this doesn't exist in older versions
of systemd.
Just comment the directive to let people know it exists and should
work in most cases.
Vincent Bernat [Wed, 28 Nov 2018 13:56:47 +0000 (14:56 +0100)]
interfaces: remove specific handling for bonds except with --enable-oldies
Starting from Linux 4.19, LLDP packets are transmitted back to the
bond devices and it seems the original interface is lost in the
process. Therefore, packets are duplicated to both members. Upstream
commit is:
bonding: pass link-local packets to bonding master also.
Commit b89f04c61efe ("bonding: deliver link-local packets with
skb->dev set to link that packets arrived on") changed the behavior
of how link-local-multicast packets are processed. The change in
the behavior broke some legacy use cases where these packets are
expected to arrive on bonding master device also.
This patch passes the packet to the stack with the link it arrived
on as well as passes to the bonding-master device to preserve the
legacy use case.
Fixes: b89f04c61efe ("bonding: deliver link-local packets with skb->dev set to link that packets arrived on") Reported-by: Michal Soltys <soltys@ziu.info> Signed-off-by: Mahesh Bandewar <maheshb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
The code to handle bond devices is not needed since Linux 2.6.27.
Therefore, move it to the `--enable-oldies` option.
Vincent Bernat [Tue, 2 Oct 2018 18:36:37 +0000 (20:36 +0200)]
daemon: do not explicitely inline functions
As we are using `-Winline`, if it fails, we get a warning. Let the
compiler decide if something has to be inlined. As we use only static
functions, it should be easy to inline if possible.
Vincent Bernat [Wed, 8 Aug 2018 21:06:39 +0000 (23:06 +0200)]
daemon: implement mkdir -p directly in lldpd
It's difficult to know the path to mkdir. If we use the one from
autoconf (@mkdir_p@), we get the path from the host, not the target.
If we hardcode `/bin/mkdir`, we may not work on platforms like NixOS.
See https://github.com/NixOS/nixpkgs/issues/44507.
Gustav Wiklander [Thu, 21 Jun 2018 08:49:37 +0000 (10:49 +0200)]
Add support for PD PoE negotiation.
Power requests refer to the power at the PSE.
Thus the loss offset caused by the cable has to be added
to the power request. Also the power received from the PSE
must subtract the cable loss to be compatible with lldp.
There are three TLVs for CDPv2 PoE negotiation.
Power Consumption: Current maximum power consumption of PD.
Power Request: Wanted maximum power consumption of PD.
Power Available: Power output from PSE.
Only used if lldp PoE is not supported by switch.
A cisco switch which does support both lldp and cdp will
use the protocol which is first to transmit a package.
Vincent Bernat [Sat, 16 Jun 2018 15:59:32 +0000 (17:59 +0200)]
tests: request CAP_DAC_OVERRIDE
CAP_FOWNER is for being able to use chown/chmod. The permission we
need to ignore permissions is CAP_DAC_OVERRIDE. It is quite a large
permission, unfortunately.
Vincent Bernat [Sat, 16 Jun 2018 15:53:33 +0000 (17:53 +0200)]
priv: always request CAP_FOWNER
While setting ifalias has some additional checks to ensure we can do
that with CAP_NET_ADMIN, we also need CAP_FOWNER to pass the sysfs
owner check. And we have to have both as the other test still needs to
pass.
Vincent Bernat [Tue, 12 Jun 2018 21:17:21 +0000 (23:17 +0200)]
priv: drop most privileges in monitor, only keep CAP_NET_RAW/ADMIN
On Linux, we mostly rely on CAP_NET_RAW. Only keep that one. However,
we also write to ifalias, which needs CAP_NET_ADMIN. We could let user
choose at runtime if they want to grant this capability or not.
Currently, a user can turn it on/off at any time.
Access to SNMP socket may also be problematic. We need some solid
solution about that before merging.
Is it safe to use the same UID for the monitored and the unprivileged
process? Signals are mostly harmless. As for ptrace, since the
monitored process as more capabilities, this will not be allowed by
Linux.