Vincent Bernat [Thu, 19 May 2016 21:36:24 +0000 (23:36 +0200)]
interfaces/linux: make veth special
veth is always a physical interface. However, it may be hard to detect
because when they are created, lower interface for the first one is none
and lower interface for the second one is the first one. Hence, no loop
detected, hence the second one is not considered as a physical
interface.
Vincent Bernat [Mon, 16 May 2016 06:56:56 +0000 (08:56 +0200)]
log: make a copy of va when logging to both stderr and syslog
On common platform, the copy is cheap. In case it isn't we note that the
copy doesn't happen if using a log handler and syslog cannot be enabled
with debug messages.
Vincent Bernat [Sat, 14 May 2016 17:46:07 +0000 (19:46 +0200)]
interfaces: ensure we don't break strict aliasing rule
Use an union to manipulate IPv4/IPv6 address. Other occurrences are
using memcpy (notably with "struct sockaddr_storage"). This is
preventive since gcc seems to rely more on this strict aliasing rule
since gcc-6.
Vincent Bernat [Fri, 15 Apr 2016 12:12:05 +0000 (14:12 +0200)]
debian: do not remove _lldpd user
While not strictly enforced, it is now considered better to not remove a
user on purge. We have no guarantee that the user is not owning some
files we didn't remove and those files could be attributed to another
user if the current user is removed. Moreover, less code.
Vincent Bernat [Wed, 23 Mar 2016 21:09:55 +0000 (22:09 +0100)]
lib: use C preprocessor to build list of init functions
Because some features can be disabled, we cannot just parse the C file,
we need to run the C preprocessor on them. Hopefully, the GNU make stuff
(filter) should be portable enough.
Vincent Bernat [Wed, 23 Mar 2016 07:33:11 +0000 (08:33 +0100)]
lib: don't rely on constructors
Constructors do not work when compiled as a static libraries. Moreover,
some dynamic linkers have still support for constructors optional (for
example, uclibc). Since this can be tested only at runtime, this is not
possible to detect that during configure when crosscompiling.
Vincent Bernat [Fri, 18 Mar 2016 19:05:03 +0000 (20:05 +0100)]
build: let configure tell us if we have address sanitizer
We cannot really rely on __has_feature or __ADDRESS_SANITIZER__ in code
since we are mostly interested in the leak sanitizer and there is
neither a feature nor a macro for that. Early version of GCC have the
address sanitizer, but not the leak sanitizer. We don't support this
configuration, but we need to build correctly either way. So, the user
is expected to enable address sanitizers only on configuration
supporting also the leak sanitizer.
Vincent Bernat [Fri, 18 Mar 2016 15:52:40 +0000 (16:52 +0100)]
tests/integration: mount /proc in namespaces
Because of the use of a PID namespace, we must mount /proc into the
appropriate namespace. We don't do that directly when creating
namespaces as clone() doesn't account for the namespace change with
setns() when we are still in the same process. We also fork a process to
do the mount as it seems mount() doesn't get that we are in a different
mount namespace either. Obviously, setns() has some drawbacks we need to
workaround.
We also mount /proc in the chroot. It's absolutely not safe to do so,
but that's only for address sanitizer to work as expected.
Vincent Bernat [Fri, 18 Mar 2016 12:43:22 +0000 (13:43 +0100)]
fixedpoint: fix buffer overflow in fixed point computations
This was detected by address sanitizer. This was harmless as we use
exclusively 5-byte buffers and we know the next byte is always unused
due to alignment.
Vincent Bernat [Wed, 16 Mar 2016 20:32:53 +0000 (21:32 +0100)]
tests/integration: use ctypes for mount instead of util-linux
Some versions of util-linux had a bug with respect to private/slave
mounts. The kernel doesn't expect the option to be passed during the
initial mount but only during subsequent calls (you mount the FS, you
make it private and slave). Directly use mount(2) to avoid the problem.
Vincent Bernat [Tue, 1 Mar 2016 19:01:23 +0000 (20:01 +0100)]
tests: replace integration test by py.test+namespace tests
Relying on namespaces enable us to quickly run isolated instances of
lldpd without the need of virtual machines. Since the startup time is
quite fast (despite having to wait for lldpd to be "ready"), we can use
a classic unittest framework like py.test to run tests and get
appropriate reports. Tests can be run in parallel to overcome the
slowness induced by all those `time.sleep(2)`.
Vincent Bernat [Sun, 13 Mar 2016 23:12:12 +0000 (00:12 +0100)]
build: ensure "make distcheck" work for any value of sysconfdir
When using `--sysconfdir=/etc`, `make distcheck` was failing because it
did use `--prefix=...` to force a different installation path (and not
`DESTDIR`). During `make distcheck`, we force the use the original
value.
Vincent Bernat [Sun, 13 Mar 2016 16:54:07 +0000 (17:54 +0100)]
interfaces: handle correctly operation conversation of a port
When a port was regular and become an enslaved member of a bond, we
created a different port. Since we now keep the old ports around, the
old port may still attract a lot of things, like specific configuration
or VLAN. Therefore, we handle the conversion of a port from one kind to
another.
Another idea would be to not do special handling for bonds. Only old
kernels need that. We could remove that later.
Vincent Bernat [Sun, 13 Mar 2016 11:26:44 +0000 (12:26 +0100)]
netlink: ensure lower link doesn't change for an interface
The lower link of an interface is defined at its creation. It's not
possible for it to change. This is important to not try to change it
because the kernel won't send IFLA_LINK_NETNSID each time it sends
IFLA_LINK.
Vincent Bernat [Sun, 13 Mar 2016 11:04:06 +0000 (12:04 +0100)]
interfaces: limit the maximum search depth when applying a VLAN
It's now quite easy to hit a bug where we loop over interfaces when
trying to find the physical interface associated to a VLAN. Put a
maximum depth of 5.
Vincent Bernat [Sat, 12 Mar 2016 16:39:02 +0000 (17:39 +0100)]
netlink: don't consider a lower interface when in another namespace
The index of an interface is specific to a namespace, don't try to
interpret anything about interfaces belonging to another namespace. This
change unbreak some scenario, like in an appropriate loop detection
because an interface from another namespace is detected (vlan100 ->
veth1 -> veth0 with same index as vlan100). However, it is not possible
to exactly detect a physical interface anymore since we don't really
know what can be on the other side of the interface (in the other
namespace). However, bridged, bonded and VLAN interfaces should be safe.
Vincent Bernat [Fri, 11 Mar 2016 21:47:10 +0000 (22:47 +0100)]
lldpcli: display LLDP-MED caps like LLDP caps
While LLDP caps can be available and/or enabled, LLDP-MED caps are only
available. However, the way they were declared made them invisible in
some formats, like the key/value pair. Try to fix that. Warn about the
change in NEWS file.