Blinkenblog

In preparation for the next ladvd release I decided to investigate automated software builds, to make sure that it will work on as many platforms / distributions as possible. I’d like to avoid having to release a .1 version just to fix silly configure on RHEL X.Y Building the virtual machines to do this myself seemed like a lot of work, so I decided to investigate online software compile farms.
The first one I looked at was Launchpad. I started out by adding ladvd as a project to Launchpad, the whole gpg signing and upload dance is very neat. This however doesn’t allow you to actually build software, for that you need to start a PPA, which luckily also is pretty easy. However Launchpad doesn’t provide a lot of control over the compile process, and only Ubuntu is supported.
So I started playing around with the second option, the OpenSUSE Build Service. The initial signup was similar to launchpad, except no gpg this time. Which is a shame because it makes signing the packages impossible. But the amount of distributions supported (RHEL, SuSE, Debian, Ubuntu, Fedora) is great, and I especially like the buildlogs which show you exactly what is going on. Getting the packages built for Debian and Ubuntu was trivial, and even the specfile for RPM distributions was done in a few hours. After that I realized that it would be even better to run unit-tests during the package build. Then I ran into a bug which sadly makes this impossible (check’s pkg-config is missing). But there was a bugzilla link where I’ve reported the issue so hopefully it will be solved soon.

Last week I’ve released ladvd 0.8.5, a bugfix / cleanup release which solves all known issues. The next release will include a cli and possibly SNMP support.

* use wireless interfaces when the -w option is set
* disable auto-enabled protocols when peers expire
* add port-name to -z ifdescr support
* improved ifdescr supprt (only if needed, multiple peers, etc)
* used strnvis to sanitize strings for ifdescr
* fixed FreeBSD lagg ioctl
* RHEL4 compatlity fixes
* chroot the child, not the master
* use setresuid/setresgid for dropping privileges
* move the child code to child.c an refactor the eventloop
* refactored socket handling in master.c
* sockets are now fully dynamic and always have filters
* bsd vlan detection
* remove multicast registrations on shutdown
* even better unit-tests

This release has been (unit-)tested on Linux (amd64, arm), FreeBSD (i386, amd64) and OpenBSD (sparc64). I’d like to thank Paul de Weerd, Jacek Masiulaniec, Stephan A. Rickauer, David Gwynne and Mattieu Baptiste who have helped to uncover bugs and even submitted patches.

Tarballs and Debian sources are available.

I’ve just released ladvd 0.8, which supports receive mode and a host of other features resulting from that.

• privilege separation
• SIOCSIFDESCR support (the -z option)
• Automatic protocol enablling based on received packets (-a)
• syslog notifications for new/removed peers (-r)
• EDP support
• FDP support
• NDP / SoNMP support
• abstracted protocol support
• rewritten netif and message lists
• some strict alignment fixes
• unit-tests including extensive protol tests

This release has been (unit-)tested on Linux (amd64, arm), FreeBSD (i386, amd64) and OpenBSD (amd64, sparc64, vax).
Tarballs and Debian sources are available.

I’ve recently bought a QNAP nas and wanted to make a serial cable for it. The Debian QNAP guru Martin Michlmayr informed me that the connector used is a JST PHR-4. So I ordered some connectors and pins. The second part needed was a ttl-serial convertor. The cheapest solution is a regular old GSM data-cable, I bought 4 Siemens C/S/M 25-45 cables. The pinout required some research, but I settled on:

• GND – Black
• RX – Yellow
• VCC – Red
• TX – Green

And lo and behold it worked first time round:


Port /dev/ttyS1
__ __ _ _
| \/ | __ _ _ ____ _____| | |
| |\/| |/ _` | '__\ \ / / _ \ | |
| | | | (_| | | \ V / __/ | |
|_| |_|\__,_|_| \_/ \___|_|_|
_ _ ____ _
| | | | | __ ) ___ ___ | |_
| | | |___| _ \ / _ \ / _ \| __|
| |_| |___| |_) | (_) | (_) | |_
\___/ |____/ \___/ \___/ \__| ** LOADER **
** MARVELL BOARD: DB-88F6281A-BP LE

Streaming disabled


I recently bought an Cyclades ACS32 console server, and figured that because it runs Linux it should be able to run ladvd. This isn’t as easy as it seems because of the embedded PPC cpu used. I started by building a crosscompiler using crosstool, which succeeded after a few patches. Unfortunately the resulting binary didn’t work. It started ok, but couldn’t find any interfaces. After some headscratching it turns out that the glibc (2.3.2) used by Cyclades has an incomplete getifaddrs implementation (IPv4 only). The quick way to fix this is to use a C-library which does, uClibc seemed like a good choice. So I created another toolchain, GCC and uClibc, using buildroot. The resulting binary again didn’t work…. This time it was because ethtool support is either missing or broken on the Cyclades ACS, which results in ladvd not accepting the “eth0″ interface. After a small fix all is well and ladvd 0.6.1 runs on my ACS32:

Chassis id: 0060.2e01.cdf1
Port id: eth0
Port Description - not advertised
System Name: zem
System Description:
Linux 2.6.22 #1 Tue Sep 30 11:12:38 PDT 2008 ppc


I’ve just released ladvd 0.6.1, which was destined to fix bugs found in 0.6.0, but a fair number of new features and improvements have crept in as well.

• Fix for interfaces without link-layer addresses (ppp0/pptp0)
• Reset (router/wlan/bridge) capabilities after each run
• Improved the linux virtual interface detection
  (the previous method only worked on 2.6.23+ kernels)
• Add support for OpenBSD’s interface descriptions
• Add support for TIA inventory management TLV set
  using dmi information available on OpenBSD and Linux
• Use an ISC-licensed strlcpy for certain string operations
• Add -m/-M switches to specify management addresses
  via the commandline
• Add ioctl code to linux bonding/bridge detection which
  works on hosts without sysfs
• Add minimal LLDP civic location support using the LOC type
  and the -C (country) switch
• Add pcap headers to debug output to make it suitable for
  piping to tcpdump.

This release owes a lot to Paul de Weerd and Alexander Ottl, their tests and patches have helped to make this release as stable as possible.

Tarballs and Debian sources are available.

I’ve just released a new version of ladvd, which brings a fair number of improvements:

• rewritten memory allocation (no more memleaks)
• autodetect all network interfaces
• autodetect bonding, bridging and wireless interfaces (on Linux, FreeBSD and OpenBSD)
• be clever about bonding/bridging sub-interfaces
• use only one raw-socket for all interfaces
• remove libnet dependency
• improved OpenBSD support
• autodetect router, wlan and bridge capabilities
• support different available / enabled capabilities
• use the first mac-address as chassis-id (which fixes HP-switch interoperability)
• rewritten tlv macro’s to support strict alignment archs (sparc)

This release has been tested on a fair number of operating systems talking to various brand-name switches, Paul de Weerd deserves kudos for suggestions and OpenBSD improvements.

Tarballs and Debian sources are available.

I’ve just released a new version of ladvd, which brings a fair number of improvements:

• Debian packaging
• Linux ethtool ioctl support
• Linux capabilities support (needed for unprivileged ethtool usage)
• BSD ifmedia ioctl support
• MTU TLV for CDP and LLDP
• Autoneg TLV for CDP and LLDP
• Duplex TLV for CDP
• Media TLV for LLDP (BSD only)
• Host capabilities selection (Bridge, Host, Router, Switch, WLAN AP)
• Improved hostname detection
• Improved OpenBSD support

This release has been tested on a fair number of operating systems talking to various brand-name switches. Which means that this code will probably still eat your kitten, but won’t burn down the house while doing so. The newly supported media/autoneg/duplex TLV‘s should prove useful when solving connectivity issues.

Tarballs and Debian sources are available.

The CDP and LLDP protocols make it possible to discover connected devices on managed switches, without having to rely on port descriptions. This functionality is quite useful when dealing with large numbers of rackmounted servers with varying network configurations (PXE).

After looking at the available unix CDP/LLDP daemons I’ve decided to write my own CDP / LLDP sender. It’s a small daemon which sends out link-layer advertisements on a list of interfaces, after dropping privileges. The code should work on Linux and FreeBSD. Future enchancements will include sending more network (IPv6 addresses, duplex, mtu) and system (LLDP-MED / DMI) information, due to the OS specific nature of these details support for these options will be platform dependent.

Download ladvd.

I’ve received requests to add FreeBSD 7.x support to mod_blink, my inplementation of apache user separation. The apache module works just fine on newer apache releases, but there have been many changes on the kernel side. Kernel support is needed to grant additional privileges to the apache module. The old FreeBSD kernel module is a “hack” because it modifies the seteuid/setegid syscalls by hooking them via the syscall table, which is a pretty nasty way to get things done.

Luckily things have improved on the FreeBSD side which allows for a clean inplementation. The TrustedBSD MAC framework which was imported at around 5.0 presents clean hooks to relax/restrict priviliges via loadable modules, rather similar to LSM on the Linux side.

This weekend I’ve written mac_blink which should work on FreeBSD 5+ kernels with MAC support (KERNCONF=MAC).