LLDPd integrated switch workaround. Issue #9635

[vktg]

Redmine Issue: https://redmine.pfsense.org/issues/9635
Ready for review

Add a workaround for appliances with integrated switches to allow run LLDPd on it,
as by default LLDPd uses parent physical interface to run, which doesn't work with integrated switches

[jim-p]

There are more platforms that just these with integrated switches. You should check for the presence of the function switch_get_devices(), if it's found, and has a non-empty result, then you know the device has a switch.

Might need to also check for the presence of /etc/inc/switch.inc and require_once('switch.inc'); before that function is available, but I think it gets included early enough in other files that may not be necessary.

[vktg]

got it! fixed

tested on SG-1100, XG-7100 and KVM

[dragoangel]

I think this check isn't correct. As I was written in bug report: people can use their own Laggs/bonding. As I use lagg on ix0-1 on XG7100 for spf+. There 2 ways to fix this:

1. Relly on pfsense administrator: provide him list of interfaces that lldp will use, so he can modify it to his needs.
2. Figure out what interaces are part of bonding or lagg and exclude them from lldp

[vktg]

I think this check isn't correct. As I was written in bug report: people can use their own Laggs/bonding. As I use lagg on ix0-1 on XG7100 for spf+. There 2 ways to fix this:

ix0-1 is not an integrated switch, do you have issues running LLDPd on it?

2. Figure out what interaces are part of bonding or lagg and exclude them from lldp

in this case, it will not allow you to run LLDPd on the XG-7100 ETH2-ETH8 ports or run LLDPd on any SG-1100 ports

[dragoangel]

Sorry for late reply,
Yep, I have lagg on SPF+ ix0 & ix1 for reductant connection.
In the UI I selected:

• LAN (lagg1.17)
• MGMNT (lagg1.13)
• DEFAULT (lagg0.3091)

LAGG1 has child ix0 & ix1 and LAGG0 is managed switch.
Looks like after update error with binding to ix2 & ix3 is not reproduce, but still...
To clarify this about https://redmine.pfsense.org/issues/10502
with lldpd v0.9.11 pfsense package I get this errors in log if I choose active mode for all in lldpd:

May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for lagg0.3091: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix1: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | unable to send second SONMP packet on real device for ix0: Operation not permitted
May 24 11:42:31 | lldpd | 86378 | libevent 2.1.11-stable initialized with kqueue method
May 24 11:42:31 | lldpd | 86378 | protocol FDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol EDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol SONMP enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv2 enabled and forced
May 24 11:42:31 | lldpd | 86378 | protocol CDPv1 enabled
May 24 11:42:31 | lldpd | 86378 | protocol LLDP enabled and forced
May 24 11:42:31 | lldpd | 86378 | unable to create /var/empty/etc directory: Operation not permitted
May 24 11:42:31 | lldpd | 85861 | no libcap support, running monitor as root
May 24 11:42:31 | lldpd | 85861 | lsb_release information not available
May 24 11:42:31 | lldpd | 85861 | could not open either /etc/os-release or /usr/lib/os-release

SONMP warning generates each minute, spamming the log as previously.
They even appear on lagg0.3091.
Switching Nortel Discovery Protocol (NDP) to passive mode removes SONMP warning from logs. Doesn't know what to say, but looks like real resolution is to forcibly change active mode to passive mode for NDP if user bind LLDPd to devices who are parent or children of LAGG/BOND.
Or maybe simply add some note in UI for NDP like: if you have lagg or bonding you must use NDP only in passive mode as SONMP can't run on it in active mode.

P.S. offtopic:

• Additionally there some issues with opening /etc/os-release or /usr/lib/os-release to determinate OS, maybe add this https://www.freshports.org/sysutils/etc_os-release/ package as dependency for LLDPd?
• /var/empty/etc directory: Operation not permitted looks like lldpd user had some issues with HOME patch, doesn't know hot to fix this correctly.

[vktg]

Please report it on the redmine issue page

[dragoangel]

You speak about p.s. offtopic or all comment in general? I already posted full post to redmine issue

[dragoangel]

Additionally maybe even lldpd on VLANs will generate such errors but I can't check this as all my pfsense servers have VLANs on LAGGs. Could you please check it?

Update, find one pfSense:
Tested with simple Intel Card and VLAN, with active NDP:
May 24 21:36:17 | lldpd | 13074 | unable to send second SONMP packet on real device for igb1: Operation not permitted

With passive NDP:
No error