On Thu, 24 Apr 2025, David Gwynne wrote:

> this adds a small daemon and command line tool for receiving and
> displaying LLDP messages from neighbors connected to Ethernet
> interfaces.
> 
> the daemon is called olldpd(8) to avoid colliding with the existing
> lldpd from ports. the command line tool is lldp(8).
> 
> it uses the AF_FRAME sockets that were recently added rather than BPF.
> this means it retains fewer privileges while it's running because it
> doesn't have to open and configure BPF devices when new interfaces
> appear in the system. avoiding BPF means it has basically 0 impact on
> the kernel packet path because AF_FRAME is handled as a last resort for
> packets rather than up front for every packet on an interface.
> 
> it's good enough now that i can leave the daemon running, and it handles
> interfaces coming and going, and lldp neighbours coming and going. the
> command line utility defaults to a brief output, but can produce verbose
> output that handles most of the basic set of lldp information from the
> specification.

I like this and would love to see it in-tree. It works find for my
testing againt my rabble of Mikrotik devices.

Code looks fine to me, though I think you could add a fairly tight
pledge policy:

--- olldpd.c.orig	Thu Apr 24 15:00:07 2025
+++ olldpd.c	Thu Apr 24 15:00:12 2025
@@ -47,6 +47,7 @@
 #include <ifaddrs.h>
 #include <pwd.h>
 #include <paths.h>
+#include <unistd.h>
 
 #include <event.h>
 
@@ -272,6 +273,8 @@
 
 	if (!debug && rdaemon(devnull) == -1)
 		err(1, "unable to daemonize");
+
+	pledge("stdio unix", NULL);
 
 	event_init();