From: Damien Miller Subject: Re: LLDP daemon and display tool To: David Gwynne Cc: tech@openbsd.org Date: Thu, 24 Apr 2025 15:01:24 +1000 On Thu, 24 Apr 2025, David Gwynne wrote: > this adds a small daemon and command line tool for receiving and > displaying LLDP messages from neighbors connected to Ethernet > interfaces. > > the daemon is called olldpd(8) to avoid colliding with the existing > lldpd from ports. the command line tool is lldp(8). > > it uses the AF_FRAME sockets that were recently added rather than BPF. > this means it retains fewer privileges while it's running because it > doesn't have to open and configure BPF devices when new interfaces > appear in the system. avoiding BPF means it has basically 0 impact on > the kernel packet path because AF_FRAME is handled as a last resort for > packets rather than up front for every packet on an interface. > > it's good enough now that i can leave the daemon running, and it handles > interfaces coming and going, and lldp neighbours coming and going. the > command line utility defaults to a brief output, but can produce verbose > output that handles most of the basic set of lldp information from the > specification. I like this and would love to see it in-tree. It works find for my testing againt my rabble of Mikrotik devices. Code looks fine to me, though I think you could add a fairly tight pledge policy: --- olldpd.c.orig Thu Apr 24 15:00:07 2025 +++ olldpd.c Thu Apr 24 15:00:12 2025 @@ -47,6 +47,7 @@ #include #include #include +#include #include @@ -272,6 +273,8 @@ if (!debug && rdaemon(devnull) == -1) err(1, "unable to daemonize"); + + pledge("stdio unix", NULL); event_init();