]>
Commit | Line | Data |
---|---|---|
4d916382 DS |
1 | * SAFETY MEASURES: |
2 | ================== | |
3 | ||
4 | Please consider setting this package "on hold" by typing | |
d8e4c438 | 5 | echo "frr hold" | dpkg --set-selections |
4d916382 DS |
6 | and verifying this using |
7 | dpkg --get-selections | grep 'hold$' | |
8 | ||
9 | Setting a package "on hold" means that it will not automatically be upgraded. | |
10 | Instead apt-get only displays a warning saying that a new version would be | |
d8e4c438 | 11 | available forcing you to explicitly type "apt-get install frr" to upgrade it. |
4d916382 DS |
12 | |
13 | ||
d8e4c438 | 14 | * What is frr? |
4d916382 DS |
15 | ================= |
16 | ||
d6180888 | 17 | http://www.frrouting.org/ |
63a79ae1 MW |
18 | FRR is a routing software suite, providing implementations of OSPFv2, |
19 | OSPFv3, RIP v1 and v2, RIPng, ISIS, PIM, BGP and LDP for Unix platforms, particularly | |
20 | FreeBSD and Linux and also NetBSD, to mention a few. FRR is a fork of Quagga | |
21 | which itself is a fork of Zebra. | |
22 | Zebra was developed by Kunihiro Ishiguro. | |
4d916382 DS |
23 | |
24 | ||
b3c4c164 DL |
25 | * Build Profiles used in the upstream debian/ |
26 | ============================================= | |
3b2a8d25 DL |
27 | |
28 | The following Build Profiles have been added: | |
29 | ||
600db12a | 30 | - pkg.frr.nortrlib (pkg.frr.rtrlib) |
3b2a8d25 DL |
31 | controls whether the RPKI module is built. |
32 | Will be enabled by default at some point, adds some extra dependencies. | |
33 | ||
600db12a | 34 | - pkg.frr.nosnmp (pkg.frr.snmp) |
3b2a8d25 DL |
35 | controls whether the SNMP module is built, see below for license issues. |
36 | Will remain default-off as long as the license issue persists. | |
37 | ||
38 | - pkg.frr.nosystemd | |
39 | Disables both systemd unit file installation as well as watchfrr sd_notify | |
40 | support at startup. Removes libsystemd dependency. | |
41 | ||
42 | Note that all options have a "no" form; if you want to have your decision | |
43 | be sticky regardless of changes to what it defaults to, then always use one | |
44 | of the two. For example, all occurrences of <pkg.frr.rtrlib> will at some | |
45 | point be replaced with <!pkg.frr.nortrlib>. | |
46 | ||
47 | The main frr package has the exact same contents regardless of rtrlib or snmp | |
48 | choices. The options only control frr-snmp and frr-rpki-rtrlib packages. | |
49 | ||
50 | The main frr package does NOT have the same contents if pkg.frr.nosystemd is | |
51 | used. This option should only be used for systems that do not have systemd, | |
52 | e.g. Ubuntu 14.04. | |
53 | ||
54 | ||
4d916382 DS |
55 | * Why has SNMP support been disabled? |
56 | ===================================== | |
63a79ae1 | 57 | FRR used to link against the NetSNMP libraries to provide SNMP |
4d916382 DS |
58 | support. Those libraries sadly link against the OpenSSL libraries |
59 | to provide crypto support for SNMPv3 among others. | |
60 | OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL) | |
63a79ae1 | 61 | licence that FRR is distributed under. For more explanation read: |
4d916382 DS |
62 | http://www.gnome.org/~markmc/openssl-and-the-gpl.html |
63 | http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs | |
64 | Updating the licence to explecitly allow linking against OpenSSL | |
65 | would requite the affirmation of all people that ever contributed | |
63a79ae1 | 66 | a significant part to Zebra / Quagga or FRR and thus are the collective |
4d916382 DS |
67 | "copyright holder". That's too much work. Using a shrinked down |
68 | version of NetSNMP without OpenSSL or convincing the NetSNMP people | |
69 | to change to GnuTLS are maybe good solutions but not reachable | |
70 | during the last days before the Sarge release :-( | |
71 | ||
72 | *BUT* | |
73 | ||
74 | It is allowed by the used licence mix that you fetch the sources and | |
63a79ae1 | 75 | build FRR yourself with SNMP with |
3b2a8d25 | 76 | # apt-get -b source -Ppkg.frr.snmp frr |
4d916382 DS |
77 | Just distributing it in binary form, linked against OpenSSL, is forbidden. |
78 | ||
79 | ||
5d2f5756 DL |
80 | * Debian Policy compliance notes |
81 | ================================ | |
82 | ||
83 | - 4.15 Reproducibility | |
84 | FRR build is reproducible as outlined in version 4.2.1 of the Policy, but | |
85 | won't be reproducible when the build directory is varied. This is because | |
86 | configure parameters are burned into the executables which includes CFLAGS | |
87 | like -fdebug-prefix-map=/build/directory/... | |
88 | ||
89 | ||
4d916382 DS |
90 | * Daemon selection: |
91 | =================== | |
92 | ||
d8e4c438 | 93 | The Debian package uses /etc/frr/daemons to tell the |
4d916382 DS |
94 | initscript which daemons to start. It's in the format |
95 | <daemon>=<yes|no|priority> | |
96 | with no spaces (it's simply source-d into the initscript). | |
97 | Default is not to start anything, since it can hose your | |
98 | system's routing table if not set up properly. | |
99 | ||
100 | Priorities were suggested by Dancer <dancer@zeor.simegen.com>. | |
63a79ae1 | 101 | They're used to start the FRR daemons in more than one step |
4d916382 | 102 | (for example start one or two at network initialization and the |
63a79ae1 | 103 | rest later). The number of FRR daemons being small, priorities |
4d916382 | 104 | must be between 1 and 9, inclusive (or the initscript has to be |
d8e4c438 | 105 | changed). /etc/init.d/frr then can be started as |
4d916382 | 106 | |
d8e4c438 | 107 | /etc/init.d/frr <start|stop|restart|<priority>> |
4d916382 DS |
108 | |
109 | where priority 0 is the same as 'stop', priority 10 or 'start' | |
110 | means 'start all' | |
111 | ||
112 | ||
113 | * Error message "privs_init: initial cap_set_proc failed": | |
114 | ========================================================== | |
115 | ||
116 | This error message means that "capability support" has to be built | |
117 | into the kernel. | |
118 | ||
119 | ||
120 | * Error message "netlink-listen: overrun: No buffer space available": | |
121 | ===================================================================== | |
122 | ||
123 | If this message occurs the receive buffer should be increased by adding the | |
9c830772 | 124 | following to /etc/sysctl.conf and "--nl-bufsize" to /etc/frr/daemons. |
4d916382 DS |
125 | > net.core.rmem_default = 262144 |
126 | > net.core.rmem_max = 262144 | |
63a79ae1 | 127 | See message #4525 from 2005-05-09 in the quagga-users mailing list. |
4d916382 DS |
128 | |
129 | ||
130 | * vtysh immediately exists: | |
131 | =========================== | |
132 | ||
d8e4c438 | 133 | Check /etc/pam.d/frr, it probably denies access to your user. The passwords |
685e701e | 134 | configured in /etc/frr/frr.conf are only for telnet access. |
4d916382 | 135 |