* SAFETY MEASURES:
==================

Please consider setting this package "on hold" by typing
    echo "frr hold" | dpkg --set-selections
and verifying this using
    dpkg --get-selections | grep 'hold$'

Setting a package "on hold" means that it will not automatically be upgraded.
Instead apt-get only displays a warning saying that a new version would be
available forcing you to explicitly type "apt-get install frr" to upgrade it.


* What is frr?
=================

http://www.frrouting.org/
FRR is a routing software suite, providing implementations of OSPFv2,
OSPFv3, RIP v1 and v2, RIPng, ISIS, PIM, BGP and LDP for Unix platforms, particularly
FreeBSD and Linux and also NetBSD, to mention a few. FRR is a fork of Quagga
which itself is a fork of Zebra. 
Zebra was developed by Kunihiro Ishiguro.


* Build Profiles used in the upstream debian/
=============================================

The following Build Profiles have been added:

- pkg.frr.nortrlib (pkg.frr.rtrlib)
  controls whether the RPKI module is built.
  Will be enabled by default at some point, adds some extra dependencies.

- pkg.frr.nosnmp (pkg.frr.snmp)
  controls whether the SNMP module is built, see below for license issues.
  Will remain default-off as long as the license issue persists.

- pkg.frr.nosystemd
  Disables both systemd unit file installation as well as watchfrr sd_notify
  support at startup.  Removes libsystemd dependency.

Note that all options have a "no" form;  if you want to have your decision
be sticky regardless of changes to what it defaults to, then always use one
of the two.  For example, all occurrences of <pkg.frr.rtrlib> will at some
point be replaced with <!pkg.frr.nortrlib>.

The main frr package has the exact same contents regardless of rtrlib or snmp
choices.  The options only control frr-snmp and frr-rpki-rtrlib packages.

The main frr package does NOT have the same contents if pkg.frr.nosystemd is
used.  This option should only be used for systems that do not have systemd,
e.g. Ubuntu 14.04.


* Why has SNMP support been disabled?
=====================================
FRR used to link against the NetSNMP libraries to provide SNMP
support. Those libraries sadly link against the OpenSSL libraries
to provide crypto support for SNMPv3 among others.
OpenSSL now is not compatible with the GNU GENERAL PUBLIC LICENSE (GPL)
licence that FRR is distributed under. For more explanation read:
  http://www.gnome.org/~markmc/openssl-and-the-gpl.html
  http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
Updating the licence to explecitly allow linking against OpenSSL
would requite the affirmation of all people that ever contributed
a significant part to Zebra / Quagga or FRR and thus are the collective
"copyright holder". That's too much work. Using a shrinked down 
version of NetSNMP without OpenSSL or convincing the NetSNMP people
to change to GnuTLS are maybe good solutions but not reachable
during the last days before the Sarge release :-(

        *BUT*

It is allowed by the used licence mix that you fetch the sources and
build FRR yourself with SNMP with
        # apt-get -b source -Ppkg.frr.snmp frr
Just distributing it in binary form, linked against OpenSSL, is forbidden.


* Debian Policy compliance notes
================================

- 4.15 Reproducibility
  FRR build is reproducible as outlined in version 4.2.1 of the Policy, but
  won't be reproducible when the build directory is varied.  This is because
  configure parameters are burned into the executables which includes CFLAGS
  like -fdebug-prefix-map=/build/directory/...


* Daemon selection:
===================

The Debian package uses /etc/frr/daemons to tell the
initscript which daemons to start. It's in the format
<daemon>=<yes|no|priority>
with no spaces (it's simply source-d into the initscript).
Default is not to start anything, since it can hose your
system's routing table if not set up properly.

Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
They're used to start the FRR daemons in more than one step
(for example start one or two at network initialization and the
rest later). The number of FRR daemons being small, priorities
must be between 1 and 9, inclusive (or the initscript has to be
changed). /etc/init.d/frr then can be started as

/etc/init.d/frr <start|stop|restart|<priority>>

where priority 0 is the same as 'stop', priority 10 or 'start'
means 'start all'


* Error message "privs_init: initial cap_set_proc failed":
==========================================================

This error message means that "capability support" has to be built
into the kernel.


* Error message "netlink-listen: overrun: No buffer space available":
=====================================================================

If this message occurs the receive buffer should be increased by adding the
following to /etc/sysctl.conf and "--nl-bufsize" to /etc/frr/daemons.
> net.core.rmem_default = 262144
> net.core.rmem_max = 262144
See message #4525 from 2005-05-09 in the quagga-users mailing list.


* vtysh immediately exists:
===========================

Check /etc/pam.d/frr, it probably denies access to your user. The passwords
configured in /etc/frr/frr.conf are only for telnet access.