RepoMirrors/netlink
1
0
Fork 0
mirror of https://github.com/vishvananda/netlink synced 2024-12-17 20:24:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
976bd8de7d
netlink/neigh_linux.go

496 lines
13 KiB
Go
Raw Normal View History

arp and vxlan support added
2014-09-16 00:44:20 +00:00
package netlink
import (
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
"errors"
netlink: enforce similar pid checks as in iproute2 iproute2's own netlink library asserts that the sockaddr sender pid has to be the one of the kernel [0]. It also doesn't bail out on pid mismatch but only skips the message instead. We've seen cases where the latter had a pid 0; in such case we should skip to the next nl message instead of hard bail out. [0] https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/libnetlink.c rtnl_dump_filter_l(), __rtnl_talk_iov() Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-07-15 17:54:20 +00:00
"fmt"
arp and vxlan support added
2014-09-16 00:44:20 +00:00
"net"
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
"syscall"
arp and vxlan support added
2014-09-16 00:44:20 +00:00
"unsafe"
"github.com/vishvananda/netlink/nl"
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
"github.com/vishvananda/netns"
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
"golang.org/x/sys/unix"
arp and vxlan support added
2014-09-16 00:44:20 +00:00
)
const (
Use more accustomed way to define enums Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-12 19:16:19 +00:00
NDA_UNSPEC = iota
NDA_DST
NDA_LLADDR
NDA_CACHEINFO
NDA_PROBES
NDA_VLAN
NDA_PORT
NDA_VNI
NDA_IFINDEX
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
NDA_MASTER
NDA_LINK_NETNSID
NDA_SRC_VNI
Add support for NDA_FLAGS_EXT neighboring attribute This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED flag for managed neighbor entries"). The flag then indicates to the kernel that the neighbor entry should be periodically probed for keeping the entry in NUD_REACHABLE state iff possible. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-10-26 10:04:16 +00:00
NDA_PROTOCOL
NDA_NH_ID
NDA_FDB_EXT_ATTRS
NDA_FLAGS_EXT
NDA_MAX = NDA_FLAGS_EXT
arp and vxlan support added
2014-09-16 00:44:20 +00:00
)
// Neighbor Cache Entry States.
const (
NUD_NONE = 0x00
NUD_INCOMPLETE = 0x01
NUD_REACHABLE = 0x02
NUD_STALE = 0x04
NUD_DELAY = 0x08
NUD_PROBE = 0x10
NUD_FAILED = 0x20
NUD_NOARP = 0x40
NUD_PERMANENT = 0x80
)
// Neighbor Flags
const (
Add support for extern_learn like in ip-neigh
2021-05-15 13:46:42 +00:00
NTF_USE = 0x01
NTF_SELF = 0x02
NTF_MASTER = 0x04
NTF_PROXY = 0x08
NTF_EXT_LEARNED = 0x10
Add support for NDA_FLAGS_EXT neighboring attribute This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED flag for managed neighbor entries"). The flag then indicates to the kernel that the neighbor entry should be periodically probed for keeping the entry in NUD_REACHABLE state iff possible. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-10-26 10:04:16 +00:00
NTF_OFFLOADED = 0x20
NTF_STICKY = 0x40
Add support for extern_learn like in ip-neigh
2021-05-15 13:46:42 +00:00
NTF_ROUTER = 0x80
arp and vxlan support added
2014-09-16 00:44:20 +00:00
)
Add support for NDA_FLAGS_EXT neighboring attribute This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED flag for managed neighbor entries"). The flag then indicates to the kernel that the neighbor entry should be periodically probed for keeping the entry in NUD_REACHABLE state iff possible. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-10-26 10:04:16 +00:00
// Extended Neighbor Flags
const (
NTF_EXT_MANAGED = 0x00000001
)
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
// Ndmsg is for adding, removing or receiving information about a neighbor table entry
arp and vxlan support added
2014-09-16 00:44:20 +00:00
type Ndmsg struct {
Family uint8
Index uint32
State uint16
gofmt: style violations have crept up
2014-10-29 00:22:52 +00:00
Flags uint8
arp and vxlan support added
2014-09-16 00:44:20 +00:00
Type uint8
}
func deserializeNdmsg(b []byte) *Ndmsg {
var dummy Ndmsg
return (*Ndmsg)(unsafe.Pointer(&b[0:unsafe.Sizeof(dummy)][0]))
}
func (msg *Ndmsg) Serialize() []byte {
return (*(*[unsafe.Sizeof(*msg)]byte)(unsafe.Pointer(msg)))[:]
}
func (msg *Ndmsg) Len() int {
return int(unsafe.Sizeof(*msg))
}
// NeighAdd will add an IP to MAC mapping to the ARP table
// Equivalent to: `ip neigh add ....`
func NeighAdd(neigh *Neigh) error {
Use package empty handle for pkg APIs (#117) - Package methods only need an empty handle. Not a regular Handle with a couple of sockets creation/delete. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 23:55:00 +00:00
return pkgHandle.NeighAdd(neigh)
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
}
// NeighAdd will add an IP to MAC mapping to the ARP table
// Equivalent to: `ip neigh add ....`
func (h *Handle) NeighAdd(neigh *Neigh) error {
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
return h.neighAdd(neigh, unix.NLM_F_CREATE|unix.NLM_F_EXCL)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
docs: replace NeighAdd with NeighSet
2015-11-10 13:38:50 +00:00
// NeighSet will add or replace an IP to MAC mapping to the ARP table
arp and vxlan support added
2014-09-16 00:44:20 +00:00
// Equivalent to: `ip neigh replace....`
func NeighSet(neigh *Neigh) error {
Use package empty handle for pkg APIs (#117) - Package methods only need an empty handle. Not a regular Handle with a couple of sockets creation/delete. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 23:55:00 +00:00
return pkgHandle.NeighSet(neigh)
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
}
// NeighSet will add or replace an IP to MAC mapping to the ARP table
// Equivalent to: `ip neigh replace....`
func (h *Handle) NeighSet(neigh *Neigh) error {
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
return h.neighAdd(neigh, unix.NLM_F_CREATE|unix.NLM_F_REPLACE)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
// NeighAppend will append an entry to FDB
// Equivalent to: `bridge fdb append...`
func NeighAppend(neigh *Neigh) error {
Use package empty handle for pkg APIs (#117) - Package methods only need an empty handle. Not a regular Handle with a couple of sockets creation/delete. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 23:55:00 +00:00
return pkgHandle.NeighAppend(neigh)
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
}
// NeighAppend will append an entry to FDB
// Equivalent to: `bridge fdb append...`
func (h *Handle) NeighAppend(neigh *Neigh) error {
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
return h.neighAdd(neigh, unix.NLM_F_CREATE|unix.NLM_F_APPEND)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
// NeighAppend will append an entry to FDB
// Equivalent to: `bridge fdb append...`
arp and vxlan support added
2014-09-16 00:44:20 +00:00
func neighAdd(neigh *Neigh, mode int) error {
Use package empty handle for pkg APIs (#117) - Package methods only need an empty handle. Not a regular Handle with a couple of sockets creation/delete. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 23:55:00 +00:00
return pkgHandle.neighAdd(neigh, mode)
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
}
// NeighAppend will append an entry to FDB
// Equivalent to: `bridge fdb append...`
func (h *Handle) neighAdd(neigh *Neigh, mode int) error {
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
req := h.newNetlinkRequest(unix.RTM_NEWNEIGH, mode|unix.NLM_F_ACK)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
return neighHandle(neigh, req)
}
// NeighDel will delete an IP address from a link device.
// Equivalent to: `ip addr del $addr dev $link`
func NeighDel(neigh *Neigh) error {
Use package empty handle for pkg APIs (#117) - Package methods only need an empty handle. Not a regular Handle with a couple of sockets creation/delete. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 23:55:00 +00:00
return pkgHandle.NeighDel(neigh)
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
}
// NeighDel will delete an IP address from a link device.
// Equivalent to: `ip addr del $addr dev $link`
func (h *Handle) NeighDel(neigh *Neigh) error {
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
req := h.newNetlinkRequest(unix.RTM_DELNEIGH, unix.NLM_F_ACK)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
return neighHandle(neigh, req)
}
func neighHandle(neigh *Neigh, req *nl.NetlinkRequest) error {
var family int
ip neighbour: Add support for lladdr to be an IP address The ip neighbour supports adding of peers statically using commands where the lladdr is an IP address. ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8 This is used in the case of point-to-multipoint GRE to setup the remote end point of the tunnel Note that link-layer address and neighbor address are both IP addresses Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
2017-08-29 00:59:25 +00:00
arp and vxlan support added
2014-09-16 00:44:20 +00:00
if neigh.Family > 0 {
family = neigh.Family
} else {
family = nl.GetIPFamily(neigh.IP)
}
msg := Ndmsg{
Family: uint8(family),
Use LinkIndex instead of Link obj in Route, Neigh Having object composition causes both client and library to do potentially unecessary work to retrieve Link attributes when only index is often sufficient.
2014-10-13 23:09:09 +00:00
Index: uint32(neigh.LinkIndex),
arp and vxlan support added
2014-09-16 00:44:20 +00:00
State: uint16(neigh.State),
Type: uint8(neigh.Type),
Flags: uint8(neigh.Flags),
}
req.AddData(&msg)
ipData := neigh.IP.To4()
if ipData == nil {
ipData = neigh.IP.To16()
}
dstData := nl.NewRtAttr(NDA_DST, ipData)
req.AddData(dstData)
ip neighbour: Add support for lladdr to be an IP address The ip neighbour supports adding of peers statically using commands where the lladdr is an IP address. ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8 This is used in the case of point-to-multipoint GRE to setup the remote end point of the tunnel Note that link-layer address and neighbor address are both IP addresses Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
2017-08-29 00:59:25 +00:00
if neigh.LLIPAddr != nil {
llIPData := nl.NewRtAttr(NDA_LLADDR, neigh.LLIPAddr.To4())
req.AddData(llIPData)
Fix inserting a nil neigh.HardwareAddr into the neighboring subsystem The condition to demand a lladdress for neigh.Flags != NTF_PROXY is just buggy, since there are various other flags such as NTF_USE, NTF_EXT_MANAGED, etc where this is not required. Besides, the kernel handles this internally anyway if it demands a NDA_LLADDR attribute. Simply get rid of the NTF_PROXY flag/condition since it's wrong. Fixes: d710fbade461 ("Add proxy support to the neighbor functions (#149)") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-10-29 13:36:25 +00:00
} else if neigh.HardwareAddr != nil {
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
hwData := nl.NewRtAttr(NDA_LLADDR, []byte(neigh.HardwareAddr))
req.AddData(hwData)
}
arp and vxlan support added
2014-09-16 00:44:20 +00:00
Add support for NDA_FLAGS_EXT neighboring attribute This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED flag for managed neighbor entries"). The flag then indicates to the kernel that the neighbor entry should be periodically probed for keeping the entry in NUD_REACHABLE state iff possible. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-10-26 10:04:16 +00:00
if neigh.FlagsExt != 0 {
flagsExtData := nl.NewRtAttr(NDA_FLAGS_EXT, nl.Uint32Attr(uint32(neigh.FlagsExt)))
req.AddData(flagsExtData)
}
Retrieve VLAN and VNI when listing neighbour
2017-05-04 13:15:30 +00:00
if neigh.Vlan != 0 {
vlanData := nl.NewRtAttr(NDA_VLAN, nl.Uint16Attr(uint16(neigh.Vlan)))
req.AddData(vlanData)
}
if neigh.VNI != 0 {
vniData := nl.NewRtAttr(NDA_VNI, nl.Uint32Attr(uint32(neigh.VNI)))
req.AddData(vniData)
}
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
if neigh.MasterIndex != 0 {
masterData := nl.NewRtAttr(NDA_MASTER, nl.Uint32Attr(uint32(neigh.MasterIndex)))
req.AddData(masterData)
}
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
_, err := req.Execute(unix.NETLINK_ROUTE, 0)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
return err
}
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
// NeighList returns a list of IP-MAC mappings in the system (ARP table).
arp and vxlan support added
2014-09-16 00:44:20 +00:00
// Equivalent to: `ip neighbor show`.
// The list can be filtered by link and ip family.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
// or incomplete.
arp and vxlan support added
2014-09-16 00:44:20 +00:00
func NeighList(linkIndex, family int) ([]Neigh, error) {
Use package empty handle for pkg APIs (#117) - Package methods only need an empty handle. Not a regular Handle with a couple of sockets creation/delete. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 23:55:00 +00:00
return pkgHandle.NeighList(linkIndex, family)
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
}
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
// NeighProxyList returns a list of neighbor proxies in the system.
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
// Equivalent to: `ip neighbor show proxy`.
// The list can be filtered by link and ip family.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
// or incomplete.
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
func NeighProxyList(linkIndex, family int) ([]Neigh, error) {
return pkgHandle.NeighProxyList(linkIndex, family)
}
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
// NeighList returns a list of IP-MAC mappings in the system (ARP table).
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
// Equivalent to: `ip neighbor show`.
// The list can be filtered by link and ip family.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
// or incomplete.
Provide netlink handle (#104) - Ties to a netlink socket. All client requests will re-use same socket. Socket released at handle deletion. - Also network namespace can be specified during handle creation. Socket will be opened on the specified network namespace. Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 18:35:49 +00:00
func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
return h.NeighListExecute(Ndmsg{
Family: uint8(family),
Index: uint32(linkIndex),
})
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
}
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
// NeighProxyList returns a list of neighbor proxies in the system.
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
// Equivalent to: `ip neighbor show proxy`.
// The list can be filtered by link, ip family.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
// or incomplete.
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
return h.NeighListExecute(Ndmsg{
Family: uint8(family),
Index: uint32(linkIndex),
Flags: NTF_PROXY,
})
}
// NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
// or incomplete.
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
func NeighListExecute(msg Ndmsg) ([]Neigh, error) {
return pkgHandle.NeighListExecute(msg)
Add proxy support to the neighbor functions (#149) - Don't require a MAC address for a neighbor proxy - Include proxies in the list of neighbors Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 23:01:24 +00:00
}
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
// NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
// or incomplete.
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
req := h.newNetlinkRequest(unix.RTM_GETNEIGH, unix.NLM_F_DUMP)
arp and vxlan support added
2014-09-16 00:44:20 +00:00
req.AddData(&msg)
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH)
if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
return nil, executeErr
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
Fix some style issues as suggested by golint Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-19 00:41:46 +00:00
var res []Neigh
arp and vxlan support added
2014-09-16 00:44:20 +00:00
for _, m := range msgs {
ndm := deserializeNdmsg(m)
Pass Ndmsg to NeighListExecute
2018-11-11 13:01:26 +00:00
if msg.Index != 0 && ndm.Index != msg.Index {
arp and vxlan support added
2014-09-16 00:44:20 +00:00
// Ignore messages from other interfaces
continue
}
Add filtering in NeighListExecute
2020-03-23 21:13:19 +00:00
if msg.Family != 0 && ndm.Family != msg.Family {
continue
}
if msg.State != 0 && ndm.State != msg.State {
continue
}
if msg.Type != 0 && ndm.Type != msg.Type {
continue
}
if msg.Flags != 0 && ndm.Flags != msg.Flags {
continue
}
arp and vxlan support added
2014-09-16 00:44:20 +00:00
neigh, err := NeighDeserialize(m)
if err != nil {
continue
}
res = append(res, *neigh)
}
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
return res, executeErr
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
func NeighDeserialize(m []byte) (*Neigh, error) {
msg := deserializeNdmsg(m)
neigh := Neigh{
Use LinkIndex instead of Link obj in Route, Neigh Having object composition causes both client and library to do potentially unecessary work to retrieve Link attributes when only index is often sufficient.
2014-10-13 23:09:09 +00:00
LinkIndex: int(msg.Index),
Family: int(msg.Family),
State: int(msg.State),
Type: int(msg.Type),
Flags: int(msg.Flags),
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
attrs, err := nl.ParseRouteAttr(m[msg.Len():])
if err != nil {
return nil, err
}
for _, attr := range attrs {
switch attr.Attr.Type {
case NDA_DST:
neigh.IP = net.IP(attr.Value)
case NDA_LLADDR:
ip neighbour: Add support for lladdr to be an IP address The ip neighbour supports adding of peers statically using commands where the lladdr is an IP address. ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8 This is used in the case of point-to-multipoint GRE to setup the remote end point of the tunnel Note that link-layer address and neighbor address are both IP addresses Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
2017-08-29 00:59:25 +00:00
// BUG: Is this a bug in the netlink library?
// #define RTA_LENGTH(len) (RTA_ALIGN(sizeof(struct rtattr)) + (len))
// #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
replace syscall with golang.org/x/sys/unix
2017-10-20 20:38:07 +00:00
attrLen := attr.Attr.Len - unix.SizeofRtAttr
neigh_linux: Fix failure on deleted link neighs updates The kernel sends a RTM_DELNEIGH for every neighbours on link deletion by the time the message is deserialized, the interface no longer exists so we cannot call LinkByIndex on it. This call to LinkByIndex is only used to get the encapType to be able to set either IP or HardwareAddr correctly. The attrLen attribute can be used here as only ipv4 are used with a size of 4, and only ipv6 and FireWire HWaddr have a size of 16. As such this change decrease the number of calls to LinkByIndex, so it is called only when needed to choose between ipv6 or FireWire Hwaddr, it also fallback to HWaddr in case of error with LinkByIndex. Fix: 921f7441f1ad68ebc6bbebe00664dfad83a7dbc6 Fix #409 Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-18 09:10:34 +00:00
if attrLen == 4 {
ip neighbour: Add support for lladdr to be an IP address The ip neighbour supports adding of peers statically using commands where the lladdr is an IP address. ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8 This is used in the case of point-to-multipoint GRE to setup the remote end point of the tunnel Note that link-layer address and neighbor address are both IP addresses Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
2017-08-29 00:59:25 +00:00
neigh.LLIPAddr = net.IP(attr.Value)
neigh_linux: Fix failure on deleted link neighs updates The kernel sends a RTM_DELNEIGH for every neighbours on link deletion by the time the message is deserialized, the interface no longer exists so we cannot call LinkByIndex on it. This call to LinkByIndex is only used to get the encapType to be able to set either IP or HardwareAddr correctly. The attrLen attribute can be used here as only ipv4 are used with a size of 4, and only ipv6 and FireWire HWaddr have a size of 16. As such this change decrease the number of calls to LinkByIndex, so it is called only when needed to choose between ipv6 or FireWire Hwaddr, it also fallback to HWaddr in case of error with LinkByIndex. Fix: 921f7441f1ad68ebc6bbebe00664dfad83a7dbc6 Fix #409 Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-18 09:10:34 +00:00
} else if attrLen == 16 {
// Can be IPv6 or FireWire HWAddr
link, err := LinkByIndex(neigh.LinkIndex)
if err == nil && link.Attrs().EncapType == "tunnel6" {
neigh.IP = net.IP(attr.Value)
} else {
neigh.HardwareAddr = net.HardwareAddr(attr.Value)
}
ip neighbour: Add support for lladdr to be an IP address The ip neighbour supports adding of peers statically using commands where the lladdr is an IP address. ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8 This is used in the case of point-to-multipoint GRE to setup the remote end point of the tunnel Note that link-layer address and neighbor address are both IP addresses Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
2017-08-29 00:59:25 +00:00
} else {
neigh.HardwareAddr = net.HardwareAddr(attr.Value)
}
Add support for NDA_FLAGS_EXT neighboring attribute This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED flag for managed neighbor entries"). The flag then indicates to the kernel that the neighbor entry should be periodically probed for keeping the entry in NUD_REACHABLE state iff possible. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-10-26 10:04:16 +00:00
case NDA_FLAGS_EXT:
neigh.FlagsExt = int(native.Uint32(attr.Value[0:4]))
Retrieve VLAN and VNI when listing neighbour
2017-05-04 13:15:30 +00:00
case NDA_VLAN:
neigh.Vlan = int(native.Uint16(attr.Value[0:2]))
case NDA_VNI:
neigh.VNI = int(native.Uint32(attr.Value[0:4]))
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
case NDA_MASTER:
neigh.MasterIndex = int(native.Uint32(attr.Value[0:4]))
arp and vxlan support added
2014-09-16 00:44:20 +00:00
}
}
return &neigh, nil
}
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
// NeighSubscribe takes a chan down which notifications will be sent
// when neighbors are added or deleted. Close the 'done' chan to stop subscription.
func NeighSubscribe(ch chan<- NeighUpdate, done <-chan struct{}) error {
Add ReceiveBufferSize and force option to *Subscribe When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
2022-05-05 22:56:08 +00:00
return neighSubscribeAt(netns.None(), netns.None(), ch, done, nil, false, 0, nil, false)
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
}
// NeighSubscribeAt works like NeighSubscribe plus it allows the caller
// to choose the network namespace in which to subscribe (ns).
func NeighSubscribeAt(ns netns.NsHandle, ch chan<- NeighUpdate, done <-chan struct{}) error {
Add ReceiveBufferSize and force option to *Subscribe When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
2022-05-05 22:56:08 +00:00
return neighSubscribeAt(ns, netns.None(), ch, done, nil, false, 0, nil, false)
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
}
// NeighSubscribeOptions contains a set of options to use with
// NeighSubscribeWithOptions.
type NeighSubscribeOptions struct {
Namespace *netns.NsHandle
ErrorCallback func(error)
ListExisting bool
Add ReceiveBufferSize and force option to *Subscribe When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
2022-05-05 22:56:08 +00:00
// max size is based on value of /proc/sys/net/core/rmem_max
ReceiveBufferSize int
ReceiveBufferForceSize bool
ReceiveTimeout *unix.Timeval
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
}
// NeighSubscribeWithOptions work like NeighSubscribe but enable to
// provide additional options to modify the behavior. Currently, the
// namespace can be provided as well as an error callback.
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
//
// When options.ListExisting is true, options.ErrorCallback may be
// called with [ErrDumpInterrupted] to indicate that results from
// the initial dump of links may be inconsistent or incomplete.
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
func NeighSubscribeWithOptions(ch chan<- NeighUpdate, done <-chan struct{}, options NeighSubscribeOptions) error {
if options.Namespace == nil {
none := netns.None()
options.Namespace = &none
}
Add ReceiveBufferSize and force option to *Subscribe When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
2022-05-05 22:56:08 +00:00
return neighSubscribeAt(*options.Namespace, netns.None(), ch, done, options.ErrorCallback, options.ListExisting,
options.ReceiveBufferSize, options.ReceiveTimeout, options.ReceiveBufferForceSize)
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
}
Add ReceiveBufferSize and force option to *Subscribe When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
2022-05-05 22:56:08 +00:00
func neighSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- NeighUpdate, done <-chan struct{}, cberr func(error), listExisting bool,
rcvbuf int, rcvTimeout *unix.Timeval, rcvbufForce bool) error {
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
s, err := nl.SubscribeAt(newNs, curNs, unix.NETLINK_ROUTE, unix.RTNLGRP_NEIGH)
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
makeRequest := func(family int) error {
Use ndmsg payload for neighbor subscribe requests
2022-05-07 16:08:58 +00:00
req := pkgHandle.newNetlinkRequest(unix.RTM_GETNEIGH, unix.NLM_F_DUMP)
ndmsg := &Ndmsg{Family: uint8(family)}
req.AddData(ndmsg)
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
if err := s.Send(req); err != nil {
return err
}
return nil
}
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
if err != nil {
return err
}
Add ReceiveBufferSize and force option to *Subscribe When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
2022-05-05 22:56:08 +00:00
if rcvTimeout != nil {
if err := s.SetReceiveTimeout(rcvTimeout); err != nil {
return err
}
}
if rcvbuf != 0 {
err = s.SetReceiveBufferSize(rcvbuf, rcvbufForce)
if err != nil {
return err
}
}
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
if done != nil {
go func() {
<-done
s.Close()
}()
}
if listExisting {
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
if err := makeRequest(unix.AF_UNSPEC); err != nil {
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
return err
}
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
// We have to wait for NLMSG_DONE before making AF_BRIDGE request
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
}
go func() {
defer close(ch)
for {
netlink: enforce similar pid checks as in iproute2 iproute2's own netlink library asserts that the sockaddr sender pid has to be the one of the kernel [0]. It also doesn't bail out on pid mismatch but only skips the message instead. We've seen cases where the latter had a pid 0; in such case we should skip to the next nl message instead of hard bail out. [0] https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/libnetlink.c rtnl_dump_filter_l(), __rtnl_talk_iov() Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-07-15 17:54:20 +00:00
msgs, from, err := s.Receive()
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
if err != nil {
if cberr != nil {
cberr(err)
}
return
}
netlink: enforce similar pid checks as in iproute2 iproute2's own netlink library asserts that the sockaddr sender pid has to be the one of the kernel [0]. It also doesn't bail out on pid mismatch but only skips the message instead. We've seen cases where the latter had a pid 0; in such case we should skip to the next nl message instead of hard bail out. [0] https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/libnetlink.c rtnl_dump_filter_l(), __rtnl_talk_iov() Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-07-15 17:54:20 +00:00
if from.Pid != nl.PidKernel {
if cberr != nil {
cberr(fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel))
}
continue
}
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
for _, m := range msgs {
Add ErrDumpInterrupted Add a specific error to report that a netlink response had NLM_F_DUMP_INTR set, indicating that the set of results may be incomplete or inconsistent. unix.EINTR was previously returned (with no results) when the NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will still work. But, this will be a breaking change for any code that's checking for equality with unix.EINTR. Return results with ErrDumpInterrupted. Results may be incomplete or inconsistent, but give the caller the option of using them. Look for NLM_F_DUMP_INTR in more places: - linkSubscribeAt, neighSubscribeAt, routeSubscribeAt - can do an initial dump, which may report inconsistent results -> if there's an error callback, call it with ErrDumpInterrupted - socketDiagXDPExecutor - makes an NLM_F_DUMP request, without using Execute() -> give it the same behaviour as functions that do use Execute() Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-09-05 08:25:13 +00:00
if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
cberr(ErrDumpInterrupted)
}
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
if m.Header.Type == unix.NLMSG_DONE {
neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true When subscribing to neigh updates, the updates for all neigh protocol families are received. However when listExisting is set, the request is made with AF_UNSPEC family, this request does not include AF_BRIDGE entries. This patch add a second request for AF_BRIDGE entries. Add test for existing AF_BRIDGE entry and make expectNeighUpdate take a slice of expected updates Creates a VXLAN interface for this test as its AF_BRIDGE entries looks a lot like usual ones Also add support for latest (2014+) neighbour attributes NDA_MASTER was added back in 2014, it indicates whether a neigh entry is linked to a master interface and index of this interface. The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were added later and will need extra handling. Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-21 08:18:13 +00:00
if listExisting {
// This will be called after handling AF_UNSPEC
// list request, we have to wait for NLMSG_DONE
// before making another request
if err := makeRequest(unix.AF_BRIDGE); err != nil {
if cberr != nil {
cberr(err)
}
return
}
listExisting = false
}
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
continue
}
if m.Header.Type == unix.NLMSG_ERROR {
Use ndmsg payload for neighbor subscribe requests
2022-05-07 16:08:58 +00:00
nError := int32(native.Uint32(m.Data[0:4]))
if nError == 0 {
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
continue
}
if cberr != nil {
Use ndmsg payload for neighbor subscribe requests
2022-05-07 16:08:58 +00:00
cberr(syscall.Errno(-nError))
Add support for neighbor subscription
2018-09-21 03:03:18 +00:00
}
return
}
neigh, err := NeighDeserialize(m.Data)
if err != nil {
if cberr != nil {
cberr(err)
}
return
}
ch <- NeighUpdate{Type: m.Header.Type, Neigh: *neigh}
}
}
}()
return nil
}
Reference in New Issue Copy Permalink