binary.Read() != nil check means error case, so the vxlan.Port{Low,High}
are never populated. Fix the check.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Currently, the ConntrackDeleteFilters captures all flow entries
it fails to delete and reports them as errors. This behavior
can potentially lead to memory leaks in high-traffic systems,
where thousands of conntrack flow entries are cleared in a single
batch. With this commit, instead of returning all the un-deleted
flow entries, we now return a single error message for all of them.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
These attributes are supported since kernel v5.14 (see [1]). Here's
what iproute2 shows:
```
$ ip -d link show eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
... parentbus virtio parentdev virtio0
```
[1]: 00e77ed8e6
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
Add deserialization of the `IFF_RUNNING` link flag which translates to
`net.FlagRunning`.
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Update the Go version we test against to Go v1.22 which is currently the
oldest version still receiving security updates.
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Add a specific error to report that a netlink response had
NLM_F_DUMP_INTR set, indicating that the set of results may be
incomplete or inconsistent.
unix.EINTR was previously returned (with no results) when the
NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will
still work. But, this will be a breaking change for any code that's
checking for equality with unix.EINTR.
Return results with ErrDumpInterrupted. Results may be incomplete
or inconsistent, but give the caller the option of using them.
Look for NLM_F_DUMP_INTR in more places:
- linkSubscribeAt, neighSubscribeAt, routeSubscribeAt
- can do an initial dump, which may report inconsistent results
-> if there's an error callback, call it with ErrDumpInterrupted
- socketDiagXDPExecutor
- makes an NLM_F_DUMP request, without using Execute()
-> give it the same behaviour as functions that do use Execute()
Signed-off-by: Rob Murray <rob.murray@docker.com>
They were implemented using SO_SNDTIMEO/SO_RCVTIMEO on the
socket descriptor - but that doesn't work now the socket is
non-blocking. Instead, set deadlines on the file read/write.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Commit c96b03b4be changed the signature
of this method to accept a list of filters and renamed it to
ConntrackDeleteFilters (plural).
This patch
- adds back ConntrackDeleteFilter as an alias
- marks it as deprecated in favor of the new version.
- adds missing stubs for other platforms
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
ConntrackDeleteFilters enables users to delete flow entries
that match any of the specified filters. This allows users
to delete multiple flow entries with a single dump table call.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
Function `LinkDeserialize` checked for presence of `IFF_PROMISC` in
the link's flags to determine whether it was in promiscuous mode.
This flag only tracks what is set with commands such as
ip set <link> promisc on
but is not set when you run `tcpdump` or `wireshark` for example,
which also put the device in promiscuous mode.
There is a counter that tracks the number of times promiscuous mode
has been requested. It reacts to all the ways, `ip set`, and also
`tcpdump` and co.
With this change this counter is used instead of checking the flag.
This makes the library reflect what
ip -d link show <link>
would show in its `promiscuity` field.
To test this change, start some processes of `tcpdump` or similar
and see the counter increase in `ip -d link show <link>` as well
as in the patched version of this netlink library. With the
unpatched version the counter remains 0. Then enable promiscuous
mode globally for the interface. This will increase the count in
all variants, `ip link`, the old unpatched and the patched version
of this netlink library.
Simple test program for reference:
package main
import "fmt"
import "github.com/vishvananda/netlink"
func main() {
handle, _ := netlink.NewHandle()
links, _ := handle.LinkList()
for _, link := range links {
attrs := link.Attrs()
fmt.Printf("dev=%v promisc=%v\n",
attrs.Name, attrs.Promisc)
}
}
The maximum value for an `int` type on a 32-bit platform is 0x7FFFFFFF. Since 0xF0000000 exceeds this limit, we need to use `uint` instead of `int` to handle these values.
- Also refactored setUpNetlinkTestWithKModule function to reduce redundant NS's created and checks made.
- Add conntrack protoinfo TCP support + groundwork for other protocols.
- Tests to cover the above.
- Extend Htb struct in qdisc.go to include DirectQlen field
- Implement the DirectQlen option in qdisc_linux.go
- Modify TestHtbAddDel test to validate DirectQlen changes
Use a tagged version of the dependency. I picked the current version,
although older versions could probably work.
full diff: db3c7e526a...v0.0.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Linux added a new bond transmit hashing policy, VLAN_SRCMAC in [1],
available since Linux 5.12. Add this hashing policy into the respective
data structures.
[1] 7b8fc0103b
- `Rate64` field added to the `Netem` struct in `qdisc.go`
- Implemented serialization and deserialization methods for `Rate64`
- Modify `TestClassAddDel` test to validate Rate64 changes
Linux 5.6 and higher support IFLA_PERM_ADDRESS, which contains the
permanent hardware address of the interface if an interface has such an
address. This can be used to identify interfaces even when the normal
hardware address has been changed.
Signed-off-by: Lorenz Brun <lorenz@monogon.tech>
