Add a specific error to report that a netlink response had
NLM_F_DUMP_INTR set, indicating that the set of results may be
incomplete or inconsistent.
unix.EINTR was previously returned (with no results) when the
NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will
still work. But, this will be a breaking change for any code that's
checking for equality with unix.EINTR.
Return results with ErrDumpInterrupted. Results may be incomplete
or inconsistent, but give the caller the option of using them.
Look for NLM_F_DUMP_INTR in more places:
- linkSubscribeAt, neighSubscribeAt, routeSubscribeAt
- can do an initial dump, which may report inconsistent results
-> if there's an error callback, call it with ErrDumpInterrupted
- socketDiagXDPExecutor
- makes an NLM_F_DUMP request, without using Execute()
-> give it the same behaviour as functions that do use Execute()
Signed-off-by: Rob Murray <rob.murray@docker.com>
Commit c96b03b4be changed the signature
of this method to accept a list of filters and renamed it to
ConntrackDeleteFilters (plural).
This patch
- adds back ConntrackDeleteFilter as an alias
- marks it as deprecated in favor of the new version.
- adds missing stubs for other platforms
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
ConntrackDeleteFilters enables users to delete flow entries
that match any of the specified filters. This allows users
to delete multiple flow entries with a single dump table call.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
- Also refactored setUpNetlinkTestWithKModule function to reduce redundant NS's created and checks made.
- Add conntrack protoinfo TCP support + groundwork for other protocols.
- Tests to cover the above.
This PR adds support for filtering flows
based on conntrack labels. It adds two
filters `ConntrackMatchLabels` &&
`ConntackUnmatchLabels` through which user can
provide a list of labels as type "bytes" which
will then be compared to flow.Labels to see if
any matches were found.
ConntrackMatchLabels: Every label passed should
be contained in flow.Labels for a match to be true
ConntrackUmmatchLabels: Every label passed should
not be contained in the flow.Labels for a match to
be true
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Add a new method to the ConntrackFilter to be able to
filter conntrack entries by Layer 4 protocol and source
and destination port.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
Today the filter implementation implements
only ip matching for src,dst,reply src,reply dst.
Updating the comments on the filter to reflect that
more clearly and deprecate confusing constants
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Removed extra pointer not needed in AddIP
Updated tests
Removed the use of io.SeekCurrent and defined it as a const
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
- Conntrack table FLUSH
- Conntrack table DELETE with filter
The filter is only for IP field
- Conntrack table GET
The flow information is not complete, but the method
returns a simplified structure with basic flow info
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
