Add a specific error to report that a netlink response had
NLM_F_DUMP_INTR set, indicating that the set of results may be
incomplete or inconsistent.
unix.EINTR was previously returned (with no results) when the
NLM_F_DUMP_INTR flag was set. Now, errors.Is(err, unix.EINTR) will
still work. But, this will be a breaking change for any code that's
checking for equality with unix.EINTR.
Return results with ErrDumpInterrupted. Results may be incomplete
or inconsistent, but give the caller the option of using them.
Look for NLM_F_DUMP_INTR in more places:
- linkSubscribeAt, neighSubscribeAt, routeSubscribeAt
- can do an initial dump, which may report inconsistent results
-> if there's an error callback, call it with ErrDumpInterrupted
- socketDiagXDPExecutor
- makes an NLM_F_DUMP request, without using Execute()
-> give it the same behaviour as functions that do use Execute()
Signed-off-by: Rob Murray <rob.murray@docker.com>
The xfrm framework is linux-only. Only implement the respective types
for GOOS=linux to avoid dependencies to x/sys/unix on non-linux or
non-unix platforms. Provide dummy XfrmPolicy and XfrmState types for the
globally defined XfrmPolicy* and XfrmState* functions.
- changes: 1. set userTmpl.Family to correct family 2. add Selector to XfrmState which is corresponding to XfrmUsersaInfo.Sel
- update *XfrmAddress.ToIPNet method to support 0.0.0.0/0 and ::/0 correctly
- update xfrmStateFromXfrmUsersaInfo to get XfrmState.Selector
- extend TestXfrmStateAddGetDel for v6ov4 and v4ov6 cases
Add support of XFRMA_SA_EXTRA_FLAGS attribute of XFRM State interface.
The attribute is a 32bit flag and currently two flags
(XFRM_SA_XFLAG_DONT_ENCAP_DSCP and XFRM_SA_XFLAG_OSEQ_MAY_WRAP) are
defined. Two boolean flags added to XfrmState struct are correspoinding
to those flags. Naming of the flags are taken from iproute2's options
(extra-flag dont-encap-dscp | oseq-may-wrap).
A value of 0 for XFRMA_IF_ID is not valid and will be rejected as of
Linux kernel commit torvalds/linux@68ac0f3810 ("xfrm: state and policy
should fail if XFRMA_IF_ID 0"), which will return EINVAL when setting
XFRMA_IF_ID = 0. Thus, only set the XFRMA_IF_ID attribute in case
XfrmState.Ifid or XfrmPolicy.Ifid are != 0.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
XfrmState currently doesn't allow setting the mask for the output mark.
As a result, setting an output mark always clears all bits. This commit
adds support for the mask value.
Signed-off-by: Paul Chaignon <paul@cilium.io>
XFRM interfaces are available in Linux Kernel 4.19+
When an IF_ID is applied to a XFRM policy and state, the corresponding
traffic will be sent through the virtual interface with the same IF_ID.
- Currently they are not and GET methods are passing
the wrong structure. Also they are setting the incorrect
XFRM_F_DUMP flag. Because of this, current get methods
do not return expected error when query target is not found.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Package methods only need an empty handle.
Not a regular Handle with a couple of
sockets creation/delete.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Ties to a netlink socket. All client requests
will re-use same socket. Socket released at
handle deletion.
- Also network namespace can be specified during
handle creation. Socket will be opened on the
specified network namespace.
Signed-off-by: Alessandro Boch <aboch@docker.com>
* Add Mark to xrfm state
Signed-off-by: Alessandro Boch <aboch@docker.com>
* Add Mark to xfrm policies
Signed-off-by: Alessandro Boch <aboch@docker.com>
