Commit Graph

22 Commits

Author SHA1 Message Date
Tobias Klauser
4ef7bcbf15 Don't re-initialize or shadow package level var native to fix data race
The package level var native (holding the native endianness) is
initialized at package load time. Thus there is no need to re-initalize
it in functions using it, e.g. (*Handle).filterModify, parseU32Data,
parseFwData, parseBpfData and parseMatchAllData.

This fixes a data race between these functions and any read access of
var native, e.g. in LinkDeserialize as reported in issue #633.

Also don't re-declare local variables shadowing the global package-level
var.

Fixes #633

Signed-off-by: Tobias Klauser <tobias@cilium.io>
2021-05-10 07:24:37 -07:00
Oleg Senin
cf66001890 Add filtering in NeighListExecute 2020-06-05 18:15:28 -07:00
Nicolas Belouin
a1c9a648f7 neighSubscribeAt: AF_BRIDGE entries not listed when listExisting is true
When subscribing to neigh updates, the updates for all neigh
protocol families are received. However when listExisting is set,
the request is made with AF_UNSPEC family, this request does not
include AF_BRIDGE entries.

This patch add a second request for AF_BRIDGE entries.

Add test for existing AF_BRIDGE entry and make expectNeighUpdate
take a slice of expected updates

Creates a VXLAN interface for this test as its AF_BRIDGE entries
looks a lot like usual ones

Also add support for latest (2014+) neighbour attributes

NDA_MASTER was added back in 2014, it indicates whether a neigh
entry is linked to a master interface and index of this interface.

The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were
added later and will need extra handling.

Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2019-08-23 11:29:04 -07:00
Daniel Borkmann
b1e9859792 netlink: enforce similar pid checks as in iproute2
iproute2's own netlink library asserts that the sockaddr sender pid
has to be the one of the kernel [0]. It also doesn't bail out on pid
mismatch but only skips the message instead. We've seen cases where
the latter had a pid 0; in such case we should skip to the next nl
message instead of hard bail out.

  [0] https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/libnetlink.c
      rtnl_dump_filter_l(), __rtnl_talk_iov()

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-07-18 17:26:53 -07:00
Nicolas Belouin
cb78b18701 neigh_linux: Fix failure on deleted link neighs updates
The kernel sends a RTM_DELNEIGH for every neighbours on link
deletion by the time the message is deserialized, the interface
no longer exists so we cannot call LinkByIndex on it.

This call to LinkByIndex is only used to get the encapType to be
able to set either IP or HardwareAddr correctly. The attrLen
attribute can be used here as only ipv4 are used with a size of 4,
and only ipv6 and FireWire HWaddr have a size of 16.

As such this change decrease the number of calls to LinkByIndex,
so it is called only when needed to choose between ipv6 or
FireWire Hwaddr, it also fallback to HWaddr in case of error with
LinkByIndex.

Fix: 921f7441f1
Fix #409

Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
2018-12-18 15:35:59 -08:00
Julian Kornberger
093e80f9fa Pass Ndmsg to NeighListExecute 2018-12-09 07:20:04 -08:00
Yuya Kusakabe
6d53654d01 Add support for neighbor subscription 2018-10-16 12:05:02 -07:00
Sylvain Baubeau
9ce265f69e Retrieve VLAN and VNI when listing neighbour 2017-11-27 13:38:43 -08:00
Ian Bishop
0e3b74dbe2 replace syscall with golang.org/x/sys/unix 2017-10-26 09:45:08 -07:00
Manohar Castelino
921f7441f1 ip neighbour: Add support for lladdr to be an IP address
The ip neighbour supports adding of peers statically using commands
where the lladdr is an IP address.

ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8

This is used in the case of point-to-multipoint GRE to setup the
remote end point of the tunnel

Note that link-layer address and neighbor address are both IP addresses

Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
2017-09-05 23:15:55 -07:00
CtrlZvi
d710fbade4 Add proxy support to the neighbor functions (#149)
- Don't require a MAC address for a neighbor proxy
- Include proxies in the list of neighbors

Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
2016-08-23 16:01:24 -07:00
Alessandro Boch
f116a3048a Use package empty handle for pkg APIs (#117)
- Package methods only need an empty handle.
  Not a regular Handle with a couple of
  sockets creation/delete.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-09 16:55:00 -07:00
Alessandro Boch
14f41c27fa Provide netlink handle (#104)
- Ties to a netlink socket. All client requests
  will re-use same socket. Socket released at
  handle deletion.
- Also network namespace can be specified during
  handle creation. Socket will be opened on the
  specified network namespace.

Signed-off-by: Alessandro Boch <aboch@docker.com>
2016-05-08 11:35:49 -07:00
Vish Ishaya
c081f9bb20 Merge pull request #65 from eyakubovich/neigh-list-filtered
Pass linkIndex filter into kernel for NeighList
2015-11-17 11:20:44 -08:00
Eugene Yakubovich
1b0df1a7d3 Pass linkIndex filter into kernel for NeighList
This turns out to be especially important as there
appears to be a bug in the kernel with bonding.
The bug causes an infinite amount of fdb entries
to be returned (it just cycle through the interfaces)
if no interface filter is set.
2015-11-12 17:21:14 -08:00
Hubert
37122b306c docs: replace NeighAdd with NeighSet 2015-11-10 14:38:50 +01:00
Hubert
4dca3fe96e fix: NeighSet don't replace neigh when it exists 2015-11-10 14:36:42 +01:00
Alexander Morozov
12f4097df1 Fix some style issues as suggested by golint
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-06-18 17:41:46 -07:00
Alexander Morozov
8bde0c8190 Use more accustomed way to define enums
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-12 11:16:19 -08:00
Eugene Yakubovich
ffab401087 gofmt: style violations have crept up 2014-10-28 17:22:52 -07:00
Eugene Yakubovich
e7911d879f Use LinkIndex instead of Link obj in Route, Neigh
Having object composition causes both client and library to
do potentially unecessary work to retrieve Link attributes
when only index is often sufficient.
2014-10-13 16:09:09 -07:00
Eugene Yakubovich
33e8718673 arp and vxlan support added 2014-10-13 11:04:09 -07:00