Add support for creating and managing gre tunnels.
This is equivalent to
Point to Point:
ip tunnel add tun4 mode gre local 192.0.2.1 remote 203.0.113.6 key 123
Point to Multipoint:
ip tunnel add tun8 mode gre local 192.0.2.1 key 1234
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
The ip neighbour supports adding of peers statically using commands
where the lladdr is an IP address.
ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8
This is used in the case of point-to-multipoint GRE to setup the
remote end point of the tunnel
Note that link-layer address and neighbor address are both IP addresses
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This is like "ip addr add 127.0.0.1/8 broadcast +" and prevents interfaces without broadcast addresses.
Configuring the IP and netmask, but not the broadcast address leaves many applications in a broken state on Linux interfaces.
Corrected function signature to have correct name LinkSetVfTrust
instead of LinkSetTrust.
This aligns with code comment and rest of the other VF functions.
Signed-off-by: Parav Pandit <parav@mellanox.com>
Add support for setting trust state of a VF. This allows restricting
certain operations on VF when its untrusted such as disabling
promiscuous mode.
Signed-off-by: Parav Pandit <parav@mellanox.com>
Fix the following two issues reported by go vet:
bridge_linux_test.go:41: possible formatting directive in Fatal call
filter_test.go:204: possible formatting directive in Fatal call
by using Fatalf instead of Fatal when using formatting directives.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Add bond parameters corresponding to:
* IFLA_BOND_AD_ACTOR_SYS_PRIO
* IFLA_BOND_AD_USER_PORT_KEY
* IFLA_BOND_AD_ACTOR_SYSTEM
* IFLA_BOND_TLB_DYNAMIC_LB
These are available in new(ish) kernels.
A new error type LinkNotFoundError is returned instead
of the default error type to facilitate better error
handling by downstream consumers of this package
This patch fixes the bug of U32 filters which byte orders are not
appropriately updated based on the endianess of the host. Golang's
range returns copied values instead of their references when it
iterates through a map and the indices should be used to access the
specific value of the map by reference.
This patch also fixes the bug of netlink.FilterAdd that breaks the user
facing model changing the type of cSel, the copied TcU32Sel, from its
pointer to the struct. Previously the pointer is copied and therefore
the data that is given by the users is modified if the endiannesses of
the fields in it need to be changed.
To validate these changes, I added the validation that the user facing
model is identical before and after netlink.FilterAdd. In addition to
that, the fix for the reference bug enables the endianness validations
in the same test case.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
* Multicast snooping and hello time are the only ones supported at the
moment
* Only pass values to kernel when user sets them, otherwise let kernel
decide default
* Can set multicast snooping on existing bridges
* Tests disabled on Travis CI as the kernel version is too old
* All bridge flags copied from Kernel code, but only the two mentioned
above work
(5a7ad1146c/include/uapi/linux/if_link.h (L232-L281))
Signed-off-by: Petar Petrov <pppepito86@gmail.com>
Signed-off-by: Ed King <eking@pivotal.io>
Signed-off-by: Konstantinos Karampogias <konstantinos.karampogias@swisscom.com>
Signed-off-by: Will Martin <wmartin@pivotal.io>
Bridge ports can be set to use the proxy arp features by calling
either LinkSetBrProxyArp() or LinkSetBrProxyArpWiFi().
Signed-off-by: David Wilder <wilder@us.ibm.com>
This patch removes the unnecessary condition of parsing U32 data that
checks if sel.Flags has nl.TC_U32_TERMINAL or sel.Nkeys is not 1.
Because of the modification to U32 that enalbed to specify multiple sel
keys, this condition is not valid anymore. This condition stops the
parsing of U32 fliter data with multiple attributes and this prevents
the users from getting all the necessary attributes, e.g., the class Id
of the filter.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
Having the extra data available in the notification for new addresses is useful
to, for instance, filter out temporary addresses or keep track of address
lifetimes.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This adds parsing of the preferred and valid lifetime information from the
netlink IFA_CACHEINFO attribute. They are stored as PreferedLft and ValidLft in
the Addr struct if found.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Currently a LinkByName("bondX") doesn't return the bond specific attributes.
parseBondData needs to update the link that is passed in in order for
the bond's Mode, Miimon etc to be populated correctly.
Removed extra pointer not needed in AddIP
Updated tests
Removed the use of io.SeekCurrent and defined it as a const
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
This patch adds the advanced u32 match feature support with the
selection keys. It enables the users to crate a complex filter as follow
for instance:
$ tc filter add dev eth0 parent 1: prio 1 u32 match ip dport 80 0xff \
match u32 0x146ca 0xffff at 32 flowid 1:46cb
To expose TcU32Sel and TcU32Key defined in nl package, this patch copies
them to filte.go and their values that require Big-endianness are
handled appropriately in FilterAdd function in filter_linux.go.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
Added tests for:
Table FLUSH
Table GET
Table DELETE with filter
Filter match
Use a simple UDP client to create flows into the conntrack for testing purpose
Each test will run in a separate network namespace so can run in parallel
Added kernel module dependencies into the travis file
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
- Conntrack table FLUSH
- Conntrack table DELETE with filter
The filter is only for IP field
- Conntrack table GET
The flow information is not complete, but the method
returns a simplified structure with basic flow info
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
This patch adds a new switch case that handles the class ID attribute of
the U32 filter data listed by FilterList. Without this case block the
class ID of the U32 filter is always set to zero. The new test
conditions are added to TestFilterAddDel and TestFilterU32BpfAddDel in
filter_test.go as well.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
$ ip -M route add 100 dev eth0
$ ip -M route add 100 as to 200/300 dev eth0
$ ip -M route add 100 nexthop dev eth0 as to 200 \
nexthop dev eth1 as to 300
$ ip route add 10.10.0.0/24 encap mpls 200/300 dev eth0
$ ip route add 10.0.0.0/24 nexthop encap mpls 200 dev eth0 \
nexthop encap mpls 300 dev eth1
Signed-off-by: ISHIDA Wataru <ishida.wataru@lab.ntt.co.jp>
The go get command and make both fail when executed on
non-linux platforms. Modified it so that there are no
compilation errors when developing in such an
environment.
