Function `LinkDeserialize` checked for presence of `IFF_PROMISC` in
the link's flags to determine whether it was in promiscuous mode.
This flag only tracks what is set with commands such as
ip set <link> promisc on
but is not set when you run `tcpdump` or `wireshark` for example,
which also put the device in promiscuous mode.
There is a counter that tracks the number of times promiscuous mode
has been requested. It reacts to all the ways, `ip set`, and also
`tcpdump` and co.
With this change this counter is used instead of checking the flag.
This makes the library reflect what
ip -d link show <link>
would show in its `promiscuity` field.
To test this change, start some processes of `tcpdump` or similar
and see the counter increase in `ip -d link show <link>` as well
as in the patched version of this netlink library. With the
unpatched version the counter remains 0. Then enable promiscuous
mode globally for the interface. This will increase the count in
all variants, `ip link`, the old unpatched and the patched version
of this netlink library.
Simple test program for reference:
package main
import "fmt"
import "github.com/vishvananda/netlink"
func main() {
handle, _ := netlink.NewHandle()
links, _ := handle.LinkList()
for _, link := range links {
attrs := link.Attrs()
fmt.Printf("dev=%v promisc=%v\n",
attrs.Name, attrs.Promisc)
}
}
Linux 5.6 and higher support IFLA_PERM_ADDRESS, which contains the
permanent hardware address of the interface if an interface has such an
address. This can be used to identify interfaces even when the normal
hardware address has been changed.
Signed-off-by: Lorenz Brun <lorenz@monogon.tech>
This commit add the support for alternative names.
* exposing the attributes in the link object.
* adding the add and delete functions
* allow LinkByName() to also find devices by altname like `ip link`
Signed-off-by: Sebastian Sch <sebassch@gmail.com>
When there are a large number of existing results for the link, neighbor, and
address subscribe functions with ListExisting are likely to fail with ENOBUFS.
This takes the AddrSubscribeOptions ReceiveBufferSize, already applied
to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and
RouteSubscribeOptions. The ReceiveTimeout option was also added to each.
Added a SetReceiveBufferSize to the nl_linux socket API.
The existing addr_linux subscribe function was modified so instead of setting
the ReceiveBufferSize on the netlink pkghandle, it is set on the socket
associated with the subscription. The new implementations also only change the
receive buffer size on the socket.
Lastly, a new ReceiveBufferForceSize option was applied to all four of the
modified Subscribe functions.
Sometimes with `ListExisting` enabled and enough interfaces configured,
netlink will try to send more data than the buffer can hold and the
caller will get back ENOBUFS. Thus, it's useful to be able to configure
the netlink buffer size.
The IFLA_GENEVE_COLLECT_METADATA netlink attribute shouldn't have any a
payload. For Geneve devices also other attributes can be set next to
FlowBased, however the VNI needs to be 0.
This commit also adds a test for creating a Geneve device in FlowBased
mode.
Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
This is the equivalent of:
bridge link set dev <foo> isolated on|off
Add more bridge port netlink attributes Imported from
include/uapi/linux/if_link.h in Linux v6.3.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
IFLA_IPTUN_COLLECT_METADATA is a "flag" netlink attribute, and shouldn't
have any payload. This also needs to be considered when parsing netlink
messages for Iptun.
This fixes Iptun link, by crafting and parsing messages accordingly and
adds a test.
Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
Ip6tnl devices support IFLA_IPTUN_COLLECT_METADATA (collect_md/external
mode). This commit adds support for this and a respective test.
Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
Commit 2b008399a4 ("link: add LinkSetGSOIPv4MaxSize and
LinkSetGROIPv4MaxSize") introduced the use of these constants, but they
were added only recently to the golang.org/x/sys/unix package. Update
its version in go.mod and use the pre-defined constants instead of
duplicating them.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Add two new methods to allow setting GSO and GRO max size attributes only.
They make it much easier to enable IPv4 BIG TCP [0].
The equivalent iproute2 commands are:
$ ip link set $link gso_ipv4_max_size $maxSize
$ ip link set $link gro_ipv4_max_size $maxSize
Also add tests for them. We already do support the IPv6 counterpart via
543bb1cade ("link: add LinkSetGSOMaxSize and LinkSetGROMaxSize").
[0] https://lore.kernel.org/netdev/cover.1674921359.git.lucien.xin@gmail.com/
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This pr allows to change the default vlan on a bridge. It is
currently set to 1 by default. A value of 0 means no default vlan.
Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
Use the constants provided in the golang.org/x/sys/unix package instead
of locally defining them, as done in commit c94808a88b ("link: add
support for IFLA_GRO_MAX_SIZE").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
GRE L3 devices support "FlowBased" ("collect_md"/"external") mode.
Add support for this configuration and relevant test.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
IFLA_GRE_COLLECT_METADATA is a "flag" netlink attribute. As such it should
not be sent with a data payload.
Fix gretap link to send this flag correctly and re-enable tests.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Add two new methods to allow setting GSO and GRO max size attributes only.
They make it much easier to enable BIG TCP[1].
The equivalent iproute2 commands are:
$ ip link set $link gso_max_size $maxSize
$ ip link set $link gro_max_size $maxSize
Also add tests for them.
[1] https://patchwork.kernel.org/project/netdevbpf/cover/20220513183408.686447-1-eric.dumazet@gmail.com/
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Add support for the new IFLA_GRO_MAX_SIZE attribute which is needed to
enable BIG TCP[1] properly. Define the attribute in the local link
attributes (nl/link_linux.go) because it isn't yet present in Go's
x/sys/unix package. Also add a test for it.
[1] https://patchwork.kernel.org/project/netdevbpf/cover/20220513183408.686447-1-eric.dumazet@gmail.com/
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
A value of 0 for IFLA_XFRM_IF_ID is not valid and will be rejected by
the kernel by returning EINVAL, see [1]. Thus, only set the
IFLA_XFRM_IF_ID attribute in case Xfrmi.Ifid != 0.
[1] 8efd0d9c31/net/xfrm/xfrm_interface.c (L645-L648)
When the LinkModify was merged in [1] a function
that exports it outside of pkgHandle was never
added like is available for LinkAdd, LinkDel etc.
Update testing to use exported LinkModify that
itself calls the pkgHandle.LinkModify function.
[1] https://github.com/vishvananda/netlink/pull/541
The package level var native (holding the native endianness) is
initialized at package load time. Thus there is no need to re-initalize
it in functions using it, e.g. (*Handle).filterModify, parseU32Data,
parseFwData, parseBpfData and parseMatchAllData.
This fixes a data race between these functions and any read access of
var native, e.g. in LinkDeserialize as reported in issue #633.
Also don't re-declare local variables shadowing the global package-level
var.
Fixes#633
Signed-off-by: Tobias Klauser <tobias@cilium.io>
Provide the status of the allmulticast option via the highlevel
link attributes instead of requiring raw flag handling.
Avoid comparing all rawflags before and after in tests due to that
the IFF_RUNNING flag might change independenly.
Signed-off-by: Björn Svensson <bjorn.a.svensson@est.tech>
ipvtap is a similar link type as ipvlan with tap interface.
This patch enables it just like macvtap.
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
