A value of 0 for XFRMA_IF_ID is not valid and will be rejected as of
Linux kernel commit torvalds/linux@68ac0f3810 ("xfrm: state and policy
should fail if XFRMA_IF_ID 0"), which will return EINVAL when setting
XFRMA_IF_ID = 0. Thus, only set the XFRMA_IF_ID attribute in case
XfrmState.Ifid or XfrmPolicy.Ifid are != 0.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
This patch adds support for tc police action. And codes of fw filter
have been refactored with the police action for reducing redundant
codes.
Signed-off-by: Wu Zongyong <wuzongyong@linux.alibaba.com>
When the LinkModify was merged in [1] a function
that exports it outside of pkgHandle was never
added like is available for LinkAdd, LinkDel etc.
Update testing to use exported LinkModify that
itself calls the pkgHandle.LinkModify function.
[1] https://github.com/vishvananda/netlink/pull/541
The condition to demand a lladdress for neigh.Flags != NTF_PROXY is just
buggy, since there are various other flags such as NTF_USE, NTF_EXT_MANAGED,
etc where this is not required. Besides, the kernel handles this internally
anyway if it demands a NDA_LLADDR attribute. Simply get rid of the NTF_PROXY
flag/condition since it's wrong.
Fixes: d710fbade4 ("Add proxy support to the neighbor functions (#149)")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor
entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED
flag for managed neighbor entries"). The flag then indicates to the
kernel that the neighbor entry should be periodically probed for keeping
the entry in NUD_REACHABLE state iff possible.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
IFA_ADDRESS is to be used as the peer address if it differs from IFA_LOCAL.
Therefore, include the check for "no IFA_ADDRESS" in the difference check.
Example: ppp interfaces can contain IFA_LOCAL and no IFA_ADDRESS attribute
netlink(kernel) returns the string values in a c-style
manner terminating with null.
when converting to go string these need to be removed
as done in other places in the project.
keeping the null terminating char prevents comparing
devlink dev/port string attributes as the `==` string
operand will fail.
Signed-off-by: Adrian Chiris <adrianc@nvidia.com>
The package level var native (holding the native endianness) is
initialized at package load time. Thus there is no need to re-initalize
it in functions using it, e.g. (*Handle).filterModify, parseU32Data,
parseFwData, parseBpfData and parseMatchAllData.
This fixes a data race between these functions and any read access of
var native, e.g. in LinkDeserialize as reported in issue #633.
Also don't re-declare local variables shadowing the global package-level
var.
Fixes#633
Signed-off-by: Tobias Klauser <tobias@cilium.io>
Provide the status of the allmulticast option via the highlevel
link attributes instead of requiring raw flag handling.
Avoid comparing all rawflags before and after in tests due to that
the IFF_RUNNING flag might change independenly.
Signed-off-by: Björn Svensson <bjorn.a.svensson@est.tech>
