When there are a large number of existing results for the link, neighbor, and
address subscribe functions with ListExisting are likely to fail with ENOBUFS.
This takes the AddrSubscribeOptions ReceiveBufferSize, already applied
to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and
RouteSubscribeOptions. The ReceiveTimeout option was also added to each.
Added a SetReceiveBufferSize to the nl_linux socket API.
The existing addr_linux subscribe function was modified so instead of setting
the ReceiveBufferSize on the netlink pkghandle, it is set on the socket
associated with the subscription. The new implementations also only change the
receive buffer size on the socket.
Lastly, a new ReceiveBufferForceSize option was applied to all four of the
modified Subscribe functions.
The condition to demand a lladdress for neigh.Flags != NTF_PROXY is just
buggy, since there are various other flags such as NTF_USE, NTF_EXT_MANAGED,
etc where this is not required. Besides, the kernel handles this internally
anyway if it demands a NDA_LLADDR attribute. Simply get rid of the NTF_PROXY
flag/condition since it's wrong.
Fixes: d710fbade4 ("Add proxy support to the neighbor functions (#149)")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor
entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED
flag for managed neighbor entries"). The flag then indicates to the
kernel that the neighbor entry should be periodically probed for keeping
the entry in NUD_REACHABLE state iff possible.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
The package level var native (holding the native endianness) is
initialized at package load time. Thus there is no need to re-initalize
it in functions using it, e.g. (*Handle).filterModify, parseU32Data,
parseFwData, parseBpfData and parseMatchAllData.
This fixes a data race between these functions and any read access of
var native, e.g. in LinkDeserialize as reported in issue #633.
Also don't re-declare local variables shadowing the global package-level
var.
Fixes#633
Signed-off-by: Tobias Klauser <tobias@cilium.io>
When subscribing to neigh updates, the updates for all neigh
protocol families are received. However when listExisting is set,
the request is made with AF_UNSPEC family, this request does not
include AF_BRIDGE entries.
This patch add a second request for AF_BRIDGE entries.
Add test for existing AF_BRIDGE entry and make expectNeighUpdate
take a slice of expected updates
Creates a VXLAN interface for this test as its AF_BRIDGE entries
looks a lot like usual ones
Also add support for latest (2014+) neighbour attributes
NDA_MASTER was added back in 2014, it indicates whether a neigh
entry is linked to a master interface and index of this interface.
The other entries, namely NDA_LINK_NETNSID and NDA_SRC_VNI were
added later and will need extra handling.
Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
iproute2's own netlink library asserts that the sockaddr sender pid
has to be the one of the kernel [0]. It also doesn't bail out on pid
mismatch but only skips the message instead. We've seen cases where
the latter had a pid 0; in such case we should skip to the next nl
message instead of hard bail out.
[0] https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/libnetlink.c
rtnl_dump_filter_l(), __rtnl_talk_iov()
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
The kernel sends a RTM_DELNEIGH for every neighbours on link
deletion by the time the message is deserialized, the interface
no longer exists so we cannot call LinkByIndex on it.
This call to LinkByIndex is only used to get the encapType to be
able to set either IP or HardwareAddr correctly. The attrLen
attribute can be used here as only ipv4 are used with a size of 4,
and only ipv6 and FireWire HWaddr have a size of 16.
As such this change decrease the number of calls to LinkByIndex,
so it is called only when needed to choose between ipv6 or
FireWire Hwaddr, it also fallback to HWaddr in case of error with
LinkByIndex.
Fix: 921f7441f1Fix#409
Signed-off-by: Nicolas Belouin <nicolas.belouin@gandi.net>
The ip neighbour supports adding of peers statically using commands
where the lladdr is an IP address.
ip neighbor add 10.0.0.2 lladdr 203.0.113.6 dev tun8
This is used in the case of point-to-multipoint GRE to setup the
remote end point of the tunnel
Note that link-layer address and neighbor address are both IP addresses
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
- Don't require a MAC address for a neighbor proxy
- Include proxies in the list of neighbors
Signed-off-by: Zvi "CtrlZvi" Effron <viz+GitHub@flippedperspective.com>
- Package methods only need an empty handle.
Not a regular Handle with a couple of
sockets creation/delete.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Ties to a netlink socket. All client requests
will re-use same socket. Socket released at
handle deletion.
- Also network namespace can be specified during
handle creation. Socket will be opened on the
specified network namespace.
Signed-off-by: Alessandro Boch <aboch@docker.com>
This turns out to be especially important as there
appears to be a bug in the kernel with bonding.
The bug causes an infinite amount of fdb entries
to be returned (it just cycle through the interfaces)
if no interface filter is set.
Having object composition causes both client and library to
do potentially unecessary work to retrieve Link attributes
when only index is often sufficient.
Quan Tian
Kuroame
Dave Setzke
Daniel Borkmann
Arseny Mitin
Tobias Klauser
Oleg Senin
Nicolas Belouin
Julian Kornberger
Yuya Kusakabe
Sylvain Baubeau
Ian Bishop
Manohar Castelino
CtrlZvi
Alessandro Boch
Vish Ishaya
Eugene Yakubovich
Hubert
Alexander Morozov