This patch fixes the bug of U32 filters which byte orders are not
appropriately updated based on the endianess of the host. Golang's
range returns copied values instead of their references when it
iterates through a map and the indices should be used to access the
specific value of the map by reference.
This patch also fixes the bug of netlink.FilterAdd that breaks the user
facing model changing the type of cSel, the copied TcU32Sel, from its
pointer to the struct. Previously the pointer is copied and therefore
the data that is given by the users is modified if the endiannesses of
the fields in it need to be changed.
To validate these changes, I added the validation that the user facing
model is identical before and after netlink.FilterAdd. In addition to
that, the fix for the reference bug enables the endianness validations
in the same test case.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
This patch removes the unnecessary condition of parsing U32 data that
checks if sel.Flags has nl.TC_U32_TERMINAL or sel.Nkeys is not 1.
Because of the modification to U32 that enalbed to specify multiple sel
keys, this condition is not valid anymore. This condition stops the
parsing of U32 fliter data with multiple attributes and this prevents
the users from getting all the necessary attributes, e.g., the class Id
of the filter.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
This patch adds the advanced u32 match feature support with the
selection keys. It enables the users to crate a complex filter as follow
for instance:
$ tc filter add dev eth0 parent 1: prio 1 u32 match ip dport 80 0xff \
match u32 0x146ca 0xffff at 32 flowid 1:46cb
To expose TcU32Sel and TcU32Key defined in nl package, this patch copies
them to filte.go and their values that require Big-endianness are
handled appropriately in FilterAdd function in filter_linux.go.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
This patch adds a new switch case that handles the class ID attribute of
the U32 filter data listed by FilterList. Without this case block the
class ID of the U32 filter is always set to zero. The new test
conditions are added to TestFilterAddDel and TestFilterU32BpfAddDel in
filter_test.go as well.
Signed-off-by: Taku Fukushima <taku@soracom.jp>
- Package methods only need an empty handle.
Not a regular Handle with a couple of
sockets creation/delete.
Signed-off-by: Alessandro Boch <aboch@docker.com>
- Ties to a netlink socket. All client requests
will re-use same socket. Socket released at
handle deletion.
- Also network namespace can be specified during
handle creation. Socket will be opened on the
specified network namespace.
Signed-off-by: Alessandro Boch <aboch@docker.com>
New in kernel 4.5 is a type of qdisc for lightweight (no qdisc lock)
ingress/egress parsing, called clsact. Add support for such a qdisc
type.
One primary consumer of clsact is the bpf filter, add support for that
as well.
Current U32 filter only supports redirect action, but the U32 can
support a lot more. Refactor a bit the action generating/parsing logic
to be more generic and add BPF action support.
When creating a U32 filter, one can supply an array of Actions, which
will be executed by the U32 filter in order:
* The new MirredAction implements the same functionality as RedirIndex
field in the U32 filter, with that static field kept in the struct for
backwards compatibility.
* A new BpfAction type is added which allows a program with an open bpf
file descriptor (implementation is out of scope of this patch) to be
added as well.
Add a test for the above use case which includes one of each type of
action.
Taku Fukushima
Vishvananda Ishaya
Joe Farrell
Alessandro Boch
Brenden Blanco
chantra