The qdiscPayload() function was missing the TCA_FQ_PLIMIT attribute
for the Fq Qdisc. Therefore, it could not be changed via the library.
Fix this up, so that QdiscReplace() with different qdisc.PacketLimit
works now.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
The xfrm framework is linux-only. Only implement the respective types
for GOOS=linux to avoid dependencies to x/sys/unix on non-linux or
non-unix platforms. Provide dummy XfrmPolicy and XfrmState types for the
globally defined XfrmPolicy* and XfrmState* functions.
With this, the skip message will display the position of the
helper invocation (i.e. the test that caused the skip) instead of the
position of the t.Skip call in minKernelRequired the helper.
TestRouteFilterAllTables and TestRouteExtraFields started failing a
while ago after GitHub actions images bumped the kernel version from
5.15.x to 6.2.x [1].
This is because newer kernels containing commit [2] started rejecting
Tos values with the ECN bits set to non-zero, this leads to the
following error being reported when adding routes:
invalid argument: Invalid dsfield (tos): ECN bits must be 0
Fix this by using a valid Tos value in TestRouteFilterAllTables and
TestRouteExtraFields.
[1] https://github.com/vishvananda/netlink/pull/773#issuecomment-1754436653
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f55fbb6afb8d
This causes the NETLINK_EXT_ACK socket option to be set and extended
error messages to be reported in errors. This should help debug test
failures.
Also use errors.Is to check for errors because using extended error
reporting, the errors no longer match exactly.
When there are a large number of existing results for the link, neighbor, and
address subscribe functions with ListExisting are likely to fail with ENOBUFS.
This takes the AddrSubscribeOptions ReceiveBufferSize, already applied
to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and
RouteSubscribeOptions. The ReceiveTimeout option was also added to each.
Added a SetReceiveBufferSize to the nl_linux socket API.
The existing addr_linux subscribe function was modified so instead of setting
the ReceiveBufferSize on the netlink pkghandle, it is set on the socket
associated with the subscription. The new implementations also only change the
receive buffer size on the socket.
Lastly, a new ReceiveBufferForceSize option was applied to all four of the
modified Subscribe functions.
Sometimes with `ListExisting` enabled and enough interfaces configured,
netlink will try to send more data than the buffer can hold and the
caller will get back ENOBUFS. Thus, it's useful to be able to configure
the netlink buffer size.
The IFLA_GENEVE_COLLECT_METADATA netlink attribute shouldn't have any a
payload. For Geneve devices also other attributes can be set next to
FlowBased, however the VNI needs to be 0.
This commit also adds a test for creating a Geneve device in FlowBased
mode.
Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
This is the equivalent of:
bridge link set dev <foo> isolated on|off
Add more bridge port netlink attributes Imported from
include/uapi/linux/if_link.h in Linux v6.3.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
IFLA_IPTUN_COLLECT_METADATA is a "flag" netlink attribute, and shouldn't
have any payload. This also needs to be considered when parsing netlink
messages for Iptun.
This fixes Iptun link, by crafting and parsing messages accordingly and
adds a test.
Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
Ip6tnl devices support IFLA_IPTUN_COLLECT_METADATA (collect_md/external
mode). This commit adds support for this and a respective test.
Signed-off-by: Robin Gögge <r.goegge@isovalent.com>
Support `ip route get fibmatch` equivalent with RouteGetWithOptions by
adding FIBMatch flag to RouteGetOptions.
Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
Commit 2b008399a4 ("link: add LinkSetGSOIPv4MaxSize and
LinkSetGROIPv4MaxSize") introduced the use of these constants, but they
were added only recently to the golang.org/x/sys/unix package. Update
its version in go.mod and use the pre-defined constants instead of
duplicating them.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Add two new methods to allow setting GSO and GRO max size attributes only.
They make it much easier to enable IPv4 BIG TCP [0].
The equivalent iproute2 commands are:
$ ip link set $link gso_ipv4_max_size $maxSize
$ ip link set $link gro_ipv4_max_size $maxSize
Also add tests for them. We already do support the IPv6 counterpart via
543bb1cade ("link: add LinkSetGSOMaxSize and LinkSetGROMaxSize").
[0] https://lore.kernel.org/netdev/cover.1674921359.git.lucien.xin@gmail.com/
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This pr allows to change the default vlan on a bridge. It is
currently set to 1 by default. A value of 0 means no default vlan.
Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
Add support for ip rules' FRA_PROTOCOL attribute and also check for it
when testing rules. The default ip rule protocol is RTPROT_UNSPEC (0) so
we set the attribute only when it is >0.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
This patch implements both tc and filter chains.
We also need to align tc filter delition implementation
with iprote2 to delete filters withichain by passing
additional bits during filter deletion call.
- changes: 1. set userTmpl.Family to correct family 2. add Selector to XfrmState which is corresponding to XfrmUsersaInfo.Sel
- update *XfrmAddress.ToIPNet method to support 0.0.0.0/0 and ::/0 correctly
- update xfrmStateFromXfrmUsersaInfo to get XfrmState.Selector
- extend TestXfrmStateAddGetDel for v6ov4 and v4ov6 cases
This PR adds support for filtering flows
based on conntrack labels. It adds two
filters `ConntrackMatchLabels` &&
`ConntackUnmatchLabels` through which user can
provide a list of labels as type "bytes" which
will then be compared to flow.Labels to see if
any matches were found.
ConntrackMatchLabels: Every label passed should
be contained in flow.Labels for a match to be true
ConntrackUmmatchLabels: Every label passed should
not be contained in the flow.Labels for a match to
be true
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Use the constants provided in the golang.org/x/sys/unix package instead
of locally defining them, as done in commit c94808a88b ("link: add
support for IFLA_GRO_MAX_SIZE").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
GRE L3 devices support "FlowBased" ("collect_md"/"external") mode.
Add support for this configuration and relevant test.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
