diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-09-15 16:11:14 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-15 16:11:14 -0400 |
commit | 5f41ffdd194a828625b3bb6ec55ed87d2830fe58 (patch) | |
tree | a625a713dc2205ac80122883f3532fc31bfb8fe2 /vendor/github.com | |
parent | 505c9718cc717433780be8240250a247253ba34f (diff) | |
parent | 5e8309464aea005fbc1604c304a94760aff4ee9a (diff) | |
download | podman-5f41ffdd194a828625b3bb6ec55ed87d2830fe58.tar.gz podman-5f41ffdd194a828625b3bb6ec55ed87d2830fe58.tar.bz2 podman-5f41ffdd194a828625b3bb6ec55ed87d2830fe58.zip |
Merge pull request #11322 from Luap99/network-libpod
Wire network interface into libpod
Diffstat (limited to 'vendor/github.com')
34 files changed, 0 insertions, 5117 deletions
diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/addr_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/addr_linux.go deleted file mode 100644 index b4db50b9a..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/addr_linux.go +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2017 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "fmt" - "syscall" - "time" - - "github.com/vishvananda/netlink" -) - -const SETTLE_INTERVAL = 50 * time.Millisecond - -// SettleAddresses waits for all addresses on a link to leave tentative state. -// This is particularly useful for ipv6, where all addresses need to do DAD. -// There is no easy way to wait for this as an event, so just loop until the -// addresses are no longer tentative. -// If any addresses are still tentative after timeout seconds, then error. -func SettleAddresses(ifName string, timeout int) error { - link, err := netlink.LinkByName(ifName) - if err != nil { - return fmt.Errorf("failed to retrieve link: %v", err) - } - - deadline := time.Now().Add(time.Duration(timeout) * time.Second) - for { - addrs, err := netlink.AddrList(link, netlink.FAMILY_ALL) - if err != nil { - return fmt.Errorf("could not list addresses: %v", err) - } - - if len(addrs) == 0 { - return nil - } - - ok := true - for _, addr := range addrs { - if addr.Flags&(syscall.IFA_F_TENTATIVE|syscall.IFA_F_DADFAILED) > 0 { - ok = false - break // Break out of the `range addrs`, not the `for` - } - } - - if ok { - return nil - } - if time.Now().After(deadline) { - return fmt.Errorf("link %s still has tentative addresses after %d seconds", - ifName, - timeout) - } - - time.Sleep(SETTLE_INTERVAL) - } -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/cidr.go b/vendor/github.com/containernetworking/plugins/pkg/ip/cidr.go deleted file mode 100644 index 7acc2d47c..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/cidr.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "math/big" - "net" -) - -// NextIP returns IP incremented by 1 -func NextIP(ip net.IP) net.IP { - i := ipToInt(ip) - return intToIP(i.Add(i, big.NewInt(1))) -} - -// PrevIP returns IP decremented by 1 -func PrevIP(ip net.IP) net.IP { - i := ipToInt(ip) - return intToIP(i.Sub(i, big.NewInt(1))) -} - -// Cmp compares two IPs, returning the usual ordering: -// a < b : -1 -// a == b : 0 -// a > b : 1 -func Cmp(a, b net.IP) int { - aa := ipToInt(a) - bb := ipToInt(b) - return aa.Cmp(bb) -} - -func ipToInt(ip net.IP) *big.Int { - if v := ip.To4(); v != nil { - return big.NewInt(0).SetBytes(v) - } - return big.NewInt(0).SetBytes(ip.To16()) -} - -func intToIP(i *big.Int) net.IP { - return net.IP(i.Bytes()) -} - -// Network masks off the host portion of the IP -func Network(ipn *net.IPNet) *net.IPNet { - return &net.IPNet{ - IP: ipn.IP.Mask(ipn.Mask), - Mask: ipn.Mask, - } -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/ipforward_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/ipforward_linux.go deleted file mode 100644 index 8216a2c38..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/ipforward_linux.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "bytes" - "io/ioutil" - - "github.com/containernetworking/cni/pkg/types/current" -) - -func EnableIP4Forward() error { - return echo1("/proc/sys/net/ipv4/ip_forward") -} - -func EnableIP6Forward() error { - return echo1("/proc/sys/net/ipv6/conf/all/forwarding") -} - -// EnableForward will enable forwarding for all configured -// address families -func EnableForward(ips []*current.IPConfig) error { - v4 := false - v6 := false - - for _, ip := range ips { - if ip.Version == "4" && !v4 { - if err := EnableIP4Forward(); err != nil { - return err - } - v4 = true - } else if ip.Version == "6" && !v6 { - if err := EnableIP6Forward(); err != nil { - return err - } - v6 = true - } - } - return nil -} - -func echo1(f string) error { - if content, err := ioutil.ReadFile(f); err == nil { - if bytes.Equal(bytes.TrimSpace(content), []byte("1")) { - return nil - } - } - return ioutil.WriteFile(f, []byte("1"), 0644) -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/ipmasq_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/ipmasq_linux.go deleted file mode 100644 index cc640a605..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/ipmasq_linux.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "fmt" - "net" - - "github.com/coreos/go-iptables/iptables" -) - -// SetupIPMasq installs iptables rules to masquerade traffic -// coming from ip of ipn and going outside of ipn -func SetupIPMasq(ipn *net.IPNet, chain string, comment string) error { - isV6 := ipn.IP.To4() == nil - - var ipt *iptables.IPTables - var err error - var multicastNet string - - if isV6 { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv6) - multicastNet = "ff00::/8" - } else { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv4) - multicastNet = "224.0.0.0/4" - } - if err != nil { - return fmt.Errorf("failed to locate iptables: %v", err) - } - - // Create chain if doesn't exist - exists := false - chains, err := ipt.ListChains("nat") - if err != nil { - return fmt.Errorf("failed to list chains: %v", err) - } - for _, ch := range chains { - if ch == chain { - exists = true - break - } - } - if !exists { - if err = ipt.NewChain("nat", chain); err != nil { - return err - } - } - - // Packets to this network should not be touched - if err := ipt.AppendUnique("nat", chain, "-d", ipn.String(), "-j", "ACCEPT", "-m", "comment", "--comment", comment); err != nil { - return err - } - - // Don't masquerade multicast - pods should be able to talk to other pods - // on the local network via multicast. - if err := ipt.AppendUnique("nat", chain, "!", "-d", multicastNet, "-j", "MASQUERADE", "-m", "comment", "--comment", comment); err != nil { - return err - } - - // Packets from the specific IP of this network will hit the chain - return ipt.AppendUnique("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment) -} - -// TeardownIPMasq undoes the effects of SetupIPMasq -func TeardownIPMasq(ipn *net.IPNet, chain string, comment string) error { - isV6 := ipn.IP.To4() == nil - - var ipt *iptables.IPTables - var err error - - if isV6 { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv6) - } else { - ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv4) - } - if err != nil { - return fmt.Errorf("failed to locate iptables: %v", err) - } - - err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.IP.String(), "-j", chain, "-m", "comment", "--comment", comment) - if err != nil && !isNotExist(err) { - return err - } - - // for downward compatibility - err = ipt.Delete("nat", "POSTROUTING", "-s", ipn.String(), "-j", chain, "-m", "comment", "--comment", comment) - if err != nil && !isNotExist(err) { - return err - } - - err = ipt.ClearChain("nat", chain) - if err != nil && !isNotExist(err) { - return err - - } - - err = ipt.DeleteChain("nat", chain) - if err != nil && !isNotExist(err) { - return err - } - - return nil -} - -// isNotExist returnst true if the error is from iptables indicating -// that the target does not exist. -func isNotExist(err error) bool { - e, ok := err.(*iptables.Error) - if !ok { - return false - } - return e.IsNotExist() -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go deleted file mode 100644 index f8781cf19..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go +++ /dev/null @@ -1,293 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "crypto/rand" - "errors" - "fmt" - "net" - "os" - - "github.com/safchain/ethtool" - "github.com/vishvananda/netlink" - - "github.com/containernetworking/plugins/pkg/ns" - "github.com/containernetworking/plugins/pkg/utils/hwaddr" - "github.com/containernetworking/plugins/pkg/utils/sysctl" -) - -var ( - ErrLinkNotFound = errors.New("link not found") -) - -func makeVethPair(name, peer string, mtu int) (netlink.Link, error) { - veth := &netlink.Veth{ - LinkAttrs: netlink.LinkAttrs{ - Name: name, - Flags: net.FlagUp, - MTU: mtu, - }, - PeerName: peer, - } - if err := netlink.LinkAdd(veth); err != nil { - return nil, err - } - // Re-fetch the link to get its creation-time parameters, e.g. index and mac - veth2, err := netlink.LinkByName(name) - if err != nil { - netlink.LinkDel(veth) // try and clean up the link if possible. - return nil, err - } - - return veth2, nil -} - -func peerExists(name string) bool { - if _, err := netlink.LinkByName(name); err != nil { - return false - } - return true -} - -func makeVeth(name, vethPeerName string, mtu int) (peerName string, veth netlink.Link, err error) { - for i := 0; i < 10; i++ { - if vethPeerName != "" { - peerName = vethPeerName - } else { - peerName, err = RandomVethName() - if err != nil { - return - } - } - - veth, err = makeVethPair(name, peerName, mtu) - switch { - case err == nil: - return - - case os.IsExist(err): - if peerExists(peerName) && vethPeerName == "" { - continue - } - err = fmt.Errorf("container veth name provided (%v) already exists", name) - return - - default: - err = fmt.Errorf("failed to make veth pair: %v", err) - return - } - } - - // should really never be hit - err = fmt.Errorf("failed to find a unique veth name") - return -} - -// RandomVethName returns string "veth" with random prefix (hashed from entropy) -func RandomVethName() (string, error) { - entropy := make([]byte, 4) - _, err := rand.Reader.Read(entropy) - if err != nil { - return "", fmt.Errorf("failed to generate random veth name: %v", err) - } - - // NetworkManager (recent versions) will ignore veth devices that start with "veth" - return fmt.Sprintf("veth%x", entropy), nil -} - -func RenameLink(curName, newName string) error { - link, err := netlink.LinkByName(curName) - if err == nil { - err = netlink.LinkSetName(link, newName) - } - return err -} - -func ifaceFromNetlinkLink(l netlink.Link) net.Interface { - a := l.Attrs() - return net.Interface{ - Index: a.Index, - MTU: a.MTU, - Name: a.Name, - HardwareAddr: a.HardwareAddr, - Flags: a.Flags, - } -} - -// SetupVethWithName sets up a pair of virtual ethernet devices. -// Call SetupVethWithName from inside the container netns. It will create both veth -// devices and move the host-side veth into the provided hostNS namespace. -// hostVethName: If hostVethName is not specified, the host-side veth name will use a random string. -// On success, SetupVethWithName returns (hostVeth, containerVeth, nil) -func SetupVethWithName(contVethName, hostVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { - hostVethName, contVeth, err := makeVeth(contVethName, hostVethName, mtu) - if err != nil { - return net.Interface{}, net.Interface{}, err - } - - if err = netlink.LinkSetUp(contVeth); err != nil { - return net.Interface{}, net.Interface{}, fmt.Errorf("failed to set %q up: %v", contVethName, err) - } - - hostVeth, err := netlink.LinkByName(hostVethName) - if err != nil { - return net.Interface{}, net.Interface{}, fmt.Errorf("failed to lookup %q: %v", hostVethName, err) - } - - if err = netlink.LinkSetNsFd(hostVeth, int(hostNS.Fd())); err != nil { - return net.Interface{}, net.Interface{}, fmt.Errorf("failed to move veth to host netns: %v", err) - } - - err = hostNS.Do(func(_ ns.NetNS) error { - hostVeth, err = netlink.LinkByName(hostVethName) - if err != nil { - return fmt.Errorf("failed to lookup %q in %q: %v", hostVethName, hostNS.Path(), err) - } - - if err = netlink.LinkSetUp(hostVeth); err != nil { - return fmt.Errorf("failed to set %q up: %v", hostVethName, err) - } - - // we want to own the routes for this interface - _, _ = sysctl.Sysctl(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", hostVethName), "0") - return nil - }) - if err != nil { - return net.Interface{}, net.Interface{}, err - } - return ifaceFromNetlinkLink(hostVeth), ifaceFromNetlinkLink(contVeth), nil -} - -// SetupVeth sets up a pair of virtual ethernet devices. -// Call SetupVeth from inside the container netns. It will create both veth -// devices and move the host-side veth into the provided hostNS namespace. -// On success, SetupVeth returns (hostVeth, containerVeth, nil) -func SetupVeth(contVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { - return SetupVethWithName(contVethName, "", mtu, hostNS) -} - -// DelLinkByName removes an interface link. -func DelLinkByName(ifName string) error { - iface, err := netlink.LinkByName(ifName) - if err != nil { - if _, ok := err.(netlink.LinkNotFoundError); ok { - return ErrLinkNotFound - } - return fmt.Errorf("failed to lookup %q: %v", ifName, err) - } - - if err = netlink.LinkDel(iface); err != nil { - return fmt.Errorf("failed to delete %q: %v", ifName, err) - } - - return nil -} - -// DelLinkByNameAddr remove an interface and returns its addresses -func DelLinkByNameAddr(ifName string) ([]*net.IPNet, error) { - iface, err := netlink.LinkByName(ifName) - if err != nil { - if _, ok := err.(netlink.LinkNotFoundError); ok { - return nil, ErrLinkNotFound - } - return nil, fmt.Errorf("failed to lookup %q: %v", ifName, err) - } - - addrs, err := netlink.AddrList(iface, netlink.FAMILY_ALL) - if err != nil { - return nil, fmt.Errorf("failed to get IP addresses for %q: %v", ifName, err) - } - - if err = netlink.LinkDel(iface); err != nil { - return nil, fmt.Errorf("failed to delete %q: %v", ifName, err) - } - - out := []*net.IPNet{} - for _, addr := range addrs { - if addr.IP.IsGlobalUnicast() { - out = append(out, addr.IPNet) - } - } - - return out, nil -} - -func SetHWAddrByIP(ifName string, ip4 net.IP, ip6 net.IP) error { - iface, err := netlink.LinkByName(ifName) - if err != nil { - return fmt.Errorf("failed to lookup %q: %v", ifName, err) - } - - switch { - case ip4 == nil && ip6 == nil: - return fmt.Errorf("neither ip4 or ip6 specified") - - case ip4 != nil: - { - hwAddr, err := hwaddr.GenerateHardwareAddr4(ip4, hwaddr.PrivateMACPrefix) - if err != nil { - return fmt.Errorf("failed to generate hardware addr: %v", err) - } - if err = netlink.LinkSetHardwareAddr(iface, hwAddr); err != nil { - return fmt.Errorf("failed to add hardware addr to %q: %v", ifName, err) - } - } - case ip6 != nil: - // TODO: IPv6 - } - - return nil -} - -// GetVethPeerIfindex returns the veth link object, the peer ifindex of the -// veth, or an error. This peer ifindex will only be valid in the peer's -// network namespace. -func GetVethPeerIfindex(ifName string) (netlink.Link, int, error) { - link, err := netlink.LinkByName(ifName) - if err != nil { - return nil, -1, fmt.Errorf("could not look up %q: %v", ifName, err) - } - if _, ok := link.(*netlink.Veth); !ok { - return nil, -1, fmt.Errorf("interface %q was not a veth interface", ifName) - } - - // veth supports IFLA_LINK (what vishvananda/netlink calls ParentIndex) - // on 4.1 and higher kernels - peerIndex := link.Attrs().ParentIndex - if peerIndex <= 0 { - // Fall back to ethtool for 4.0 and earlier kernels - e, err := ethtool.NewEthtool() - if err != nil { - return nil, -1, fmt.Errorf("failed to initialize ethtool: %v", err) - } - defer e.Close() - - stats, err := e.Stats(link.Attrs().Name) - if err != nil { - return nil, -1, fmt.Errorf("failed to request ethtool stats: %v", err) - } - n, ok := stats["peer_ifindex"] - if !ok { - return nil, -1, fmt.Errorf("failed to find 'peer_ifindex' in ethtool stats") - } - if n > 32767 || n == 0 { - return nil, -1, fmt.Errorf("invalid 'peer_ifindex' %d", n) - } - peerIndex = int(n) - } - - return link, peerIndex, nil -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/route_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/route_linux.go deleted file mode 100644 index f5c0d0803..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/route_linux.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2015-2017 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "net" - - "github.com/vishvananda/netlink" -) - -// AddRoute adds a universally-scoped route to a device. -func AddRoute(ipn *net.IPNet, gw net.IP, dev netlink.Link) error { - return netlink.RouteAdd(&netlink.Route{ - LinkIndex: dev.Attrs().Index, - Scope: netlink.SCOPE_UNIVERSE, - Dst: ipn, - Gw: gw, - }) -} - -// AddHostRoute adds a host-scoped route to a device. -func AddHostRoute(ipn *net.IPNet, gw net.IP, dev netlink.Link) error { - return netlink.RouteAdd(&netlink.Route{ - LinkIndex: dev.Attrs().Index, - Scope: netlink.SCOPE_HOST, - Dst: ipn, - Gw: gw, - }) -} - -// AddDefaultRoute sets the default route on the given gateway. -func AddDefaultRoute(gw net.IP, dev netlink.Link) error { - _, defNet, _ := net.ParseCIDR("0.0.0.0/0") - return AddRoute(defNet, gw, dev) -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/utils_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/utils_linux.go deleted file mode 100644 index 7623c5e13..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/utils_linux.go +++ /dev/null @@ -1,120 +0,0 @@ -// +build linux - -// Copyright 2016 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ip - -import ( - "fmt" - "net" - - "github.com/containernetworking/cni/pkg/types" - "github.com/containernetworking/cni/pkg/types/current" - "github.com/vishvananda/netlink" -) - -func ValidateExpectedInterfaceIPs(ifName string, resultIPs []*current.IPConfig) error { - - // Ensure ips - for _, ips := range resultIPs { - ourAddr := netlink.Addr{IPNet: &ips.Address} - match := false - - link, err := netlink.LinkByName(ifName) - if err != nil { - return fmt.Errorf("Cannot find container link %v", ifName) - } - - addrList, err := netlink.AddrList(link, netlink.FAMILY_ALL) - if err != nil { - return fmt.Errorf("Cannot obtain List of IP Addresses") - } - - for _, addr := range addrList { - if addr.Equal(ourAddr) { - match = true - break - } - } - if match == false { - return fmt.Errorf("Failed to match addr %v on interface %v", ourAddr, ifName) - } - - // Convert the host/prefixlen to just prefix for route lookup. - _, ourPrefix, err := net.ParseCIDR(ourAddr.String()) - - findGwy := &netlink.Route{Dst: ourPrefix} - routeFilter := netlink.RT_FILTER_DST - var family int - - switch { - case ips.Version == "4": - family = netlink.FAMILY_V4 - case ips.Version == "6": - family = netlink.FAMILY_V6 - default: - return fmt.Errorf("Invalid IP Version %v for interface %v", ips.Version, ifName) - } - - gwy, err := netlink.RouteListFiltered(family, findGwy, routeFilter) - if err != nil { - return fmt.Errorf("Error %v trying to find Gateway %v for interface %v", err, ips.Gateway, ifName) - } - if gwy == nil { - return fmt.Errorf("Failed to find Gateway %v for interface %v", ips.Gateway, ifName) - } - } - - return nil -} - -func ValidateExpectedRoute(resultRoutes []*types.Route) error { - - // Ensure that each static route in prevResults is found in the routing table - for _, route := range resultRoutes { - find := &netlink.Route{Dst: &route.Dst, Gw: route.GW} - routeFilter := netlink.RT_FILTER_DST | netlink.RT_FILTER_GW - var family int - - switch { - case route.Dst.IP.To4() != nil: - family = netlink.FAMILY_V4 - // Default route needs Dst set to nil - if route.Dst.String() == "0.0.0.0/0" { - find = &netlink.Route{Dst: nil, Gw: route.GW} - routeFilter = netlink.RT_FILTER_DST - } - case len(route.Dst.IP) == net.IPv6len: - family = netlink.FAMILY_V6 - // Default route needs Dst set to nil - if route.Dst.String() == "::/0" { - find = &netlink.Route{Dst: nil, Gw: route.GW} - routeFilter = netlink.RT_FILTER_DST - } - default: - return fmt.Errorf("Invalid static route found %v", route) - } - - wasFound, err := netlink.RouteListFiltered(family, find, routeFilter) - if err != nil { - return fmt.Errorf("Expected Route %v not route table lookup error %v", route, err) - } - if wasFound == nil { - return fmt.Errorf("Expected Route %v not found in routing table", route) - } - } - - return nil -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/utils/hwaddr/hwaddr.go b/vendor/github.com/containernetworking/plugins/pkg/utils/hwaddr/hwaddr.go deleted file mode 100644 index aaf3b8a02..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/utils/hwaddr/hwaddr.go +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2016 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package hwaddr - -import ( - "fmt" - "net" -) - -const ( - ipRelevantByteLen = 4 - PrivateMACPrefixString = "0a:58" -) - -var ( - // private mac prefix safe to use - PrivateMACPrefix = []byte{0x0a, 0x58} -) - -type SupportIp4OnlyErr struct{ msg string } - -func (e SupportIp4OnlyErr) Error() string { return e.msg } - -type MacParseErr struct{ msg string } - -func (e MacParseErr) Error() string { return e.msg } - -type InvalidPrefixLengthErr struct{ msg string } - -func (e InvalidPrefixLengthErr) Error() string { return e.msg } - -// GenerateHardwareAddr4 generates 48 bit virtual mac addresses based on the IP4 input. -func GenerateHardwareAddr4(ip net.IP, prefix []byte) (net.HardwareAddr, error) { - switch { - - case ip.To4() == nil: - return nil, SupportIp4OnlyErr{msg: "GenerateHardwareAddr4 only supports valid IPv4 address as input"} - - case len(prefix) != len(PrivateMACPrefix): - return nil, InvalidPrefixLengthErr{msg: fmt.Sprintf( - "Prefix has length %d instead of %d", len(prefix), len(PrivateMACPrefix)), - } - } - - ipByteLen := len(ip) - return (net.HardwareAddr)( - append( - prefix, - ip[ipByteLen-ipRelevantByteLen:ipByteLen]...), - ), nil -} diff --git a/vendor/github.com/containernetworking/plugins/pkg/utils/sysctl/sysctl_linux.go b/vendor/github.com/containernetworking/plugins/pkg/utils/sysctl/sysctl_linux.go deleted file mode 100644 index 7ee47e1ce..000000000 --- a/vendor/github.com/containernetworking/plugins/pkg/utils/sysctl/sysctl_linux.go +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright 2016 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package sysctl - -import ( - "fmt" - "io/ioutil" - "path/filepath" - "strings" -) - -// Sysctl provides a method to set/get values from /proc/sys - in linux systems -// new interface to set/get values of variables formerly handled by sysctl syscall -// If optional `params` have only one string value - this function will -// set this value into corresponding sysctl variable -func Sysctl(name string, params ...string) (string, error) { - if len(params) > 1 { - return "", fmt.Errorf("unexcepted additional parameters") - } else if len(params) == 1 { - return setSysctl(name, params[0]) - } - return getSysctl(name) -} - -func getSysctl(name string) (string, error) { - fullName := filepath.Join("/proc/sys", toNormalName(name)) - fullName = filepath.Clean(fullName) - data, err := ioutil.ReadFile(fullName) - if err != nil { - return "", err - } - - return string(data[:len(data)-1]), nil -} - -func setSysctl(name, value string) (string, error) { - fullName := filepath.Join("/proc/sys", toNormalName(name)) - fullName = filepath.Clean(fullName) - if err := ioutil.WriteFile(fullName, []byte(value), 0644); err != nil { - return "", err - } - - return getSysctl(name) -} - -// Normalize names by using slash as separator -// Sysctl names can use dots or slashes as separator: -// - if dots are used, dots and slashes are interchanged. -// - if slashes are used, slashes and dots are left intact. -// Separator in use is determined by first occurrence. -func toNormalName(name string) string { - interchange := false - for _, c := range name { - if c == '.' { - interchange = true - break - } - if c == '/' { - break - } - } - - if interchange { - r := strings.NewReplacer(".", "/", "/", ".") - return r.Replace(name) - } - return name -} diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go deleted file mode 100644 index 4cec1a74e..000000000 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go +++ /dev/null @@ -1,228 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package allocator - -import ( - "fmt" - "log" - "net" - "os" - "strconv" - - "github.com/containernetworking/cni/pkg/types/current" - "github.com/containernetworking/plugins/pkg/ip" - "github.com/containernetworking/plugins/plugins/ipam/host-local/backend" -) - -type IPAllocator struct { - rangeset *RangeSet - store backend.Store - rangeID string // Used for tracking last reserved ip -} - -func NewIPAllocator(s *RangeSet, store backend.Store, id int) *IPAllocator { - return &IPAllocator{ - rangeset: s, - store: store, - rangeID: strconv.Itoa(id), - } -} - -// Get allocates an IP -func (a *IPAllocator) Get(id string, ifname string, requestedIP net.IP) (*current.IPConfig, error) { - a.store.Lock() - defer a.store.Unlock() - - var reservedIP *net.IPNet - var gw net.IP - - if requestedIP != nil { - if err := canonicalizeIP(&requestedIP); err != nil { - return nil, err - } - - r, err := a.rangeset.RangeFor(requestedIP) - if err != nil { - return nil, err - } - - if requestedIP.Equal(r.Gateway) { - return nil, fmt.Errorf("requested ip %s is subnet's gateway", requestedIP.String()) - } - - reserved, err := a.store.Reserve(id, ifname, requestedIP, a.rangeID) - if err != nil { - return nil, err - } - if !reserved { - return nil, fmt.Errorf("requested IP address %s is not available in range set %s", requestedIP, a.rangeset.String()) - } - reservedIP = &net.IPNet{IP: requestedIP, Mask: r.Subnet.Mask} - gw = r.Gateway - - } else { - // try to get allocated IPs for this given id, if exists, just return error - // because duplicate allocation is not allowed in SPEC - // https://github.com/containernetworking/cni/blob/master/SPEC.md - allocatedIPs := a.store.GetByID(id, ifname) - for _, allocatedIP := range allocatedIPs { - // check whether the existing IP belong to this range set - if _, err := a.rangeset.RangeFor(allocatedIP); err == nil { - return nil, fmt.Errorf("%s has been allocated to %s, duplicate allocation is not allowed", allocatedIP.String(), id) - } - } - - iter, err := a.GetIter() - if err != nil { - return nil, err - } - for { - reservedIP, gw = iter.Next() - if reservedIP == nil { - break - } - - reserved, err := a.store.Reserve(id, ifname, reservedIP.IP, a.rangeID) - if err != nil { - return nil, err - } - - if reserved { - break - } - } - } - - if reservedIP == nil { - return nil, fmt.Errorf("no IP addresses available in range set: %s", a.rangeset.String()) - } - version := "4" - if reservedIP.IP.To4() == nil { - version = "6" - } - - return ¤t.IPConfig{ - Version: version, - Address: *reservedIP, - Gateway: gw, - }, nil -} - -// Release clears all IPs allocated for the container with given ID -func (a *IPAllocator) Release(id string, ifname string) error { - a.store.Lock() - defer a.store.Unlock() - - return a.store.ReleaseByID(id, ifname) -} - -type RangeIter struct { - rangeset *RangeSet - - // The current range id - rangeIdx int - - // Our current position - cur net.IP - - // The IP and range index where we started iterating; if we hit this again, we're done. - startIP net.IP - startRange int -} - -// GetIter encapsulates the strategy for this allocator. -// We use a round-robin strategy, attempting to evenly use the whole set. -// More specifically, a crash-looping container will not see the same IP until -// the entire range has been run through. -// We may wish to consider avoiding recently-released IPs in the future. -func (a *IPAllocator) GetIter() (*RangeIter, error) { - iter := RangeIter{ - rangeset: a.rangeset, - } - - // Round-robin by trying to allocate from the last reserved IP + 1 - startFromLastReservedIP := false - - // We might get a last reserved IP that is wrong if the range indexes changed. - // This is not critical, we just lose round-robin this one time. - lastReservedIP, err := a.store.LastReservedIP(a.rangeID) - if err != nil && !os.IsNotExist(err) { - log.Printf("Error retrieving last reserved ip: %v", err) - } else if lastReservedIP != nil { - startFromLastReservedIP = a.rangeset.Contains(lastReservedIP) - } - - // Find the range in the set with this IP - if startFromLastReservedIP { - for i, r := range *a.rangeset { - if r.Contains(lastReservedIP) { - iter.rangeIdx = i - iter.startRange = i - - // We advance the cursor on every Next(), so the first call - // to next() will return lastReservedIP + 1 - iter.cur = lastReservedIP - break - } - } - } else { - iter.rangeIdx = 0 - iter.startRange = 0 - iter.startIP = (*a.rangeset)[0].RangeStart - } - return &iter, nil -} - -// Next returns the next IP, its mask, and its gateway. Returns nil -// if the iterator has been exhausted -func (i *RangeIter) Next() (*net.IPNet, net.IP) { - r := (*i.rangeset)[i.rangeIdx] - - // If this is the first time iterating and we're not starting in the middle - // of the range, then start at rangeStart, which is inclusive - if i.cur == nil { - i.cur = r.RangeStart - i.startIP = i.cur - if i.cur.Equal(r.Gateway) { - return i.Next() - } - return &net.IPNet{IP: i.cur, Mask: r.Subnet.Mask}, r.Gateway - } - - // If we've reached the end of this range, we need to advance the range - // RangeEnd is inclusive as well - if i.cur.Equal(r.RangeEnd) { - i.rangeIdx += 1 - i.rangeIdx %= len(*i.rangeset) - r = (*i.rangeset)[i.rangeIdx] - - i.cur = r.RangeStart - } else { - i.cur = ip.NextIP(i.cur) - } - - if i.startIP == nil { - i.startIP = i.cur - } else if i.rangeIdx == i.startRange && i.cur.Equal(i.startIP) { - // IF we've looped back to where we started, give up - return nil, nil - } - - if i.cur.Equal(r.Gateway) { - return i.Next() - } - - return &net.IPNet{IP: i.cur, Mask: r.Subnet.Mask}, r.Gateway -} diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/config.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/config.go deleted file mode 100644 index c8cb2a746..000000000 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/config.go +++ /dev/null @@ -1,160 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package allocator - -import ( - "encoding/json" - "fmt" - "net" - - "github.com/containernetworking/cni/pkg/types" - "github.com/containernetworking/cni/pkg/types/020" -) - -// The top-level network config - IPAM plugins are passed the full configuration -// of the calling plugin, not just the IPAM section. -type Net struct { - Name string `json:"name"` - CNIVersion string `json:"cniVersion"` - IPAM *IPAMConfig `json:"ipam"` - RuntimeConfig struct { // The capability arg - IPRanges []RangeSet `json:"ipRanges,omitempty"` - } `json:"runtimeConfig,omitempty"` - Args *struct { - A *IPAMArgs `json:"cni"` - } `json:"args"` -} - -// IPAMConfig represents the IP related network configuration. -// This nests Range because we initially only supported a single -// range directly, and wish to preserve backwards compatability -type IPAMConfig struct { - *Range - Name string - Type string `json:"type"` - Routes []*types.Route `json:"routes"` - DataDir string `json:"dataDir"` - ResolvConf string `json:"resolvConf"` - Ranges []RangeSet `json:"ranges"` - IPArgs []net.IP `json:"-"` // Requested IPs from CNI_ARGS and args -} - -type IPAMEnvArgs struct { - types.CommonArgs - IP net.IP `json:"ip,omitempty"` -} - -type IPAMArgs struct { - IPs []net.IP `json:"ips"` -} - -type RangeSet []Range - -type Range struct { - RangeStart net.IP `json:"rangeStart,omitempty"` // The first ip, inclusive - RangeEnd net.IP `json:"rangeEnd,omitempty"` // The last ip, inclusive - Subnet types.IPNet `json:"subnet"` - Gateway net.IP `json:"gateway,omitempty"` -} - -// NewIPAMConfig creates a NetworkConfig from the given network name. -func LoadIPAMConfig(bytes []byte, envArgs string) (*IPAMConfig, string, error) { - n := Net{} - if err := json.Unmarshal(bytes, &n); err != nil { - return nil, "", err - } - - if n.IPAM == nil { - return nil, "", fmt.Errorf("IPAM config missing 'ipam' key") - } - - // Parse custom IP from both env args *and* the top-level args config - if envArgs != "" { - e := IPAMEnvArgs{} - err := types.LoadArgs(envArgs, &e) - if err != nil { - return nil, "", err - } - - if e.IP != nil { - n.IPAM.IPArgs = []net.IP{e.IP} - } - } - - if n.Args != nil && n.Args.A != nil && len(n.Args.A.IPs) != 0 { - n.IPAM.IPArgs = append(n.IPAM.IPArgs, n.Args.A.IPs...) - } - - for idx := range n.IPAM.IPArgs { - if err := canonicalizeIP(&n.IPAM.IPArgs[idx]); err != nil { - return nil, "", fmt.Errorf("cannot understand ip: %v", err) - } - } - - // If a single range (old-style config) is specified, prepend it to - // the Ranges array - if n.IPAM.Range != nil && n.IPAM.Range.Subnet.IP != nil { - n.IPAM.Ranges = append([]RangeSet{{*n.IPAM.Range}}, n.IPAM.Ranges...) - } - n.IPAM.Range = nil - - // If a range is supplied as a runtime config, prepend it to the Ranges - if len(n.RuntimeConfig.IPRanges) > 0 { - n.IPAM.Ranges = append(n.RuntimeConfig.IPRanges, n.IPAM.Ranges...) - } - - if len(n.IPAM.Ranges) == 0 { - return nil, "", fmt.Errorf("no IP ranges specified") - } - - // Validate all ranges - numV4 := 0 - numV6 := 0 - for i := range n.IPAM.Ranges { - if err := n.IPAM.Ranges[i].Canonicalize(); err != nil { - return nil, "", fmt.Errorf("invalid range set %d: %s", i, err) - } - - if n.IPAM.Ranges[i][0].RangeStart.To4() != nil { - numV4++ - } else { - numV6++ - } - } - - // CNI spec 0.2.0 and below supported only one v4 and v6 address - if numV4 > 1 || numV6 > 1 { - for _, v := range types020.SupportedVersions { - if n.CNIVersion == v { - return nil, "", fmt.Errorf("CNI version %v does not support more than 1 address per family", n.CNIVersion) - } - } - } - - // Check for overlaps - l := len(n.IPAM.Ranges) - for i, p1 := range n.IPAM.Ranges[:l-1] { - for j, p2 := range n.IPAM.Ranges[i+1:] { - if p1.Overlaps(&p2) { - return nil, "", fmt.Errorf("range set %d overlaps with %d", i, (i + j + 1)) - } - } - } - - // Copy net name into IPAM so not to drag Net struct around - n.IPAM.Name = n.Name - - return n.IPAM, n.CNIVersion, nil -} diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/range.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/range.go deleted file mode 100644 index 9bf389e80..000000000 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/range.go +++ /dev/null @@ -1,166 +0,0 @@ -// Copyright 2017 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package allocator - -import ( - "fmt" - "net" - - "github.com/containernetworking/cni/pkg/types" - "github.com/containernetworking/plugins/pkg/ip" -) - -// Canonicalize takes a given range and ensures that all information is consistent, -// filling out Start, End, and Gateway with sane values if missing -func (r *Range) Canonicalize() error { - if err := canonicalizeIP(&r.Subnet.IP); err != nil { - return err - } - - // Can't create an allocator for a network with no addresses, eg - // a /32 or /31 - ones, masklen := r.Subnet.Mask.Size() - if ones > masklen-2 { - return fmt.Errorf("Network %s too small to allocate from", (*net.IPNet)(&r.Subnet).String()) - } - - if len(r.Subnet.IP) != len(r.Subnet.Mask) { - return fmt.Errorf("IPNet IP and Mask version mismatch") - } - - // Ensure Subnet IP is the network address, not some other address - networkIP := r.Subnet.IP.Mask(r.Subnet.Mask) - if !r.Subnet.IP.Equal(networkIP) { - return fmt.Errorf("Network has host bits set. For a subnet mask of length %d the network address is %s", ones, networkIP.String()) - } - - // If the gateway is nil, claim .1 - if r.Gateway == nil { - r.Gateway = ip.NextIP(r.Subnet.IP) - } else { - if err := canonicalizeIP(&r.Gateway); err != nil { - return err - } - } - - // RangeStart: If specified, make sure it's sane (inside the subnet), - // otherwise use the first free IP (i.e. .1) - this will conflict with the - // gateway but we skip it in the iterator - if r.RangeStart != nil { - if err := canonicalizeIP(&r.RangeStart); err != nil { - return err - } - - if !r.Contains(r.RangeStart) { - return fmt.Errorf("RangeStart %s not in network %s", r.RangeStart.String(), (*net.IPNet)(&r.Subnet).String()) - } - } else { - r.RangeStart = ip.NextIP(r.Subnet.IP) - } - - // RangeEnd: If specified, verify sanity. Otherwise, add a sensible default - // (e.g. for a /24: .254 if IPv4, ::255 if IPv6) - if r.RangeEnd != nil { - if err := canonicalizeIP(&r.RangeEnd); err != nil { - return err - } - - if !r.Contains(r.RangeEnd) { - return fmt.Errorf("RangeEnd %s not in network %s", r.RangeEnd.String(), (*net.IPNet)(&r.Subnet).String()) - } - } else { - r.RangeEnd = lastIP(r.Subnet) - } - - return nil -} - -// IsValidIP checks if a given ip is a valid, allocatable address in a given Range -func (r *Range) Contains(addr net.IP) bool { - if err := canonicalizeIP(&addr); err != nil { - return false - } - - subnet := (net.IPNet)(r.Subnet) - - // Not the same address family - if len(addr) != len(r.Subnet.IP) { - return false - } - - // Not in network - if !subnet.Contains(addr) { - return false - } - - // We ignore nils here so we can use this function as we initialize the range. - if r.RangeStart != nil { - // Before the range start - if ip.Cmp(addr, r.RangeStart) < 0 { - return false - } - } - - if r.RangeEnd != nil { - if ip.Cmp(addr, r.RangeEnd) > 0 { - // After the range end - return false - } - } - - return true -} - -// Overlaps returns true if there is any overlap between ranges -func (r *Range) Overlaps(r1 *Range) bool { - // different familes - if len(r.RangeStart) != len(r1.RangeStart) { - return false - } - - return r.Contains(r1.RangeStart) || - r.Contains(r1.RangeEnd) || - r1.Contains(r.RangeStart) || - r1.Contains(r.RangeEnd) -} - -func (r *Range) String() string { - return fmt.Sprintf("%s-%s", r.RangeStart.String(), r.RangeEnd.String()) -} - -// canonicalizeIP makes sure a provided ip is in standard form -func canonicalizeIP(ip *net.IP) error { - if ip.To4() != nil { - *ip = ip.To4() - return nil - } else if ip.To16() != nil { - *ip = ip.To16() - return nil - } - return fmt.Errorf("IP %s not v4 nor v6", *ip) -} - -// Determine the last IP of a subnet, excluding the broadcast if IPv4 -func lastIP(subnet types.IPNet) net.IP { - var end net.IP - for i := 0; i < len(subnet.IP); i++ { - end = append(end, subnet.IP[i]|^subnet.Mask[i]) - } - if subnet.IP.To4() != nil { - end[3]-- - } - - return end -} diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/range_set.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/range_set.go deleted file mode 100644 index da957f535..000000000 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/range_set.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright 2017 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package allocator - -import ( - "fmt" - "net" - "strings" -) - -// Contains returns true if any range in this set contains an IP -func (s *RangeSet) Contains(addr net.IP) bool { - r, _ := s.RangeFor(addr) - return r != nil -} - -// RangeFor finds the range that contains an IP, or nil if not found -func (s *RangeSet) RangeFor(addr net.IP) (*Range, error) { - if err := canonicalizeIP(&addr); err != nil { - return nil, err - } - - for _, r := range *s { - if r.Contains(addr) { - return &r, nil - } - } - - return nil, fmt.Errorf("%s not in range set %s", addr.String(), s.String()) -} - -// Overlaps returns true if any ranges in any set overlap with this one -func (s *RangeSet) Overlaps(p1 *RangeSet) bool { - for _, r := range *s { - for _, r1 := range *p1 { - if r.Overlaps(&r1) { - return true - } - } - } - return false -} - -// Canonicalize ensures the RangeSet is in a standard form, and detects any -// invalid input. Call Range.Canonicalize() on every Range in the set -func (s *RangeSet) Canonicalize() error { - if len(*s) == 0 { - return fmt.Errorf("empty range set") - } - - fam := 0 - for i := range *s { - if err := (*s)[i].Canonicalize(); err != nil { - return err - } - if i == 0 { - fam = len((*s)[i].RangeStart) - } else { - if fam != len((*s)[i].RangeStart) { - return fmt.Errorf("mixed address families") - } - } - } - - // Make sure none of the ranges in the set overlap - l := len(*s) - for i, r1 := range (*s)[:l-1] { - for _, r2 := range (*s)[i+1:] { - if r1.Overlaps(&r2) { - return fmt.Errorf("subnets %s and %s overlap", r1.String(), r2.String()) - } - } - } - - return nil -} - -func (s *RangeSet) String() string { - out := []string{} - for _, r := range *s { - out = append(out, r.String()) - } - - return strings.Join(out, ",") -} diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go deleted file mode 100644 index 7211ddf6a..000000000 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2015 CNI authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package backend - -import "net" - -type Store interface { - Lock() error - Unlock() error - Close() error - Reserve(id string, ifname string, ip net.IP, rangeID string) (bool, error) - LastReservedIP(rangeID string) (net.IP, error) - Release(ip net.IP) error - ReleaseByID(id string, ifname string) error - GetByID(id string, ifname string) []net.IP -} diff --git a/vendor/github.com/coreos/go-iptables/LICENSE b/vendor/github.com/coreos/go-iptables/LICENSE deleted file mode 100644 index 37ec93a14..000000000 --- a/vendor/github.com/coreos/go-iptables/LICENSE +++ /dev/null @@ -1,191 +0,0 @@ -Apache License -Version 2.0, January 2004 -http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - -"License" shall mean the terms and conditions for use, reproduction, and -distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by the copyright -owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all other entities -that control, are controlled by, or are under common control with that entity. -For the purposes of this definition, "control" means (i) the power, direct or -indirect, to cause the direction or management of such entity, whether by -contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the -outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising -permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, including -but not limited to software source code, documentation source, and configuration -files. - -"Object" form shall mean any form resulting from mechanical transformation or -translation of a Source form, including but not limited to compiled object code, -generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, made -available under the License, as indicated by a copyright notice that is included -in or attached to the work (an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object form, that -is based on (or derived from) the Work and for which the editorial revisions, -annotations, elaborations, or other modifications represent, as a whole, an -original work of authorship. For the purposes of this License, Derivative Works -shall not include works that remain separable from, or merely link (or bind by -name) to the interfaces of, the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including the original version -of the Work and any modifications or additions to that Work or Derivative Works -thereof, that is intentionally submitted to Licensor for inclusion in the Work -by the copyright owner or by an individual or Legal Entity authorized to submit -on behalf of the copyright owner. For the purposes of this definition, -"submitted" means any form of electronic, verbal, or written communication sent -to the Licensor or its representatives, including but not limited to -communication on electronic mailing lists, source code control systems, and -issue tracking systems that are managed by, or on behalf of, the Licensor for -the purpose of discussing and improving the Work, but excluding communication -that is conspicuously marked or otherwise designated in writing by the copyright -owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on behalf -of whom a Contribution has been received by Licensor and subsequently -incorporated within the Work. - -2. Grant of Copyright License. - -Subject to the terms and conditions of this License, each Contributor hereby -grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, -irrevocable copyright license to reproduce, prepare Derivative Works of, -publicly display, publicly perform, sublicense, and distribute the Work and such -Derivative Works in Source or Object form. - -3. Grant of Patent License. - -Subject to the terms and conditions of this License, each Contributor hereby -grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, -irrevocable (except as stated in this section) patent license to make, have -made, use, offer to sell, sell, import, and otherwise transfer the Work, where -such license applies only to those patent claims licensable by such Contributor -that are necessarily infringed by their Contribution(s) alone or by combination -of their Contribution(s) with the Work to which such Contribution(s) was -submitted. If You institute patent litigation against any entity (including a -cross-claim or counterclaim in a lawsuit) alleging that the Work or a -Contribution incorporated within the Work constitutes direct or contributory -patent infringement, then any patent licenses granted to You under this License -for that Work shall terminate as of the date such litigation is filed. - -4. Redistribution. - -You may reproduce and distribute copies of the Work or Derivative Works thereof -in any medium, with or without modifications, and in Source or Object form, -provided that You meet the following conditions: - -You must give any other recipients of the Work or Derivative Works a copy of -this License; and -You must cause any modified files to carry prominent notices stating that You -changed the files; and -You must retain, in the Source form of any Derivative Works that You distribute, -all copyright, patent, trademark, and attribution notices from the Source form -of the Work, excluding those notices that do not pertain to any part of the -Derivative Works; and -If the Work includes a "NOTICE" text file as part of its distribution, then any -Derivative Works that You distribute must include a readable copy of the -attribution notices contained within such NOTICE file, excluding those notices -that do not pertain to any part of the Derivative Works, in at least one of the -following places: within a NOTICE text file distributed as part of the -Derivative Works; within the Source form or documentation, if provided along -with the Derivative Works; or, within a display generated by the Derivative -Works, if and wherever such third-party notices normally appear. The contents of -the NOTICE file are for informational purposes only and do not modify the -License. You may add Your own attribution notices within Derivative Works that -You distribute, alongside or as an addendum to the NOTICE text from the Work, -provided that such additional attribution notices cannot be construed as -modifying the License. -You may add Your own copyright statement to Your modifications and may provide -additional or different license terms and conditions for use, reproduction, or -distribution of Your modifications, or for any such Derivative Works as a whole, -provided Your use, reproduction, and distribution of the Work otherwise complies -with the conditions stated in this License. - -5. Submission of Contributions. - -Unless You explicitly state otherwise, any Contribution intentionally submitted -for inclusion in the Work by You to the Licensor shall be under the terms and -conditions of this License, without any additional terms or conditions. -Notwithstanding the above, nothing herein shall supersede or modify the terms of -any separate license agreement you may have executed with Licensor regarding -such Contributions. - -6. Trademarks. - -This License does not grant permission to use the trade names, trademarks, -service marks, or product names of the Licensor, except as required for -reasonable and customary use in describing the origin of the Work and -reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. - -Unless required by applicable law or agreed to in writing, Licensor provides the -Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, -including, without limitation, any warranties or conditions of TITLE, -NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are -solely responsible for determining the appropriateness of using or -redistributing the Work and assume any risks associated with Your exercise of -permissions under this License. - -8. Limitation of Liability. - -In no event and under no legal theory, whether in tort (including negligence), -contract, or otherwise, unless required by applicable law (such as deliberate -and grossly negligent acts) or agreed to in writing, shall any Contributor be -liable to You for damages, including any direct, indirect, special, incidental, -or consequential damages of any character arising as a result of this License or -out of the use or inability to use the Work (including but not limited to -damages for loss of goodwill, work stoppage, computer failure or malfunction, or -any and all other commercial damages or losses), even if such Contributor has -been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. - -While redistributing the Work or Derivative Works thereof, You may choose to -offer, and charge a fee for, acceptance of support, warranty, indemnity, or -other liability obligations and/or rights consistent with this License. However, -in accepting such obligations, You may act only on Your own behalf and on Your -sole responsibility, not on behalf of any other Contributor, and only if You -agree to indemnify, defend, and hold each Contributor harmless for any liability -incurred by, or claims asserted against, such Contributor by reason of your -accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work - -To apply the Apache License to your work, attach the following boilerplate -notice, with the fields enclosed by brackets "[]" replaced with your own -identifying information. (Don't include the brackets!) The text should be -enclosed in the appropriate comment syntax for the file format. We also -recommend that a file or class name and description of purpose be included on -the same "printed page" as the copyright notice for easier identification within -third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/coreos/go-iptables/NOTICE b/vendor/github.com/coreos/go-iptables/NOTICE deleted file mode 100644 index 23a0ada2f..000000000 --- a/vendor/github.com/coreos/go-iptables/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -CoreOS Project -Copyright 2018 CoreOS, Inc - -This product includes software developed at CoreOS, Inc. -(http://www.coreos.com/). diff --git a/vendor/github.com/coreos/go-iptables/iptables/iptables.go b/vendor/github.com/coreos/go-iptables/iptables/iptables.go deleted file mode 100644 index 8d6f68906..000000000 --- a/vendor/github.com/coreos/go-iptables/iptables/iptables.go +++ /dev/null @@ -1,659 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package iptables - -import ( - "bytes" - "fmt" - "io" - "net" - "os/exec" - "regexp" - "strconv" - "strings" - "syscall" -) - -// Adds the output of stderr to exec.ExitError -type Error struct { - exec.ExitError - cmd exec.Cmd - msg string - exitStatus *int //for overriding -} - -func (e *Error) ExitStatus() int { - if e.exitStatus != nil { - return *e.exitStatus - } - return e.Sys().(syscall.WaitStatus).ExitStatus() -} - -func (e *Error) Error() string { - return fmt.Sprintf("running %v: exit status %v: %v", e.cmd.Args, e.ExitStatus(), e.msg) -} - -// IsNotExist returns true if the error is due to the chain or rule not existing -func (e *Error) IsNotExist() bool { - if e.ExitStatus() != 1 { - return false - } - msgNoRuleExist := "Bad rule (does a matching rule exist in that chain?).\n" - msgNoChainExist := "No chain/target/match by that name.\n" - return strings.Contains(e.msg, msgNoRuleExist) || strings.Contains(e.msg, msgNoChainExist) -} - -// Protocol to differentiate between IPv4 and IPv6 -type Protocol byte - -const ( - ProtocolIPv4 Protocol = iota - ProtocolIPv6 -) - -type IPTables struct { - path string - proto Protocol - hasCheck bool - hasWait bool - hasRandomFully bool - v1 int - v2 int - v3 int - mode string // the underlying iptables operating mode, e.g. nf_tables - timeout int // time to wait for the iptables lock, default waits forever -} - -// Stat represents a structured statistic entry. -type Stat struct { - Packets uint64 `json:"pkts"` - Bytes uint64 `json:"bytes"` - Target string `json:"target"` - Protocol string `json:"prot"` - Opt string `json:"opt"` - Input string `json:"in"` - Output string `json:"out"` - Source *net.IPNet `json:"source"` - Destination *net.IPNet `json:"destination"` - Options string `json:"options"` -} - -type option func(*IPTables) - -func IPFamily(proto Protocol) option { - return func(ipt *IPTables) { - ipt.proto = proto - } -} - -func Timeout(timeout int) option { - return func(ipt *IPTables) { - ipt.timeout = timeout - } -} - -// New creates a new IPTables configured with the options passed as parameter. -// For backwards compatibility, by default always uses IPv4 and timeout 0. -// i.e. you can create an IPv6 IPTables using a timeout of 5 seconds passing -// the IPFamily and Timeout options as follow: -// ip6t := New(IPFamily(ProtocolIPv6), Timeout(5)) -func New(opts ...option) (*IPTables, error) { - - ipt := &IPTables{ - proto: ProtocolIPv4, - timeout: 0, - } - - for _, opt := range opts { - opt(ipt) - } - - path, err := exec.LookPath(getIptablesCommand(ipt.proto)) - if err != nil { - return nil, err - } - ipt.path = path - - vstring, err := getIptablesVersionString(path) - if err != nil { - return nil, fmt.Errorf("could not get iptables version: %v", err) - } - v1, v2, v3, mode, err := extractIptablesVersion(vstring) - if err != nil { - return nil, fmt.Errorf("failed to extract iptables version from [%s]: %v", vstring, err) - } - ipt.v1 = v1 - ipt.v2 = v2 - ipt.v3 = v3 - ipt.mode = mode - - checkPresent, waitPresent, randomFullyPresent := getIptablesCommandSupport(v1, v2, v3) - ipt.hasCheck = checkPresent - ipt.hasWait = waitPresent - ipt.hasRandomFully = randomFullyPresent - - return ipt, nil -} - -// New creates a new IPTables for the given proto. -// The proto will determine which command is used, either "iptables" or "ip6tables". -func NewWithProtocol(proto Protocol) (*IPTables, error) { - return New(IPFamily(proto), Timeout(0)) -} - -// Proto returns the protocol used by this IPTables. -func (ipt *IPTables) Proto() Protocol { - return ipt.proto -} - -// Exists checks if given rulespec in specified table/chain exists -func (ipt *IPTables) Exists(table, chain string, rulespec ...string) (bool, error) { - if !ipt.hasCheck { - return ipt.existsForOldIptables(table, chain, rulespec) - - } - cmd := append([]string{"-t", table, "-C", chain}, rulespec...) - err := ipt.run(cmd...) - eerr, eok := err.(*Error) - switch { - case err == nil: - return true, nil - case eok && eerr.ExitStatus() == 1: - return false, nil - default: - return false, err - } -} - -// Insert inserts rulespec to specified table/chain (in specified pos) -func (ipt *IPTables) Insert(table, chain string, pos int, rulespec ...string) error { - cmd := append([]string{"-t", table, "-I", chain, strconv.Itoa(pos)}, rulespec...) - return ipt.run(cmd...) -} - -// Append appends rulespec to specified table/chain -func (ipt *IPTables) Append(table, chain string, rulespec ...string) error { - cmd := append([]string{"-t", table, "-A", chain}, rulespec...) - return ipt.run(cmd...) -} - -// AppendUnique acts like Append except that it won't add a duplicate -func (ipt *IPTables) AppendUnique(table, chain string, rulespec ...string) error { - exists, err := ipt.Exists(table, chain, rulespec...) - if err != nil { - return err - } - - if !exists { - return ipt.Append(table, chain, rulespec...) - } - - return nil -} - -// Delete removes rulespec in specified table/chain -func (ipt *IPTables) Delete(table, chain string, rulespec ...string) error { - cmd := append([]string{"-t", table, "-D", chain}, rulespec...) - return ipt.run(cmd...) -} - -func (ipt *IPTables) DeleteIfExists(table, chain string, rulespec ...string) error { - exists, err := ipt.Exists(table, chain, rulespec...) - if err == nil && exists { - err = ipt.Delete(table, chain, rulespec...) - } - return err -} - -// List rules in specified table/chain -func (ipt *IPTables) List(table, chain string) ([]string, error) { - args := []string{"-t", table, "-S", chain} - return ipt.executeList(args) -} - -// List rules (with counters) in specified table/chain -func (ipt *IPTables) ListWithCounters(table, chain string) ([]string, error) { - args := []string{"-t", table, "-v", "-S", chain} - return ipt.executeList(args) -} - -// ListChains returns a slice containing the name of each chain in the specified table. -func (ipt *IPTables) ListChains(table string) ([]string, error) { - args := []string{"-t", table, "-S"} - - result, err := ipt.executeList(args) - if err != nil { - return nil, err - } - - // Iterate over rules to find all default (-P) and user-specified (-N) chains. - // Chains definition always come before rules. - // Format is the following: - // -P OUTPUT ACCEPT - // -N Custom - var chains []string - for _, val := range result { - if strings.HasPrefix(val, "-P") || strings.HasPrefix(val, "-N") { - chains = append(chains, strings.Fields(val)[1]) - } else { - break - } - } - return chains, nil -} - -// '-S' is fine with non existing rule index as long as the chain exists -// therefore pass index 1 to reduce overhead for large chains -func (ipt *IPTables) ChainExists(table, chain string) (bool, error) { - err := ipt.run("-t", table, "-S", chain, "1") - eerr, eok := err.(*Error) - switch { - case err == nil: - return true, nil - case eok && eerr.ExitStatus() == 1: - return false, nil - default: - return false, err - } -} - -// Stats lists rules including the byte and packet counts -func (ipt *IPTables) Stats(table, chain string) ([][]string, error) { - args := []string{"-t", table, "-L", chain, "-n", "-v", "-x"} - lines, err := ipt.executeList(args) - if err != nil { - return nil, err - } - - appendSubnet := func(addr string) string { - if strings.IndexByte(addr, byte('/')) < 0 { - if strings.IndexByte(addr, '.') < 0 { - return addr + "/128" - } - return addr + "/32" - } - return addr - } - - ipv6 := ipt.proto == ProtocolIPv6 - - rows := [][]string{} - for i, line := range lines { - // Skip over chain name and field header - if i < 2 { - continue - } - - // Fields: - // 0=pkts 1=bytes 2=target 3=prot 4=opt 5=in 6=out 7=source 8=destination 9=options - line = strings.TrimSpace(line) - fields := strings.Fields(line) - - // The ip6tables verbose output cannot be naively split due to the default "opt" - // field containing 2 single spaces. - if ipv6 { - // Check if field 6 is "opt" or "source" address - dest := fields[6] - ip, _, _ := net.ParseCIDR(dest) - if ip == nil { - ip = net.ParseIP(dest) - } - - // If we detected a CIDR or IP, the "opt" field is empty.. insert it. - if ip != nil { - f := []string{} - f = append(f, fields[:4]...) - f = append(f, " ") // Empty "opt" field for ip6tables - f = append(f, fields[4:]...) - fields = f - } - } - - // Adjust "source" and "destination" to include netmask, to match regular - // List output - fields[7] = appendSubnet(fields[7]) - fields[8] = appendSubnet(fields[8]) - - // Combine "options" fields 9... into a single space-delimited field. - options := fields[9:] - fields = fields[:9] - fields = append(fields, strings.Join(options, " ")) - rows = append(rows, fields) - } - return rows, nil -} - -// ParseStat parses a single statistic row into a Stat struct. The input should -// be a string slice that is returned from calling the Stat method. -func (ipt *IPTables) ParseStat(stat []string) (parsed Stat, err error) { - // For forward-compatibility, expect at least 10 fields in the stat - if len(stat) < 10 { - return parsed, fmt.Errorf("stat contained fewer fields than expected") - } - - // Convert the fields that are not plain strings - parsed.Packets, err = strconv.ParseUint(stat[0], 0, 64) - if err != nil { - return parsed, fmt.Errorf(err.Error(), "could not parse packets") - } - parsed.Bytes, err = strconv.ParseUint(stat[1], 0, 64) - if err != nil { - return parsed, fmt.Errorf(err.Error(), "could not parse bytes") - } - _, parsed.Source, err = net.ParseCIDR(stat[7]) - if err != nil { - return parsed, fmt.Errorf(err.Error(), "could not parse source") - } - _, parsed.Destination, err = net.ParseCIDR(stat[8]) - if err != nil { - return parsed, fmt.Errorf(err.Error(), "could not parse destination") - } - - // Put the fields that are strings - parsed.Target = stat[2] - parsed.Protocol = stat[3] - parsed.Opt = stat[4] - parsed.Input = stat[5] - parsed.Output = stat[6] - parsed.Options = stat[9] - - return parsed, nil -} - -// StructuredStats returns statistics as structured data which may be further -// parsed and marshaled. -func (ipt *IPTables) StructuredStats(table, chain string) ([]Stat, error) { - rawStats, err := ipt.Stats(table, chain) - if err != nil { - return nil, err - } - - structStats := []Stat{} - for _, rawStat := range rawStats { - stat, err := ipt.ParseStat(rawStat) - if err != nil { - return nil, err - } - structStats = append(structStats, stat) - } - - return structStats, nil -} - -func (ipt *IPTables) executeList(args []string) ([]string, error) { - var stdout bytes.Buffer - if err := ipt.runWithOutput(args, &stdout); err != nil { - return nil, err - } - - rules := strings.Split(stdout.String(), "\n") - - // strip trailing newline - if len(rules) > 0 && rules[len(rules)-1] == "" { - rules = rules[:len(rules)-1] - } - - for i, rule := range rules { - rules[i] = filterRuleOutput(rule) - } - - return rules, nil -} - -// NewChain creates a new chain in the specified table. -// If the chain already exists, it will result in an error. -func (ipt *IPTables) NewChain(table, chain string) error { - return ipt.run("-t", table, "-N", chain) -} - -const existsErr = 1 - -// ClearChain flushed (deletes all rules) in the specified table/chain. -// If the chain does not exist, a new one will be created -func (ipt *IPTables) ClearChain(table, chain string) error { - err := ipt.NewChain(table, chain) - - eerr, eok := err.(*Error) - switch { - case err == nil: - return nil - case eok && eerr.ExitStatus() == existsErr: - // chain already exists. Flush (clear) it. - return ipt.run("-t", table, "-F", chain) - default: - return err - } -} - -// RenameChain renames the old chain to the new one. -func (ipt *IPTables) RenameChain(table, oldChain, newChain string) error { - return ipt.run("-t", table, "-E", oldChain, newChain) -} - -// DeleteChain deletes the chain in the specified table. -// The chain must be empty -func (ipt *IPTables) DeleteChain(table, chain string) error { - return ipt.run("-t", table, "-X", chain) -} - -func (ipt *IPTables) ClearAndDeleteChain(table, chain string) error { - exists, err := ipt.ChainExists(table, chain) - if err != nil || !exists { - return err - } - err = ipt.run("-t", table, "-F", chain) - if err == nil { - err = ipt.run("-t", table, "-X", chain) - } - return err -} - -// ChangePolicy changes policy on chain to target -func (ipt *IPTables) ChangePolicy(table, chain, target string) error { - return ipt.run("-t", table, "-P", chain, target) -} - -// Check if the underlying iptables command supports the --random-fully flag -func (ipt *IPTables) HasRandomFully() bool { - return ipt.hasRandomFully -} - -// Return version components of the underlying iptables command -func (ipt *IPTables) GetIptablesVersion() (int, int, int) { - return ipt.v1, ipt.v2, ipt.v3 -} - -// run runs an iptables command with the given arguments, ignoring -// any stdout output -func (ipt *IPTables) run(args ...string) error { - return ipt.runWithOutput(args, nil) -} - -// runWithOutput runs an iptables command with the given arguments, -// writing any stdout output to the given writer -func (ipt *IPTables) runWithOutput(args []string, stdout io.Writer) error { - args = append([]string{ipt.path}, args...) - if ipt.hasWait { - args = append(args, "--wait") - if ipt.timeout != 0 { - args = append(args, strconv.Itoa(ipt.timeout)) - } - } else { - fmu, err := newXtablesFileLock() - if err != nil { - return err - } - ul, err := fmu.tryLock() - if err != nil { - syscall.Close(fmu.fd) - return err - } - defer ul.Unlock() - } - - var stderr bytes.Buffer - cmd := exec.Cmd{ - Path: ipt.path, - Args: args, - Stdout: stdout, - Stderr: &stderr, - } - - if err := cmd.Run(); err != nil { - switch e := err.(type) { - case *exec.ExitError: - return &Error{*e, cmd, stderr.String(), nil} - default: - return err - } - } - - return nil -} - -// getIptablesCommand returns the correct command for the given protocol, either "iptables" or "ip6tables". -func getIptablesCommand(proto Protocol) string { - if proto == ProtocolIPv6 { - return "ip6tables" - } else { - return "iptables" - } -} - -// Checks if iptables has the "-C" and "--wait" flag -func getIptablesCommandSupport(v1 int, v2 int, v3 int) (bool, bool, bool) { - return iptablesHasCheckCommand(v1, v2, v3), iptablesHasWaitCommand(v1, v2, v3), iptablesHasRandomFully(v1, v2, v3) -} - -// getIptablesVersion returns the first three components of the iptables version -// and the operating mode (e.g. nf_tables or legacy) -// e.g. "iptables v1.3.66" would return (1, 3, 66, legacy, nil) -func extractIptablesVersion(str string) (int, int, int, string, error) { - versionMatcher := regexp.MustCompile(`v([0-9]+)\.([0-9]+)\.([0-9]+)(?:\s+\((\w+))?`) - result := versionMatcher.FindStringSubmatch(str) - if result == nil { - return 0, 0, 0, "", fmt.Errorf("no iptables version found in string: %s", str) - } - - v1, err := strconv.Atoi(result[1]) - if err != nil { - return 0, 0, 0, "", err - } - - v2, err := strconv.Atoi(result[2]) - if err != nil { - return 0, 0, 0, "", err - } - - v3, err := strconv.Atoi(result[3]) - if err != nil { - return 0, 0, 0, "", err - } - - mode := "legacy" - if result[4] != "" { - mode = result[4] - } - return v1, v2, v3, mode, nil -} - -// Runs "iptables --version" to get the version string -func getIptablesVersionString(path string) (string, error) { - cmd := exec.Command(path, "--version") - var out bytes.Buffer - cmd.Stdout = &out - err := cmd.Run() - if err != nil { - return "", err - } - return out.String(), nil -} - -// Checks if an iptables version is after 1.4.11, when --check was added -func iptablesHasCheckCommand(v1 int, v2 int, v3 int) bool { - if v1 > 1 { - return true - } - if v1 == 1 && v2 > 4 { - return true - } - if v1 == 1 && v2 == 4 && v3 >= 11 { - return true - } - return false -} - -// Checks if an iptables version is after 1.4.20, when --wait was added -func iptablesHasWaitCommand(v1 int, v2 int, v3 int) bool { - if v1 > 1 { - return true - } - if v1 == 1 && v2 > 4 { - return true - } - if v1 == 1 && v2 == 4 && v3 >= 20 { - return true - } - return false -} - -// Checks if an iptables version is after 1.6.2, when --random-fully was added -func iptablesHasRandomFully(v1 int, v2 int, v3 int) bool { - if v1 > 1 { - return true - } - if v1 == 1 && v2 > 6 { - return true - } - if v1 == 1 && v2 == 6 && v3 >= 2 { - return true - } - return false -} - -// Checks if a rule specification exists for a table -func (ipt *IPTables) existsForOldIptables(table, chain string, rulespec []string) (bool, error) { - rs := strings.Join(append([]string{"-A", chain}, rulespec...), " ") - args := []string{"-t", table, "-S"} - var stdout bytes.Buffer - err := ipt.runWithOutput(args, &stdout) - if err != nil { - return false, err - } - return strings.Contains(stdout.String(), rs), nil -} - -// counterRegex is the regex used to detect nftables counter format -var counterRegex = regexp.MustCompile(`^\[([0-9]+):([0-9]+)\] `) - -// filterRuleOutput works around some inconsistencies in output. -// For example, when iptables is in legacy vs. nftables mode, it produces -// different results. -func filterRuleOutput(rule string) string { - out := rule - - // work around an output difference in nftables mode where counters - // are output in iptables-save format, rather than iptables -S format - // The string begins with "[0:0]" - // - // Fixes #49 - if groups := counterRegex.FindStringSubmatch(out); groups != nil { - // drop the brackets - out = out[len(groups[0]):] - out = fmt.Sprintf("%s -c %s %s", out, groups[1], groups[2]) - } - - return out -} diff --git a/vendor/github.com/coreos/go-iptables/iptables/lock.go b/vendor/github.com/coreos/go-iptables/iptables/lock.go deleted file mode 100644 index a88e92b4e..000000000 --- a/vendor/github.com/coreos/go-iptables/iptables/lock.go +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package iptables - -import ( - "os" - "sync" - "syscall" -) - -const ( - // In earlier versions of iptables, the xtables lock was implemented - // via a Unix socket, but now flock is used via this lockfile: - // http://git.netfilter.org/iptables/commit/?id=aa562a660d1555b13cffbac1e744033e91f82707 - // Note the LSB-conforming "/run" directory does not exist on old - // distributions, so assume "/var" is symlinked - xtablesLockFilePath = "/var/run/xtables.lock" - - defaultFilePerm = 0600 -) - -type Unlocker interface { - Unlock() error -} - -type nopUnlocker struct{} - -func (_ nopUnlocker) Unlock() error { return nil } - -type fileLock struct { - // mu is used to protect against concurrent invocations from within this process - mu sync.Mutex - fd int -} - -// tryLock takes an exclusive lock on the xtables lock file without blocking. -// This is best-effort only: if the exclusive lock would block (i.e. because -// another process already holds it), no error is returned. Otherwise, any -// error encountered during the locking operation is returned. -// The returned Unlocker should be used to release the lock when the caller is -// done invoking iptables commands. -func (l *fileLock) tryLock() (Unlocker, error) { - l.mu.Lock() - err := syscall.Flock(l.fd, syscall.LOCK_EX|syscall.LOCK_NB) - switch err { - case syscall.EWOULDBLOCK: - l.mu.Unlock() - return nopUnlocker{}, nil - case nil: - return l, nil - default: - l.mu.Unlock() - return nil, err - } -} - -// Unlock closes the underlying file, which implicitly unlocks it as well. It -// also unlocks the associated mutex. -func (l *fileLock) Unlock() error { - defer l.mu.Unlock() - return syscall.Close(l.fd) -} - -// newXtablesFileLock opens a new lock on the xtables lockfile without -// acquiring the lock -func newXtablesFileLock() (*fileLock, error) { - fd, err := syscall.Open(xtablesLockFilePath, os.O_CREATE, defaultFilePerm) - if err != nil { - return nil, err - } - return &fileLock{fd: fd}, nil -} diff --git a/vendor/github.com/cri-o/ocicni/LICENSE b/vendor/github.com/cri-o/ocicni/LICENSE deleted file mode 100644 index 3fd703072..000000000 --- a/vendor/github.com/cri-o/ocicni/LICENSE +++ /dev/null @@ -1,191 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - Copyright 2016 Red Hat, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go deleted file mode 100644 index 90d5b6c50..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go +++ /dev/null @@ -1,870 +0,0 @@ -package ocicni - -import ( - "context" - "encoding/json" - "fmt" - "io/ioutil" - "net" - "os" - "path" - "path/filepath" - "sort" - "strings" - "sync" - - "github.com/containernetworking/cni/libcni" - cniinvoke "github.com/containernetworking/cni/pkg/invoke" - cnitypes "github.com/containernetworking/cni/pkg/types" - cnicurrent "github.com/containernetworking/cni/pkg/types/current" - cniversion "github.com/containernetworking/cni/pkg/version" - "github.com/fsnotify/fsnotify" - "github.com/sirupsen/logrus" -) - -type cniNetworkPlugin struct { - cniConfig *libcni.CNIConfig - - sync.RWMutex - defaultNetName netName - networks map[string]*cniNetwork - - nsManager *nsManager - confDir string - binDirs []string - - shutdownChan chan struct{} - watcher *fsnotify.Watcher - done *sync.WaitGroup - - // The pod map provides synchronization for a given pod's network - // operations. Each pod's setup/teardown/status operations - // are synchronized against each other, but network operations of other - // pods can proceed in parallel. - podsLock sync.Mutex - pods map[string]*podLock - - // For testcases - exec cniinvoke.Exec - cacheDir string -} - -type netName struct { - name string - changeable bool -} - -type cniNetwork struct { - name string - filePath string - config *libcni.NetworkConfigList -} - -var errMissingDefaultNetwork = "No CNI configuration file in %s. Has your network provider started?" - -type podLock struct { - // Count of in-flight operations for this pod; when this reaches zero - // the lock can be removed from the pod map - refcount uint - - // Lock to synchronize operations for this specific pod - mu sync.Mutex -} - -func buildFullPodName(podNetwork PodNetwork) string { - return podNetwork.Namespace + "_" + podNetwork.Name -} - -// Lock network operations for a specific pod. If that pod is not yet in -// the pod map, it will be added. The reference count for the pod will -// be increased. -func (plugin *cniNetworkPlugin) podLock(podNetwork PodNetwork) *sync.Mutex { - plugin.podsLock.Lock() - defer plugin.podsLock.Unlock() - - fullPodName := buildFullPodName(podNetwork) - lock, ok := plugin.pods[fullPodName] - if !ok { - lock = &podLock{} - plugin.pods[fullPodName] = lock - } - lock.refcount++ - return &lock.mu -} - -// Unlock network operations for a specific pod. The reference count for the -// pod will be decreased. If the reference count reaches zero, the pod will be -// removed from the pod map. -func (plugin *cniNetworkPlugin) podUnlock(podNetwork PodNetwork) { - plugin.podsLock.Lock() - defer plugin.podsLock.Unlock() - - fullPodName := buildFullPodName(podNetwork) - lock, ok := plugin.pods[fullPodName] - if !ok { - logrus.Errorf("Cannot find reference in refcount map for %s. Refcount cannot be determined.", fullPodName) - return - } else if lock.refcount == 0 { - // This should never ever happen, but handle it anyway - delete(plugin.pods, fullPodName) - logrus.Errorf("Pod lock for %s still in map with zero refcount", fullPodName) - return - } - lock.refcount-- - lock.mu.Unlock() - if lock.refcount == 0 { - delete(plugin.pods, fullPodName) - } -} - -func newWatcher(confDir string) (*fsnotify.Watcher, error) { - // Ensure plugin directory exists, because the following monitoring logic - // relies on that. - if err := os.MkdirAll(confDir, 0755); err != nil { - return nil, fmt.Errorf("failed to create directory %q: %v", confDir, err) - } - - watcher, err := fsnotify.NewWatcher() - if err != nil { - return nil, fmt.Errorf("failed to create new watcher %v", err) - } - defer func() { - // Close watcher on error - if err != nil { - watcher.Close() - } - }() - - if err = watcher.Add(confDir); err != nil { - return nil, fmt.Errorf("failed to add watch on %q: %v", confDir, err) - } - - return watcher, nil -} - -func (plugin *cniNetworkPlugin) monitorConfDir(start *sync.WaitGroup) { - start.Done() - plugin.done.Add(1) - defer plugin.done.Done() - for { - select { - case event := <-plugin.watcher.Events: - logrus.Infof("CNI monitoring event %v", event) - - var defaultDeleted bool - createWrite := (event.Op&fsnotify.Create == fsnotify.Create || - event.Op&fsnotify.Write == fsnotify.Write) - if event.Op&fsnotify.Remove == fsnotify.Remove { - // Care about the event if the default network - // was just deleted - defNet := plugin.getDefaultNetwork() - if defNet != nil && event.Name == defNet.filePath { - defaultDeleted = true - } - - } - if !createWrite && !defaultDeleted { - continue - } - - if err := plugin.syncNetworkConfig(); err != nil { - logrus.Errorf("CNI config loading failed, continue monitoring: %v", err) - continue - } - - case err := <-plugin.watcher.Errors: - if err == nil { - continue - } - logrus.Errorf("CNI monitoring error %v", err) - return - - case <-plugin.shutdownChan: - return - } - } -} - -// InitCNI takes a binary directory in which to search for CNI plugins, and -// a configuration directory in which to search for CNI JSON config files. -// If no valid CNI configs exist, network requests will fail until valid CNI -// config files are present in the config directory. -// If defaultNetName is not empty, a CNI config with that network name will -// be used as the default CNI network, and container network operations will -// fail until that network config is present and valid. -// If defaultNetName is empty, CNI config files should be reloaded real-time and -// defaultNetName should be changeable and determined by file sorting. -func InitCNI(defaultNetName string, confDir string, binDirs ...string) (CNIPlugin, error) { - return initCNI(nil, "", defaultNetName, confDir, true, binDirs...) -} - -// InitCNIWithCache works like InitCNI except that it takes the cni cache directory as third param. -func InitCNIWithCache(defaultNetName, confDir, cacheDir string, binDirs ...string) (CNIPlugin, error) { - return initCNI(nil, cacheDir, defaultNetName, confDir, true, binDirs...) -} - -// InitCNINoInotify works like InitCNI except that it does not use inotify to watch for changes in the CNI config dir. -func InitCNINoInotify(defaultNetName, confDir, cacheDir string, binDirs ...string) (CNIPlugin, error) { - return initCNI(nil, cacheDir, defaultNetName, confDir, false, binDirs...) -} - -// Internal function to allow faking out exec functions for testing -func initCNI(exec cniinvoke.Exec, cacheDir, defaultNetName string, confDir string, useInotify bool, binDirs ...string) (CNIPlugin, error) { - if confDir == "" { - confDir = DefaultConfDir - } - if len(binDirs) == 0 { - binDirs = []string{DefaultBinDir} - } - - plugin := &cniNetworkPlugin{ - cniConfig: libcni.NewCNIConfigWithCacheDir(binDirs, cacheDir, exec), - defaultNetName: netName{ - name: defaultNetName, - // If defaultNetName is not assigned in initialization, - // it should be changeable - changeable: defaultNetName == "", - }, - networks: make(map[string]*cniNetwork), - confDir: confDir, - binDirs: binDirs, - shutdownChan: make(chan struct{}), - done: &sync.WaitGroup{}, - pods: make(map[string]*podLock), - exec: exec, - cacheDir: cacheDir, - } - - if exec == nil { - exec = &cniinvoke.DefaultExec{ - RawExec: &cniinvoke.RawExec{Stderr: os.Stderr}, - PluginDecoder: cniversion.PluginDecoder{}, - } - } - - nsm, err := newNSManager() - if err != nil { - return nil, err - } - plugin.nsManager = nsm - - plugin.syncNetworkConfig() - - if useInotify { - plugin.watcher, err = newWatcher(plugin.confDir) - if err != nil { - return nil, err - } - - startWg := sync.WaitGroup{} - startWg.Add(1) - go plugin.monitorConfDir(&startWg) - startWg.Wait() - } - - return plugin, nil -} - -func (plugin *cniNetworkPlugin) Shutdown() error { - close(plugin.shutdownChan) - if plugin.watcher != nil { - plugin.watcher.Close() - } - plugin.done.Wait() - return nil -} - -func loadNetworks(confDir string, cni *libcni.CNIConfig) (map[string]*cniNetwork, string, error) { - files, err := libcni.ConfFiles(confDir, []string{".conf", ".conflist", ".json"}) - if err != nil { - return nil, "", err - } - - networks := make(map[string]*cniNetwork) - defaultNetName := "" - - sort.Strings(files) - for _, confFile := range files { - var confList *libcni.NetworkConfigList - if strings.HasSuffix(confFile, ".conflist") { - confList, err = libcni.ConfListFromFile(confFile) - if err != nil { - // do not log ENOENT errors - if !os.IsNotExist(err) { - logrus.Errorf("Error loading CNI config list file %s: %v", confFile, err) - } - continue - } - } else { - conf, err := libcni.ConfFromFile(confFile) - if err != nil { - // do not log ENOENT errors - if !os.IsNotExist(err) { - logrus.Errorf("Error loading CNI config file %s: %v", confFile, err) - } - continue - } - if conf.Network.Type == "" { - logrus.Warningf("Error loading CNI config file %s: no 'type'; perhaps this is a .conflist?", confFile) - continue - } - confList, err = libcni.ConfListFromConf(conf) - if err != nil { - logrus.Errorf("Error converting CNI config file %s to list: %v", confFile, err) - continue - } - } - if len(confList.Plugins) == 0 { - logrus.Infof("CNI config list %s has no networks, skipping", confFile) - continue - } - - // Validation on CNI config should be done to pre-check presence - // of plugins which are necessary. - if _, err := cni.ValidateNetworkList(context.TODO(), confList); err != nil { - logrus.Warningf("Error validating CNI config file %s: %v", confFile, err) - continue - } - - if confList.Name == "" { - confList.Name = path.Base(confFile) - } - - cniNet := &cniNetwork{ - name: confList.Name, - filePath: confFile, - config: confList, - } - - logrus.Infof("Found CNI network %s (type=%v) at %s", confList.Name, confList.Plugins[0].Network.Type, confFile) - - if _, ok := networks[confList.Name]; !ok { - networks[confList.Name] = cniNet - } else { - logrus.Infof("Ignored CNI network %s (type=%v) at %s because already exists", confList.Name, confList.Plugins[0].Network.Type, confFile) - } - - if defaultNetName == "" { - defaultNetName = confList.Name - } - } - - return networks, defaultNetName, nil -} - -const ( - loIfname string = "lo" -) - -func (plugin *cniNetworkPlugin) syncNetworkConfig() error { - networks, defaultNetName, err := loadNetworks(plugin.confDir, plugin.cniConfig) - if err != nil { - return err - } - - plugin.Lock() - defer plugin.Unlock() - - // Update defaultNetName if it is changeable - if plugin.defaultNetName.changeable { - plugin.defaultNetName.name = defaultNetName - logrus.Infof("Updated default CNI network name to %s", defaultNetName) - } else { - logrus.Debugf("Default CNI network name %s is unchangeable", plugin.defaultNetName.name) - } - - plugin.networks = networks - - return nil -} - -func (plugin *cniNetworkPlugin) getNetwork(name string) (*cniNetwork, error) { - plugin.RLock() - defer plugin.RUnlock() - net, ok := plugin.networks[name] - if !ok { - return nil, fmt.Errorf("CNI network %q not found", name) - } - return net, nil -} - -func (plugin *cniNetworkPlugin) GetDefaultNetworkName() string { - plugin.RLock() - defer plugin.RUnlock() - return plugin.defaultNetName.name -} - -func (plugin *cniNetworkPlugin) getDefaultNetwork() *cniNetwork { - defaultNetName := plugin.GetDefaultNetworkName() - if defaultNetName == "" { - return nil - } - network, _ := plugin.getNetwork(defaultNetName) - return network -} - -// networksAvailable returns an error if the pod requests no networks and the -// plugin has no default network, and thus the plugin has no idea what network -// to attach the pod to. -func (plugin *cniNetworkPlugin) networksAvailable(podNetwork *PodNetwork) error { - if len(podNetwork.Networks) == 0 && plugin.getDefaultNetwork() == nil { - return fmt.Errorf(errMissingDefaultNetwork, plugin.confDir) - } - return nil -} - -func (plugin *cniNetworkPlugin) Name() string { - return CNIPluginName -} - -func (plugin *cniNetworkPlugin) loadNetworkFromCache(name string, rt *libcni.RuntimeConf) (*cniNetwork, *libcni.RuntimeConf, error) { - cniNet := &cniNetwork{ - name: name, - config: &libcni.NetworkConfigList{ - Name: name, - }, - } - - var confBytes []byte - var err error - confBytes, rt, err = plugin.cniConfig.GetNetworkListCachedConfig(cniNet.config, rt) - if err != nil { - return nil, nil, err - } else if confBytes == nil { - return nil, nil, fmt.Errorf("network %q not found in CNI cache", name) - } - - cniNet.config, err = libcni.ConfListFromBytes(confBytes) - if err != nil { - // Might be a plain NetworkConfig - netConf, err := libcni.ConfFromBytes(confBytes) - if err != nil { - return nil, nil, err - } - // Up-convert to a NetworkConfigList - cniNet.config, err = libcni.ConfListFromConf(netConf) - if err != nil { - return nil, nil, err - } - } - - return cniNet, rt, nil -} - -type forEachNetworkFn func(*cniNetwork, *PodNetwork, *libcni.RuntimeConf) error - -func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, fromCache bool, actionFn forEachNetworkFn) error { - networks := podNetwork.Networks - if len(networks) == 0 { - networks = append(networks, NetAttachment{ - Name: plugin.GetDefaultNetworkName(), - }) - } - - allIfNames := make(map[string]bool) - for _, req := range networks { - if req.Ifname != "" { - // Make sure the requested name isn't already assigned - if allIfNames[req.Ifname] { - return fmt.Errorf("network %q requested interface name %q already assigned", req.Name, req.Ifname) - } - allIfNames[req.Ifname] = true - } - } - - for _, network := range networks { - ifName := network.Ifname - if ifName == "" { - for i := 0; i < 10000; i++ { - candidate := fmt.Sprintf("eth%d", i) - if !allIfNames[candidate] { - allIfNames[candidate] = true - ifName = candidate - break - } - } - if ifName == "" { - return fmt.Errorf("failed to find free interface name for network %q", network.Name) - } - } - - rt, err := buildCNIRuntimeConf(podNetwork, ifName, podNetwork.RuntimeConfig[network.Name]) - if err != nil { - logrus.Errorf("error building CNI runtime config: %v", err) - return err - } - - var cniNet *cniNetwork - if fromCache { - var newRt *libcni.RuntimeConf - cniNet, newRt, err = plugin.loadNetworkFromCache(network.Name, rt) - if err != nil { - logrus.Errorf("error loading cached network config: %v", err) - logrus.Warningf("falling back to loading from existing plugins on disk") - } else { - // Use the updated RuntimeConf - rt = newRt - } - } - if cniNet == nil { - cniNet, err = plugin.getNetwork(network.Name) - if err != nil { - // try to load the networks again - if err2 := plugin.syncNetworkConfig(); err2 != nil { - logrus.Error(err2) - return err - } - cniNet, err = plugin.getNetwork(network.Name) - if err != nil { - return err - } - } - } - - if err := actionFn(cniNet, podNetwork, rt); err != nil { - return err - } - } - return nil -} - -func (plugin *cniNetworkPlugin) SetUpPod(podNetwork PodNetwork) ([]NetResult, error) { - return plugin.SetUpPodWithContext(context.Background(), podNetwork) -} - -func (plugin *cniNetworkPlugin) SetUpPodWithContext(ctx context.Context, podNetwork PodNetwork) ([]NetResult, error) { - if err := plugin.networksAvailable(&podNetwork); err != nil { - return nil, err - } - - plugin.podLock(podNetwork).Lock() - defer plugin.podUnlock(podNetwork) - - // Set up loopback interface - if err := bringUpLoopback(podNetwork.NetNS); err != nil { - logrus.Errorf(err.Error()) - return nil, err - } - - results := make([]NetResult, 0) - if err := plugin.forEachNetwork(&podNetwork, false, func(network *cniNetwork, podNetwork *PodNetwork, rt *libcni.RuntimeConf) error { - fullPodName := buildFullPodName(*podNetwork) - logrus.Infof("Adding pod %s to CNI network %q (type=%v)", fullPodName, network.name, network.config.Plugins[0].Network.Type) - result, err := network.addToNetwork(ctx, rt, plugin.cniConfig) - if err != nil { - return fmt.Errorf("error adding pod %s to CNI network %q: %v", fullPodName, network.name, err) - } - results = append(results, NetResult{ - Result: result, - NetAttachment: NetAttachment{ - Name: network.name, - Ifname: rt.IfName, - }, - }) - return nil - }); err != nil { - return nil, err - } - - return results, nil -} - -func (plugin *cniNetworkPlugin) getCachedNetworkInfo(containerID string) ([]NetAttachment, error) { - cacheDir := libcni.CacheDir - if plugin.cacheDir != "" { - cacheDir = plugin.cacheDir - } - - dirPath := filepath.Join(cacheDir, "results") - entries, err := ioutil.ReadDir(dirPath) - if err != nil { - return nil, err - } - - fileNames := make([]string, 0, len(entries)) - for _, e := range entries { - fileNames = append(fileNames, e.Name()) - } - sort.Strings(fileNames) - - attachments := []NetAttachment{} - for _, fname := range fileNames { - part := fmt.Sprintf("-%s-", containerID) - pos := strings.Index(fname, part) - if pos <= 0 || pos+len(part) >= len(fname) { - continue - } - - cacheFile := filepath.Join(dirPath, fname) - bytes, err := ioutil.ReadFile(cacheFile) - if err != nil { - logrus.Errorf("failed to read CNI cache file %s: %v", cacheFile, err) - continue - } - - cachedInfo := struct { - Kind string `json:"kind"` - IfName string `json:"ifName"` - ContainerID string `json:"containerID"` - NetName string `json:"networkName"` - }{} - - if err := json.Unmarshal(bytes, &cachedInfo); err != nil { - logrus.Errorf("failed to unmarshal CNI cache file %s: %v", cacheFile, err) - continue - } - if cachedInfo.Kind != libcni.CNICacheV1 { - logrus.Warningf("unknown CNI cache file %s kind %q", cacheFile, cachedInfo.Kind) - continue - } - if cachedInfo.ContainerID != containerID { - continue - } - // Ignore the loopback interface; it's handled separately - if cachedInfo.IfName == loIfname && cachedInfo.NetName == "cni-loopback" { - continue - } - if cachedInfo.IfName == "" || cachedInfo.NetName == "" { - logrus.Warningf("missing CNI cache file %s ifname %q or netname %q", cacheFile, cachedInfo.IfName, cachedInfo.NetName) - continue - } - - attachments = append(attachments, NetAttachment{ - Name: cachedInfo.NetName, - Ifname: cachedInfo.IfName, - }) - } - return attachments, nil -} - -// TearDownPod tears down pod networks. Prefers cached pod attachment information -// but falls back to given network attachment information. -func (plugin *cniNetworkPlugin) TearDownPod(podNetwork PodNetwork) error { - return plugin.TearDownPodWithContext(context.Background(), podNetwork) -} - -func (plugin *cniNetworkPlugin) TearDownPodWithContext(ctx context.Context, podNetwork PodNetwork) error { - if len(podNetwork.Networks) == 0 { - attachments, err := plugin.getCachedNetworkInfo(podNetwork.ID) - if err == nil && len(attachments) > 0 { - podNetwork.Networks = attachments - } - } - - if err := plugin.networksAvailable(&podNetwork); err != nil { - return err - } - - plugin.podLock(podNetwork).Lock() - defer plugin.podUnlock(podNetwork) - - if err := tearDownLoopback(podNetwork.NetNS); err != nil { - // ignore error - logrus.Warningf("Ignoring error tearing down loopback interface: %v", err) - } - - return plugin.forEachNetwork(&podNetwork, true, func(network *cniNetwork, podNetwork *PodNetwork, rt *libcni.RuntimeConf) error { - fullPodName := buildFullPodName(*podNetwork) - logrus.Infof("Deleting pod %s from CNI network %q (type=%v)", fullPodName, network.name, network.config.Plugins[0].Network.Type) - if err := network.deleteFromNetwork(ctx, rt, plugin.cniConfig); err != nil { - return fmt.Errorf("error removing pod %s from CNI network %q: %v", fullPodName, network.name, err) - } - return nil - }) -} - -// GetPodNetworkStatus returns IP addressing and interface details for all -// networks attached to the pod. -func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]NetResult, error) { - return plugin.GetPodNetworkStatusWithContext(context.Background(), podNetwork) -} - -// GetPodNetworkStatusWithContext returns IP addressing and interface details for all -// networks attached to the pod. -func (plugin *cniNetworkPlugin) GetPodNetworkStatusWithContext(ctx context.Context, podNetwork PodNetwork) ([]NetResult, error) { - plugin.podLock(podNetwork).Lock() - defer plugin.podUnlock(podNetwork) - - if err := checkLoopback(podNetwork.NetNS); err != nil { - logrus.Errorf(err.Error()) - return nil, err - } - - results := make([]NetResult, 0) - if err := plugin.forEachNetwork(&podNetwork, true, func(network *cniNetwork, podNetwork *PodNetwork, rt *libcni.RuntimeConf) error { - fullPodName := buildFullPodName(*podNetwork) - logrus.Infof("Checking pod %s for CNI network %s (type=%v)", fullPodName, network.name, network.config.Plugins[0].Network.Type) - result, err := network.checkNetwork(ctx, rt, plugin.cniConfig, plugin.nsManager, podNetwork.NetNS) - if err != nil { - return fmt.Errorf("error checking pod %s for CNI network %q: %v", fullPodName, network.name, err) - } - if result != nil { - results = append(results, NetResult{ - Result: result, - NetAttachment: NetAttachment{ - Name: network.name, - Ifname: rt.IfName, - }, - }) - } - return nil - }); err != nil { - return nil, err - } - - return results, nil -} - -func (network *cniNetwork) addToNetwork(ctx context.Context, rt *libcni.RuntimeConf, cni *libcni.CNIConfig) (cnitypes.Result, error) { - return cni.AddNetworkList(ctx, network.config, rt) -} - -func (network *cniNetwork) checkNetwork(ctx context.Context, rt *libcni.RuntimeConf, cni *libcni.CNIConfig, nsManager *nsManager, netns string) (cnitypes.Result, error) { - gtet, err := cniversion.GreaterThanOrEqualTo(network.config.CNIVersion, "0.4.0") - if err != nil { - return nil, err - } - - var result cnitypes.Result - - // When CNIVersion supports Check, use it. Otherwise fall back on what was done initially. - if gtet { - err = cni.CheckNetworkList(ctx, network.config, rt) - logrus.Infof("Checking CNI network %s (config version=%v)", network.name, network.config.CNIVersion) - if err != nil { - logrus.Errorf("Error checking network: %v", err) - return nil, err - } - } - - result, err = cni.GetNetworkListCachedResult(network.config, rt) - if err != nil { - logrus.Errorf("Error getting network list cached result: %v", err) - return nil, err - } else if result != nil { - return result, nil - } - - // result doesn't exist, create one - logrus.Infof("Checking CNI network %s (config version=%v) nsManager=%v", network.name, network.config.CNIVersion, nsManager) - - var cniInterface *cnicurrent.Interface - ips := []*cnicurrent.IPConfig{} - errs := []error{} - for _, version := range []string{"4", "6"} { - ip, mac, err := getContainerDetails(nsManager, netns, rt.IfName, "-"+version) - if err == nil { - if cniInterface == nil { - cniInterface = &cnicurrent.Interface{ - Name: rt.IfName, - Mac: mac.String(), - Sandbox: netns, - } - } - ips = append(ips, &cnicurrent.IPConfig{ - Version: version, - Interface: cnicurrent.Int(0), - Address: *ip, - }) - } else { - errs = append(errs, err) - } - } - if cniInterface == nil || len(ips) == 0 { - return nil, fmt.Errorf("neither IPv4 nor IPv6 found when retrieving network status: %v", errs) - } - - result = &cnicurrent.Result{ - CNIVersion: network.config.CNIVersion, - Interfaces: []*cnicurrent.Interface{cniInterface}, - IPs: ips, - } - - // Result must be the same CNIVersion as the CNI config - converted, err := result.GetAsVersion(network.config.CNIVersion) - if err != nil { - return nil, err - } - - return converted, nil -} - -func (network *cniNetwork) deleteFromNetwork(ctx context.Context, rt *libcni.RuntimeConf, cni *libcni.CNIConfig) error { - return cni.DelNetworkList(ctx, network.config, rt) -} - -func buildCNIRuntimeConf(podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) { - logrus.Infof("Got pod network %+v", podNetwork) - - rt := &libcni.RuntimeConf{ - ContainerID: podNetwork.ID, - NetNS: podNetwork.NetNS, - IfName: ifName, - Args: [][2]string{ - {"IgnoreUnknown", "1"}, - {"K8S_POD_NAMESPACE", podNetwork.Namespace}, - {"K8S_POD_NAME", podNetwork.Name}, - {"K8S_POD_INFRA_CONTAINER_ID", podNetwork.ID}, - }, - CapabilityArgs: map[string]interface{}{}, - } - - // Propagate existing CNI_ARGS to non-k8s consumers - for _, kvpairs := range strings.Split(os.Getenv("CNI_ARGS"), ";") { - if keyval := strings.SplitN(kvpairs, "=", 2); len(keyval) == 2 { - rt.Args = append(rt.Args, [2]string{keyval[0], keyval[1]}) - } - } - - // Add requested static IP to CNI_ARGS - ip := runtimeConfig.IP - if ip != "" { - if tstIP := net.ParseIP(ip); tstIP == nil { - return nil, fmt.Errorf("unable to parse IP address %q", ip) - } - rt.Args = append(rt.Args, [2]string{"IP", ip}) - } - - // Add the requested static MAC to CNI_ARGS - mac := runtimeConfig.MAC - if mac != "" { - _, err := net.ParseMAC(mac) - if err != nil { - return nil, fmt.Errorf("unable to parse MAC address %q: %v", mac, err) - } - rt.Args = append(rt.Args, [2]string{"MAC", mac}) - } - - // Set PortMappings in Capabilities - if len(runtimeConfig.PortMappings) != 0 { - rt.CapabilityArgs["portMappings"] = runtimeConfig.PortMappings - } - - // Set Bandwidth in Capabilities - if runtimeConfig.Bandwidth != nil { - rt.CapabilityArgs["bandwidth"] = map[string]uint64{ - "ingressRate": runtimeConfig.Bandwidth.IngressRate, - "ingressBurst": runtimeConfig.Bandwidth.IngressBurst, - "egressRate": runtimeConfig.Bandwidth.EgressRate, - "egressBurst": runtimeConfig.Bandwidth.EgressBurst, - } - } - - // Set IpRanges in Capabilities - if len(runtimeConfig.IpRanges) > 0 { - rt.CapabilityArgs["ipRanges"] = runtimeConfig.IpRanges - } - - // Set Aliases in Capabilities - if len(podNetwork.Aliases) > 0 { - rt.CapabilityArgs["aliases"] = podNetwork.Aliases - } - return rt, nil -} - -func (plugin *cniNetworkPlugin) Status() error { - if plugin.getDefaultNetwork() == nil { - return fmt.Errorf(errMissingDefaultNetwork, plugin.confDir) - } - return nil -} diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go deleted file mode 100644 index 7326b4b40..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go +++ /dev/null @@ -1,152 +0,0 @@ -package ocicni - -import ( - "context" - - "github.com/containernetworking/cni/pkg/types" -) - -const ( - // DefaultInterfaceName is the string to be used for the interface name inside the net namespace - DefaultInterfaceName = "eth0" - // CNIPluginName is the default name of the plugin - CNIPluginName = "cni" -) - -// PortMapping maps to the standard CNI portmapping Capability -// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md -type PortMapping struct { - // HostPort is the port number on the host. - HostPort int32 `json:"hostPort"` - // ContainerPort is the port number inside the sandbox. - ContainerPort int32 `json:"containerPort"` - // Protocol is the protocol of the port mapping. - Protocol string `json:"protocol"` - // HostIP is the host ip to use. - HostIP string `json:"hostIP"` -} - -// IpRange maps to the standard CNI ipRanges Capability -// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md -type IpRange struct { - // Subnet is the whole CIDR - Subnet string `json:"subnet"` - // RangeStart is the first available IP in subnet - RangeStart string `json:"rangeStart,omitempty"` - // RangeEnd is the last available IP in subnet - RangeEnd string `json:"rangeEnd,omitempty"` - // Gateway is the gateway of subnet - Gateway string `json:"gateway,omitempty"` -} - -// RuntimeConfig is additional configuration for a single CNI network that -// is pod-specific rather than general to the network. -type RuntimeConfig struct { - // IP is a static IP to be specified in the network. Can only be used - // with the hostlocal IP allocator. If left unset, an IP will be - // dynamically allocated. - IP string - // MAC is a static MAC address to be assigned to the network interface. - // If left unset, a MAC will be dynamically allocated. - MAC string - // PortMappings is the port mapping of the sandbox. - PortMappings []PortMapping - // Bandwidth is the bandwidth limiting of the pod - Bandwidth *BandwidthConfig - // IpRanges is the ip range gather which is used for address allocation - IpRanges [][]IpRange -} - -// BandwidthConfig maps to the standard CNI bandwidth Capability -// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md -type BandwidthConfig struct { - // IngressRate is a limit for incoming traffic in bps - IngressRate uint64 - IngressBurst uint64 - - // EgressRate is a limit for outgoing traffic in bps - EgressRate uint64 - EgressBurst uint64 -} - -// PodNetwork configures the network of a pod sandbox. -type PodNetwork struct { - // Name is the name of the sandbox. - Name string - // Namespace is the namespace of the sandbox. - Namespace string - // ID is the id of the sandbox container. - ID string - // NetNS is the network namespace path of the sandbox. - NetNS string - - // Networks is a list of CNI network names (and optional interface - // names) to attach to the sandbox. Leave this list empty to attach the - // default network to the sandbox - Networks []NetAttachment - - // NetworkConfig is configuration specific to a single CNI network. - // It is optional, and can be omitted for some or all specified networks - // without issue. - RuntimeConfig map[string]RuntimeConfig - - // Aliases are network-scoped names for resolving a container - // by name. The key value is the network name and the value is - // is a string slice of aliases - Aliases map[string][]string -} - -// NetAttachment describes a container network attachment -type NetAttachment struct { - // NetName contains the name of the CNI network to which the container - // should be or is attached - Name string - // Ifname contains the optional interface name of the attachment - Ifname string -} - -// NetResult contains the result the network attachment operation -type NetResult struct { - // Result is the CNI Result - Result types.Result - // NetAttachment contains the network and interface names of this - // network attachment - NetAttachment -} - -// CNIPlugin is the interface that needs to be implemented by a plugin -type CNIPlugin interface { - // Name returns the plugin's name. This will be used when searching - // for a plugin by name, e.g. - Name() string - - // GetDefaultNetworkName returns the name of the plugin's default - // network. - GetDefaultNetworkName() string - - // SetUpPod is the method called after the sandbox container of - // the pod has been created but before the other containers of the - // pod are launched. - SetUpPod(network PodNetwork) ([]NetResult, error) - - // SetUpPodWithContext is the same as SetUpPod but takes a context - SetUpPodWithContext(ctx context.Context, network PodNetwork) ([]NetResult, error) - - // TearDownPod is the method called before a pod's sandbox container will be deleted - TearDownPod(network PodNetwork) error - - // TearDownPodWithContext is the same as TearDownPod but takes a context - TearDownPodWithContext(ctx context.Context, network PodNetwork) error - - // GetPodNetworkStatus is the method called to obtain the ipv4 or ipv6 addresses of the pod sandbox - GetPodNetworkStatus(network PodNetwork) ([]NetResult, error) - - // GetPodNetworkStatusWithContext is the same as GetPodNetworkStatus but takes a context - GetPodNetworkStatusWithContext(ctx context.Context, network PodNetwork) ([]NetResult, error) - - // NetworkStatus returns error if the network plugin is in error state - Status() error - - // Shutdown terminates all driver operations - Shutdown() error -} diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types_unix.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/types_unix.go deleted file mode 100644 index 88010f737..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types_unix.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build !windows - -package ocicni - -const ( - // DefaultConfDir is the default place to look for CNI Network - DefaultConfDir = "/etc/cni/net.d" - // DefaultBinDir is the default place to look for CNI config files - DefaultBinDir = "/opt/cni/bin" -) diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types_windows.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/types_windows.go deleted file mode 100644 index 061ecae5c..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types_windows.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build windows - -package ocicni - -const ( - // DefaultConfDir is the default place to look for CNI Network - DefaultConfDir = "C:\\cni\\etc\\net.d" - // DefaultBinDir is the default place to look for cni config files - DefaultBinDir = "C:\\cni\\bin" -) diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/util.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/util.go deleted file mode 100644 index 2af786593..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/util.go +++ /dev/null @@ -1,8 +0,0 @@ -package ocicni - -// newNSManager initializes a new namespace manager, which is a platform dependent struct. -func newNSManager() (*nsManager, error) { - nsm := &nsManager{} - err := nsm.init() - return nsm, err -} diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/util_linux.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/util_linux.go deleted file mode 100644 index 53c22f83f..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/util_linux.go +++ /dev/null @@ -1,150 +0,0 @@ -// +build linux - -package ocicni - -import ( - "fmt" - "net" - "os/exec" - "strings" - - "github.com/containernetworking/plugins/pkg/ns" - "github.com/vishvananda/netlink" -) - -var defaultNamespaceEnterCommandName = "nsenter" - -type nsManager struct { - nsenterPath string -} - -func (nsm *nsManager) init() error { - var err error - nsm.nsenterPath, err = exec.LookPath(defaultNamespaceEnterCommandName) - return err -} - -func getContainerDetails(nsm *nsManager, netnsPath, interfaceName, addrType string) (*net.IPNet, *net.HardwareAddr, error) { - // Try to retrieve ip inside container network namespace - output, err := exec.Command(nsm.nsenterPath, fmt.Sprintf("--net=%s", netnsPath), "-F", "--", - "ip", "-o", addrType, "addr", "show", "dev", interfaceName, "scope", "global").CombinedOutput() - if err != nil { - return nil, nil, fmt.Errorf("Unexpected command output %s with error: %v", output, err) - } - - lines := strings.Split(string(output), "\n") - if len(lines) < 1 { - return nil, nil, fmt.Errorf("Unexpected command output %s", output) - } - fields := strings.Fields(lines[0]) - if len(fields) < 4 { - return nil, nil, fmt.Errorf("Unexpected address output %s ", lines[0]) - } - ip, ipNet, err := net.ParseCIDR(fields[3]) - if err != nil { - return nil, nil, fmt.Errorf("CNI failed to parse ip from output %s due to %v", output, err) - } - if ip.To4() == nil { - ipNet.IP = ip - } else { - ipNet.IP = ip.To4() - } - - // Try to retrieve MAC inside container network namespace - output, err = exec.Command(nsm.nsenterPath, fmt.Sprintf("--net=%s", netnsPath), "-F", "--", - "ip", "link", "show", "dev", interfaceName).CombinedOutput() - if err != nil { - return nil, nil, fmt.Errorf("unexpected 'ip link' command output %s with error: %v", output, err) - } - - lines = strings.Split(string(output), "\n") - if len(lines) < 2 { - return nil, nil, fmt.Errorf("unexpected 'ip link' command output %s", output) - } - fields = strings.Fields(lines[1]) - if len(fields) < 4 { - return nil, nil, fmt.Errorf("unexpected link output %s ", lines[0]) - } - mac, err := net.ParseMAC(fields[1]) - if err != nil { - return nil, nil, fmt.Errorf("failed to parse MAC from output %s due to %v", output, err) - } - - return ipNet, &mac, nil -} - -func tearDownLoopback(netns string) error { - return ns.WithNetNSPath(netns, func(_ ns.NetNS) error { - link, err := netlink.LinkByName(loIfname) - if err != nil { - return err // not tested - } - err = netlink.LinkSetDown(link) - if err != nil { - return err // not tested - } - return nil - }) -} - -func bringUpLoopback(netns string) error { - if err := ns.WithNetNSPath(netns, func(_ ns.NetNS) error { - link, err := netlink.LinkByName(loIfname) - if err == nil { - err = netlink.LinkSetUp(link) - } - if err != nil { - return err - } - - v4Addrs, err := netlink.AddrList(link, netlink.FAMILY_V4) - if err != nil { - return err - } - if len(v4Addrs) != 0 { - // sanity check that this is a loopback address - for _, addr := range v4Addrs { - if !addr.IP.IsLoopback() { - return fmt.Errorf("loopback interface found with non-loopback address %q", addr.IP) - } - } - } - - v6Addrs, err := netlink.AddrList(link, netlink.FAMILY_V6) - if err != nil { - return err - } - if len(v6Addrs) != 0 { - // sanity check that this is a loopback address - for _, addr := range v6Addrs { - if !addr.IP.IsLoopback() { - return fmt.Errorf("loopback interface found with non-loopback address %q", addr.IP) - } - } - } - - return nil - }); err != nil { - return fmt.Errorf("error adding loopback interface: %s", err) - } - return nil -} - -func checkLoopback(netns string) error { - // Make sure loopback interface is up - if err := ns.WithNetNSPath(netns, func(_ ns.NetNS) error { - link, err := netlink.LinkByName(loIfname) - if err != nil { - return err - } - - if link.Attrs().Flags&net.FlagUp != net.FlagUp { - return fmt.Errorf("loopback interface is down") - } - - return nil - }); err != nil { - return fmt.Errorf("error checking loopback interface: %v", err) - } - return nil -} diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/util_unsupported.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/util_unsupported.go deleted file mode 100644 index b87f0d373..000000000 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/util_unsupported.go +++ /dev/null @@ -1,34 +0,0 @@ -// +build !linux - -package ocicni - -import ( - "errors" - "net" -) - -type nsManager struct { -} - -var errUnsupportedPlatform = errors.New("unsupported platform") - -func (nsm *nsManager) init() error { - return nil -} - -func getContainerDetails(nsm *nsManager, netnsPath, interfaceName, addrType string) (*net.IPNet, *net.HardwareAddr, error) { - return nil, nil, errUnsupportedPlatform -} - -func tearDownLoopback(netns string) error { - return errUnsupportedPlatform -} - -func bringUpLoopback(netns string) error { - return errUnsupportedPlatform -} - -func checkLoopback(netns string) error { - return errUnsupportedPlatform - -} diff --git a/vendor/github.com/safchain/ethtool/.gitignore b/vendor/github.com/safchain/ethtool/.gitignore deleted file mode 100644 index db6cadffd..000000000 --- a/vendor/github.com/safchain/ethtool/.gitignore +++ /dev/null @@ -1,27 +0,0 @@ -# Compiled Object files, Static and Dynamic libs (Shared Objects) -*.o -*.a -*.so - -# Folders -_obj -_test - -# Architecture specific extensions/prefixes -*.[568vq] -[568vq].out - -*.cgo1.go -*.cgo2.c -_cgo_defun.c -_cgo_gotypes.go -_cgo_export.* - -_testmain.go - -*.exe -*.test -*.prof - -# Skip compiled example binary file -/example/example diff --git a/vendor/github.com/safchain/ethtool/.travis.yml b/vendor/github.com/safchain/ethtool/.travis.yml deleted file mode 100644 index 4f2ee4d97..000000000 --- a/vendor/github.com/safchain/ethtool/.travis.yml +++ /dev/null @@ -1 +0,0 @@ -language: go diff --git a/vendor/github.com/safchain/ethtool/LICENSE b/vendor/github.com/safchain/ethtool/LICENSE deleted file mode 100644 index 8f71f43fe..000000000 --- a/vendor/github.com/safchain/ethtool/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/vendor/github.com/safchain/ethtool/Makefile b/vendor/github.com/safchain/ethtool/Makefile deleted file mode 100644 index 67d2da395..000000000 --- a/vendor/github.com/safchain/ethtool/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -all: build - -build: - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build diff --git a/vendor/github.com/safchain/ethtool/README.md b/vendor/github.com/safchain/ethtool/README.md deleted file mode 100644 index 1f146229c..000000000 --- a/vendor/github.com/safchain/ethtool/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# ethtool go package # - -[![Build Status](https://travis-ci.org/safchain/ethtool.png?branch=master)](https://travis-ci.org/safchain/ethtool) -[![GoDoc](https://godoc.org/github.com/safchain/ethtool?status.svg)](https://godoc.org/github.com/safchain/ethtool) - -The ethtool package aims to provide a library giving a simple access to the Linux SIOCETHTOOL ioctl operations. It can be used to retrieve informations from a network device like statistics, driver related informations or even the peer of a VETH interface. - -## Build and Test ## - -go get command: - - go get github.com/safchain/ethtool - -Testing - -In order to run te - - go test github.com/safchain/ethtool - -## Examples ## - -```go -package main - -import ( - "fmt" - - "github.com/safchain/ethtool" -) - -func main() { - ethHandle, err := ethtool.NewEthtool() - if err != nil { - panic(err.Error()) - } - defer ethHandle.Close() - - // Retrieve tx from eth0 - stats, err := ethHandle.Stats("eth0") - if err != nil { - panic(err.Error()) - } - fmt.Printf("TX: %d\n", stats["tx_bytes"]) - - // Retrieve peer index of a veth interface - stats, err = ethHandle.Stats("veth0") - if err != nil { - panic(err.Error()) - } - fmt.Printf("Peer Index: %d\n", stats["peer_ifindex"]) -} -``` - -## LICENSE ## - -Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. diff --git a/vendor/github.com/safchain/ethtool/ethtool.go b/vendor/github.com/safchain/ethtool/ethtool.go deleted file mode 100644 index 8dcc78c05..000000000 --- a/vendor/github.com/safchain/ethtool/ethtool.go +++ /dev/null @@ -1,541 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -// Package ethtool aims to provide a library giving a simple access to the -// Linux SIOCETHTOOL ioctl operations. It can be used to retrieve informations -// from a network device like statistics, driver related informations or -// even the peer of a VETH interface. -package ethtool - -import ( - "bytes" - "encoding/hex" - "fmt" - "strings" - "syscall" - "unsafe" -) - -// Maximum size of an interface name -const ( - IFNAMSIZ = 16 -) - -// ioctl ethtool request -const ( - SIOCETHTOOL = 0x8946 -) - -// ethtool stats related constants. -const ( - ETH_GSTRING_LEN = 32 - ETH_SS_STATS = 1 - ETH_SS_FEATURES = 4 - ETHTOOL_GDRVINFO = 0x00000003 - ETHTOOL_GSTRINGS = 0x0000001b - ETHTOOL_GSTATS = 0x0000001d - // other CMDs from ethtool-copy.h of ethtool-3.5 package - ETHTOOL_GSET = 0x00000001 /* Get settings. */ - ETHTOOL_SSET = 0x00000002 /* Set settings. */ - ETHTOOL_GMSGLVL = 0x00000007 /* Get driver message level */ - ETHTOOL_SMSGLVL = 0x00000008 /* Set driver msg level. */ - /* Get link status for host, i.e. whether the interface *and* the - * physical port (if there is one) are up (ethtool_value). */ - ETHTOOL_GLINK = 0x0000000a - ETHTOOL_GMODULEINFO = 0x00000042 /* Get plug-in module information */ - ETHTOOL_GMODULEEEPROM = 0x00000043 /* Get plug-in module eeprom */ - ETHTOOL_GPERMADDR = 0x00000020 - ETHTOOL_GFEATURES = 0x0000003a /* Get device offload settings */ - ETHTOOL_SFEATURES = 0x0000003b /* Change device offload settings */ - ETHTOOL_GFLAGS = 0x00000025 /* Get flags bitmap(ethtool_value) */ - ETHTOOL_GSSET_INFO = 0x00000037 /* Get string set info */ -) - -// MAX_GSTRINGS maximum number of stats entries that ethtool can -// retrieve currently. -const ( - MAX_GSTRINGS = 1000 - MAX_FEATURE_BLOCKS = (MAX_GSTRINGS + 32 - 1) / 32 - EEPROM_LEN = 640 - PERMADDR_LEN = 32 -) - -type ifreq struct { - ifr_name [IFNAMSIZ]byte - ifr_data uintptr -} - -// following structures comes from uapi/linux/ethtool.h -type ethtoolSsetInfo struct { - cmd uint32 - reserved uint32 - sset_mask uint32 - data uintptr -} - -type ethtoolGetFeaturesBlock struct { - available uint32 - requested uint32 - active uint32 - never_changed uint32 -} - -type ethtoolGfeatures struct { - cmd uint32 - size uint32 - blocks [MAX_FEATURE_BLOCKS]ethtoolGetFeaturesBlock -} - -type ethtoolSetFeaturesBlock struct { - valid uint32 - requested uint32 -} - -type ethtoolSfeatures struct { - cmd uint32 - size uint32 - blocks [MAX_FEATURE_BLOCKS]ethtoolSetFeaturesBlock -} - -type ethtoolDrvInfo struct { - cmd uint32 - driver [32]byte - version [32]byte - fw_version [32]byte - bus_info [32]byte - erom_version [32]byte - reserved2 [12]byte - n_priv_flags uint32 - n_stats uint32 - testinfo_len uint32 - eedump_len uint32 - regdump_len uint32 -} - -type ethtoolGStrings struct { - cmd uint32 - string_set uint32 - len uint32 - data [MAX_GSTRINGS * ETH_GSTRING_LEN]byte -} - -type ethtoolStats struct { - cmd uint32 - n_stats uint32 - data [MAX_GSTRINGS]uint64 -} - -type ethtoolEeprom struct { - cmd uint32 - magic uint32 - offset uint32 - len uint32 - data [EEPROM_LEN]byte -} - -type ethtoolModInfo struct { - cmd uint32 - tpe uint32 - eeprom_len uint32 - reserved [8]uint32 -} - -type ethtoolLink struct { - cmd uint32 - data uint32 -} - -type ethtoolPermAddr struct { - cmd uint32 - size uint32 - data [PERMADDR_LEN]byte -} - -type Ethtool struct { - fd int -} - -// DriverName returns the driver name of the given interface name. -func (e *Ethtool) DriverName(intf string) (string, error) { - info, err := e.getDriverInfo(intf) - if err != nil { - return "", err - } - return string(bytes.Trim(info.driver[:], "\x00")), nil -} - -// BusInfo returns the bus information of the given interface name. -func (e *Ethtool) BusInfo(intf string) (string, error) { - info, err := e.getDriverInfo(intf) - if err != nil { - return "", err - } - return string(bytes.Trim(info.bus_info[:], "\x00")), nil -} - -// ModuleEeprom returns Eeprom information of the given interface name. -func (e *Ethtool) ModuleEeprom(intf string) ([]byte, error) { - eeprom, _, err := e.getModuleEeprom(intf) - if err != nil { - return nil, err - } - - return eeprom.data[:eeprom.len], nil -} - -// ModuleEeprom returns Eeprom information of the given interface name. -func (e *Ethtool) ModuleEepromHex(intf string) (string, error) { - eeprom, _, err := e.getModuleEeprom(intf) - if err != nil { - return "", err - } - - return hex.EncodeToString(eeprom.data[:eeprom.len]), nil -} - -// DriverInfo returns driver information of the given interface name. -func (e *Ethtool) DriverInfo(intf string) (ethtoolDrvInfo, error) { - drvInfo, err := e.getDriverInfo(intf) - if err != nil { - return ethtoolDrvInfo{}, err - } - - return drvInfo, nil -} - -// PermAddr returns permanent address of the given interface name. -func (e *Ethtool) PermAddr(intf string) (string, error) { - permAddr, err := e.getPermAddr(intf) - if err != nil { - return "", err - } - - if permAddr.data[0] == 0 && permAddr.data[1] == 0 && - permAddr.data[2] == 0 && permAddr.data[3] == 0 && - permAddr.data[4] == 0 && permAddr.data[5] == 0 { - return "", nil - } - - return fmt.Sprintf("%x:%x:%x:%x:%x:%x", - permAddr.data[0:1], - permAddr.data[1:2], - permAddr.data[2:3], - permAddr.data[3:4], - permAddr.data[4:5], - permAddr.data[5:6], - ), nil -} - -func (e *Ethtool) ioctl(intf string, data uintptr) error { - var name [IFNAMSIZ]byte - copy(name[:], []byte(intf)) - - ifr := ifreq{ - ifr_name: name, - ifr_data: data, - } - - _, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return syscall.Errno(ep) - } - - return nil -} - -func (e *Ethtool) getDriverInfo(intf string) (ethtoolDrvInfo, error) { - drvinfo := ethtoolDrvInfo{ - cmd: ETHTOOL_GDRVINFO, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&drvinfo))); err != nil { - return ethtoolDrvInfo{}, err - } - - return drvinfo, nil -} - -func (e *Ethtool) getPermAddr(intf string) (ethtoolPermAddr, error) { - permAddr := ethtoolPermAddr{ - cmd: ETHTOOL_GPERMADDR, - size: PERMADDR_LEN, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&permAddr))); err != nil { - return ethtoolPermAddr{}, err - } - - return permAddr, nil -} - -func (e *Ethtool) getModuleEeprom(intf string) (ethtoolEeprom, ethtoolModInfo, error) { - modInfo := ethtoolModInfo{ - cmd: ETHTOOL_GMODULEINFO, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&modInfo))); err != nil { - return ethtoolEeprom{}, ethtoolModInfo{}, err - } - - eeprom := ethtoolEeprom{ - cmd: ETHTOOL_GMODULEEEPROM, - len: modInfo.eeprom_len, - offset: 0, - } - - if modInfo.eeprom_len > EEPROM_LEN { - return ethtoolEeprom{}, ethtoolModInfo{}, fmt.Errorf("eeprom size: %d is larger than buffer size: %d", modInfo.eeprom_len, EEPROM_LEN) - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&eeprom))); err != nil { - return ethtoolEeprom{}, ethtoolModInfo{}, err - } - - return eeprom, modInfo, nil -} - -func isFeatureBitSet(blocks [MAX_FEATURE_BLOCKS]ethtoolGetFeaturesBlock, index uint) bool { - return (blocks)[index/32].active&(1<<(index%32)) != 0 -} - -func setFeatureBit(blocks *[MAX_FEATURE_BLOCKS]ethtoolSetFeaturesBlock, index uint, value bool) { - blockIndex, bitIndex := index/32, index%32 - - blocks[blockIndex].valid |= 1 << bitIndex - - if value { - blocks[blockIndex].requested |= 1 << bitIndex - } else { - blocks[blockIndex].requested &= ^(1 << bitIndex) - } -} - -// FeatureNames shows supported features by their name. -func (e *Ethtool) FeatureNames(intf string) (map[string]uint, error) { - ssetInfo := ethtoolSsetInfo{ - cmd: ETHTOOL_GSSET_INFO, - sset_mask: 1 << ETH_SS_FEATURES, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&ssetInfo))); err != nil { - return nil, err - } - - length := uint32(ssetInfo.data) - if length == 0 { - return map[string]uint{}, nil - } else if length > MAX_GSTRINGS { - return nil, fmt.Errorf("ethtool currently doesn't support more than %d entries, received %d", MAX_GSTRINGS, length) - } - - gstrings := ethtoolGStrings{ - cmd: ETHTOOL_GSTRINGS, - string_set: ETH_SS_FEATURES, - len: length, - data: [MAX_GSTRINGS * ETH_GSTRING_LEN]byte{}, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&gstrings))); err != nil { - return nil, err - } - - var result = make(map[string]uint) - for i := 0; i != int(length); i++ { - b := gstrings.data[i*ETH_GSTRING_LEN : i*ETH_GSTRING_LEN+ETH_GSTRING_LEN] - key := string(bytes.Trim(b, "\x00")) - if key != "" { - result[key] = uint(i) - } - } - - return result, nil -} - -// Features retrieves features of the given interface name. -func (e *Ethtool) Features(intf string) (map[string]bool, error) { - names, err := e.FeatureNames(intf) - if err != nil { - return nil, err - } - - length := uint32(len(names)) - if length == 0 { - return map[string]bool{}, nil - } - - features := ethtoolGfeatures{ - cmd: ETHTOOL_GFEATURES, - size: (length + 32 - 1) / 32, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&features))); err != nil { - return nil, err - } - - var result = make(map[string]bool, length) - for key, index := range names { - result[key] = isFeatureBitSet(features.blocks, index) - } - - return result, nil -} - -// Change requests a change in the given device's features. -func (e *Ethtool) Change(intf string, config map[string]bool) error { - names, err := e.FeatureNames(intf) - if err != nil { - return err - } - - length := uint32(len(names)) - - features := ethtoolSfeatures{ - cmd: ETHTOOL_SFEATURES, - size: (length + 32 - 1) / 32, - } - - for key, value := range config { - if index, ok := names[key]; ok { - setFeatureBit(&features.blocks, index, value) - } else { - return fmt.Errorf("unsupported feature %q", key) - } - } - - return e.ioctl(intf, uintptr(unsafe.Pointer(&features))) -} - -// Get state of a link. -func (e *Ethtool) LinkState(intf string) (uint32, error) { - x := ethtoolLink{ - cmd: ETHTOOL_GLINK, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&x))); err != nil { - return 0, err - } - - return x.data, nil -} - -// Stats retrieves stats of the given interface name. -func (e *Ethtool) Stats(intf string) (map[string]uint64, error) { - drvinfo := ethtoolDrvInfo{ - cmd: ETHTOOL_GDRVINFO, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&drvinfo))); err != nil { - return nil, err - } - - if drvinfo.n_stats*ETH_GSTRING_LEN > MAX_GSTRINGS*ETH_GSTRING_LEN { - return nil, fmt.Errorf("ethtool currently doesn't support more than %d entries, received %d", MAX_GSTRINGS, drvinfo.n_stats) - } - - gstrings := ethtoolGStrings{ - cmd: ETHTOOL_GSTRINGS, - string_set: ETH_SS_STATS, - len: drvinfo.n_stats, - data: [MAX_GSTRINGS * ETH_GSTRING_LEN]byte{}, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&gstrings))); err != nil { - return nil, err - } - - stats := ethtoolStats{ - cmd: ETHTOOL_GSTATS, - n_stats: drvinfo.n_stats, - data: [MAX_GSTRINGS]uint64{}, - } - - if err := e.ioctl(intf, uintptr(unsafe.Pointer(&stats))); err != nil { - return nil, err - } - - var result = make(map[string]uint64) - for i := 0; i != int(drvinfo.n_stats); i++ { - b := gstrings.data[i*ETH_GSTRING_LEN : i*ETH_GSTRING_LEN+ETH_GSTRING_LEN] - key := string(b[:strings.Index(string(b), "\x00")]) - if len(key) != 0 { - result[key] = stats.data[i] - } - } - - return result, nil -} - -// Close closes the ethool handler -func (e *Ethtool) Close() { - syscall.Close(e.fd) -} - -// NewEthtool returns a new ethtool handler -func NewEthtool() (*Ethtool, error) { - fd, err := syscall.Socket(syscall.AF_INET, syscall.SOCK_DGRAM, syscall.IPPROTO_IP) - if err != nil { - return nil, err - } - - return &Ethtool{ - fd: int(fd), - }, nil -} - -// BusInfo returns bus information of the given interface name. -func BusInfo(intf string) (string, error) { - e, err := NewEthtool() - if err != nil { - return "", err - } - defer e.Close() - return e.BusInfo(intf) -} - -// DriverName returns the driver name of the given interface name. -func DriverName(intf string) (string, error) { - e, err := NewEthtool() - if err != nil { - return "", err - } - defer e.Close() - return e.DriverName(intf) -} - -// Stats retrieves stats of the given interface name. -func Stats(intf string) (map[string]uint64, error) { - e, err := NewEthtool() - if err != nil { - return nil, err - } - defer e.Close() - return e.Stats(intf) -} - -// PermAddr returns permanent address of the given interface name. -func PermAddr(intf string) (string, error) { - e, err := NewEthtool() - if err != nil { - return "", err - } - defer e.Close() - return e.PermAddr(intf) -} diff --git a/vendor/github.com/safchain/ethtool/ethtool_cmd.go b/vendor/github.com/safchain/ethtool/ethtool_cmd.go deleted file mode 100644 index d0c35e476..000000000 --- a/vendor/github.com/safchain/ethtool/ethtool_cmd.go +++ /dev/null @@ -1,207 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -// Package ethtool aims to provide a library giving a simple access to the -// Linux SIOCETHTOOL ioctl operations. It can be used to retrieve informations -// from a network device like statistics, driver related informations or -// even the peer of a VETH interface. -package ethtool - -import ( - "math" - "reflect" - "syscall" - "unsafe" -) - -type EthtoolCmd struct { /* ethtool.c: struct ethtool_cmd */ - Cmd uint32 - Supported uint32 - Advertising uint32 - Speed uint16 - Duplex uint8 - Port uint8 - Phy_address uint8 - Transceiver uint8 - Autoneg uint8 - Mdio_support uint8 - Maxtxpkt uint32 - Maxrxpkt uint32 - Speed_hi uint16 - Eth_tp_mdix uint8 - Reserved2 uint8 - Lp_advertising uint32 - Reserved [2]uint32 -} - -// CmdGet returns the interface settings in the receiver struct -// and returns speed -func (ecmd *EthtoolCmd) CmdGet(intf string) (uint32, error) { - e, err := NewEthtool() - if err != nil { - return 0, err - } - defer e.Close() - return e.CmdGet(ecmd, intf) -} - -// CmdSet sets and returns the settings in the receiver struct -// and returns speed -func (ecmd *EthtoolCmd) CmdSet(intf string) (uint32, error) { - e, err := NewEthtool() - if err != nil { - return 0, err - } - defer e.Close() - return e.CmdSet(ecmd, intf) -} - -func (f *EthtoolCmd) reflect(retv *map[string]uint64) { - val := reflect.ValueOf(f).Elem() - - for i := 0; i < val.NumField(); i++ { - valueField := val.Field(i) - typeField := val.Type().Field(i) - - t := valueField.Interface() - //tt := reflect.TypeOf(t) - //fmt.Printf(" t %T %v tt %T %v\n", t, t, tt, tt) - switch t.(type) { - case uint32: - //fmt.Printf(" t is uint32\n") - (*retv)[typeField.Name] = uint64(t.(uint32)) - case uint16: - (*retv)[typeField.Name] = uint64(t.(uint16)) - case uint8: - (*retv)[typeField.Name] = uint64(t.(uint8)) - case int32: - (*retv)[typeField.Name] = uint64(t.(int32)) - case int16: - (*retv)[typeField.Name] = uint64(t.(int16)) - case int8: - (*retv)[typeField.Name] = uint64(t.(int8)) - default: - (*retv)[typeField.Name+"_unknown_type"] = 0 - } - - //tag := typeField.Tag - //fmt.Printf("Field Name: %s,\t Field Value: %v,\t Tag Value: %s\n", - // typeField.Name, valueField.Interface(), tag.Get("tag_name")) - } -} - -// CmdGet returns the interface settings in the receiver struct -// and returns speed -func (e *Ethtool) CmdGet(ecmd *EthtoolCmd, intf string) (uint32, error) { - ecmd.Cmd = ETHTOOL_GSET - - var name [IFNAMSIZ]byte - copy(name[:], []byte(intf)) - - ifr := ifreq{ - ifr_name: name, - ifr_data: uintptr(unsafe.Pointer(ecmd)), - } - - _, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), - SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return 0, syscall.Errno(ep) - } - - var speedval uint32 = (uint32(ecmd.Speed_hi) << 16) | - (uint32(ecmd.Speed) & 0xffff) - if speedval == math.MaxUint16 { - speedval = math.MaxUint32 - } - - return speedval, nil -} - -// CmdSet sets and returns the settings in the receiver struct -// and returns speed -func (e *Ethtool) CmdSet(ecmd *EthtoolCmd, intf string) (uint32, error) { - ecmd.Cmd = ETHTOOL_SSET - - var name [IFNAMSIZ]byte - copy(name[:], []byte(intf)) - - ifr := ifreq{ - ifr_name: name, - ifr_data: uintptr(unsafe.Pointer(ecmd)), - } - - _, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), - SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return 0, syscall.Errno(ep) - } - - var speedval uint32 = (uint32(ecmd.Speed_hi) << 16) | - (uint32(ecmd.Speed) & 0xffff) - if speedval == math.MaxUint16 { - speedval = math.MaxUint32 - } - - return speedval, nil -} - -// CmdGetMapped returns the interface settings in a map -func (e *Ethtool) CmdGetMapped(intf string) (map[string]uint64, error) { - ecmd := EthtoolCmd{ - Cmd: ETHTOOL_GSET, - } - - var name [IFNAMSIZ]byte - copy(name[:], []byte(intf)) - - ifr := ifreq{ - ifr_name: name, - ifr_data: uintptr(unsafe.Pointer(&ecmd)), - } - - _, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), - SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return nil, syscall.Errno(ep) - } - - var result = make(map[string]uint64) - - // ref https://gist.github.com/drewolson/4771479 - // Golang Reflection Example - ecmd.reflect(&result) - - var speedval uint32 = (uint32(ecmd.Speed_hi) << 16) | - (uint32(ecmd.Speed) & 0xffff) - result["speed"] = uint64(speedval) - - return result, nil -} - -func CmdGetMapped(intf string) (map[string]uint64, error) { - e, err := NewEthtool() - if err != nil { - return nil, err - } - defer e.Close() - return e.CmdGetMapped(intf) -} diff --git a/vendor/github.com/safchain/ethtool/ethtool_msglvl.go b/vendor/github.com/safchain/ethtool/ethtool_msglvl.go deleted file mode 100644 index 91836f019..000000000 --- a/vendor/github.com/safchain/ethtool/ethtool_msglvl.go +++ /dev/null @@ -1,113 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -// Package ethtool aims to provide a library giving a simple access to the -// Linux SIOCETHTOOL ioctl operations. It can be used to retrieve informations -// from a network device like statistics, driver related informations or -// even the peer of a VETH interface. -package ethtool - -import ( - "syscall" - "unsafe" -) - -type ethtoolValue struct { /* ethtool.c: struct ethtool_value */ - cmd uint32 - data uint32 -} - -// MsglvlGet returns the msglvl of the given interface. -func (e *Ethtool) MsglvlGet(intf string) (uint32, error) { - edata := ethtoolValue{ - cmd: ETHTOOL_GMSGLVL, - } - - var name [IFNAMSIZ]byte - copy(name[:], []byte(intf)) - - ifr := ifreq{ - ifr_name: name, - ifr_data: uintptr(unsafe.Pointer(&edata)), - } - - _, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), - SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return 0, syscall.Errno(ep) - } - - return edata.data, nil -} - -// MsglvlSet returns the read-msglvl, post-set-msglvl of the given interface. -func (e *Ethtool) MsglvlSet(intf string, valset uint32) (uint32, uint32, error) { - edata := ethtoolValue{ - cmd: ETHTOOL_GMSGLVL, - } - - var name [IFNAMSIZ]byte - copy(name[:], []byte(intf)) - - ifr := ifreq{ - ifr_name: name, - ifr_data: uintptr(unsafe.Pointer(&edata)), - } - - _, _, ep := syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), - SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return 0, 0, syscall.Errno(ep) - } - - readval := edata.data - - edata.cmd = ETHTOOL_SMSGLVL - edata.data = valset - - _, _, ep = syscall.Syscall(syscall.SYS_IOCTL, uintptr(e.fd), - SIOCETHTOOL, uintptr(unsafe.Pointer(&ifr))) - if ep != 0 { - return 0, 0, syscall.Errno(ep) - } - - return readval, edata.data, nil -} - -// MsglvlGet returns the msglvl of the given interface. -func MsglvlGet(intf string) (uint32, error) { - e, err := NewEthtool() - if err != nil { - return 0, err - } - defer e.Close() - return e.MsglvlGet(intf) -} - -// MsglvlSet returns the read-msglvl, post-set-msglvl of the given interface. -func MsglvlSet(intf string, valset uint32) (uint32, uint32, error) { - e, err := NewEthtool() - if err != nil { - return 0, 0, err - } - defer e.Close() - return e.MsglvlSet(intf, valset) -} |