summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcontrib/cirrus/setup_environment.sh5
-rw-r--r--docs/source/markdown/podman-play-kube.1.md2
-rw-r--r--go.mod8
-rw-r--r--go.sum12
-rw-r--r--pkg/api/handlers/libpod/images.go2
-rw-r--r--pkg/domain/infra/abi/play.go4
-rw-r--r--pkg/specgen/generate/security.go2
-rw-r--r--test/apiv2/10-images.at2
-rw-r--r--test/e2e/run_privileged_test.go12
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/storage.conf2
-rw-r--r--vendor/github.com/containers/storage/store.go4
-rw-r--r--vendor/github.com/vishvananda/netlink/.travis.yml7
-rw-r--r--vendor/github.com/vishvananda/netlink/addr.go1
-rw-r--r--vendor/github.com/vishvananda/netlink/addr_linux.go35
-rw-r--r--vendor/github.com/vishvananda/netlink/class.go56
-rw-r--r--vendor/github.com/vishvananda/netlink/class_linux.go29
-rw-r--r--vendor/github.com/vishvananda/netlink/conntrack_linux.go116
-rw-r--r--vendor/github.com/vishvananda/netlink/filter.go9
-rw-r--r--vendor/github.com/vishvananda/netlink/filter_linux.go20
-rw-r--r--vendor/github.com/vishvananda/netlink/go.mod4
-rw-r--r--vendor/github.com/vishvananda/netlink/go.sum10
-rw-r--r--vendor/github.com/vishvananda/netlink/handle_unspecified.go2
-rw-r--r--vendor/github.com/vishvananda/netlink/inet_diag.go30
-rw-r--r--vendor/github.com/vishvananda/netlink/ipset_linux.go335
-rw-r--r--vendor/github.com/vishvananda/netlink/link.go50
-rw-r--r--vendor/github.com/vishvananda/netlink/link_linux.go198
-rw-r--r--vendor/github.com/vishvananda/netlink/neigh_linux.go12
-rw-r--r--vendor/github.com/vishvananda/netlink/netlink_unspecified.go6
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/addr_linux.go14
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go5
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/ipset_linux.go222
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/link_linux.go67
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/nl_linux.go28
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/parse_attr.go67
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/syscall.go7
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/tc_linux.go111
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go2
-rw-r--r--vendor/github.com/vishvananda/netlink/qdisc.go24
-rw-r--r--vendor/github.com/vishvananda/netlink/qdisc_linux.go41
-rw-r--r--vendor/github.com/vishvananda/netlink/rdma_link_linux.go46
-rw-r--r--vendor/github.com/vishvananda/netlink/route.go51
-rw-r--r--vendor/github.com/vishvananda/netlink/route_linux.go119
-rw-r--r--vendor/github.com/vishvananda/netlink/rule.go14
-rw-r--r--vendor/github.com/vishvananda/netlink/rule_linux.go66
-rw-r--r--vendor/github.com/vishvananda/netlink/socket_linux.go92
-rw-r--r--vendor/github.com/vishvananda/netlink/tcp.go18
-rw-r--r--vendor/github.com/vishvananda/netlink/tcp_linux.go393
-rw-r--r--vendor/github.com/vishvananda/netns/go.mod2
-rw-r--r--vendor/github.com/vishvananda/netns/go.sum2
-rw-r--r--vendor/github.com/vishvananda/netns/netns.go19
-rw-r--r--vendor/github.com/vishvananda/netns/netns_linux.go87
-rw-r--r--vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_gc_x86.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_s390x.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_x86.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_aix_ppc64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_mips64x.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_mipsx.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_riscv64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_s390x.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_solaris_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/endian_big.go2
-rw-r--r--vendor/golang.org/x/sys/unix/endian_little.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_unix_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go2
-rw-r--r--vendor/golang.org/x/sys/windows/dll_windows.go2
-rw-r--r--vendor/golang.org/x/sys/windows/security_windows.go3
-rw-r--r--vendor/golang.org/x/sys/windows/syscall_windows.go4
-rw-r--r--vendor/golang.org/x/sys/windows/types_windows.go29
-rw-r--r--vendor/golang.org/x/sys/windows/zsyscall_windows.go40
-rw-r--r--vendor/modules.txt10
104 files changed, 2354 insertions, 300 deletions
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index da175cc05..c32b45a4f 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -47,6 +47,11 @@ echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \
done <<<"$(passthrough_envars)"
) >> "/etc/ci_environment"
+#####
+##### FIXME. /etc/containers/storage.conf should have a driver name set
+##### Remove when VMs updated
+sed 's/^driver.*=.*""/driver = "overlay"/g' -i /etc/containers/storage.conf
+
# This is a possible manual maintenance gaff, check to be sure everything matches.
# shellcheck disable=SC2154
[[ "$DISTRO_NV" == "$OS_REL_VER" ]] || \
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 67584ffcc..2de261f66 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -15,6 +15,8 @@ Ideally the input file would be one created by Podman (see podman-generate-kube(
Note: HostPath volume types created by play kube will be given an SELinux private label (Z)
+Note: If the `:latest` tag is used, Podman will attempt to pull the image from a registry. If the image was built locally with Podman or Buildah, it will have `localhost` as the domain, in that case, Podman will use the image from the local store even if it has the `:latest` tag.
+
## OPTIONS
#### **--authfile**=*path*
diff --git a/go.mod b/go.mod
index a4a3df590..7bb3d1b88 100644
--- a/go.mod
+++ b/go.mod
@@ -9,13 +9,13 @@ require (
github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
github.com/containernetworking/cni v0.8.0
- github.com/containernetworking/plugins v0.8.7
+ github.com/containernetworking/plugins v0.9.0
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c
github.com/containers/common v0.31.0
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.9.0
github.com/containers/psgo v1.5.1
- github.com/containers/storage v1.24.1
+ github.com/containers/storage v1.24.3
github.com/coreos/go-systemd/v22 v22.1.0
github.com/cri-o/ocicni v0.2.1-0.20201125151022-df072ea5421c
github.com/cyphar/filepath-securejoin v0.2.2
@@ -57,13 +57,13 @@ require (
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
github.com/uber/jaeger-client-go v2.25.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible // indirect
- github.com/vishvananda/netlink v1.1.0
+ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
go.etcd.io/bbolt v1.3.5
go.uber.org/atomic v1.7.0 // indirect
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
- golang.org/x/sys v0.0.0-20201112073958-5cba982894dd
+ golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637
google.golang.org/appengine v1.6.6 // indirect
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
diff --git a/go.sum b/go.sum
index 806ebaaa1..4f4a368f2 100644
--- a/go.sum
+++ b/go.sum
@@ -91,6 +91,8 @@ github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjM
github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containernetworking/plugins v0.8.7 h1:bU7QieuAp+sACI2vCzESJ3FoT860urYP+lThyZkb/2M=
github.com/containernetworking/plugins v0.8.7/go.mod h1:R7lXeZaBzpfqapcAbHRW8/CYwm0dHzbz0XEjofx0uB0=
+github.com/containernetworking/plugins v0.9.0 h1:c+1gegKhR7+d0Caum9pEHugZlyhXPOG6v3V6xJgIGCI=
+github.com/containernetworking/plugins v0.9.0/go.mod h1:dbWv4dI0QrBGuVgj+TuVQ6wJRZVOhrCQj91YyC92sxg=
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c h1:vyc2iYz9b2vfDiigpLyhiXNqXITt/dmDk74HpHzlQow=
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A=
github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
@@ -110,6 +112,8 @@ github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzP
github.com/containers/storage v1.23.7/go.mod h1:cUT2zHjtx+WlVri30obWmM2gpqpi8jfPsmIzP1TVpEI=
github.com/containers/storage v1.24.1 h1:1+f8fy6ly35c8SLet5jzZ8t0WJJs5+xSpfMAYw0R3kc=
github.com/containers/storage v1.24.1/go.mod h1:0xJL06Dmd+ZYXIUdnBUPN0JnhHGgwMkLvnnAonJfWJU=
+github.com/containers/storage v1.24.3 h1:8UB4S62l4hrU6Yw3dbsLCJtLg7Ofo39IN2HdckBIX4E=
+github.com/containers/storage v1.24.3/go.mod h1:0xJL06Dmd+ZYXIUdnBUPN0JnhHGgwMkLvnnAonJfWJU=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38=
@@ -555,9 +559,13 @@ github.com/vbauerster/mpb/v5 v5.3.0/go.mod h1:4yTkvAb8Cm4eylAp6t0JRq6pXDkFJ4krUl
github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA=
+github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243 h1:R43TdZy32XXSXjJn7M/HhALJ9imq6ztLnChfYJpVDnM=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
github.com/willf/bitset v1.1.11 h1:N7Z7E9UvjW+sGsEl7k/SJrvY2reP1A07MrGuCjIOjRE=
@@ -686,11 +694,13 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -698,6 +708,8 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201112073958-5cba982894dd h1:5CtCZbICpIOFdgO940moixOPjc0178IU44m4EjOO5IY=
golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637 h1:O5hKNaGxIT4A8OTMnuh6UpmBdI3SAPxlZ3g0olDrJVM=
+golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 6145207ca..505c96126 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -51,7 +51,7 @@ func ImageExists(w http.ResponseWriter, r *http.Request) {
return
}
if !report.Value {
- utils.Error(w, "Something went wrong.", http.StatusNotFound, errors.Wrapf(nil, "failed to find image %s", name))
+ utils.Error(w, "Something went wrong.", http.StatusNotFound, errors.Errorf("failed to find image %s", name))
return
}
utils.WriteResponse(w, http.StatusNoContent, "")
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 3aeb6a2ee..5b983a3f4 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -212,8 +212,10 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
return nil, errors.Wrapf(err, "Failed to parse image %q", container.Image)
}
// In kube, if the image is tagged with latest, it should always pull
+ // but if the domain is localhost, that means the image was built locally
+ // so do not attempt a pull.
if tagged, isTagged := named.(reference.NamedTagged); isTagged {
- if tagged.Tag() == image.LatestTag {
+ if tagged.Tag() == image.LatestTag && reference.Domain(named) != image.DefaultLocalRegistry {
pullPolicy = util.PullImageAlways
}
}
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index dee140282..56947ff24 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -141,7 +141,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
configSpec.Process.Capabilities.Effective = caplist
configSpec.Process.Capabilities.Permitted = caplist
} else {
- userCaps, err := capabilities.NormalizeCapabilities(s.CapAdd)
+ userCaps, err := capabilities.MergeCapabilities(nil, s.CapAdd, nil)
if err != nil {
return errors.Wrapf(err, "capabilities requested by user are not valid: %q", strings.Join(s.CapAdd, ","))
}
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index c105a9278..7b500bf57 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -12,6 +12,8 @@ iid=$(jq -r '.[0].Id' <<<"$output")
t GET libpod/images/$iid/exists 204
t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/exists 204
+t GET libpod/images/${iid}abcdef/exists 404 \
+ .cause="failed to find image ${iid}abcdef"
# FIXME: compare to actual podman info
t GET libpod/images/json 200 \
diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go
index ab11128ba..760de55b6 100644
--- a/test/e2e/run_privileged_test.go
+++ b/test/e2e/run_privileged_test.go
@@ -90,6 +90,18 @@ var _ = Describe("Podman privileged container tests", func() {
containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
})
+ It("podman cap-add CapEff with --user", func() {
+ // Get caps of current process
+ host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
+ Expect(host_cap.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
+ })
+
It("podman cap-drop CapEff", func() {
session := podmanTest.Podman([]string{"run", "--cap-drop", "all", "busybox", "grep", "CapEff", "/proc/self/status"})
session.WaitWithDefaultTimeout()
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index f9e8384bb..ae96cc731 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.24.1
+1.24.3
diff --git a/vendor/github.com/containers/storage/storage.conf b/vendor/github.com/containers/storage/storage.conf
index 0577e84ca..af4953310 100644
--- a/vendor/github.com/containers/storage/storage.conf
+++ b/vendor/github.com/containers/storage/storage.conf
@@ -4,7 +4,7 @@
# The "container storage" table contains all of the server options.
[storage]
-# Default Storage Driver
+# Default Storage Driver, Must be set for proper operation.
driver = ""
# Temporary storage location
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index b9115f195..7b250db9f 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -30,6 +30,7 @@ import (
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
)
var (
@@ -3527,6 +3528,9 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) {
if config.Storage.Driver != "" {
storeOptions.GraphDriverName = config.Storage.Driver
}
+ if storeOptions.GraphDriverName == "" {
+ logrus.Errorf("The storage 'driver' option must be set in %s, guarantee proper operation.", configFile)
+ }
if config.Storage.RunRoot != "" {
storeOptions.RunRoot = config.Storage.RunRoot
}
diff --git a/vendor/github.com/vishvananda/netlink/.travis.yml b/vendor/github.com/vishvananda/netlink/.travis.yml
index 7d14af4d6..80219c69d 100644
--- a/vendor/github.com/vishvananda/netlink/.travis.yml
+++ b/vendor/github.com/vishvananda/netlink/.travis.yml
@@ -1,8 +1,8 @@
language: go
go:
- - "1.10.x"
- - "1.11.x"
- "1.12.x"
+ - "1.13.x"
+ - "1.14.x"
before_script:
# make sure we keep path in tact when we sudo
- sudo sed -i -e 's/^Defaults\tsecure_path.*$//' /etc/sudoers
@@ -14,6 +14,7 @@ before_script:
- sudo modprobe nf_conntrack_ipv4
- sudo modprobe nf_conntrack_ipv6
- sudo modprobe sch_hfsc
+ - sudo modprobe sch_sfq
install:
- - go get github.com/vishvananda/netns
+ - go get -v -t ./...
go_import_path: github.com/vishvananda/netlink
diff --git a/vendor/github.com/vishvananda/netlink/addr.go b/vendor/github.com/vishvananda/netlink/addr.go
index f08c95696..653f540db 100644
--- a/vendor/github.com/vishvananda/netlink/addr.go
+++ b/vendor/github.com/vishvananda/netlink/addr.go
@@ -17,6 +17,7 @@ type Addr struct {
Broadcast net.IP
PreferedLft int
ValidLft int
+ LinkIndex int
}
// String returns $ip/$netmask $label
diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go
index 28746d5af..71da251ca 100644
--- a/vendor/github.com/vishvananda/netlink/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/addr_linux.go
@@ -11,9 +11,6 @@ import (
"golang.org/x/sys/unix"
)
-// IFA_FLAGS is a u32 attribute.
-const IFA_FLAGS = 0x8
-
// AddrAdd will add an IP address to a link device.
//
// Equivalent to: `ip addr add $addr dev $link`
@@ -125,7 +122,7 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
} else {
b := make([]byte, 4)
native.PutUint32(b, uint32(addr.Flags))
- flagsData := nl.NewRtAttr(IFA_FLAGS, b)
+ flagsData := nl.NewRtAttr(unix.IFA_FLAGS, b)
req.AddData(flagsData)
}
}
@@ -156,10 +153,10 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
// value should be "forever". To compensate for that, only add the attributes if at least one of the values is
// non-zero, which means the caller has explicitly set them
if addr.ValidLft > 0 || addr.PreferedLft > 0 {
- cachedata := nl.IfaCacheInfo{
- IfaValid: uint32(addr.ValidLft),
- IfaPrefered: uint32(addr.PreferedLft),
- }
+ cachedata := nl.IfaCacheInfo{unix.IfaCacheinfo{
+ Valid: uint32(addr.ValidLft),
+ Prefered: uint32(addr.PreferedLft),
+ }}
req.AddData(nl.NewRtAttr(unix.IFA_CACHEINFO, cachedata.Serialize()))
}
@@ -196,12 +193,12 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
var res []Addr
for _, m := range msgs {
- addr, msgFamily, ifindex, err := parseAddr(m)
+ addr, msgFamily, err := parseAddr(m)
if err != nil {
return res, err
}
- if link != nil && ifindex != indexFilter {
+ if link != nil && addr.LinkIndex != indexFilter {
// Ignore messages from other interfaces
continue
}
@@ -216,11 +213,11 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
return res, nil
}
-func parseAddr(m []byte) (addr Addr, family, index int, err error) {
+func parseAddr(m []byte) (addr Addr, family int, err error) {
msg := nl.DeserializeIfAddrmsg(m)
family = -1
- index = -1
+ addr.LinkIndex = -1
attrs, err1 := nl.ParseRouteAttr(m[msg.Len():])
if err1 != nil {
@@ -229,7 +226,7 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
}
family = int(msg.Family)
- index = int(msg.Index)
+ addr.LinkIndex = int(msg.Index)
var local, dst *net.IPNet
for _, attr := range attrs {
@@ -254,12 +251,12 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
addr.Broadcast = attr.Value
case unix.IFA_LABEL:
addr.Label = string(attr.Value[:len(attr.Value)-1])
- case IFA_FLAGS:
+ case unix.IFA_FLAGS:
addr.Flags = int(native.Uint32(attr.Value[0:4]))
- case nl.IFA_CACHEINFO:
+ case unix.IFA_CACHEINFO:
ci := nl.DeserializeIfaCacheInfo(attr.Value)
- addr.PreferedLft = int(ci.IfaPrefered)
- addr.ValidLft = int(ci.IfaValid)
+ addr.PreferedLft = int(ci.Prefered)
+ addr.ValidLft = int(ci.Valid)
}
}
@@ -394,7 +391,7 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
continue
}
- addr, _, ifindex, err := parseAddr(m.Data)
+ addr, _, err := parseAddr(m.Data)
if err != nil {
if cberr != nil {
cberr(fmt.Errorf("could not parse address: %v", err))
@@ -403,7 +400,7 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
}
ch <- AddrUpdate{LinkAddress: *addr.IPNet,
- LinkIndex: ifindex,
+ LinkIndex: addr.LinkIndex,
NewAddr: msgType == unix.RTM_NEWADDR,
Flags: addr.Flags,
Scope: addr.Scope,
diff --git a/vendor/github.com/vishvananda/netlink/class.go b/vendor/github.com/vishvananda/netlink/class.go
index dcc22d9e9..10ceffed8 100644
--- a/vendor/github.com/vishvananda/netlink/class.go
+++ b/vendor/github.com/vishvananda/netlink/class.go
@@ -132,7 +132,10 @@ func (class *GenericClass) Type() string {
return class.ClassType
}
-// ServiceCurve is the way the HFSC curve are represented
+// ServiceCurve is a nondecreasing function of some time unit, returning the amount of service
+// (an allowed or allocated amount of bandwidth) at some specific point in time. The purpose of it
+// should be subconsciously obvious: if a class was allowed to transfer not less than the amount
+// specified by its service curve, then the service curve is not violated.
type ServiceCurve struct {
m1 uint32
d uint32
@@ -144,6 +147,21 @@ func (c *ServiceCurve) Attrs() (uint32, uint32, uint32) {
return c.m1, c.d, c.m2
}
+// Burst returns the burst rate (m1) of the curve
+func (c *ServiceCurve) Burst() uint32 {
+ return c.m1
+}
+
+// Delay return the delay (d) of the curve
+func (c *ServiceCurve) Delay() uint32 {
+ return c.d
+}
+
+// Rate returns the rate (m2) of the curve
+func (c *ServiceCurve) Rate() uint32 {
+ return c.m2
+}
+
// HfscClass is a representation of the HFSC class
type HfscClass struct {
ClassAttrs
@@ -152,35 +170,44 @@ type HfscClass struct {
Usc ServiceCurve
}
-// SetUsc sets the Usc curve
+// SetUsc sets the USC curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetUsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetFsc sets the Fsc curve
+// SetFsc sets the Fsc curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetFsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetRsc sets the Rsc curve
+// SetRsc sets the Rsc curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetRsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetSC implements the SC from the tc CLI
+// SetSC implements the SC from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetSC(m1 uint32, d uint32, m2 uint32) {
- hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetRsc(m1, d, m2)
+ hfsc.SetFsc(m1, d, m2)
}
-// SetUL implements the UL from the tc CLI
+// SetUL implements the UL from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetUL(m1 uint32, d uint32, m2 uint32) {
- hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetUsc(m1, d, m2)
}
-// SetLS implements the LS from the tc CLI
+// SetLS implements the LS from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetLS(m1 uint32, d uint32, m2 uint32) {
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetFsc(m1, d, m2)
}
// NewHfscClass returns a new HFSC struct with the set parameters
@@ -193,6 +220,7 @@ func NewHfscClass(attrs ClassAttrs) *HfscClass {
}
}
+// String() returns a string that contains the information and attributes of the HFSC class
func (hfsc *HfscClass) String() string {
return fmt.Sprintf(
"{%s -- {RSC: {m1=%d d=%d m2=%d}} {FSC: {m1=%d d=%d m2=%d}} {USC: {m1=%d d=%d m2=%d}}}",
diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go
index 31091e501..e664ade7f 100644
--- a/vendor/github.com/vishvananda/netlink/class_linux.go
+++ b/vendor/github.com/vishvananda/netlink/class_linux.go
@@ -43,12 +43,12 @@ func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
if buffer == 0 {
buffer = uint32(float64(rate)/Hz() + float64(mtu))
}
- buffer = uint32(Xmittime(rate, buffer))
+ buffer = Xmittime(rate, buffer)
if cbuffer == 0 {
cbuffer = uint32(float64(ceil)/Hz() + float64(mtu))
}
- cbuffer = uint32(Xmittime(ceil, cbuffer))
+ cbuffer = Xmittime(ceil, cbuffer)
return &HtbClass{
ClassAttrs: attrs,
@@ -56,9 +56,9 @@ func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
Ceil: ceil,
Buffer: buffer,
Cbuffer: cbuffer,
- Quantum: 10,
Level: 0,
- Prio: 0,
+ Prio: cattrs.Prio,
+ Quantum: cattrs.Quantum,
}
}
@@ -179,12 +179,15 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
case "hfsc":
hfsc := class.(*HfscClass)
opt := nl.HfscCopt{}
- opt.Rsc.Set(hfsc.Rsc.Attrs())
- opt.Fsc.Set(hfsc.Fsc.Attrs())
- opt.Usc.Set(hfsc.Usc.Attrs())
- options.AddRtAttr(nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
- options.AddRtAttr(nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
- options.AddRtAttr(nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
+ rm1, rd, rm2 := hfsc.Rsc.Attrs()
+ opt.Rsc.Set(rm1/8, rd, rm2/8)
+ fm1, fd, fm2 := hfsc.Fsc.Attrs()
+ opt.Fsc.Set(fm1/8, fd, fm2/8)
+ um1, ud, um2 := hfsc.Usc.Attrs()
+ opt.Usc.Set(um1/8, ud, um2/8)
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
}
req.AddData(options)
return nil
@@ -315,11 +318,11 @@ func parseHfscClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, err
m1, d, m2 := nl.DeserializeHfscCurve(datum.Value).Attrs()
switch datum.Attr.Type {
case nl.TCA_HFSC_RSC:
- hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Rsc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
case nl.TCA_HFSC_FSC:
- hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Fsc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
case nl.TCA_HFSC_USC:
- hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Usc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
}
}
return detailed, nil
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
index 4bff0dcba..ab91f4e55 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
@@ -318,18 +318,25 @@ func parseRawData(data []byte) *ConntrackFlow {
// --mask-src ip Source mask address
// --mask-dst ip Destination mask address
+// Layer 4 Protocol common parameters and options:
+// TCP, UDP, SCTP, UDPLite and DCCP
+// --sport, --orig-port-src port Source port in original direction
+// --dport, --orig-port-dst port Destination port in original direction
+
// Filter types
type ConntrackFilterType uint8
const (
- ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction
- ConntrackOrigDstIP // -orig-dst ip Destination address from original direction
- ConntrackReplySrcIP // --reply-src ip Reply Source IP
- ConntrackReplyDstIP // --reply-dst ip Reply Destination IP
- ConntrackReplyAnyIP // Match source or destination reply IP
- ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
- ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
- ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instaed ConntrackReplyAnyIP
+ ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction
+ ConntrackOrigDstIP // -orig-dst ip Destination address from original direction
+ ConntrackReplySrcIP // --reply-src ip Reply Source IP
+ ConntrackReplyDstIP // --reply-dst ip Reply Destination IP
+ ConntrackReplyAnyIP // Match source or destination reply IP
+ ConntrackOrigSrcPort // --orig-port-src port Source port in original direction
+ ConntrackOrigDstPort // --orig-port-dst port Destination port in original direction
+ ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
+ ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
+ ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instead ConntrackReplyAnyIP
)
type CustomConntrackFilter interface {
@@ -339,7 +346,9 @@ type CustomConntrackFilter interface {
}
type ConntrackFilter struct {
- ipFilter map[ConntrackFilterType]net.IP
+ ipFilter map[ConntrackFilterType]net.IP
+ portFilter map[ConntrackFilterType]uint16
+ protoFilter uint8
}
// AddIP adds an IP to the conntrack filter
@@ -354,38 +363,89 @@ func (f *ConntrackFilter) AddIP(tp ConntrackFilterType, ip net.IP) error {
return nil
}
+// AddPort adds a Port to the conntrack filter if the Layer 4 protocol allows it
+func (f *ConntrackFilter) AddPort(tp ConntrackFilterType, port uint16) error {
+ switch f.protoFilter {
+ // TCP, UDP, DCCP, SCTP, UDPLite
+ case 6, 17, 33, 132, 136:
+ default:
+ return fmt.Errorf("Filter attribute not available without a valid Layer 4 protocol: %d", f.protoFilter)
+ }
+
+ if f.portFilter == nil {
+ f.portFilter = make(map[ConntrackFilterType]uint16)
+ }
+ if _, ok := f.portFilter[tp]; ok {
+ return errors.New("Filter attribute already present")
+ }
+ f.portFilter[tp] = port
+ return nil
+}
+
+// AddProtocol adds the Layer 4 protocol to the conntrack filter
+func (f *ConntrackFilter) AddProtocol(proto uint8) error {
+ if f.protoFilter != 0 {
+ return errors.New("Filter attribute already present")
+ }
+ f.protoFilter = proto
+ return nil
+}
+
// MatchConntrackFlow applies the filter to the flow and returns true if the flow matches the filter
// false otherwise
func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool {
- if len(f.ipFilter) == 0 {
+ if len(f.ipFilter) == 0 && len(f.portFilter) == 0 && f.protoFilter == 0 {
// empty filter always not match
return false
}
- match := true
- // -orig-src ip Source address from original direction
- if elem, found := f.ipFilter[ConntrackOrigSrcIP]; found {
- match = match && elem.Equal(flow.Forward.SrcIP)
+ // -p, --protonum proto Layer 4 Protocol, eg. 'tcp'
+ if f.protoFilter != 0 && flow.Forward.Protocol != f.protoFilter {
+ // different Layer 4 protocol always not match
+ return false
}
- // -orig-dst ip Destination address from original direction
- if elem, found := f.ipFilter[ConntrackOrigDstIP]; match && found {
- match = match && elem.Equal(flow.Forward.DstIP)
- }
+ match := true
- // -src-nat ip Source NAT ip
- if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
- match = match && elem.Equal(flow.Reverse.SrcIP)
- }
+ // IP conntrack filter
+ if len(f.ipFilter) > 0 {
+ // -orig-src ip Source address from original direction
+ if elem, found := f.ipFilter[ConntrackOrigSrcIP]; found {
+ match = match && elem.Equal(flow.Forward.SrcIP)
+ }
+
+ // -orig-dst ip Destination address from original direction
+ if elem, found := f.ipFilter[ConntrackOrigDstIP]; match && found {
+ match = match && elem.Equal(flow.Forward.DstIP)
+ }
- // -dst-nat ip Destination NAT ip
- if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
- match = match && elem.Equal(flow.Reverse.DstIP)
+ // -src-nat ip Source NAT ip
+ if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
+ match = match && elem.Equal(flow.Reverse.SrcIP)
+ }
+
+ // -dst-nat ip Destination NAT ip
+ if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
+ match = match && elem.Equal(flow.Reverse.DstIP)
+ }
+
+ // Match source or destination reply IP
+ if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
+ match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
+ }
}
- // Match source or destination reply IP
- if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
- match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
+ // Layer 4 Port filter
+ if len(f.portFilter) > 0 {
+ // -orig-port-src port Source port from original direction
+ if elem, found := f.portFilter[ConntrackOrigSrcPort]; match && found {
+ match = match && elem == flow.Forward.SrcPort
+ }
+
+ // -orig-port-dst port Destination port from original direction
+ if elem, found := f.portFilter[ConntrackOrigDstPort]; match && found {
+ match = match && elem == flow.Forward.DstPort
+ }
}
return match
diff --git a/vendor/github.com/vishvananda/netlink/filter.go b/vendor/github.com/vishvananda/netlink/filter.go
index 88792eab0..2dc34b995 100644
--- a/vendor/github.com/vishvananda/netlink/filter.go
+++ b/vendor/github.com/vishvananda/netlink/filter.go
@@ -213,10 +213,11 @@ const (
type TunnelKeyAction struct {
ActionAttrs
- Action TunnelKeyAct
- SrcAddr net.IP
- DstAddr net.IP
- KeyID uint32
+ Action TunnelKeyAct
+ SrcAddr net.IP
+ DstAddr net.IP
+ KeyID uint32
+ DestPort uint16
}
func (action *TunnelKeyAction) Type() string {
diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go
index c56f314cd..ef6fabe81 100644
--- a/vendor/github.com/vishvananda/netlink/filter_linux.go
+++ b/vendor/github.com/vishvananda/netlink/filter_linux.go
@@ -6,7 +6,6 @@ import (
"encoding/hex"
"errors"
"fmt"
- "net"
"syscall"
"github.com/vishvananda/netlink/nl"
@@ -89,7 +88,7 @@ func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error) {
if CalcRtable(&police.Rate, rtab[:], rcellLog, fattrs.Mtu, linklayer) < 0 {
return nil, errors.New("TBF: failed to calculate rate table")
}
- police.Burst = uint32(Xmittime(uint64(police.Rate.Rate), uint32(buffer)))
+ police.Burst = Xmittime(uint64(police.Rate.Rate), uint32(buffer))
}
police.Mtu = fattrs.Mtu
if police.PeakRate.Rate != 0 {
@@ -456,6 +455,9 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error {
} else {
return fmt.Errorf("invalid dst addr %s for tunnel_key action", action.DstAddr)
}
+ if action.DestPort != 0 {
+ aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_DST_PORT, htons(action.DestPort))
+ }
}
case *SkbEditAction:
table := attr.AddRtAttr(tabIndex, nil)
@@ -566,12 +568,12 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
action.(*TunnelKeyAction).Action = TunnelKeyAct(tun.Action)
case nl.TCA_TUNNEL_KEY_ENC_KEY_ID:
action.(*TunnelKeyAction).KeyID = networkOrder.Uint32(adatum.Value[0:4])
- case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC:
- case nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
- action.(*TunnelKeyAction).SrcAddr = net.IP(adatum.Value[:])
- case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST:
- case nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
- action.(*TunnelKeyAction).DstAddr = net.IP(adatum.Value[:])
+ case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC, nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
+ action.(*TunnelKeyAction).SrcAddr = adatum.Value[:]
+ case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST, nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
+ action.(*TunnelKeyAction).DstAddr = adatum.Value[:]
+ case nl.TCA_TUNNEL_KEY_ENC_DST_PORT:
+ action.(*TunnelKeyAction).DestPort = ntohs(adatum.Value)
}
case "skbedit":
switch adatum.Attr.Type {
@@ -783,7 +785,7 @@ func CalcRtable(rate *nl.TcRateSpec, rtab []uint32, cellLog int, mtu uint32, lin
}
for i := 0; i < 256; i++ {
sz = AdjustSize(uint((i+1)<<uint32(cellLog)), uint(mpu), linklayer)
- rtab[i] = uint32(Xmittime(uint64(bps), uint32(sz)))
+ rtab[i] = Xmittime(uint64(bps), uint32(sz))
}
rate.CellAlign = -1
rate.CellLog = uint8(cellLog)
diff --git a/vendor/github.com/vishvananda/netlink/go.mod b/vendor/github.com/vishvananda/netlink/go.mod
index 09ee60e77..9d8455ee7 100644
--- a/vendor/github.com/vishvananda/netlink/go.mod
+++ b/vendor/github.com/vishvananda/netlink/go.mod
@@ -3,6 +3,6 @@ module github.com/vishvananda/netlink
go 1.12
require (
- github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
- golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444
+ github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
+ golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
)
diff --git a/vendor/github.com/vishvananda/netlink/go.sum b/vendor/github.com/vishvananda/netlink/go.sum
index 402d14ec5..ed5d30891 100644
--- a/vendor/github.com/vishvananda/netlink/go.sum
+++ b/vendor/github.com/vishvananda/netlink/go.sum
@@ -1,4 +1,6 @@
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444 h1:/d2cWp6PSamH4jDPFLyO150psQdqvtoNX8Zjg3AQ31g=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netlink/handle_unspecified.go b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
index ef914dcb8..df341f706 100644
--- a/vendor/github.com/vishvananda/netlink/handle_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
@@ -85,7 +85,7 @@ func (h *Handle) LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
return ErrNotImplemented
}
-func (h *Handle) LinkSetMaster(link Link, master *Bridge) error {
+func (h *Handle) LinkSetMaster(link Link, master Link) error {
return ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/inet_diag.go b/vendor/github.com/vishvananda/netlink/inet_diag.go
new file mode 100644
index 000000000..72c1fcb59
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/inet_diag.go
@@ -0,0 +1,30 @@
+package netlink
+
+// INET_DIAG constatns
+const (
+ INET_DIAG_NONE = iota
+ INET_DIAG_MEMINFO
+ INET_DIAG_INFO
+ INET_DIAG_VEGASINFO
+ INET_DIAG_CONG
+ INET_DIAG_TOS
+ INET_DIAG_TCLASS
+ INET_DIAG_SKMEMINFO
+ INET_DIAG_SHUTDOWN
+ INET_DIAG_DCTCPINFO
+ INET_DIAG_PROTOCOL
+ INET_DIAG_SKV6ONLY
+ INET_DIAG_LOCALS
+ INET_DIAG_PEERS
+ INET_DIAG_PAD
+ INET_DIAG_MARK
+ INET_DIAG_BBRINFO
+ INET_DIAG_CLASS_ID
+ INET_DIAG_MD5SIG
+ INET_DIAG_MAX
+)
+
+type InetDiagTCPInfoResp struct {
+ InetDiagMsg *Socket
+ TCPInfo *TCPInfo
+}
diff --git a/vendor/github.com/vishvananda/netlink/ipset_linux.go b/vendor/github.com/vishvananda/netlink/ipset_linux.go
new file mode 100644
index 000000000..5487fc1cc
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/ipset_linux.go
@@ -0,0 +1,335 @@
+package netlink
+
+import (
+ "log"
+ "net"
+ "syscall"
+
+ "github.com/vishvananda/netlink/nl"
+ "golang.org/x/sys/unix"
+)
+
+// IPSetEntry is used for adding, updating, retreiving and deleting entries
+type IPSetEntry struct {
+ Comment string
+ MAC net.HardwareAddr
+ IP net.IP
+ Timeout *uint32
+ Packets *uint64
+ Bytes *uint64
+
+ Replace bool // replace existing entry
+}
+
+// IPSetResult is the result of a dump request for a set
+type IPSetResult struct {
+ Nfgenmsg *nl.Nfgenmsg
+ Protocol uint8
+ Revision uint8
+ Family uint8
+ Flags uint8
+ SetName string
+ TypeName string
+
+ HashSize uint32
+ NumEntries uint32
+ MaxElements uint32
+ References uint32
+ SizeInMemory uint32
+ CadtFlags uint32
+ Timeout *uint32
+
+ Entries []IPSetEntry
+}
+
+// IpsetCreateOptions is the options struct for creating a new ipset
+type IpsetCreateOptions struct {
+ Replace bool // replace existing ipset
+ Timeout *uint32
+ Counters bool
+ Comments bool
+ Skbinfo bool
+}
+
+// IpsetProtocol returns the ipset protocol version from the kernel
+func IpsetProtocol() (uint8, error) {
+ return pkgHandle.IpsetProtocol()
+}
+
+// IpsetCreate creates a new ipset
+func IpsetCreate(setname, typename string, options IpsetCreateOptions) error {
+ return pkgHandle.IpsetCreate(setname, typename, options)
+}
+
+// IpsetDestroy destroys an existing ipset
+func IpsetDestroy(setname string) error {
+ return pkgHandle.IpsetDestroy(setname)
+}
+
+// IpsetFlush flushes an existing ipset
+func IpsetFlush(setname string) error {
+ return pkgHandle.IpsetFlush(setname)
+}
+
+// IpsetList dumps an specific ipset.
+func IpsetList(setname string) (*IPSetResult, error) {
+ return pkgHandle.IpsetList(setname)
+}
+
+// IpsetListAll dumps all ipsets.
+func IpsetListAll() ([]IPSetResult, error) {
+ return pkgHandle.IpsetListAll()
+}
+
+// IpsetAdd adds an entry to an existing ipset.
+func IpsetAdd(setname string, entry *IPSetEntry) error {
+ return pkgHandle.ipsetAddDel(nl.IPSET_CMD_ADD, setname, entry)
+}
+
+// IpsetDele deletes an entry from an existing ipset.
+func IpsetDel(setname string, entry *IPSetEntry) error {
+ return pkgHandle.ipsetAddDel(nl.IPSET_CMD_DEL, setname, entry)
+}
+
+func (h *Handle) IpsetProtocol() (uint8, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_PROTOCOL)
+ msgs, err := req.Execute(unix.NETLINK_NETFILTER, 0)
+
+ if err != nil {
+ return 0, err
+ }
+
+ return ipsetUnserialize(msgs).Protocol, nil
+}
+
+func (h *Handle) IpsetCreate(setname, typename string, options IpsetCreateOptions) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_CREATE)
+
+ if !options.Replace {
+ req.Flags |= unix.NLM_F_EXCL
+ }
+
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_TYPENAME, nl.ZeroTerminated(typename)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_REVISION, nl.Uint8Attr(0)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_FAMILY, nl.Uint8Attr(0)))
+
+ data := nl.NewRtAttr(nl.IPSET_ATTR_DATA|int(nl.NLA_F_NESTED), nil)
+
+ if timeout := options.Timeout; timeout != nil {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *timeout})
+ }
+
+ var cadtFlags uint32
+
+ if options.Comments {
+ cadtFlags |= nl.IPSET_FLAG_WITH_COMMENT
+ }
+ if options.Counters {
+ cadtFlags |= nl.IPSET_FLAG_WITH_COUNTERS
+ }
+ if options.Skbinfo {
+ cadtFlags |= nl.IPSET_FLAG_WITH_SKBINFO
+ }
+
+ if cadtFlags != 0 {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER, Value: cadtFlags})
+ }
+
+ req.AddData(data)
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetDestroy(setname string) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_DESTROY)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetFlush(setname string) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_FLUSH)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetList(name string) (*IPSetResult, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_LIST)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(name)))
+
+ msgs, err := ipsetExecute(req)
+ if err != nil {
+ return nil, err
+ }
+
+ result := ipsetUnserialize(msgs)
+ return &result, nil
+}
+
+func (h *Handle) IpsetListAll() ([]IPSetResult, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_LIST)
+
+ msgs, err := ipsetExecute(req)
+ if err != nil {
+ return nil, err
+ }
+
+ result := make([]IPSetResult, len(msgs))
+ for i, msg := range msgs {
+ result[i].unserialize(msg)
+ }
+
+ return result, nil
+}
+
+func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error {
+ req := h.newIpsetRequest(nlCmd)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ data := nl.NewRtAttr(nl.IPSET_ATTR_DATA|int(nl.NLA_F_NESTED), nil)
+
+ if !entry.Replace {
+ req.Flags |= unix.NLM_F_EXCL
+ }
+
+ if entry.Timeout != nil {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *entry.Timeout})
+ }
+ if entry.MAC != nil {
+ data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_ETHER, entry.MAC))
+ }
+
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_LINENO | nl.NLA_F_NET_BYTEORDER, Value: 0})
+ req.AddData(data)
+
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) newIpsetRequest(cmd int) *nl.NetlinkRequest {
+ req := h.newNetlinkRequest(cmd|(unix.NFNL_SUBSYS_IPSET<<8), nl.GetIpsetFlags(cmd))
+
+ // Add the netfilter header
+ msg := &nl.Nfgenmsg{
+ NfgenFamily: uint8(unix.AF_NETLINK),
+ Version: nl.NFNETLINK_V0,
+ ResId: 0,
+ }
+ req.AddData(msg)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_PROTOCOL, nl.Uint8Attr(nl.IPSET_PROTOCOL)))
+
+ return req
+}
+
+func ipsetExecute(req *nl.NetlinkRequest) (msgs [][]byte, err error) {
+ msgs, err = req.Execute(unix.NETLINK_NETFILTER, 0)
+
+ if err != nil {
+ if errno := int(err.(syscall.Errno)); errno >= nl.IPSET_ERR_PRIVATE {
+ err = nl.IPSetError(uintptr(errno))
+ }
+ }
+ return
+}
+
+func ipsetUnserialize(msgs [][]byte) (result IPSetResult) {
+ for _, msg := range msgs {
+ result.unserialize(msg)
+ }
+ return result
+}
+
+func (result *IPSetResult) unserialize(msg []byte) {
+ result.Nfgenmsg = nl.DeserializeNfgenmsg(msg)
+
+ for attr := range nl.ParseAttributes(msg[4:]) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_PROTOCOL:
+ result.Protocol = attr.Value[0]
+ case nl.IPSET_ATTR_SETNAME:
+ result.SetName = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_TYPENAME:
+ result.TypeName = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_REVISION:
+ result.Revision = attr.Value[0]
+ case nl.IPSET_ATTR_FAMILY:
+ result.Family = attr.Value[0]
+ case nl.IPSET_ATTR_FLAGS:
+ result.Flags = attr.Value[0]
+ case nl.IPSET_ATTR_DATA | nl.NLA_F_NESTED:
+ result.parseAttrData(attr.Value)
+ case nl.IPSET_ATTR_ADT | nl.NLA_F_NESTED:
+ result.parseAttrADT(attr.Value)
+ default:
+ log.Printf("unknown ipset attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func (result *IPSetResult) parseAttrData(data []byte) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_HASHSIZE | nl.NLA_F_NET_BYTEORDER:
+ result.HashSize = attr.Uint32()
+ case nl.IPSET_ATTR_MAXELEM | nl.NLA_F_NET_BYTEORDER:
+ result.MaxElements = attr.Uint32()
+ case nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint32()
+ result.Timeout = &val
+ case nl.IPSET_ATTR_ELEMENTS | nl.NLA_F_NET_BYTEORDER:
+ result.NumEntries = attr.Uint32()
+ case nl.IPSET_ATTR_REFERENCES | nl.NLA_F_NET_BYTEORDER:
+ result.References = attr.Uint32()
+ case nl.IPSET_ATTR_MEMSIZE | nl.NLA_F_NET_BYTEORDER:
+ result.SizeInMemory = attr.Uint32()
+ case nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER:
+ result.CadtFlags = attr.Uint32()
+ default:
+ log.Printf("unknown ipset data attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func (result *IPSetResult) parseAttrADT(data []byte) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_DATA | nl.NLA_F_NESTED:
+ result.Entries = append(result.Entries, parseIPSetEntry(attr.Value))
+ default:
+ log.Printf("unknown ADT attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func parseIPSetEntry(data []byte) (entry IPSetEntry) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint32()
+ entry.Timeout = &val
+ case nl.IPSET_ATTR_BYTES | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint64()
+ entry.Bytes = &val
+ case nl.IPSET_ATTR_PACKETS | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint64()
+ entry.Packets = &val
+ case nl.IPSET_ATTR_ETHER:
+ entry.MAC = net.HardwareAddr(attr.Value)
+ case nl.IPSET_ATTR_COMMENT:
+ entry.Comment = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_IP | nl.NLA_F_NESTED:
+ for attr := range nl.ParseAttributes(attr.Value) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_IP:
+ entry.IP = net.IP(attr.Value)
+ default:
+ log.Printf("unknown nested ADT attribute from kernel: %+v", attr)
+ }
+ }
+ default:
+ log.Printf("unknown ADT attribute from kernel: %+v", attr)
+ }
+ }
+ return
+}
diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go
index 886d88d1b..e2441bd71 100644
--- a/vendor/github.com/vishvananda/netlink/link.go
+++ b/vendor/github.com/vishvananda/netlink/link.go
@@ -65,6 +65,17 @@ type VfInfo struct {
LinkState uint32
MaxTxRate uint32 // IFLA_VF_RATE Max TxRate
MinTxRate uint32 // IFLA_VF_RATE Min TxRate
+ RxPackets uint64
+ TxPackets uint64
+ RxBytes uint64
+ TxBytes uint64
+ Multicast uint64
+ Broadcast uint64
+ RxDropped uint64
+ TxDropped uint64
+
+ RssQuery uint32
+ Trust uint32
}
// LinkOperState represents the values of the IFLA_OPERSTATE link
@@ -103,7 +114,8 @@ func (s LinkOperState) String() string {
// NewLinkAttrs returns LinkAttrs structure filled with default values
func NewLinkAttrs() LinkAttrs {
return LinkAttrs{
- TxQLen: -1,
+ NetNsID: -1,
+ TxQLen: -1,
}
}
@@ -196,10 +208,11 @@ type LinkStatistics64 struct {
}
type LinkXdp struct {
- Fd int
- Attached bool
- Flags uint32
- ProgId uint32
+ Fd int
+ Attached bool
+ AttachMode uint32
+ Flags uint32
+ ProgId uint32
}
// Device links cannot be created via netlink. These links
@@ -246,6 +259,7 @@ func (ifb *Ifb) Type() string {
type Bridge struct {
LinkAttrs
MulticastSnooping *bool
+ AgeingTime *uint32
HelloTime *uint32
VlanFiltering *bool
}
@@ -338,6 +352,7 @@ type Veth struct {
LinkAttrs
PeerName string // veth on create only
PeerHardwareAddr net.HardwareAddr
+ PeerNamespace interface{}
}
func (veth *Veth) Attrs() *LinkAttrs {
@@ -348,6 +363,19 @@ func (veth *Veth) Type() string {
return "veth"
}
+// Wireguard represent links of type "wireguard", see https://www.wireguard.com/
+type Wireguard struct {
+ LinkAttrs
+}
+
+func (wg *Wireguard) Attrs() *LinkAttrs {
+ return &wg.LinkAttrs
+}
+
+func (wg *Wireguard) Type() string {
+ return "wireguard"
+}
+
// GenericLink links represent types that are not currently understood
// by this netlink library.
type GenericLink struct {
@@ -878,10 +906,14 @@ type Ip6tnl struct {
Remote net.IP
Ttl uint8
Tos uint8
- EncapLimit uint8
Flags uint32
Proto uint8
FlowInfo uint32
+ EncapLimit uint8
+ EncapType uint16
+ EncapFlags uint16
+ EncapSport uint16
+ EncapDport uint16
}
func (ip6tnl *Ip6tnl) Attrs() *LinkAttrs {
@@ -895,11 +927,13 @@ func (ip6tnl *Ip6tnl) Type() string {
type Sittun struct {
LinkAttrs
Link uint32
- Local net.IP
- Remote net.IP
Ttl uint8
Tos uint8
PMtuDisc uint8
+ Proto uint8
+ Local net.IP
+ Remote net.IP
+ EncapLimit uint8
EncapType uint16
EncapFlags uint16
EncapSport uint16
diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go
index ec915a0b9..c02fa63b8 100644
--- a/vendor/github.com/vishvananda/netlink/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/link_linux.go
@@ -237,6 +237,37 @@ func (h *Handle) macvlanMACAddrChange(link Link, addrs []net.HardwareAddr, mode
return err
}
+// LinkSetMacvlanMode sets the mode of a macvlan or macvtap link device.
+// Note that passthrough mode cannot be set to and from and will fail.
+// Equivalent to: `ip link set $link type (macvlan|macvtap) mode $mode
+func LinkSetMacvlanMode(link Link, mode MacvlanMode) error {
+ return pkgHandle.LinkSetMacvlanMode(link, mode)
+}
+
+// LinkSetMacvlanMode sets the mode of the macvlan or macvtap link device.
+// Note that passthrough mode cannot be set to and from and will fail.
+// Equivalent to: `ip link set $link type (macvlan|macvtap) mode $mode
+func (h *Handle) LinkSetMacvlanMode(link Link, mode MacvlanMode) error {
+ base := link.Attrs()
+ h.ensureIndex(base)
+ req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
+
+ msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+ msg.Index = int32(base.Index)
+ req.AddData(msg)
+
+ linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+ linkInfo.AddRtAttr(nl.IFLA_INFO_KIND, nl.NonZeroTerminated(link.Type()))
+
+ data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+ data.AddRtAttr(nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[mode]))
+
+ req.AddData(linkInfo)
+
+ _, err := req.Execute(unix.NETLINK_ROUTE, 0)
+ return err
+}
+
func BridgeSetMcastSnoop(link Link, on bool) error {
return pkgHandle.BridgeSetMcastSnoop(link, on)
}
@@ -247,6 +278,16 @@ func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error {
return h.linkModify(bridge, unix.NLM_F_ACK)
}
+func BridgeSetVlanFiltering(link Link, on bool) error {
+ return pkgHandle.BridgeSetVlanFiltering(link, on)
+}
+
+func (h *Handle) BridgeSetVlanFiltering(link Link, on bool) error {
+ bridge := link.(*Bridge)
+ bridge.VlanFiltering = &on
+ return h.linkModify(bridge, unix.NLM_F_ACK)
+}
+
func SetPromiscOn(link Link) error {
return pkgHandle.SetPromiscOn(link)
}
@@ -1048,6 +1089,10 @@ func (h *Handle) LinkAdd(link Link) error {
return h.linkModify(link, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
}
+func (h *Handle) LinkModify(link Link) error {
+ return h.linkModify(link, unix.NLM_F_REQUEST|unix.NLM_F_ACK)
+}
+
func (h *Handle) linkModify(link Link, flags int) error {
// TODO: support extra data for macvlan
base := link.Attrs()
@@ -1060,8 +1105,6 @@ func (h *Handle) linkModify(link Link, flags int) error {
}
if isTuntap {
- // TODO: support user
- // TODO: support group
if tuntap.Mode < unix.IFF_TUN || tuntap.Mode > unix.IFF_TAP {
return fmt.Errorf("Tuntap.Mode %v unknown", tuntap.Mode)
}
@@ -1089,21 +1132,64 @@ func (h *Handle) linkModify(link Link, flags int) error {
}
req.Flags |= uint16(tuntap.Mode)
-
+ const TUN = "/dev/net/tun"
for i := 0; i < queues; i++ {
localReq := req
- file, err := os.OpenFile("/dev/net/tun", os.O_RDWR, 0)
+ fd, err := unix.Open(TUN, os.O_RDWR|syscall.O_CLOEXEC, 0)
if err != nil {
cleanupFds(fds)
return err
}
- fds = append(fds, file)
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
if errno != 0 {
+ // close the new fd
+ unix.Close(fd)
+ // and the already opened ones
cleanupFds(fds)
return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed [%d], errno %v", i, errno)
}
+
+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETOWNER, uintptr(tuntap.Owner))
+ if errno != 0 {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap IOCTL TUNSETOWNER failed [%d], errno %v", i, errno)
+ }
+
+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETGROUP, uintptr(tuntap.Group))
+ if errno != 0 {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap IOCTL TUNSETGROUP failed [%d], errno %v", i, errno)
+ }
+
+ // Set the tun device to non-blocking before use. The below comment
+ // taken from:
+ //
+ // https://github.com/mistsys/tuntap/commit/161418c25003bbee77d085a34af64d189df62bea
+ //
+ // Note there is a complication because in go, if a device node is
+ // opened, go sets it to use nonblocking I/O. However a /dev/net/tun
+ // doesn't work with epoll until after the TUNSETIFF ioctl has been
+ // done. So we open the unix fd directly, do the ioctl, then put the
+ // fd in nonblocking mode, an then finally wrap it in a os.File,
+ // which will see the nonblocking mode and add the fd to the
+ // pollable set, so later on when we Read() from it blocked the
+ // calling thread in the kernel.
+ //
+ // See
+ // https://github.com/golang/go/issues/30426
+ // which got exposed in go 1.13 by the fix to
+ // https://github.com/golang/go/issues/30624
+ err = unix.SetNonblock(fd, true)
+ if err != nil {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap set to non-blocking failed [%d], err %v", i, err)
+ }
+
+ // create the file from the file descriptor and store it
+ file := os.NewFile(uintptr(fd), TUN)
+ fds = append(fds, file)
+
// 1) we only care for the name of the first tap in the multi queue set
// 2) if the original name was empty, the localReq has now the actual name
//
@@ -1114,6 +1200,7 @@ func (h *Handle) linkModify(link Link, flags int) error {
if i == 0 {
link.Attrs().Name = strings.Trim(string(localReq.Name[:]), "\x00")
}
+
}
// only persist interface if NonPersist is NOT set
@@ -1193,6 +1280,11 @@ func (h *Handle) linkModify(link Link, flags int) error {
nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(base.Name))
req.AddData(nameData)
+ if base.Alias != "" {
+ alias := nl.NewRtAttr(unix.IFLA_IFALIAS, []byte(base.Alias))
+ req.AddData(alias)
+ }
+
if base.MTU > 0 {
mtu := nl.NewRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
req.AddData(mtu)
@@ -1272,12 +1364,28 @@ func (h *Handle) linkModify(link Link, flags int) error {
if base.TxQLen >= 0 {
peer.AddRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
}
+ if base.NumTxQueues > 0 {
+ peer.AddRtAttr(unix.IFLA_NUM_TX_QUEUES, nl.Uint32Attr(uint32(base.NumTxQueues)))
+ }
+ if base.NumRxQueues > 0 {
+ peer.AddRtAttr(unix.IFLA_NUM_RX_QUEUES, nl.Uint32Attr(uint32(base.NumRxQueues)))
+ }
if base.MTU > 0 {
peer.AddRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
}
if link.PeerHardwareAddr != nil {
peer.AddRtAttr(unix.IFLA_ADDRESS, []byte(link.PeerHardwareAddr))
}
+ if link.PeerNamespace != nil {
+ switch ns := link.PeerNamespace.(type) {
+ case NsPid:
+ val := nl.Uint32Attr(uint32(ns))
+ peer.AddRtAttr(unix.IFLA_NET_NS_PID, val)
+ case NsFd:
+ val := nl.Uint32Attr(uint32(ns))
+ peer.AddRtAttr(unix.IFLA_NET_NS_FD, val)
+ }
+ }
case *Vxlan:
addVxlanAttrs(link, linkInfo)
case *Bond:
@@ -1509,7 +1617,11 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
return nil, err
}
- base := LinkAttrs{Index: int(msg.Index), RawFlags: msg.Flags, Flags: linkFlags(msg.Flags), EncapType: msg.EncapType()}
+ base := NewLinkAttrs()
+ base.Index = int(msg.Index)
+ base.RawFlags = msg.Flags
+ base.Flags = linkFlags(msg.Flags)
+ base.EncapType = msg.EncapType()
if msg.Flags&unix.IFF_PROMISC != 0 {
base.Promisc = 1
}
@@ -1543,6 +1655,8 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
link = &Vlan{}
case "veth":
link = &Veth{}
+ case "wireguard":
+ link = &Wireguard{}
case "vxlan":
link = &Vxlan{}
case "bond":
@@ -2080,6 +2194,13 @@ func parseVlanData(link Link, data []syscall.NetlinkRouteAttr) {
func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) {
vxlan := link.(*Vxlan)
for _, datum := range data {
+ // NOTE(vish): Apparently some messages can be sent with no value.
+ // We special case GBP here to not change existing
+ // functionality. It appears that GBP sends a datum.Value
+ // of null.
+ if len(datum.Value) == 0 && datum.Attr.Type != nl.IFLA_VXLAN_GBP {
+ continue
+ }
switch datum.Attr.Type {
case nl.IFLA_VXLAN_ID:
vxlan.VxlanId = int(native.Uint32(datum.Value[0:4]))
@@ -2513,7 +2634,8 @@ func parseLinkXdp(data []byte) (*LinkXdp, error) {
case nl.IFLA_XDP_FD:
xdp.Fd = int(native.Uint32(attr.Value[0:4]))
case nl.IFLA_XDP_ATTACHED:
- xdp.Attached = attr.Value[0] != 0
+ xdp.AttachMode = uint32(attr.Value[0])
+ xdp.Attached = xdp.AttachMode != 0
case nl.IFLA_XDP_FLAGS:
xdp.Flags = native.Uint32(attr.Value[0:4])
case nl.IFLA_XDP_PROG_ID:
@@ -2577,7 +2699,7 @@ func parseIptunData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_ENCAP_FLAGS:
iptun.EncapFlags = native.Uint16(datum.Value[0:2])
case nl.IFLA_IPTUN_COLLECT_METADATA:
- iptun.FlowBased = int8(datum.Value[0]) != 0
+ iptun.FlowBased = true
}
}
}
@@ -2601,10 +2723,14 @@ func addIp6tnlAttrs(ip6tnl *Ip6tnl, linkInfo *nl.RtAttr) {
data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(ip6tnl.Ttl))
data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(ip6tnl.Tos))
- data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
data.AddRtAttr(nl.IFLA_IPTUN_FLAGS, nl.Uint32Attr(ip6tnl.Flags))
data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(ip6tnl.Proto))
data.AddRtAttr(nl.IFLA_IPTUN_FLOWINFO, nl.Uint32Attr(ip6tnl.FlowInfo))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(ip6tnl.EncapType))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(ip6tnl.EncapFlags))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(ip6tnl.EncapSport))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_DPORT, htons(ip6tnl.EncapDport))
}
func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -2616,17 +2742,25 @@ func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_REMOTE:
ip6tnl.Remote = net.IP(datum.Value[:16])
case nl.IFLA_IPTUN_TTL:
- ip6tnl.Ttl = uint8(datum.Value[0])
+ ip6tnl.Ttl = datum.Value[0]
case nl.IFLA_IPTUN_TOS:
- ip6tnl.Tos = uint8(datum.Value[0])
- case nl.IFLA_IPTUN_ENCAP_LIMIT:
- ip6tnl.EncapLimit = uint8(datum.Value[0])
+ ip6tnl.Tos = datum.Value[0]
case nl.IFLA_IPTUN_FLAGS:
ip6tnl.Flags = native.Uint32(datum.Value[:4])
case nl.IFLA_IPTUN_PROTO:
- ip6tnl.Proto = uint8(datum.Value[0])
+ ip6tnl.Proto = datum.Value[0]
case nl.IFLA_IPTUN_FLOWINFO:
ip6tnl.FlowInfo = native.Uint32(datum.Value[:4])
+ case nl.IFLA_IPTUN_ENCAP_LIMIT:
+ ip6tnl.EncapLimit = datum.Value[0]
+ case nl.IFLA_IPTUN_ENCAP_TYPE:
+ ip6tnl.EncapType = native.Uint16(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_FLAGS:
+ ip6tnl.EncapFlags = native.Uint16(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_SPORT:
+ ip6tnl.EncapSport = ntohs(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_DPORT:
+ ip6tnl.EncapDport = ntohs(datum.Value[0:2])
}
}
}
@@ -2653,8 +2787,10 @@ func addSittunAttrs(sittun *Sittun, linkInfo *nl.RtAttr) {
data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(sittun.Ttl))
}
+ data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(sittun.Proto))
data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(sittun.Tos))
data.AddRtAttr(nl.IFLA_IPTUN_PMTUDISC, nl.Uint8Attr(sittun.PMtuDisc))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(sittun.EncapLimit))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(sittun.EncapType))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(sittun.EncapFlags))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(sittun.EncapSport))
@@ -2670,11 +2806,13 @@ func parseSittunData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_REMOTE:
sittun.Remote = net.IP(datum.Value[0:4])
case nl.IFLA_IPTUN_TTL:
- sittun.Ttl = uint8(datum.Value[0])
+ sittun.Ttl = datum.Value[0]
case nl.IFLA_IPTUN_TOS:
- sittun.Tos = uint8(datum.Value[0])
+ sittun.Tos = datum.Value[0]
case nl.IFLA_IPTUN_PMTUDISC:
- sittun.PMtuDisc = uint8(datum.Value[0])
+ sittun.PMtuDisc = datum.Value[0]
+ case nl.IFLA_IPTUN_PROTO:
+ sittun.Proto = datum.Value[0]
case nl.IFLA_IPTUN_ENCAP_TYPE:
sittun.EncapType = native.Uint16(datum.Value[0:2])
case nl.IFLA_IPTUN_ENCAP_FLAGS:
@@ -2761,6 +2899,9 @@ func addBridgeAttrs(bridge *Bridge, linkInfo *nl.RtAttr) {
if bridge.MulticastSnooping != nil {
data.AddRtAttr(nl.IFLA_BR_MCAST_SNOOPING, boolToByte(*bridge.MulticastSnooping))
}
+ if bridge.AgeingTime != nil {
+ data.AddRtAttr(nl.IFLA_BR_AGEING_TIME, nl.Uint32Attr(*bridge.AgeingTime))
+ }
if bridge.HelloTime != nil {
data.AddRtAttr(nl.IFLA_BR_HELLO_TIME, nl.Uint32Attr(*bridge.HelloTime))
}
@@ -2773,6 +2914,9 @@ func parseBridgeData(bridge Link, data []syscall.NetlinkRouteAttr) {
br := bridge.(*Bridge)
for _, datum := range data {
switch datum.Attr.Type {
+ case nl.IFLA_BR_AGEING_TIME:
+ ageingTime := native.Uint32(datum.Value[0:4])
+ br.AgeingTime = &ageingTime
case nl.IFLA_BR_HELLO_TIME:
helloTime := native.Uint32(datum.Value[0:4])
br.HelloTime = &helloTime
@@ -2852,6 +2996,24 @@ func parseVfInfo(data []syscall.NetlinkRouteAttr, id int) VfInfo {
vfr := nl.DeserializeVfRate(element.Value[:])
vf.MaxTxRate = vfr.MaxTxRate
vf.MinTxRate = vfr.MinTxRate
+ case nl.IFLA_VF_STATS:
+ vfstats := nl.DeserializeVfStats(element.Value[:])
+ vf.RxPackets = vfstats.RxPackets
+ vf.TxPackets = vfstats.TxPackets
+ vf.RxBytes = vfstats.RxBytes
+ vf.TxBytes = vfstats.TxBytes
+ vf.Multicast = vfstats.Multicast
+ vf.Broadcast = vfstats.Broadcast
+ vf.RxDropped = vfstats.RxDropped
+ vf.TxDropped = vfstats.TxDropped
+
+ case nl.IFLA_VF_RSS_QUERY_EN:
+ result := nl.DeserializeVfRssQueryEn(element.Value)
+ vf.RssQuery = result.Setting
+
+ case nl.IFLA_VF_TRUST:
+ result := nl.DeserializeVfTrust(element.Value)
+ vf.Trust = result.Setting
}
}
return vf
diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go
index cb3b55d35..fb220d141 100644
--- a/vendor/github.com/vishvananda/netlink/neigh_linux.go
+++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go
@@ -243,6 +243,18 @@ func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
// Ignore messages from other interfaces
continue
}
+ if msg.Family != 0 && ndm.Family != msg.Family {
+ continue
+ }
+ if msg.State != 0 && ndm.State != msg.State {
+ continue
+ }
+ if msg.Type != 0 && ndm.Type != msg.Type {
+ continue
+ }
+ if msg.Flags != 0 && ndm.Flags != msg.Flags {
+ continue
+ }
neigh, err := NeighDeserialize(m)
if err != nil {
diff --git a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
index 42d3acf91..71436f25c 100644
--- a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
@@ -16,7 +16,7 @@ func LinkSetMTU(link Link, mtu int) error {
return ErrNotImplemented
}
-func LinkSetMaster(link Link, master *Bridge) error {
+func LinkSetMaster(link Link, master Link) error {
return ErrNotImplemented
}
@@ -72,6 +72,10 @@ func LinkSetXdpFd(link Link, fd int) error {
return ErrNotImplemented
}
+func LinkSetXdpFdWithFlags(link Link, fd, flags int) error {
+ return ErrNotImplemented
+}
+
func LinkSetARPOff(link Link) error {
return ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
index 50db3b4cd..6bea4ed02 100644
--- a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
@@ -54,24 +54,18 @@ func (msg *IfAddrmsg) Len() int {
// __u32 tstamp; /* updated timestamp, hundredths of seconds */
// };
-const IFA_CACHEINFO = 6
-const SizeofIfaCacheInfo = 0x10
-
type IfaCacheInfo struct {
- IfaPrefered uint32
- IfaValid uint32
- Cstamp uint32
- Tstamp uint32
+ unix.IfaCacheinfo
}
func (msg *IfaCacheInfo) Len() int {
- return SizeofIfaCacheInfo
+ return unix.SizeofIfaCacheinfo
}
func DeserializeIfaCacheInfo(b []byte) *IfaCacheInfo {
- return (*IfaCacheInfo)(unsafe.Pointer(&b[0:SizeofIfaCacheInfo][0]))
+ return (*IfaCacheInfo)(unsafe.Pointer(&b[0:unix.SizeofIfaCacheinfo][0]))
}
func (msg *IfaCacheInfo) Serialize() []byte {
- return (*(*[SizeofIfaCacheInfo]byte)(unsafe.Pointer(msg)))[:]
+ return (*(*[unix.SizeofIfaCacheinfo]byte)(unsafe.Pointer(msg)))[:]
}
diff --git a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
index 79d2b6b89..14924027e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
@@ -40,9 +40,10 @@ const (
NFNETLINK_V0 = 0
)
-// #define NLA_F_NESTED (1 << 15)
const (
- NLA_F_NESTED = (1 << 15)
+ NLA_F_NESTED uint16 = (1 << 15) // #define NLA_F_NESTED (1 << 15)
+ NLA_F_NET_BYTEORDER uint16 = (1 << 14) // #define NLA_F_NESTED (1 << 14)
+ NLA_TYPE_MASK = ^(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
)
// enum ctattr_type {
diff --git a/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go b/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go
new file mode 100644
index 000000000..a60b4b09d
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go
@@ -0,0 +1,222 @@
+package nl
+
+import (
+ "strconv"
+
+ "golang.org/x/sys/unix"
+)
+
+const (
+ /* The protocol version */
+ IPSET_PROTOCOL = 6
+
+ /* The max length of strings including NUL: set and type identifiers */
+ IPSET_MAXNAMELEN = 32
+
+ /* The maximum permissible comment length we will accept over netlink */
+ IPSET_MAX_COMMENT_SIZE = 255
+)
+
+const (
+ _ = iota
+ IPSET_CMD_PROTOCOL /* 1: Return protocol version */
+ IPSET_CMD_CREATE /* 2: Create a new (empty) set */
+ IPSET_CMD_DESTROY /* 3: Destroy a (empty) set */
+ IPSET_CMD_FLUSH /* 4: Remove all elements from a set */
+ IPSET_CMD_RENAME /* 5: Rename a set */
+ IPSET_CMD_SWAP /* 6: Swap two sets */
+ IPSET_CMD_LIST /* 7: List sets */
+ IPSET_CMD_SAVE /* 8: Save sets */
+ IPSET_CMD_ADD /* 9: Add an element to a set */
+ IPSET_CMD_DEL /* 10: Delete an element from a set */
+ IPSET_CMD_TEST /* 11: Test an element in a set */
+ IPSET_CMD_HEADER /* 12: Get set header data only */
+ IPSET_CMD_TYPE /* 13: Get set type */
+)
+
+/* Attributes at command level */
+const (
+ _ = iota
+ IPSET_ATTR_PROTOCOL /* 1: Protocol version */
+ IPSET_ATTR_SETNAME /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME /* 3: Typename */
+ IPSET_ATTR_REVISION /* 4: Settype revision */
+ IPSET_ATTR_FAMILY /* 5: Settype family */
+ IPSET_ATTR_FLAGS /* 6: Flags at command level */
+ IPSET_ATTR_DATA /* 7: Nested attributes */
+ IPSET_ATTR_ADT /* 8: Multiple data containers */
+ IPSET_ATTR_LINENO /* 9: Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
+
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME /* Setname at rename/swap */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
+)
+
+/* CADT specific attributes */
+const (
+ IPSET_ATTR_IP = 1
+ IPSET_ATTR_IP_FROM = 1
+ IPSET_ATTR_IP_TO = 2
+ IPSET_ATTR_CIDR = 3
+ IPSET_ATTR_PORT = 4
+ IPSET_ATTR_PORT_FROM = 4
+ IPSET_ATTR_PORT_TO = 5
+ IPSET_ATTR_TIMEOUT = 6
+ IPSET_ATTR_PROTO = 7
+ IPSET_ATTR_CADT_FLAGS = 8
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
+ IPSET_ATTR_MARK = 10
+ IPSET_ATTR_MARKMASK = 11
+
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16
+
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC = 3 + iota
+ IPSET_ATTR_HASHSIZE
+ IPSET_ATTR_MAXELEM
+ IPSET_ATTR_NETMASK
+ IPSET_ATTR_PROBES
+ IPSET_ATTR_RESIZE
+ IPSET_ATTR_SIZE
+
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS
+ IPSET_ATTR_REFERENCES
+ IPSET_ATTR_MEMSIZE
+
+ SET_ATTR_CREATE_MAX
+)
+
+/* ADT specific attributes */
+const (
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
+ IPSET_ATTR_NAME
+ IPSET_ATTR_NAMEREF
+ IPSET_ATTR_IP2
+ IPSET_ATTR_CIDR2
+ IPSET_ATTR_IP2_TO
+ IPSET_ATTR_IFACE
+ IPSET_ATTR_BYTES
+ IPSET_ATTR_PACKETS
+ IPSET_ATTR_COMMENT
+ IPSET_ATTR_SKBMARK
+ IPSET_ATTR_SKBPRIO
+ IPSET_ATTR_SKBQUEUE
+)
+
+/* Flags at CADT attribute level, upper half of cmdattrs */
+const (
+ IPSET_FLAG_BIT_BEFORE = 0
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE)
+ IPSET_FLAG_BIT_PHYSDEV = 1
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV)
+ IPSET_FLAG_BIT_NOMATCH = 2
+ IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH)
+ IPSET_FLAG_BIT_WITH_COUNTERS = 3
+ IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
+ IPSET_FLAG_BIT_WITH_COMMENT = 4
+ IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
+ IPSET_FLAG_BIT_WITH_FORCEADD = 5
+ IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
+ IPSET_FLAG_BIT_WITH_SKBINFO = 6
+ IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
+ IPSET_FLAG_CADT_MAX = 15
+)
+
+const (
+ IPSET_ERR_PRIVATE = 4096 + iota
+ IPSET_ERR_PROTOCOL
+ IPSET_ERR_FIND_TYPE
+ IPSET_ERR_MAX_SETS
+ IPSET_ERR_BUSY
+ IPSET_ERR_EXIST_SETNAME2
+ IPSET_ERR_TYPE_MISMATCH
+ IPSET_ERR_EXIST
+ IPSET_ERR_INVALID_CIDR
+ IPSET_ERR_INVALID_NETMASK
+ IPSET_ERR_INVALID_FAMILY
+ IPSET_ERR_TIMEOUT
+ IPSET_ERR_REFERENCED
+ IPSET_ERR_IPADDR_IPV4
+ IPSET_ERR_IPADDR_IPV6
+ IPSET_ERR_COUNTER
+ IPSET_ERR_COMMENT
+ IPSET_ERR_INVALID_MARKMASK
+ IPSET_ERR_SKBINFO
+
+ /* Type specific error codes */
+ IPSET_ERR_TYPE_SPECIFIC = 4352
+)
+
+type IPSetError uintptr
+
+func (e IPSetError) Error() string {
+ switch int(e) {
+ case IPSET_ERR_PRIVATE:
+ return "private"
+ case IPSET_ERR_PROTOCOL:
+ return "invalid protocol"
+ case IPSET_ERR_FIND_TYPE:
+ return "invalid type"
+ case IPSET_ERR_MAX_SETS:
+ return "max sets reached"
+ case IPSET_ERR_BUSY:
+ return "busy"
+ case IPSET_ERR_EXIST_SETNAME2:
+ return "exist_setname2"
+ case IPSET_ERR_TYPE_MISMATCH:
+ return "type mismatch"
+ case IPSET_ERR_EXIST:
+ return "exist"
+ case IPSET_ERR_INVALID_CIDR:
+ return "invalid cidr"
+ case IPSET_ERR_INVALID_NETMASK:
+ return "invalid netmask"
+ case IPSET_ERR_INVALID_FAMILY:
+ return "invalid family"
+ case IPSET_ERR_TIMEOUT:
+ return "timeout"
+ case IPSET_ERR_REFERENCED:
+ return "referenced"
+ case IPSET_ERR_IPADDR_IPV4:
+ return "invalid ipv4 address"
+ case IPSET_ERR_IPADDR_IPV6:
+ return "invalid ipv6 address"
+ case IPSET_ERR_COUNTER:
+ return "invalid counter"
+ case IPSET_ERR_COMMENT:
+ return "invalid comment"
+ case IPSET_ERR_INVALID_MARKMASK:
+ return "invalid markmask"
+ case IPSET_ERR_SKBINFO:
+ return "skbinfo"
+ default:
+ return "errno " + strconv.Itoa(int(e))
+ }
+}
+
+func GetIpsetFlags(cmd int) int {
+ switch cmd {
+ case IPSET_CMD_CREATE:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
+ case IPSET_CMD_DESTROY,
+ IPSET_CMD_FLUSH,
+ IPSET_CMD_RENAME,
+ IPSET_CMD_SWAP,
+ IPSET_CMD_TEST:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK
+ case IPSET_CMD_LIST,
+ IPSET_CMD_SAVE:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
+ case IPSET_CMD_ADD,
+ IPSET_CMD_DEL:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK
+ case IPSET_CMD_HEADER,
+ IPSET_CMD_TYPE,
+ IPSET_CMD_PROTOCOL:
+ return unix.NLM_F_REQUEST
+ default:
+ return 0
+ }
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
index afb16a9c1..faee2fa03 100644
--- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
@@ -1,6 +1,8 @@
package nl
import (
+ "bytes"
+ "encoding/binary"
"unsafe"
)
@@ -243,7 +245,9 @@ const (
IFLA_VF_STATS_TX_BYTES
IFLA_VF_STATS_BROADCAST
IFLA_VF_STATS_MULTICAST
- IFLA_VF_STATS_MAX = IFLA_VF_STATS_MULTICAST
+ IFLA_VF_STATS_RX_DROPPED
+ IFLA_VF_STATS_TX_DROPPED
+ IFLA_VF_STATS_MAX = IFLA_VF_STATS_TX_DROPPED
)
const (
@@ -326,6 +330,59 @@ func (msg *VfTxRate) Serialize() []byte {
return (*(*[SizeofVfTxRate]byte)(unsafe.Pointer(msg)))[:]
}
+//struct ifla_vf_stats {
+// __u64 rx_packets;
+// __u64 tx_packets;
+// __u64 rx_bytes;
+// __u64 tx_bytes;
+// __u64 broadcast;
+// __u64 multicast;
+//};
+
+type VfStats struct {
+ RxPackets uint64
+ TxPackets uint64
+ RxBytes uint64
+ TxBytes uint64
+ Multicast uint64
+ Broadcast uint64
+ RxDropped uint64
+ TxDropped uint64
+}
+
+func DeserializeVfStats(b []byte) VfStats {
+ var vfstat VfStats
+ stats, err := ParseRouteAttr(b)
+ if err != nil {
+ return vfstat
+ }
+ var valueVar uint64
+ for _, stat := range stats {
+ if err := binary.Read(bytes.NewBuffer(stat.Value), NativeEndian(), &valueVar); err != nil {
+ break
+ }
+ switch stat.Attr.Type {
+ case IFLA_VF_STATS_RX_PACKETS:
+ vfstat.RxPackets = valueVar
+ case IFLA_VF_STATS_TX_PACKETS:
+ vfstat.TxPackets = valueVar
+ case IFLA_VF_STATS_RX_BYTES:
+ vfstat.RxBytes = valueVar
+ case IFLA_VF_STATS_TX_BYTES:
+ vfstat.TxBytes = valueVar
+ case IFLA_VF_STATS_MULTICAST:
+ vfstat.Multicast = valueVar
+ case IFLA_VF_STATS_BROADCAST:
+ vfstat.Broadcast = valueVar
+ case IFLA_VF_STATS_RX_DROPPED:
+ vfstat.RxDropped = valueVar
+ case IFLA_VF_STATS_TX_DROPPED:
+ vfstat.TxDropped = valueVar
+ }
+ }
+ return vfstat
+}
+
// struct ifla_vf_rate {
// __u32 vf;
// __u32 min_tx_rate; /* Min Bandwidth in Mbps */
@@ -478,6 +535,14 @@ const (
IFLA_XDP_MAX = IFLA_XDP_PROG_ID
)
+// XDP program attach mode (used as dump value for IFLA_XDP_ATTACHED)
+const (
+ XDP_ATTACHED_NONE = iota
+ XDP_ATTACHED_DRV
+ XDP_ATTACHED_SKB
+ XDP_ATTACHED_HW
+)
+
const (
IFLA_IPTUN_UNSPEC = iota
IFLA_IPTUN_LINK
diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
index aaf56c671..cef64b82e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
@@ -259,6 +259,29 @@ func NewIfInfomsgChild(parent *RtAttr, family int) *IfInfomsg {
return msg
}
+type Uint32Attribute struct {
+ Type uint16
+ Value uint32
+}
+
+func (a *Uint32Attribute) Serialize() []byte {
+ native := NativeEndian()
+ buf := make([]byte, rtaAlignOf(8))
+ native.PutUint16(buf[0:2], 8)
+ native.PutUint16(buf[2:4], a.Type)
+
+ if a.Type&NLA_F_NET_BYTEORDER != 0 {
+ binary.BigEndian.PutUint32(buf[4:], a.Value)
+ } else {
+ native.PutUint32(buf[4:], a.Value)
+ }
+ return buf
+}
+
+func (a *Uint32Attribute) Len() int {
+ return 8
+}
+
// Extend RtAttr to handle data and children
type RtAttr struct {
unix.RtAttr
@@ -439,10 +462,7 @@ done:
if m.Header.Pid != pid {
continue
}
- if m.Header.Type == unix.NLMSG_DONE {
- break done
- }
- if m.Header.Type == unix.NLMSG_ERROR {
+ if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR {
native := NativeEndian()
error := int32(native.Uint32(m.Data[0:4]))
if error == 0 {
diff --git a/vendor/github.com/vishvananda/netlink/nl/parse_attr.go b/vendor/github.com/vishvananda/netlink/nl/parse_attr.go
new file mode 100644
index 000000000..19eb8f28e
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/parse_attr.go
@@ -0,0 +1,67 @@
+package nl
+
+import (
+ "encoding/binary"
+ "fmt"
+)
+
+type Attribute struct {
+ Type uint16
+ Value []byte
+}
+
+func ParseAttributes(data []byte) <-chan Attribute {
+ native := NativeEndian()
+ result := make(chan Attribute)
+
+ go func() {
+ i := 0
+ for i+4 < len(data) {
+ length := int(native.Uint16(data[i : i+2]))
+
+ result <- Attribute{
+ Type: native.Uint16(data[i+2 : i+4]),
+ Value: data[i+4 : i+length],
+ }
+ i += rtaAlignOf(length)
+ }
+ close(result)
+ }()
+
+ return result
+}
+
+func PrintAttributes(data []byte) {
+ printAttributes(data, 0)
+}
+
+func printAttributes(data []byte, level int) {
+ for attr := range ParseAttributes(data) {
+ for i := 0; i < level; i++ {
+ print("> ")
+ }
+ nested := attr.Type&NLA_F_NESTED != 0
+ fmt.Printf("type=%d nested=%v len=%v %v\n", attr.Type&NLA_TYPE_MASK, nested, len(attr.Value), attr.Value)
+ if nested {
+ printAttributes(attr.Value, level+1)
+ }
+ }
+}
+
+// Uint32 returns the uint32 value respecting the NET_BYTEORDER flag
+func (attr *Attribute) Uint32() uint32 {
+ if attr.Type&NLA_F_NET_BYTEORDER != 0 {
+ return binary.BigEndian.Uint32(attr.Value)
+ } else {
+ return NativeEndian().Uint32(attr.Value)
+ }
+}
+
+// Uint64 returns the uint64 value respecting the NET_BYTEORDER flag
+func (attr *Attribute) Uint64() uint64 {
+ if attr.Type&NLA_F_NET_BYTEORDER != 0 {
+ return binary.BigEndian.Uint64(attr.Value)
+ } else {
+ return NativeEndian().Uint64(attr.Value)
+ }
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/syscall.go b/vendor/github.com/vishvananda/netlink/nl/syscall.go
index f7f7f92e6..4a01e6e59 100644
--- a/vendor/github.com/vishvananda/netlink/nl/syscall.go
+++ b/vendor/github.com/vishvananda/netlink/nl/syscall.go
@@ -21,6 +21,13 @@ const (
FRA_TABLE /* Extended table id */
FRA_FWMASK /* mask for netfilter mark */
FRA_OIFNAME
+ FRA_PAD
+ FRA_L3MDEV /* iif or oif is l3mdev goto its table */
+ FRA_UID_RANGE /* UID range */
+ FRA_PROTOCOL /* Originator of the rule */
+ FRA_IP_PROTO /* ip proto */
+ FRA_SPORT_RANGE /* sport */
+ FRA_DPORT_RANGE /* dport */
)
// ip rule netlink request types
diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
index 501f554b2..c24d53eb7 100644
--- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
@@ -94,6 +94,9 @@ const (
SizeofTcTunnelKey = SizeofTcGen + 0x04
SizeofTcSkbEdit = SizeofTcGen
SizeofTcPolice = 2*SizeofTcRateSpec + 0x20
+ SizeofTcSfqQopt = 0x0b
+ SizeofTcSfqRedStats = 0x18
+ SizeofTcSfqQoptV1 = SizeofTcSfqQopt + SizeofTcSfqRedStats + 0x1c
)
// struct tcmsg {
@@ -735,7 +738,13 @@ const (
TCA_TUNNEL_KEY_ENC_IPV6_SRC
TCA_TUNNEL_KEY_ENC_IPV6_DST
TCA_TUNNEL_KEY_ENC_KEY_ID
- TCA_TUNNEL_KEY_MAX = TCA_TUNNEL_KEY_ENC_KEY_ID
+ TCA_TUNNEL_KEY_PAD
+ TCA_TUNNEL_KEY_ENC_DST_PORT
+ TCA_TUNNEL_KEY_NO_CSUM
+ TCA_TUNNEL_KEY_ENC_OPTS
+ TCA_TUNNEL_KEY_ENC_TOS
+ TCA_TUNNEL_KEY_ENC_TTL
+ TCA_TUNNEL_KEY_MAX
)
type TcTunnelKey struct {
@@ -872,3 +881,103 @@ const (
TCA_HFSC_FSC
TCA_HFSC_USC
)
+
+// struct tc_sfq_qopt {
+// unsigned quantum; /* Bytes per round allocated to flow */
+// int perturb_period; /* Period of hash perturbation */
+// __u32 limit; /* Maximal packets in queue */
+// unsigned divisor; /* Hash divisor */
+// unsigned flows; /* Maximal number of flows */
+// };
+
+type TcSfqQopt struct {
+ Quantum uint8
+ Perturb int32
+ Limit uint32
+ Divisor uint8
+ Flows uint8
+}
+
+func (x *TcSfqQopt) Len() int {
+ return SizeofTcSfqQopt
+}
+
+func DeserializeTcSfqQopt(b []byte) *TcSfqQopt {
+ return (*TcSfqQopt)(unsafe.Pointer(&b[0:SizeofTcSfqQopt][0]))
+}
+
+func (x *TcSfqQopt) Serialize() []byte {
+ return (*(*[SizeofTcSfqQopt]byte)(unsafe.Pointer(x)))[:]
+}
+
+// struct tc_sfqred_stats {
+// __u32 prob_drop; /* Early drops, below max threshold */
+// __u32 forced_drop; /* Early drops, after max threshold */
+// __u32 prob_mark; /* Marked packets, below max threshold */
+// __u32 forced_mark; /* Marked packets, after max threshold */
+// __u32 prob_mark_head; /* Marked packets, below max threshold */
+// __u32 forced_mark_head;/* Marked packets, after max threshold */
+// };
+type TcSfqRedStats struct {
+ ProbDrop uint32
+ ForcedDrop uint32
+ ProbMark uint32
+ ForcedMark uint32
+ ProbMarkHead uint32
+ ForcedMarkHead uint32
+}
+
+func (x *TcSfqRedStats) Len() int {
+ return SizeofTcSfqRedStats
+}
+
+func DeserializeTcSfqRedStats(b []byte) *TcSfqRedStats {
+ return (*TcSfqRedStats)(unsafe.Pointer(&b[0:SizeofTcSfqRedStats][0]))
+}
+
+func (x *TcSfqRedStats) Serialize() []byte {
+ return (*(*[SizeofTcSfqRedStats]byte)(unsafe.Pointer(x)))[:]
+}
+
+// struct tc_sfq_qopt_v1 {
+// struct tc_sfq_qopt v0;
+// unsigned int depth; /* max number of packets per flow */
+// unsigned int headdrop;
+// /* SFQRED parameters */
+// __u32 limit; /* HARD maximal flow queue length (bytes) */
+// __u32 qth_min; /* Min average length threshold (bytes) */
+// __u32 qth_max; /* Max average length threshold (bytes) */
+// unsigned char Wlog; /* log(W) */
+// unsigned char Plog; /* log(P_max/(qth_max-qth_min)) */
+// unsigned char Scell_log; /* cell size for idle damping */
+// unsigned char flags;
+// __u32 max_P; /* probability, high resolution */
+// /* SFQRED stats */
+// struct tc_sfqred_stats stats;
+// };
+type TcSfqQoptV1 struct {
+ TcSfqQopt
+ Depth uint32
+ HeadDrop uint32
+ Limit uint32
+ QthMin uint32
+ QthMax uint32
+ Wlog byte
+ Plog byte
+ ScellLog byte
+ Flags byte
+ MaxP uint32
+ TcSfqRedStats
+}
+
+func (x *TcSfqQoptV1) Len() int {
+ return SizeofTcSfqQoptV1
+}
+
+func DeserializeTcSfqQoptV1(b []byte) *TcSfqQoptV1 {
+ return (*TcSfqQoptV1)(unsafe.Pointer(&b[0:SizeofTcSfqQoptV1][0]))
+}
+
+func (x *TcSfqQoptV1) Serialize() []byte {
+ return (*(*[SizeofTcSfqQoptV1]byte)(unsafe.Pointer(x)))[:]
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
index b6290fd54..43a947f22 100644
--- a/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
@@ -13,7 +13,7 @@ const (
SizeofXfrmAlgoAuth = 0x48
SizeofXfrmAlgoAEAD = 0x48
SizeofXfrmEncapTmpl = 0x18
- SizeofXfrmUsersaFlush = 0x8
+ SizeofXfrmUsersaFlush = 0x1
SizeofXfrmReplayStateEsn = 0x18
)
diff --git a/vendor/github.com/vishvananda/netlink/qdisc.go b/vendor/github.com/vishvananda/netlink/qdisc.go
index af78305ac..8418569ee 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc.go
@@ -338,3 +338,27 @@ func (qdisc *FqCodel) Attrs() *QdiscAttrs {
func (qdisc *FqCodel) Type() string {
return "fq_codel"
}
+
+type Sfq struct {
+ QdiscAttrs
+ // TODO: Only the simplified options for SFQ are handled here. Support for the extended one can be added later.
+ Quantum uint8
+ Perturb uint8
+ Limit uint32
+ Divisor uint8
+}
+
+func (sfq *Sfq) String() string {
+ return fmt.Sprintf(
+ "{%v -- Quantum: %v, Perturb: %v, Limit: %v, Divisor: %v}",
+ sfq.Attrs(), sfq.Quantum, sfq.Perturb, sfq.Limit, sfq.Divisor,
+ )
+}
+
+func (qdisc *Sfq) Attrs() *QdiscAttrs {
+ return &qdisc.QdiscAttrs
+}
+
+func (qdisc *Sfq) Type() string {
+ return "sfq"
+}
diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
index e9eee5908..d0e1ca194 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
@@ -278,6 +278,14 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
if qdisc.FlowDefaultRate > 0 {
options.AddRtAttr(nl.TCA_FQ_FLOW_DEFAULT_RATE, nl.Uint32Attr((uint32(qdisc.FlowDefaultRate))))
}
+ case *Sfq:
+ opt := nl.TcSfqQoptV1{}
+ opt.TcSfqQopt.Quantum = qdisc.Quantum
+ opt.TcSfqQopt.Perturb = int32(qdisc.Perturb)
+ opt.TcSfqQopt.Limit = qdisc.Limit
+ opt.TcSfqQopt.Divisor = qdisc.Divisor
+
+ options = nl.NewRtAttr(nl.TCA_OPTIONS, opt.Serialize())
default:
options = nil
}
@@ -362,6 +370,8 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
qdisc = &FqCodel{}
case "netem":
qdisc = &Netem{}
+ case "sfq":
+ qdisc = &Sfq{}
default:
qdisc = &GenericQdisc{QdiscType: qdiscType}
}
@@ -417,6 +427,10 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
if err := parseNetemData(qdisc, attr.Value); err != nil {
return nil, err
}
+ case "sfq":
+ if err := parseSfqData(qdisc, attr.Value); err != nil {
+ return nil, err
+ }
// no options for ingress
}
@@ -582,6 +596,17 @@ func parseTbfData(qdisc Qdisc, data []syscall.NetlinkRouteAttr) error {
return nil
}
+func parseSfqData(qdisc Qdisc, value []byte) error {
+ sfq := qdisc.(*Sfq)
+ opt := nl.DeserializeTcSfqQoptV1(value)
+ sfq.Quantum = opt.TcSfqQopt.Quantum
+ sfq.Perturb = uint8(opt.TcSfqQopt.Perturb)
+ sfq.Limit = opt.TcSfqQopt.Limit
+ sfq.Divisor = opt.TcSfqQopt.Divisor
+
+ return nil
+}
+
const (
TIME_UNITS_PER_SEC = 1000000
)
@@ -598,10 +623,10 @@ func initClock() {
return
}
parts := strings.Split(strings.TrimSpace(string(data)), " ")
- if len(parts) < 3 {
+ if len(parts) < 4 {
return
}
- var vals [3]uint64
+ var vals [4]uint64
for i := range vals {
val, err := strconv.ParseUint(parts[i], 16, 32)
if err != nil {
@@ -615,7 +640,12 @@ func initClock() {
}
clockFactor = float64(vals[2]) / TIME_UNITS_PER_SEC
tickInUsec = float64(vals[0]) / float64(vals[1]) * clockFactor
- hz = float64(vals[0])
+ if vals[2] == 1000000 {
+ // ref https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/utils.c#n963
+ hz = float64(vals[3])
+ } else {
+ hz = 100
+ }
}
func TickInUsec() float64 {
@@ -663,6 +693,7 @@ func latency(rate uint64, limit, buffer uint32) float64 {
return TIME_UNITS_PER_SEC*(float64(limit)/float64(rate)) - float64(tick2Time(buffer))
}
-func Xmittime(rate uint64, size uint32) float64 {
- return TickInUsec() * TIME_UNITS_PER_SEC * (float64(size) / float64(rate))
+func Xmittime(rate uint64, size uint32) uint32 {
+ // https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/tc/tc_core.c#n62
+ return time2Tick(uint32(TIME_UNITS_PER_SEC * (float64(size) / float64(rate))))
}
diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
index 2d0bdc8c3..ff014ca4c 100644
--- a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
@@ -77,28 +77,39 @@ func executeOneGetRdmaLink(data []byte) (*RdmaLink, error) {
return &link, nil
}
-func execRdmaGetLink(req *nl.NetlinkRequest, name string) (*RdmaLink, error) {
+func execRdmaSetLink(req *nl.NetlinkRequest) error {
+
+ _, err := req.Execute(unix.NETLINK_RDMA, 0)
+ return err
+}
+
+// RdmaLinkList gets a list of RDMA link devices.
+// Equivalent to: `rdma dev show`
+func RdmaLinkList() ([]*RdmaLink, error) {
+ return pkgHandle.RdmaLinkList()
+}
+
+// RdmaLinkList gets a list of RDMA link devices.
+// Equivalent to: `rdma dev show`
+func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
+ proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
+ req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
if err != nil {
return nil, err
}
+
+ var res []*RdmaLink
for _, m := range msgs {
link, err := executeOneGetRdmaLink(m)
if err != nil {
return nil, err
}
- if link.Attrs.Name == name {
- return link, nil
- }
+ res = append(res, link)
}
- return nil, fmt.Errorf("Rdma device %v not found", name)
-}
-func execRdmaSetLink(req *nl.NetlinkRequest) error {
-
- _, err := req.Execute(unix.NETLINK_RDMA, 0)
- return err
+ return res, nil
}
// RdmaLinkByName finds a link by name and returns a pointer to the object if
@@ -110,11 +121,16 @@ func RdmaLinkByName(name string) (*RdmaLink, error) {
// RdmaLinkByName finds a link by name and returns a pointer to the object if
// found and nil error, otherwise returns error code.
func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) {
-
- proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
- req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
-
- return execRdmaGetLink(req, name)
+ links, err := h.RdmaLinkList()
+ if err != nil {
+ return nil, err
+ }
+ for _, link := range links {
+ if link.Attrs.Name == name {
+ return link, nil
+ }
+ }
+ return nil, fmt.Errorf("Rdma device %v not found", name)
}
// RdmaLinkSetName sets the name of the rdma link device. Return nil on success
diff --git a/vendor/github.com/vishvananda/netlink/route.go b/vendor/github.com/vishvananda/netlink/route.go
index 58ff1af60..b16254174 100644
--- a/vendor/github.com/vishvananda/netlink/route.go
+++ b/vendor/github.com/vishvananda/netlink/route.go
@@ -29,25 +29,38 @@ type Encap interface {
// Route represents a netlink route.
type Route struct {
- LinkIndex int
- ILinkIndex int
- Scope Scope
- Dst *net.IPNet
- Src net.IP
- Gw net.IP
- MultiPath []*NexthopInfo
- Protocol int
- Priority int
- Table int
- Type int
- Tos int
- Flags int
- MPLSDst *int
- NewDst Destination
- Encap Encap
- MTU int
- AdvMSS int
- Hoplimit int
+ LinkIndex int
+ ILinkIndex int
+ Scope Scope
+ Dst *net.IPNet
+ Src net.IP
+ Gw net.IP
+ MultiPath []*NexthopInfo
+ Protocol int
+ Priority int
+ Table int
+ Type int
+ Tos int
+ Flags int
+ MPLSDst *int
+ NewDst Destination
+ Encap Encap
+ MTU int
+ Window int
+ Rtt int
+ RttVar int
+ Ssthresh int
+ Cwnd int
+ AdvMSS int
+ Reordering int
+ Hoplimit int
+ InitCwnd int
+ Features int
+ RtoMin int
+ InitRwnd int
+ QuickACK int
+ Congctl string
+ FastOpenNoCookie int
}
func (r Route) String() string {
diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go
index c69c595ed..4e778a417 100644
--- a/vendor/github.com/vishvananda/netlink/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/route_linux.go
@@ -33,6 +33,9 @@ const (
RT_FILTER_GW
RT_FILTER_TABLE
RT_FILTER_HOPLIMIT
+ RT_FILTER_PRIORITY
+ RT_FILTER_MARK
+ RT_FILTER_MASK
)
const (
@@ -639,19 +642,70 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
}
var metrics []*nl.RtAttr
- // TODO: support other rta_metric values
if route.MTU > 0 {
b := nl.Uint32Attr(uint32(route.MTU))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_MTU, b))
}
+ if route.Window > 0 {
+ b := nl.Uint32Attr(uint32(route.Window))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_WINDOW, b))
+ }
+ if route.Rtt > 0 {
+ b := nl.Uint32Attr(uint32(route.Rtt))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTT, b))
+ }
+ if route.RttVar > 0 {
+ b := nl.Uint32Attr(uint32(route.RttVar))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTTVAR, b))
+ }
+ if route.Ssthresh > 0 {
+ b := nl.Uint32Attr(uint32(route.Ssthresh))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_SSTHRESH, b))
+ }
+ if route.Cwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.Cwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_CWND, b))
+ }
if route.AdvMSS > 0 {
b := nl.Uint32Attr(uint32(route.AdvMSS))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_ADVMSS, b))
}
+ if route.Reordering > 0 {
+ b := nl.Uint32Attr(uint32(route.Reordering))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_REORDERING, b))
+ }
if route.Hoplimit > 0 {
b := nl.Uint32Attr(uint32(route.Hoplimit))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_HOPLIMIT, b))
}
+ if route.InitCwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.InitCwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_INITCWND, b))
+ }
+ if route.Features > 0 {
+ b := nl.Uint32Attr(uint32(route.Features))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_FEATURES, b))
+ }
+ if route.RtoMin > 0 {
+ b := nl.Uint32Attr(uint32(route.RtoMin))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTO_MIN, b))
+ }
+ if route.InitRwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.InitRwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_INITRWND, b))
+ }
+ if route.QuickACK > 0 {
+ b := nl.Uint32Attr(uint32(route.QuickACK))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_QUICKACK, b))
+ }
+ if route.Congctl != "" {
+ b := nl.ZeroTerminated(route.Congctl)
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_CC_ALGO, b))
+ }
+ if route.FastOpenNoCookie > 0 {
+ b := nl.Uint32Attr(uint32(route.FastOpenNoCookie))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_FASTOPEN_NO_COOKIE, b))
+ }
if metrics != nil {
attr := nl.NewRtAttr(unix.RTA_METRICS, nil)
@@ -903,10 +957,36 @@ func deserializeRoute(m []byte) (Route, error) {
switch metric.Attr.Type {
case unix.RTAX_MTU:
route.MTU = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_WINDOW:
+ route.Window = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTT:
+ route.Rtt = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTTVAR:
+ route.RttVar = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_SSTHRESH:
+ route.Ssthresh = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_CWND:
+ route.Cwnd = int(native.Uint32(metric.Value[0:4]))
case unix.RTAX_ADVMSS:
route.AdvMSS = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_REORDERING:
+ route.Reordering = int(native.Uint32(metric.Value[0:4]))
case unix.RTAX_HOPLIMIT:
route.Hoplimit = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_INITCWND:
+ route.InitCwnd = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_FEATURES:
+ route.Features = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTO_MIN:
+ route.RtoMin = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_INITRWND:
+ route.InitRwnd = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_QUICKACK:
+ route.QuickACK = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_CC_ALGO:
+ route.Congctl = nl.BytesToString(metric.Value)
+ case unix.RTAX_FASTOPEN_NO_COOKIE:
+ route.FastOpenNoCookie = int(native.Uint32(metric.Value[0:4]))
}
}
}
@@ -938,15 +1018,27 @@ func deserializeRoute(m []byte) (Route, error) {
return route, nil
}
+// RouteGetOptions contains a set of options to use with
+// RouteGetWithOptions
+type RouteGetOptions struct {
+ VrfName string
+}
+
+// RouteGetWithOptions gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get <> vrf <VrfName>'.
+func RouteGetWithOptions(destination net.IP, options *RouteGetOptions) ([]Route, error) {
+ return pkgHandle.RouteGetWithOptions(destination, options)
+}
+
// RouteGet gets a route to a specific destination from the host system.
// Equivalent to: 'ip route get'.
func RouteGet(destination net.IP) ([]Route, error) {
return pkgHandle.RouteGet(destination)
}
-// RouteGet gets a route to a specific destination from the host system.
-// Equivalent to: 'ip route get'.
-func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+// RouteGetWithOptions gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get <> vrf <VrfName>'.
+func (h *Handle) RouteGetWithOptions(destination net.IP, options *RouteGetOptions) ([]Route, error) {
req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_REQUEST)
family := nl.GetIPFamily(destination)
var destinationData []byte
@@ -966,6 +1058,20 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
rtaDst := nl.NewRtAttr(unix.RTA_DST, destinationData)
req.AddData(rtaDst)
+ if options != nil {
+ link, err := LinkByName(options.VrfName)
+ if err != nil {
+ return nil, err
+ }
+ var (
+ b = make([]byte, 4)
+ native = nl.NativeEndian()
+ )
+ native.PutUint32(b, uint32(link.Attrs().Index))
+
+ req.AddData(nl.NewRtAttr(unix.RTA_OIF, b))
+ }
+
msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWROUTE)
if err != nil {
return nil, err
@@ -980,7 +1086,12 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
res = append(res, route)
}
return res, nil
+}
+// RouteGet gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get'.
+func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+ return h.RouteGetWithOptions(destination, nil)
}
// RouteSubscribe takes a chan down which notifications will be sent
diff --git a/vendor/github.com/vishvananda/netlink/rule.go b/vendor/github.com/vishvananda/netlink/rule.go
index 7fc8ae5df..95f2facfb 100644
--- a/vendor/github.com/vishvananda/netlink/rule.go
+++ b/vendor/github.com/vishvananda/netlink/rule.go
@@ -12,6 +12,7 @@ type Rule struct {
Table int
Mark int
Mask int
+ Tos uint
TunID uint
Goto int
Src *net.IPNet
@@ -22,6 +23,8 @@ type Rule struct {
SuppressIfgroup int
SuppressPrefixlen int
Invert bool
+ Dport *RulePortRange
+ Sport *RulePortRange
}
func (r Rule) String() string {
@@ -40,3 +43,14 @@ func NewRule() *Rule {
Flow: -1,
}
}
+
+// NewRulePortRange creates rule sport/dport range.
+func NewRulePortRange(start, end uint16) *RulePortRange {
+ return &RulePortRange{Start: start, End: end}
+}
+
+// RulePortRange represents rule sport/dport range.
+type RulePortRange struct {
+ Start uint16
+ End uint16
+}
diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go
index e12569fe4..40474f30e 100644
--- a/vendor/github.com/vishvananda/netlink/rule_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rule_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "bytes"
"fmt"
"net"
@@ -55,6 +56,9 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
if rule.Table >= 0 && rule.Table < 256 {
msg.Table = uint8(rule.Table)
}
+ if rule.Tos != 0 {
+ msg.Tos = uint8(rule.Tos)
+ }
var dstFamily uint8
var rtAttrs []*nl.RtAttr
@@ -138,10 +142,10 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
}
}
if rule.IifName != "" {
- req.AddData(nl.NewRtAttr(nl.FRA_IIFNAME, []byte(rule.IifName)))
+ req.AddData(nl.NewRtAttr(nl.FRA_IIFNAME, []byte(rule.IifName+"\x00")))
}
if rule.OifName != "" {
- req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName)))
+ req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName+"\x00")))
}
if rule.Goto >= 0 {
msg.Type = nl.FR_ACT_GOTO
@@ -150,6 +154,16 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
req.AddData(nl.NewRtAttr(nl.FRA_GOTO, b))
}
+ if rule.Dport != nil {
+ b := rule.Dport.toRtAttrData()
+ req.AddData(nl.NewRtAttr(nl.FRA_DPORT_RANGE, b))
+ }
+
+ if rule.Sport != nil {
+ b := rule.Sport.toRtAttrData()
+ req.AddData(nl.NewRtAttr(nl.FRA_SPORT_RANGE, b))
+ }
+
_, err := req.Execute(unix.NETLINK_ROUTE, 0)
return err
}
@@ -163,6 +177,19 @@ func RuleList(family int) ([]Rule, error) {
// RuleList lists rules in the system.
// Equivalent to: ip rule list
func (h *Handle) RuleList(family int) ([]Rule, error) {
+ return h.RuleListFiltered(family, nil, 0)
+}
+
+// RuleListFiltered gets a list of rules in the system filtered by the
+// specified rule template `filter`.
+// Equivalent to: ip rule list
+func RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
+ return pkgHandle.RuleListFiltered(family, filter, filterMask)
+}
+
+// RuleListFiltered lists rules in the system.
+// Equivalent to: ip rule list
+func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST)
msg := nl.NewIfInfomsg(family)
req.AddData(msg)
@@ -184,6 +211,7 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
rule := NewRule()
rule.Invert = msg.Flags&FibRuleInvert > 0
+ rule.Tos = uint(msg.Tos)
for j := range attrs {
switch attrs[j].Attr.Type {
@@ -225,10 +253,44 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
rule.Goto = int(native.Uint32(attrs[j].Value[0:4]))
case nl.FRA_PRIORITY:
rule.Priority = int(native.Uint32(attrs[j].Value[0:4]))
+ case nl.FRA_DPORT_RANGE:
+ rule.Dport = NewRulePortRange(native.Uint16(attrs[j].Value[0:2]), native.Uint16(attrs[j].Value[2:4]))
+ case nl.FRA_SPORT_RANGE:
+ rule.Sport = NewRulePortRange(native.Uint16(attrs[j].Value[0:2]), native.Uint16(attrs[j].Value[2:4]))
+ }
+ }
+
+ if filter != nil {
+ switch {
+ case filterMask&RT_FILTER_SRC != 0 &&
+ (rule.Src == nil || rule.Src.String() != filter.Src.String()):
+ continue
+ case filterMask&RT_FILTER_DST != 0 &&
+ (rule.Dst == nil || rule.Dst.String() != filter.Dst.String()):
+ continue
+ case filterMask&RT_FILTER_TABLE != 0 &&
+ filter.Table != unix.RT_TABLE_UNSPEC && rule.Table != filter.Table:
+ continue
+ case filterMask&RT_FILTER_TOS != 0 && rule.Tos != filter.Tos:
+ continue
+ case filterMask&RT_FILTER_PRIORITY != 0 && rule.Priority != filter.Priority:
+ continue
+ case filterMask&RT_FILTER_MARK != 0 && rule.Mark != filter.Mark:
+ continue
+ case filterMask&RT_FILTER_MASK != 0 && rule.Mask != filter.Mask:
+ continue
}
}
+
res = append(res, *rule)
}
return res, nil
}
+
+func (pr *RulePortRange) toRtAttrData() []byte {
+ b := [][]byte{make([]byte, 2), make([]byte, 2)}
+ native.PutUint16(b[0], pr.Start)
+ native.PutUint16(b[1], pr.End)
+ return bytes.Join(b, []byte{})
+}
diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go
index c4d89c17e..e4e7f7ac3 100644
--- a/vendor/github.com/vishvananda/netlink/socket_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_linux.go
@@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"net"
+ "syscall"
"github.com/vishvananda/netlink/nl"
"golang.org/x/sys/unix"
@@ -49,10 +50,15 @@ func (r *socketRequest) Serialize() []byte {
native.PutUint32(b.Next(4), r.States)
networkOrder.PutUint16(b.Next(2), r.ID.SourcePort)
networkOrder.PutUint16(b.Next(2), r.ID.DestinationPort)
- copy(b.Next(4), r.ID.Source.To4())
- b.Next(12)
- copy(b.Next(4), r.ID.Destination.To4())
- b.Next(12)
+ if r.Family == unix.AF_INET6 {
+ copy(b.Next(16), r.ID.Source)
+ copy(b.Next(16), r.ID.Destination)
+ } else {
+ copy(b.Next(4), r.ID.Source.To4())
+ b.Next(12)
+ copy(b.Next(4), r.ID.Destination.To4())
+ b.Next(12)
+ }
native.PutUint32(b.Next(4), r.ID.Interface)
native.PutUint32(b.Next(4), r.ID.Cookie[0])
native.PutUint32(b.Next(4), r.ID.Cookie[1])
@@ -89,10 +95,15 @@ func (s *Socket) deserialize(b []byte) error {
s.Retrans = rb.Read()
s.ID.SourcePort = networkOrder.Uint16(rb.Next(2))
s.ID.DestinationPort = networkOrder.Uint16(rb.Next(2))
- s.ID.Source = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
- rb.Next(12)
- s.ID.Destination = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
- rb.Next(12)
+ if s.Family == unix.AF_INET6 {
+ s.ID.Source = net.IP(rb.Next(16))
+ s.ID.Destination = net.IP(rb.Next(16))
+ } else {
+ s.ID.Source = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
+ rb.Next(12)
+ s.ID.Destination = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
+ rb.Next(12)
+ }
s.ID.Interface = native.Uint32(rb.Next(4))
s.ID.Cookie[0] = native.Uint32(rb.Next(4))
s.ID.Cookie[1] = native.Uint32(rb.Next(4))
@@ -160,3 +171,68 @@ func SocketGet(local, remote net.Addr) (*Socket, error) {
}
return sock, nil
}
+
+// SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type.
+func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
+ s, err := nl.Subscribe(unix.NETLINK_INET_DIAG)
+ if err != nil {
+ return nil, err
+ }
+ defer s.Close()
+
+ req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
+ req.AddData(&socketRequest{
+ Family: family,
+ Protocol: unix.IPPROTO_TCP,
+ Ext: INET_DIAG_INFO,
+ States: uint32(0xfff), // All TCP states
+ })
+ s.Send(req)
+
+ var result []*InetDiagTCPInfoResp
+loop:
+ for {
+ msgs, from, err := s.Receive()
+ if err != nil {
+ return nil, err
+ }
+ if from.Pid != nl.PidKernel {
+ return nil, fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel)
+ }
+ if len(msgs) == 0 {
+ return nil, errors.New("no message nor error from netlink")
+ }
+
+ for _, m := range msgs {
+ switch m.Header.Type {
+ case unix.NLMSG_DONE:
+ break loop
+ case unix.NLMSG_ERROR:
+ native := nl.NativeEndian()
+ error := int32(native.Uint32(m.Data[0:4]))
+ return nil, syscall.Errno(-error)
+ }
+ sockInfo := &Socket{}
+ if err := sockInfo.deserialize(m.Data); err != nil {
+ return nil, err
+ }
+ attrs, err := nl.ParseRouteAttr(m.Data[sizeofSocket:])
+ if err != nil {
+ return nil, err
+ }
+ var tcpInfo *TCPInfo
+ for _, a := range attrs {
+ if a.Attr.Type == INET_DIAG_INFO {
+ tcpInfo = &TCPInfo{}
+ if err := tcpInfo.deserialize(a.Value); err != nil {
+ return nil, err
+ }
+ break
+ }
+ }
+ r := &InetDiagTCPInfoResp{InetDiagMsg: sockInfo, TCPInfo: tcpInfo}
+ result = append(result, r)
+ }
+ }
+ return result, nil
+}
diff --git a/vendor/github.com/vishvananda/netlink/tcp.go b/vendor/github.com/vishvananda/netlink/tcp.go
new file mode 100644
index 000000000..4a42ee5a6
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/tcp.go
@@ -0,0 +1,18 @@
+package netlink
+
+// TCP States
+const (
+ TCP_ESTABLISHED = iota + 0x01
+ TCP_SYN_SENT
+ TCP_SYN_RECV
+ TCP_FIN_WAIT1
+ TCP_FIN_WAIT2
+ TCP_TIME_WAIT
+ TCP_CLOSE
+ TCP_CLOSE_WAIT
+ TCP_LAST_ACK
+ TCP_LISTEN
+ TCP_CLOSING
+ TCP_NEW_SYN_REC
+ TCP_MAX_STATES
+)
diff --git a/vendor/github.com/vishvananda/netlink/tcp_linux.go b/vendor/github.com/vishvananda/netlink/tcp_linux.go
new file mode 100644
index 000000000..741ea1655
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/tcp_linux.go
@@ -0,0 +1,393 @@
+package netlink
+
+import (
+ "bytes"
+ "io"
+)
+
+type TCPInfo struct {
+ State uint8
+ Ca_state uint8
+ Retransmits uint8
+ Probes uint8
+ Backoff uint8
+ Options uint8
+ Snd_wscale uint8 // no uint4
+ Rcv_wscale uint8
+ Delivery_rate_app_limited uint8
+ Fastopen_client_fail uint8
+ Rto uint32
+ Ato uint32
+ Snd_mss uint32
+ Rcv_mss uint32
+ Unacked uint32
+ Sacked uint32
+ Lost uint32
+ Retrans uint32
+ Fackets uint32
+ Last_data_sent uint32
+ Last_ack_sent uint32
+ Last_data_recv uint32
+ Last_ack_recv uint32
+ Pmtu uint32
+ Rcv_ssthresh uint32
+ Rtt uint32
+ Rttvar uint32
+ Snd_ssthresh uint32
+ Snd_cwnd uint32
+ Advmss uint32
+ Reordering uint32
+ Rcv_rtt uint32
+ Rcv_space uint32
+ Total_retrans uint32
+ Pacing_rate uint64
+ Max_pacing_rate uint64
+ Bytes_acked uint64 /* RFC4898 tcpEStatsAppHCThruOctetsAcked */
+ Bytes_received uint64 /* RFC4898 tcpEStatsAppHCThruOctetsReceived */
+ Segs_out uint32 /* RFC4898 tcpEStatsPerfSegsOut */
+ Segs_in uint32 /* RFC4898 tcpEStatsPerfSegsIn */
+ Notsent_bytes uint32
+ Min_rtt uint32
+ Data_segs_in uint32 /* RFC4898 tcpEStatsDataSegsIn */
+ Data_segs_out uint32 /* RFC4898 tcpEStatsDataSegsOut */
+ Delivery_rate uint64
+ Busy_time uint64 /* Time (usec) busy sending data */
+ Rwnd_limited uint64 /* Time (usec) limited by receive window */
+ Sndbuf_limited uint64 /* Time (usec) limited by send buffer */
+ Delivered uint32
+ Delivered_ce uint32
+ Bytes_sent uint64 /* RFC4898 tcpEStatsPerfHCDataOctetsOut */
+ Bytes_retrans uint64 /* RFC4898 tcpEStatsPerfOctetsRetrans */
+ Dsack_dups uint32 /* RFC4898 tcpEStatsStackDSACKDups */
+ Reord_seen uint32 /* reordering events seen */
+ Rcv_ooopack uint32 /* Out-of-order packets received */
+ Snd_wnd uint32 /* peer's advertised receive window after * scaling (bytes) */
+}
+
+func checkDeserErr(err error) error {
+ if err == io.EOF {
+ return nil
+ }
+ return err
+}
+
+func (t *TCPInfo) deserialize(b []byte) error {
+ var err error
+ rb := bytes.NewBuffer(b)
+
+ t.State, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Ca_state, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Retransmits, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Probes, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Backoff, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Options, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ scales, err := rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Snd_wscale = scales >> 4 // first 4 bits
+ t.Rcv_wscale = scales & 0xf // last 4 bits
+
+ rateLimAndFastOpen, err := rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Delivery_rate_app_limited = rateLimAndFastOpen >> 7 // get first bit
+ t.Fastopen_client_fail = rateLimAndFastOpen >> 5 & 3 // get next two bits
+
+ next := rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rto = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Ato = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_mss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_mss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Unacked = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Sacked = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Lost = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Retrans = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Fackets = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_data_sent = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_ack_sent = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_data_recv = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_ack_recv = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Pmtu = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_ssthresh = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rtt = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rttvar = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_ssthresh = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_cwnd = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Advmss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Reordering = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_rtt = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_space = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Total_retrans = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Pacing_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Max_pacing_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_acked = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_received = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Segs_out = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Segs_in = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Notsent_bytes = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Min_rtt = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Data_segs_in = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Data_segs_out = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivery_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Busy_time = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rwnd_limited = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Sndbuf_limited = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivered = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivered_ce = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_sent = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_retrans = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Dsack_dups = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Reord_seen = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_ooopack = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_wnd = native.Uint32(next)
+ return nil
+}
diff --git a/vendor/github.com/vishvananda/netns/go.mod b/vendor/github.com/vishvananda/netns/go.mod
index 8221f782c..9cdf577ad 100644
--- a/vendor/github.com/vishvananda/netns/go.mod
+++ b/vendor/github.com/vishvananda/netns/go.mod
@@ -1,3 +1,5 @@
module github.com/vishvananda/netns
go 1.12
+
+require golang.org/x/sys v0.0.0-20200217220822-9197077df867
diff --git a/vendor/github.com/vishvananda/netns/go.sum b/vendor/github.com/vishvananda/netns/go.sum
index e69de29bb..1d4adf451 100644
--- a/vendor/github.com/vishvananda/netns/go.sum
+++ b/vendor/github.com/vishvananda/netns/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netns/netns.go b/vendor/github.com/vishvananda/netns/netns.go
index dd2f21570..116befd54 100644
--- a/vendor/github.com/vishvananda/netns/netns.go
+++ b/vendor/github.com/vishvananda/netns/netns.go
@@ -10,7 +10,8 @@ package netns
import (
"fmt"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
// NsHandle is a handle to a network namespace. It can be cast directly
@@ -24,11 +25,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
if ns == other {
return true
}
- var s1, s2 syscall.Stat_t
- if err := syscall.Fstat(int(ns), &s1); err != nil {
+ var s1, s2 unix.Stat_t
+ if err := unix.Fstat(int(ns), &s1); err != nil {
return false
}
- if err := syscall.Fstat(int(other), &s2); err != nil {
+ if err := unix.Fstat(int(other), &s2); err != nil {
return false
}
return (s1.Dev == s2.Dev) && (s1.Ino == s2.Ino)
@@ -36,11 +37,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
// String shows the file descriptor number and its dev and inode.
func (ns NsHandle) String() string {
- var s syscall.Stat_t
if ns == -1 {
return "NS(None)"
}
- if err := syscall.Fstat(int(ns), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(int(ns), &s); err != nil {
return fmt.Sprintf("NS(%d: unknown)", ns)
}
return fmt.Sprintf("NS(%d: %d, %d)", ns, s.Dev, s.Ino)
@@ -49,11 +50,11 @@ func (ns NsHandle) String() string {
// UniqueId returns a string which uniquely identifies the namespace
// associated with the network handle.
func (ns NsHandle) UniqueId() string {
- var s syscall.Stat_t
if ns == -1 {
return "NS(none)"
}
- if err := syscall.Fstat(int(ns), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(int(ns), &s); err != nil {
return "NS(unknown)"
}
return fmt.Sprintf("NS(%d:%d)", s.Dev, s.Ino)
@@ -67,7 +68,7 @@ func (ns NsHandle) IsOpen() bool {
// Close closes the NsHandle and resets its file descriptor to -1.
// It is not safe to use an NsHandle after Close() is called.
func (ns *NsHandle) Close() error {
- if err := syscall.Close(int(*ns)); err != nil {
+ if err := unix.Close(int(*ns)); err != nil {
return err
}
(*ns) = -1
diff --git a/vendor/github.com/vishvananda/netns/netns_linux.go b/vendor/github.com/vishvananda/netns/netns_linux.go
index b1e3b07c0..c76acd087 100644
--- a/vendor/github.com/vishvananda/netns/netns_linux.go
+++ b/vendor/github.com/vishvananda/netns/netns_linux.go
@@ -6,46 +6,30 @@ import (
"fmt"
"io/ioutil"
"os"
+ "path"
"path/filepath"
- "runtime"
"strconv"
"strings"
"syscall"
-)
-// SYS_SETNS syscall allows changing the namespace of the current process.
-var SYS_SETNS = map[string]uintptr{
- "386": 346,
- "amd64": 308,
- "arm64": 268,
- "arm": 375,
- "mips": 4344,
- "mipsle": 4344,
- "mips64le": 4344,
- "ppc64": 350,
- "ppc64le": 350,
- "riscv64": 268,
- "s390x": 339,
-}[runtime.GOARCH]
+ "golang.org/x/sys/unix"
+)
// Deprecated: use syscall pkg instead (go >= 1.5 needed).
const (
- CLONE_NEWUTS = 0x04000000 /* New utsname group? */
- CLONE_NEWIPC = 0x08000000 /* New ipcs */
- CLONE_NEWUSER = 0x10000000 /* New user namespace */
- CLONE_NEWPID = 0x20000000 /* New pid namespace */
- CLONE_NEWNET = 0x40000000 /* New network namespace */
- CLONE_IO = 0x80000000 /* Get io context */
+ CLONE_NEWUTS = 0x04000000 /* New utsname group? */
+ CLONE_NEWIPC = 0x08000000 /* New ipcs */
+ CLONE_NEWUSER = 0x10000000 /* New user namespace */
+ CLONE_NEWPID = 0x20000000 /* New pid namespace */
+ CLONE_NEWNET = 0x40000000 /* New network namespace */
+ CLONE_IO = 0x80000000 /* Get io context */
+ bindMountPath = "/run/netns" /* Bind mount path for named netns */
)
// Setns sets namespace using syscall. Note that this should be a method
// in syscall but it has not been added.
func Setns(ns NsHandle, nstype int) (err error) {
- _, _, e1 := syscall.Syscall(SYS_SETNS, uintptr(ns), uintptr(nstype), 0)
- if e1 != 0 {
- err = e1
- }
- return
+ return unix.Setns(int(ns), nstype)
}
// Set sets the current network namespace to the namespace represented
@@ -57,21 +41,64 @@ func Set(ns NsHandle) (err error) {
// New creates a new network namespace, sets it as current and returns
// a handle to it.
func New() (ns NsHandle, err error) {
- if err := syscall.Unshare(CLONE_NEWNET); err != nil {
+ if err := unix.Unshare(CLONE_NEWNET); err != nil {
return -1, err
}
return Get()
}
+// NewNamed creates a new named network namespace and returns a handle to it
+func NewNamed(name string) (NsHandle, error) {
+ if _, err := os.Stat(bindMountPath); os.IsNotExist(err) {
+ err = os.MkdirAll(bindMountPath, 0755)
+ if err != nil {
+ return None(), err
+ }
+ }
+
+ newNs, err := New()
+ if err != nil {
+ return None(), err
+ }
+
+ namedPath := path.Join(bindMountPath, name)
+
+ f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
+ if err != nil {
+ return None(), err
+ }
+ f.Close()
+
+ nsPath := fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid())
+ err = syscall.Mount(nsPath, namedPath, "bind", syscall.MS_BIND, "")
+ if err != nil {
+ return None(), err
+ }
+
+ return newNs, nil
+}
+
+// DeleteNamed deletes a named network namespace
+func DeleteNamed(name string) error {
+ namedPath := path.Join(bindMountPath, name)
+
+ err := syscall.Unmount(namedPath, syscall.MNT_DETACH)
+ if err != nil {
+ return err
+ }
+
+ return os.Remove(namedPath)
+}
+
// Get gets a handle to the current threads network namespace.
func Get() (NsHandle, error) {
- return GetFromThread(os.Getpid(), syscall.Gettid())
+ return GetFromThread(os.Getpid(), unix.Gettid())
}
// GetFromPath gets a handle to a network namespace
// identified by the path
func GetFromPath(path string) (NsHandle, error) {
- fd, err := syscall.Open(path, syscall.O_RDONLY, 0)
+ fd, err := unix.Open(path, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil {
return -1, err
}
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index 06f84b855..6b4027b33 100644
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index a54436e39..cfc08c979 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
index 7b88e865a..7f7f272a0 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
index 568bcd031..75a955661 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index f7cb46971..4adb89cf9 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build 386 amd64 amd64p32
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index e5037d92e..964946df9 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 47f084128..2f557a588 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build 386 amd64 amd64p32
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
index 78fe25e86..5b427d67e 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -7,7 +7,7 @@
// (See golang.org/issue/32102)
// +build aix,ppc64
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index 06f84b855..6b4027b33 100644
--- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_386.s b/vendor/golang.org/x/sys/unix/asm_darwin_386.s
index 8a7278319..8a06b87d7 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s b/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
index 6321421f2..f2397fde5 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_arm.s b/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
index 333242d50..c9e6b6fc8 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
// +build arm,darwin
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s b/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
index 97e017437..89843f8f4 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
// +build arm64,darwin
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s b/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
index 603dd5728..27674e1ca 100644
--- a/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_386.s b/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
index c9a0a2601..49f0ac236 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
index 35172477c..f2dfc57b8 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s b/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
index 9227c875b..6d740db2c 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
index d9318cbf0..a8f5a29b3 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 448bebbb5..0655ecbfb 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index c6468a958..bc3fb6ac3 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index cf0f3575c..55b13c7ba 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index afe6fdf6b..22a83d8e3 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -4,7 +4,7 @@
// +build linux
// +build arm64
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index ab9d63831..dc222b90c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -4,7 +4,7 @@
// +build linux
// +build mips64 mips64le
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 99e539904..d333f13cf 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -4,7 +4,7 @@
// +build linux
// +build mips mipsle
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 88f712557..459a629c2 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -4,7 +4,7 @@
// +build linux
// +build ppc64 ppc64le
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index 3cfefed2e..04d38497c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build riscv64,!gccgo
+// +build riscv64,gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index a5a863c6b..cc303989e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -4,7 +4,7 @@
// +build s390x
// +build linux
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_386.s b/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
index 48bdcd763..ae7b498d5 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
index 2ede05c72..e57367c17 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s b/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
index e8928571c..d7da175e1 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
index 6f98ba5a3..e7cbe1904 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_386.s b/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
index 00576f3c8..2f00b0310 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
index 790ef77f8..07632c99c 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s b/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
index 469bfa100..73e997320 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
index 0cedea3d3..c47302aa4 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 567a4763c..47c93fcb6 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index ded8260f3..1f2c755a7 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go
index 5e9269063..86781eac2 100644
--- a/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/vendor/golang.org/x/sys/unix/endian_big.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
-// +build ppc64 s390x mips mips64
+// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
package unix
diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go
index bcdb5d30e..8822d8541 100644
--- a/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/vendor/golang.org/x/sys/unix/endian_little.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
-// +build 386 amd64 amd64p32 arm arm64 ppc64le mipsle mips64le riscv64
+// +build 386 amd64 amd64p32 alpha arm arm64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 21a4946ba..baa771f8a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build amd64,linux
-// +build !gccgo
+// +build gc
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index c26e6ec23..9edf3961b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build linux,!gccgo
+// +build linux,gc
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 070bd3899..90e33d8cf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build linux,!gccgo,386
+// +build linux,gc,386
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index 8c514c95e..1a97baae7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build arm,!gccgo,linux
+// +build arm,gc,linux
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index 1c70d1b69..87bd161ce 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build darwin dragonfly freebsd linux netbsd openbsd solaris
-// +build !gccgo,!ppc64le,!ppc64
+// +build gc,!ppc64le,!ppc64
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index 86dc765ab..d36216c3c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -4,7 +4,7 @@
// +build linux
// +build ppc64le ppc64
-// +build !gccgo
+// +build gc
package unix
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index 4b3a8ad7b..0550da06d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,7 @@
// Code generated by the command above; see README.md. DO NOT EDIT.
// +build aix,ppc64
-// +build !gccgo
+// +build gc
package unix
diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go
index 82076fb74..9cd147b7e 100644
--- a/vendor/golang.org/x/sys/windows/dll_windows.go
+++ b/vendor/golang.org/x/sys/windows/dll_windows.go
@@ -32,6 +32,8 @@ type DLLError struct {
func (e *DLLError) Error() string { return e.Msg }
+func (e *DLLError) Unwrap() error { return e.Err }
+
// A DLL implements access to a single DLL.
type DLL struct {
Name string
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 9e3c44a85..14906485f 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -1103,9 +1103,10 @@ type OBJECTS_AND_NAME struct {
}
//sys getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetSecurityInfo
-//sys SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) = advapi32.SetSecurityInfo
+//sys SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetSecurityInfo
//sys getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetNamedSecurityInfoW
//sys SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetNamedSecurityInfoW
+//sys SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) = advapi32.SetKernelObjectSecurity
//sys buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) = advapi32.BuildSecurityDescriptorW
//sys initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) = advapi32.InitializeSecurityDescriptor
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 008ffc11a..86a46f771 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -174,6 +174,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
//sys ExitProcess(exitcode uint32)
//sys IsWow64Process(handle Handle, isWow64 *bool) (err error) = IsWow64Process
+//sys IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint16) (err error) = IsWow64Process2?
//sys CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
//sys ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
//sys WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
@@ -187,6 +188,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys FindClose(handle Handle) (err error)
//sys GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error)
//sys GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error)
+//sys SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error)
//sys GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) = GetCurrentDirectoryW
//sys SetCurrentDirectory(path *uint16) (err error) = SetCurrentDirectoryW
//sys CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) = CreateDirectoryW
@@ -243,6 +245,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) = kernel32.GetFullPathNameW
//sys GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) = kernel32.GetLongPathNameW
//sys GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) = kernel32.GetShortPathNameW
+//sys GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) = kernel32.GetFinalPathNameByHandleW
//sys CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) = kernel32.CreateFileMappingW
//sys MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error)
//sys UnmapViewOfFile(addr uintptr) (err error)
@@ -351,7 +354,6 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetThreadPreferredUILanguages
//sys getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetUserPreferredUILanguages
//sys getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetSystemPreferredUILanguages
-//sys GetFinalPathNameByHandleW(file syscall.Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) = kernel32.GetFinalPathNameByHandleW
// Process Status API (PSAPI)
//sys EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index da1652e74..e7ae37f88 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1772,3 +1772,32 @@ const (
MUI_LANGUAGE_INSTALLED = 0x20
MUI_LANGUAGE_LICENSED = 0x40
)
+
+// FILE_INFO_BY_HANDLE_CLASS constants for SetFileInformationByHandle/GetFileInformationByHandleEx
+const (
+ FileBasicInfo = 0
+ FileStandardInfo = 1
+ FileNameInfo = 2
+ FileRenameInfo = 3
+ FileDispositionInfo = 4
+ FileAllocationInfo = 5
+ FileEndOfFileInfo = 6
+ FileStreamInfo = 7
+ FileCompressionInfo = 8
+ FileAttributeTagInfo = 9
+ FileIdBothDirectoryInfo = 10
+ FileIdBothDirectoryRestartInfo = 11
+ FileIoPriorityHintInfo = 12
+ FileRemoteProtocolInfo = 13
+ FileFullDirectoryInfo = 14
+ FileFullDirectoryRestartInfo = 15
+ FileStorageInfo = 16
+ FileAlignmentInfo = 17
+ FileIdInfo = 18
+ FileIdExtdDirectoryInfo = 19
+ FileIdExtdDirectoryRestartInfo = 20
+ FileDispositionInfoEx = 21
+ FileRenameInfoEx = 22
+ FileCaseSensitiveInfo = 23
+ FileNormalizedNameInfo = 24
+)
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index d400c3512..8fbef7da6 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -122,6 +122,7 @@ var (
procReportEventW = modadvapi32.NewProc("ReportEventW")
procRevertToSelf = modadvapi32.NewProc("RevertToSelf")
procSetEntriesInAclW = modadvapi32.NewProc("SetEntriesInAclW")
+ procSetKernelObjectSecurity = modadvapi32.NewProc("SetKernelObjectSecurity")
procSetNamedSecurityInfoW = modadvapi32.NewProc("SetNamedSecurityInfoW")
procSetSecurityDescriptorControl = modadvapi32.NewProc("SetSecurityDescriptorControl")
procSetSecurityDescriptorDacl = modadvapi32.NewProc("SetSecurityDescriptorDacl")
@@ -248,6 +249,7 @@ var (
procGetVolumePathNamesForVolumeNameW = modkernel32.NewProc("GetVolumePathNamesForVolumeNameW")
procGetWindowsDirectoryW = modkernel32.NewProc("GetWindowsDirectoryW")
procIsWow64Process = modkernel32.NewProc("IsWow64Process")
+ procIsWow64Process2 = modkernel32.NewProc("IsWow64Process2")
procLoadLibraryExW = modkernel32.NewProc("LoadLibraryExW")
procLoadLibraryW = modkernel32.NewProc("LoadLibraryW")
procLocalFree = modkernel32.NewProc("LocalFree")
@@ -283,6 +285,7 @@ var (
procSetEvent = modkernel32.NewProc("SetEvent")
procSetFileAttributesW = modkernel32.NewProc("SetFileAttributesW")
procSetFileCompletionNotificationModes = modkernel32.NewProc("SetFileCompletionNotificationModes")
+ procSetFileInformationByHandle = modkernel32.NewProc("SetFileInformationByHandle")
procSetFilePointer = modkernel32.NewProc("SetFilePointer")
procSetFileTime = modkernel32.NewProc("SetFileTime")
procSetHandleInformation = modkernel32.NewProc("SetHandleInformation")
@@ -970,6 +973,14 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE
return
}
+func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) {
+ r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
var _p0 *uint16
_p0, ret = syscall.UTF16PtrFromString(objectName)
@@ -1056,8 +1067,11 @@ func setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl *
return
}
-func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) {
- syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+ r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+ if r0 != 0 {
+ ret = syscall.Errno(r0)
+ }
return
}
@@ -1727,7 +1741,7 @@ func GetFileType(filehandle Handle) (n uint32, err error) {
return
}
-func GetFinalPathNameByHandleW(file syscall.Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) {
+func GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) {
r0, _, e1 := syscall.Syscall6(procGetFinalPathNameByHandleW.Addr(), 4, uintptr(file), uintptr(unsafe.Pointer(filePath)), uintptr(filePathSize), uintptr(flags), 0, 0)
n = uint32(r0)
if n == 0 {
@@ -2055,6 +2069,18 @@ func IsWow64Process(handle Handle, isWow64 *bool) (err error) {
return
}
+func IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint16) (err error) {
+ err = procIsWow64Process2.Find()
+ if err != nil {
+ return
+ }
+ r1, _, e1 := syscall.Syscall(procIsWow64Process2.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(processMachine)), uintptr(unsafe.Pointer(nativeMachine)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) {
var _p0 *uint16
_p0, err = syscall.UTF16PtrFromString(libname)
@@ -2386,6 +2412,14 @@ func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error)
return
}
+func SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procSetFileInformationByHandle.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) {
r0, _, e1 := syscall.Syscall6(procSetFilePointer.Addr(), 4, uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence), 0, 0)
newlowoffset = uint32(r0)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 422a6d88d..fe45f9237 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -60,7 +60,7 @@ github.com/containernetworking/cni/pkg/types/020
github.com/containernetworking/cni/pkg/types/current
github.com/containernetworking/cni/pkg/utils
github.com/containernetworking/cni/pkg/version
-# github.com/containernetworking/plugins v0.8.7
+# github.com/containernetworking/plugins v0.9.0
github.com/containernetworking/plugins/pkg/ip
github.com/containernetworking/plugins/pkg/ns
github.com/containernetworking/plugins/pkg/utils/hwaddr
@@ -168,7 +168,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.24.1
+# github.com/containers/storage v1.24.3
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs
@@ -563,10 +563,10 @@ github.com/vbauerster/mpb/v5
github.com/vbauerster/mpb/v5/cwriter
github.com/vbauerster/mpb/v5/decor
github.com/vbauerster/mpb/v5/internal
-# github.com/vishvananda/netlink v1.1.0
+# github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
github.com/vishvananda/netlink
github.com/vishvananda/netlink/nl
-# github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
+# github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
github.com/vishvananda/netns
# github.com/willf/bitset v1.1.11
github.com/willf/bitset
@@ -627,7 +627,7 @@ golang.org/x/oauth2/internal
# golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
golang.org/x/sync/errgroup
golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20201112073958-5cba982894dd
+# golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637
golang.org/x/sys/cpu
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix