summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-x.github/actions/check_cirrus_cron/cron_failures.sh2
-rw-r--r--cmd/podman/common/completion.go78
-rw-r--r--cmd/podman/containers/commit.go2
-rw-r--r--cmd/podman/containers/cp.go2
-rw-r--r--cmd/podman/containers/exec.go2
-rw-r--r--cmd/podman/containers/logs.go6
-rw-r--r--cmd/podman/containers/port.go2
-rw-r--r--cmd/podman/containers/runlabel.go2
-rw-r--r--cmd/podman/diff.go2
-rw-r--r--cmd/podman/generate/kube.go2
-rw-r--r--cmd/podman/generate/systemd.go2
-rw-r--r--cmd/podman/images/build.go10
-rw-r--r--cmd/podman/images/import.go5
-rw-r--r--cmd/podman/images/push.go2
-rw-r--r--cmd/podman/images/save.go2
-rw-r--r--cmd/podman/images/untag.go2
-rw-r--r--cmd/podman/inspect.go4
-rw-r--r--cmd/podman/manifest/push.go2
-rw-r--r--cmd/podman/networks/create.go2
-rw-r--r--cmd/podman/play/kube.go2
-rw-r--r--cmd/podman/pods/prune.go4
-rw-r--r--cmd/podman/system/prune.go3
-rw-r--r--cmd/podman/system/service.go3
-rw-r--r--cmd/podman/system/unshare.go2
-rw-r--r--completions/Readme.md2
-rwxr-xr-xcontrib/cirrus/setup_environment.sh5
-rw-r--r--docs/source/markdown/podman-container-prune.1.md12
-rw-r--r--docs/source/markdown/podman-create.1.md4
-rw-r--r--docs/source/markdown/podman-generate-systemd.1.md2
-rw-r--r--docs/source/markdown/podman-image-prune.1.md12
-rw-r--r--docs/source/markdown/podman-network-connect.1.md2
-rw-r--r--docs/source/markdown/podman-play-kube.1.md2
-rw-r--r--docs/source/markdown/podman-run.1.md4
-rw-r--r--docs/source/markdown/podman-system-prune.1.md16
-rw-r--r--go.mod12
-rw-r--r--go.sum30
-rw-r--r--libpod/image/pull.go18
-rw-r--r--pkg/api/handlers/compat/containers_archive.go62
-rw-r--r--pkg/api/handlers/compat/images_build.go2
-rw-r--r--pkg/api/handlers/compat/networks.go6
-rw-r--r--pkg/api/handlers/libpod/images.go2
-rw-r--r--pkg/bindings/generator/generator.go234
-rw-r--r--pkg/bindings/images/build.go3
-rw-r--r--pkg/bindings/images/removeoptions_types.go93
-rw-r--r--pkg/bindings/images/rm.go10
-rw-r--r--pkg/bindings/images/types.go8
-rw-r--r--pkg/bindings/test/images_test.go17
-rw-r--r--pkg/bindings/test/manifests_test.go2
-rw-r--r--pkg/copy/copy.go68
-rw-r--r--pkg/copy/fileinfo.go56
-rw-r--r--pkg/copy/item.go13
-rw-r--r--pkg/copy/parse.go61
-rw-r--r--pkg/domain/entities/system.go1
-rw-r--r--pkg/domain/infra/abi/cp.go64
-rw-r--r--pkg/domain/infra/abi/manifest.go2
-rw-r--r--pkg/domain/infra/abi/play.go4
-rw-r--r--pkg/domain/infra/abi/system.go14
-rw-r--r--pkg/domain/infra/tunnel/containers.go3
-rw-r--r--pkg/specgen/generate/config_linux.go23
-rw-r--r--pkg/specgen/generate/kube/volume.go2
-rw-r--r--pkg/specgen/generate/security.go2
-rw-r--r--test/apiv2/10-images.at2
-rw-r--r--test/apiv2/35-networks.at8
-rw-r--r--test/e2e/run_privileged_test.go12
-rw-r--r--test/e2e/run_test.go7
-rw-r--r--test/system/015-help.bats13
-rw-r--r--test/system/070-build.bats42
-rw-r--r--test/system/600-completion.bats272
-rw-r--r--test/system/helpers.bash10
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/storage.conf2
-rw-r--r--vendor/github.com/containers/storage/store.go4
-rw-r--r--vendor/github.com/onsi/gomega/.travis.yml3
-rw-r--r--vendor/github.com/onsi/gomega/CHANGELOG.md7
-rw-r--r--vendor/github.com/onsi/gomega/format/format.go8
-rw-r--r--vendor/github.com/onsi/gomega/gbytes/io_wrappers.go6
-rw-r--r--vendor/github.com/onsi/gomega/go.mod2
-rw-r--r--vendor/github.com/onsi/gomega/go.sum3
-rw-r--r--vendor/github.com/onsi/gomega/gomega_dsl.go2
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go5
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux.go41
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go222
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go4
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go22
-rw-r--r--vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go17
-rw-r--r--vendor/github.com/vishvananda/netlink/.travis.yml7
-rw-r--r--vendor/github.com/vishvananda/netlink/addr.go1
-rw-r--r--vendor/github.com/vishvananda/netlink/addr_linux.go35
-rw-r--r--vendor/github.com/vishvananda/netlink/class.go56
-rw-r--r--vendor/github.com/vishvananda/netlink/class_linux.go29
-rw-r--r--vendor/github.com/vishvananda/netlink/conntrack_linux.go116
-rw-r--r--vendor/github.com/vishvananda/netlink/filter.go9
-rw-r--r--vendor/github.com/vishvananda/netlink/filter_linux.go20
-rw-r--r--vendor/github.com/vishvananda/netlink/go.mod4
-rw-r--r--vendor/github.com/vishvananda/netlink/go.sum10
-rw-r--r--vendor/github.com/vishvananda/netlink/handle_unspecified.go2
-rw-r--r--vendor/github.com/vishvananda/netlink/inet_diag.go30
-rw-r--r--vendor/github.com/vishvananda/netlink/ipset_linux.go335
-rw-r--r--vendor/github.com/vishvananda/netlink/link.go50
-rw-r--r--vendor/github.com/vishvananda/netlink/link_linux.go198
-rw-r--r--vendor/github.com/vishvananda/netlink/neigh_linux.go12
-rw-r--r--vendor/github.com/vishvananda/netlink/netlink_unspecified.go6
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/addr_linux.go14
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go5
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/ipset_linux.go222
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/link_linux.go67
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/nl_linux.go28
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/parse_attr.go67
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/syscall.go7
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/tc_linux.go111
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go2
-rw-r--r--vendor/github.com/vishvananda/netlink/qdisc.go24
-rw-r--r--vendor/github.com/vishvananda/netlink/qdisc_linux.go41
-rw-r--r--vendor/github.com/vishvananda/netlink/rdma_link_linux.go46
-rw-r--r--vendor/github.com/vishvananda/netlink/route.go51
-rw-r--r--vendor/github.com/vishvananda/netlink/route_linux.go119
-rw-r--r--vendor/github.com/vishvananda/netlink/rule.go14
-rw-r--r--vendor/github.com/vishvananda/netlink/rule_linux.go66
-rw-r--r--vendor/github.com/vishvananda/netlink/socket_linux.go92
-rw-r--r--vendor/github.com/vishvananda/netlink/tcp.go18
-rw-r--r--vendor/github.com/vishvananda/netlink/tcp_linux.go393
-rw-r--r--vendor/github.com/vishvananda/netns/go.mod2
-rw-r--r--vendor/github.com/vishvananda/netns/go.sum2
-rw-r--r--vendor/github.com/vishvananda/netns/netns.go19
-rw-r--r--vendor/github.com/vishvananda/netns/netns_linux.go87
-rw-r--r--vendor/github.com/willf/bitset/Makefile191
-rw-r--r--vendor/github.com/willf/bitset/README.md20
-rw-r--r--vendor/github.com/willf/bitset/bitset.go72
-rw-r--r--vendor/github.com/willf/bitset/go.mod3
-rw-r--r--vendor/github.com/willf/bitset/go.sum0
-rw-r--r--vendor/golang.org/x/net/http2/transport.go4
-rw-r--r--vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_gc_x86.go2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_s390x.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/cpu_x86.s2
-rw-r--r--vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_aix_ppc64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_darwin_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_mips64x.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_mipsx.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_riscv64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_linux_s390x.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_386.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_arm.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/asm_solaris_amd64.s2
-rw-r--r--vendor/golang.org/x/sys/unix/endian_big.go2
-rw-r--r--vendor/golang.org/x/sys/unix/endian_little.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_unix_gc.go2
-rw-r--r--vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go2
-rw-r--r--vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go2
-rw-r--r--vendor/golang.org/x/sys/windows/dll_windows.go2
-rw-r--r--vendor/golang.org/x/sys/windows/security_windows.go3
-rw-r--r--vendor/golang.org/x/sys/windows/syscall_windows.go4
-rw-r--r--vendor/golang.org/x/sys/windows/types_windows.go29
-rw-r--r--vendor/golang.org/x/sys/windows/zsyscall_windows.go40
-rw-r--r--vendor/modules.txt18
183 files changed, 3805 insertions, 824 deletions
diff --git a/.github/actions/check_cirrus_cron/cron_failures.sh b/.github/actions/check_cirrus_cron/cron_failures.sh
index 2693df417..16419c6d6 100755
--- a/.github/actions/check_cirrus_cron/cron_failures.sh
+++ b/.github/actions/check_cirrus_cron/cron_failures.sh
@@ -67,7 +67,7 @@ jq --indent 4 --color-output . <./artifacts/reply.json || \
cat ./artifacts/reply.json
echo "::endgroup::"
-# Desireable to catch non-JSON encoded errors in reply.
+# Desirable to catch non-JSON encoded errors in reply.
if grep -qi 'error' ./artifacts/reply.json; then
err "Found the word 'error' in reply"
fi
diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go
index 25f4d0f79..f792b2713 100644
--- a/cmd/podman/common/completion.go
+++ b/cmd/podman/common/completion.go
@@ -278,7 +278,6 @@ func validCurrentCmdLine(cmd *cobra.Command, args []string, toComplete string) b
return true
}
}
- cobra.CompDebugln(err.Error(), true)
return false
}
return true
@@ -445,6 +444,29 @@ func AutocompleteNetworks(cmd *cobra.Command, args []string, toComplete string)
return getNetworks(cmd, toComplete)
}
+// AutocompleteDefaultOneArg - Autocomplete path only for the first argument.
+func AutocompleteDefaultOneArg(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ if len(args) == 0 {
+ return nil, cobra.ShellCompDirectiveDefault
+ }
+ return nil, cobra.ShellCompDirectiveNoFileComp
+}
+
+// AutocompleteCommitCommand - Autocomplete podman commit command args.
+func AutocompleteCommitCommand(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ if !validCurrentCmdLine(cmd, args, toComplete) {
+ return nil, cobra.ShellCompDirectiveNoFileComp
+ }
+ if len(args) == 0 {
+ return getContainers(cmd, toComplete, completeDefault)
+ }
+ if len(args) == 1 {
+ return getImages(cmd, toComplete)
+ }
+ // don't complete more than 2 args
+ return nil, cobra.ShellCompDirectiveNoFileComp
+}
+
// AutocompleteCpCommand - Autocomplete podman cp command args.
func AutocompleteCpCommand(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
if !validCurrentCmdLine(cmd, args, toComplete) {
@@ -465,6 +487,43 @@ func AutocompleteCpCommand(cmd *cobra.Command, args []string, toComplete string)
return nil, cobra.ShellCompDirectiveNoFileComp
}
+// AutocompleteExecCommand - Autocomplete podman exec command args.
+func AutocompleteExecCommand(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ if !validCurrentCmdLine(cmd, args, toComplete) {
+ return nil, cobra.ShellCompDirectiveNoFileComp
+ }
+ if len(args) == 0 {
+ return getContainers(cmd, toComplete, completeDefault, "running")
+ }
+ return nil, cobra.ShellCompDirectiveDefault
+}
+
+// AutocompleteRunlabelCommand - Autocomplete podman container runlabel command args.
+func AutocompleteRunlabelCommand(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ if !validCurrentCmdLine(cmd, args, toComplete) {
+ return nil, cobra.ShellCompDirectiveNoFileComp
+ }
+ if len(args) == 0 {
+ // FIXME: What labels can we recommend here?
+ return nil, cobra.ShellCompDirectiveNoFileComp
+ }
+ if len(args) == 1 {
+ return getImages(cmd, toComplete)
+ }
+ return nil, cobra.ShellCompDirectiveDefault
+}
+
+// AutocompletePortCommand - Autocomplete podman port command args.
+func AutocompletePortCommand(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ if !validCurrentCmdLine(cmd, args, toComplete) {
+ return nil, cobra.ShellCompDirectiveNoFileComp
+ }
+ if len(args) == 0 {
+ return getContainers(cmd, toComplete, completeDefault)
+ }
+ return nil, cobra.ShellCompDirectiveNoFileComp
+}
+
// AutocompleteNetworkConnectCmd - Autocomplete podman network connect/disconnect command args.
func AutocompleteNetworkConnectCmd(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
if len(args) == 0 {
@@ -496,6 +555,23 @@ func AutocompleteTopCmd(cmd *cobra.Command, args []string, toComplete string) ([
return descriptors, cobra.ShellCompDirectiveNoFileComp
}
+// AutocompleteInspect - Autocomplete podman inspect.
+func AutocompleteInspect(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+ if !validCurrentCmdLine(cmd, args, toComplete) {
+ return nil, cobra.ShellCompDirectiveNoFileComp
+ }
+ containers, _ := getContainers(cmd, toComplete, completeDefault)
+ images, _ := getImages(cmd, toComplete)
+ pods, _ := getPods(cmd, toComplete, completeDefault)
+ networks, _ := getNetworks(cmd, toComplete)
+ volumes, _ := getVolumes(cmd, toComplete)
+ suggestions := append(containers, images...)
+ suggestions = append(suggestions, pods...)
+ suggestions = append(suggestions, networks...)
+ suggestions = append(suggestions, volumes...)
+ return suggestions, cobra.ShellCompDirectiveNoFileComp
+}
+
// AutocompleteSystemConnections - Autocomplete system connections.
func AutocompleteSystemConnections(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
if !validCurrentCmdLine(cmd, args, toComplete) {
diff --git a/cmd/podman/containers/commit.go b/cmd/podman/containers/commit.go
index c5c7673b2..ff06e10f7 100644
--- a/cmd/podman/containers/commit.go
+++ b/cmd/podman/containers/commit.go
@@ -24,7 +24,7 @@ var (
Long: commitDescription,
RunE: commit,
Args: cobra.RangeArgs(1, 2),
- ValidArgsFunction: common.AutocompleteContainers,
+ ValidArgsFunction: common.AutocompleteCommitCommand,
Example: `podman commit -q --message "committing container to image" reverent_golick image-committed
podman commit -q --author "firstName lastName" reverent_golick image-committed
podman commit -q --pause=false containerID image-committed
diff --git a/cmd/podman/containers/cp.go b/cmd/podman/containers/cp.go
index fd3aa7680..9b0a01a2f 100644
--- a/cmd/podman/containers/cp.go
+++ b/cmd/podman/containers/cp.go
@@ -13,7 +13,7 @@ var (
You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If "-" is specified for either the SRC_PATH or DEST_PATH, you can also stream a tar archive from STDIN or to STDOUT. The CONTAINER can be a running or stopped container. The SRC_PATH or DEST_PATH can be a file or directory.
`
cpCommand = &cobra.Command{
- Use: "cp [options] SRC_PATH DEST_PATH",
+ Use: "cp [options] [CONTAINER:]SRC_PATH [CONTAINER:]DEST_PATH",
Short: "Copy files/folders between a container and the local filesystem",
Long: cpDescription,
Args: cobra.ExactArgs(2),
diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go
index 306bae58e..3d4918d50 100644
--- a/cmd/podman/containers/exec.go
+++ b/cmd/podman/containers/exec.go
@@ -26,7 +26,7 @@ var (
Long: execDescription,
RunE: exec,
DisableFlagsInUseLine: true,
- ValidArgsFunction: common.AutocompleteContainersRunning,
+ ValidArgsFunction: common.AutocompleteExecCommand,
Example: `podman exec -it ctrID ls
podman exec -it -w /tmp myCtr pwd
podman exec --user root ctrID ls`,
diff --git a/cmd/podman/containers/logs.go b/cmd/podman/containers/logs.go
index 1fa4ac11f..d4ede370a 100644
--- a/cmd/podman/containers/logs.go
+++ b/cmd/podman/containers/logs.go
@@ -69,6 +69,12 @@ var (
)
func init() {
+ // if run remotely we only allow one container arg
+ if registry.IsRemote() {
+ logsCommand.Use = "logs [options] CONTAINER"
+ containerLogsCommand.Use = logsCommand.Use
+ }
+
// logs
registry.Commands = append(registry.Commands, registry.CliCommand{
Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode},
diff --git a/cmd/podman/containers/port.go b/cmd/podman/containers/port.go
index ac31e158e..d59161149 100644
--- a/cmd/podman/containers/port.go
+++ b/cmd/podman/containers/port.go
@@ -26,7 +26,7 @@ var (
Args: func(cmd *cobra.Command, args []string) error {
return validate.CheckAllLatestAndCIDFile(cmd, args, true, false)
},
- ValidArgsFunction: common.AutocompleteContainers,
+ ValidArgsFunction: common.AutocompletePortCommand,
Example: `podman port --all
podman port ctrID 80/tcp
podman port --latest 80`,
diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go
index 2f6d2eb05..6ebba4935 100644
--- a/cmd/podman/containers/runlabel.go
+++ b/cmd/podman/containers/runlabel.go
@@ -30,7 +30,7 @@ var (
Long: runlabelDescription,
RunE: runlabel,
Args: cobra.MinimumNArgs(2),
- ValidArgsFunction: common.AutocompleteImages,
+ ValidArgsFunction: common.AutocompleteRunlabelCommand,
Example: `podman container runlabel run imageID
podman container runlabel install imageID arg1 arg2
podman container runlabel --display run myImage`,
diff --git a/cmd/podman/diff.go b/cmd/podman/diff.go
index 5e6abe243..e094e6bdd 100644
--- a/cmd/podman/diff.go
+++ b/cmd/podman/diff.go
@@ -18,7 +18,7 @@ var (
// Command: podman _diff_ Object_ID
diffDescription = `Displays changes on a container or image's filesystem. The container or image will be compared to its parent layer.`
diffCmd = &cobra.Command{
- Use: "diff [options] {CONTAINER_ID | IMAGE_ID}",
+ Use: "diff [options] {CONTAINER|IMAGE}",
Args: validate.IDOrLatestArgs,
Short: "Display the changes to the object's file system",
Long: diffDescription,
diff --git a/cmd/podman/generate/kube.go b/cmd/podman/generate/kube.go
index 0517db19a..cb608e7b5 100644
--- a/cmd/podman/generate/kube.go
+++ b/cmd/podman/generate/kube.go
@@ -22,7 +22,7 @@ var (
Whether the input is for a container or pod, Podman will always generate the specification as a pod.`
kubeCmd = &cobra.Command{
- Use: "kube [options] CONTAINER... | POD",
+ Use: "kube [options] {CONTAINER...|POD}",
Short: "Generate Kubernetes YAML from a container or pod.",
Long: kubeDescription,
RunE: kube,
diff --git a/cmd/podman/generate/systemd.go b/cmd/podman/generate/systemd.go
index e9cf76aae..f9099d3b8 100644
--- a/cmd/podman/generate/systemd.go
+++ b/cmd/podman/generate/systemd.go
@@ -26,7 +26,7 @@ var (
The generated units can later be controlled via systemctl(1).`
systemdCmd = &cobra.Command{
- Use: "systemd [options] CTR|POD",
+ Use: "systemd [options] {CONTAINER|POD}",
Short: "Generate systemd units.",
Long: systemdDescription,
RunE: systemd,
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index 739e1c265..fbea1e3d8 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -11,6 +11,7 @@ import (
"github.com/containers/buildah/pkg/parse"
"github.com/containers/common/pkg/completion"
"github.com/containers/common/pkg/config"
+ "github.com/containers/podman/v2/cmd/podman/common"
"github.com/containers/podman/v2/cmd/podman/registry"
"github.com/containers/podman/v2/cmd/podman/utils"
"github.com/containers/podman/v2/pkg/domain/entities"
@@ -44,7 +45,7 @@ var (
Long: buildDescription,
Args: cobra.MaximumNArgs(1),
RunE: build,
- ValidArgsFunction: completion.AutocompleteDefault,
+ ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman build .
podman build --creds=username:password -t imageName -f Containerfile.simple .
podman build --layers --force-rm --tag imageName .`,
@@ -115,6 +116,7 @@ func buildFlags(cmd *cobra.Command) {
// --layers flag
flag = layerFlags.Lookup("layers")
useLayersVal := useLayers()
+ buildOpts.Layers = useLayersVal == "true"
if err := flag.Value.Set(useLayersVal); err != nil {
logrus.Errorf("unable to set --layers to %v: %v", useLayersVal, err)
}
@@ -274,11 +276,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
}
}
}
- // Check to see if the BUILDAH_LAYERS environment variable is set and
- // override command-line.
- if _, ok := os.LookupEnv("BUILDAH_LAYERS"); ok {
- flags.Layers = true
- }
+ flags.Layers = buildOpts.Layers
// `buildah bud --layers=false` acts like `docker build --squash` does.
// That is all of the new layers created during the build process are
diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go
index f38ab3b19..ac59935ad 100644
--- a/cmd/podman/images/import.go
+++ b/cmd/podman/images/import.go
@@ -25,18 +25,19 @@ var (
Short: "Import a tarball to create a filesystem image",
Long: importDescription,
RunE: importCon,
- ValidArgsFunction: completion.AutocompleteDefault,
+ Args: cobra.RangeArgs(1, 2),
+ ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman import http://example.com/ctr.tar url-image
cat ctr.tar | podman -q import --message "importing the ctr.tar tarball" - image-imported
cat ctr.tar | podman import -`,
}
imageImportCommand = &cobra.Command{
- Args: cobra.MinimumNArgs(1),
Use: importCommand.Use,
Short: importCommand.Short,
Long: importCommand.Long,
RunE: importCommand.RunE,
+ Args: importCommand.Args,
ValidArgsFunction: importCommand.ValidArgsFunction,
Example: `podman image import http://example.com/ctr.tar url-image
cat ctr.tar | podman -q image import --message "importing the ctr.tar tarball" - image-imported
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index 447b02fbe..d82083cd8 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -29,7 +29,7 @@ var (
// Command: podman push
pushCmd = &cobra.Command{
- Use: "push [options] SOURCE [DESTINATION]",
+ Use: "push [options] IMAGE [DESTINATION]",
Short: "Push an image to a specified destination",
Long: pushDescription,
RunE: imagePush,
diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go
index 9ef2d0c91..3a35c4fad 100644
--- a/cmd/podman/images/save.go
+++ b/cmd/podman/images/save.go
@@ -43,7 +43,7 @@ var (
}
return nil
},
- ValidArgsFunction: completion.AutocompleteNone,
+ ValidArgsFunction: common.AutocompleteImages,
Example: `podman save --quiet -o myimage.tar imageID
podman save --format docker-dir -o ubuntu-dir ubuntu
podman save > alpine-all.tar alpine:latest`,
diff --git a/cmd/podman/images/untag.go b/cmd/podman/images/untag.go
index 17dc21203..3cf62713b 100644
--- a/cmd/podman/images/untag.go
+++ b/cmd/podman/images/untag.go
@@ -9,7 +9,7 @@ import (
var (
untagCommand = &cobra.Command{
- Use: "untag IMAGE [NAME...]",
+ Use: "untag IMAGE [IMAGE...]",
Short: "Remove a name from a local image",
Long: "Removes one or more names from a locally-stored image.",
RunE: untag,
diff --git a/cmd/podman/inspect.go b/cmd/podman/inspect.go
index f62abe931..64daae951 100644
--- a/cmd/podman/inspect.go
+++ b/cmd/podman/inspect.go
@@ -20,12 +20,12 @@ var (
// Command: podman _inspect_ Object_ID
inspectCmd = &cobra.Command{
- Use: "inspect [options] {CONTAINER_ID | IMAGE_ID} [...]",
+ Use: "inspect [options] {CONTAINER|IMAGE|POD|NETWORK|VOLUME} [...]",
Short: "Display the configuration of object denoted by ID",
RunE: inspectExec,
Long: inspectDescription,
TraverseChildren: true,
- ValidArgsFunction: common.AutocompleteContainersAndImages,
+ ValidArgsFunction: common.AutocompleteInspect,
Example: `podman inspect fedora
podman inspect --type image fedora
podman inspect CtrID ImgID
diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go
index a3b469491..89faa42a2 100644
--- a/cmd/podman/manifest/push.go
+++ b/cmd/podman/manifest/push.go
@@ -24,7 +24,7 @@ type manifestPushOptsWrapper struct {
var (
manifestPushOpts = manifestPushOptsWrapper{}
pushCmd = &cobra.Command{
- Use: "push [options] SOURCE DESTINATION",
+ Use: "push [options] LIST DESTINATION",
Short: "Push a manifest list or image index to a registry",
Long: "Pushes manifest lists and image indexes to registries.",
RunE: push,
diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go
index 8db4bb89a..1a091f111 100644
--- a/cmd/podman/networks/create.go
+++ b/cmd/podman/networks/create.go
@@ -17,7 +17,7 @@ import (
var (
networkCreateDescription = `create CNI networks for containers and pods`
networkCreateCommand = &cobra.Command{
- Use: "create [options] [NETWORK]",
+ Use: "create [options] [NAME]",
Short: "network create",
Long: networkCreateDescription,
RunE: networkCreate,
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index db70ad7d4..5e227d05a 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -39,7 +39,7 @@ var (
Long: kubeDescription,
RunE: kube,
Args: cobra.ExactArgs(1),
- ValidArgsFunction: completion.AutocompleteDefault,
+ ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman play kube nginx.yml
podman play kube --creds user:password --seccomp-profile-root /custom/path apache.yml`,
}
diff --git a/cmd/podman/pods/prune.go b/cmd/podman/pods/prune.go
index e069c9b7f..965c36398 100644
--- a/cmd/podman/pods/prune.go
+++ b/cmd/podman/pods/prune.go
@@ -7,7 +7,7 @@ import (
"os"
"strings"
- "github.com/containers/podman/v2/cmd/podman/common"
+ "github.com/containers/common/pkg/completion"
"github.com/containers/podman/v2/cmd/podman/registry"
"github.com/containers/podman/v2/cmd/podman/utils"
"github.com/containers/podman/v2/cmd/podman/validate"
@@ -28,7 +28,7 @@ var (
Short: "Remove all stopped pods and their containers",
Long: pruneDescription,
RunE: prune,
- ValidArgsFunction: common.AutocompletePods,
+ ValidArgsFunction: completion.AutocompleteNone,
Example: `podman pod prune`,
}
)
diff --git a/cmd/podman/system/prune.go b/cmd/podman/system/prune.go
index f57689584..5ee017581 100644
--- a/cmd/podman/system/prune.go
+++ b/cmd/podman/system/prune.go
@@ -46,6 +46,9 @@ func init() {
flags.BoolVarP(&force, "force", "f", false, "Do not prompt for confirmation. The default is false")
flags.BoolVarP(&pruneOptions.All, "all", "a", false, "Remove all unused data")
flags.BoolVar(&pruneOptions.Volume, "volumes", false, "Prune volumes")
+ filterFlagName := "filter"
+ flags.StringArrayVar(&pruneOptions.Filter, filterFlagName, []string{}, "Provide filter values (e.g. 'label=<key>=<value>')")
+ _ = pruneCommand.RegisterFlagCompletionFunc(filterFlagName, completion.AutocompleteNone)
}
diff --git a/cmd/podman/system/service.go b/cmd/podman/system/service.go
index 42482b5d9..f8bdbfa10 100644
--- a/cmd/podman/system/service.go
+++ b/cmd/podman/system/service.go
@@ -10,6 +10,7 @@ import (
"time"
"github.com/containers/common/pkg/completion"
+ "github.com/containers/podman/v2/cmd/podman/common"
"github.com/containers/podman/v2/cmd/podman/registry"
"github.com/containers/podman/v2/pkg/domain/entities"
"github.com/containers/podman/v2/pkg/rootless"
@@ -32,7 +33,7 @@ Enable a listening service for API access to Podman commands.
Short: "Run API service",
Long: srvDescription,
RunE: service,
- ValidArgsFunction: completion.AutocompleteDefault,
+ ValidArgsFunction: common.AutocompleteDefaultOneArg,
Example: `podman system service --time=0 unix:///tmp/podman.sock`,
}
diff --git a/cmd/podman/system/unshare.go b/cmd/podman/system/unshare.go
index 437cf7b2e..364852979 100644
--- a/cmd/podman/system/unshare.go
+++ b/cmd/podman/system/unshare.go
@@ -14,7 +14,7 @@ import (
var (
unshareDescription = "Runs a command in a modified user namespace."
unshareCommand = &cobra.Command{
- Use: "unshare [COMMAND [ARG ...]]",
+ Use: "unshare [COMMAND [ARG...]]",
DisableFlagsInUseLine: true,
Short: "Run a command in a modified user namespace",
Long: unshareDescription,
diff --git a/completions/Readme.md b/completions/Readme.md
index 9a3eac480..5c9d16f3c 100644
--- a/completions/Readme.md
+++ b/completions/Readme.md
@@ -4,4 +4,4 @@ Podman offers shell completion scripts for bash, zsh and fish. The completion sc
The shell completion scripts are generated by `make completion`, do not edit these files directly. To install them you can run `sudo make install.completions`.
-For information about these sripts see [`man podman-completion`](../docs/source/markdown/podman-completion.1.md)
+For information about these scripts see [`man podman-completion`](../docs/source/markdown/podman-completion.1.md)
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index da175cc05..c32b45a4f 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -47,6 +47,11 @@ echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \
done <<<"$(passthrough_envars)"
) >> "/etc/ci_environment"
+#####
+##### FIXME. /etc/containers/storage.conf should have a driver name set
+##### Remove when VMs updated
+sed 's/^driver.*=.*""/driver = "overlay"/g' -i /etc/containers/storage.conf
+
# This is a possible manual maintenance gaff, check to be sure everything matches.
# shellcheck disable=SC2154
[[ "$DISTRO_NV" == "$OS_REL_VER" ]] || \
diff --git a/docs/source/markdown/podman-container-prune.1.md b/docs/source/markdown/podman-container-prune.1.md
index 4b4effb0b..b199f9ebb 100644
--- a/docs/source/markdown/podman-container-prune.1.md
+++ b/docs/source/markdown/podman-container-prune.1.md
@@ -15,6 +15,17 @@ podman-container-prune - Remove all stopped containers from local storage
Provide filter values.
+The --filter flag format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., --filter "foo=bar" --filter "bif=baz")
+
+Supported filters:
+
+- `until` (_timestamp_) - only remove containers and images created before given timestamp
+- `label` (label=_key_, label=_key=value_, label!=_key_, or label!=_key=value_) - only remove containers and images, with (or without, in case label!=... is used) the specified labels.
+
+The until filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the machine’s time.
+
+The label filter accepts two formats. One is the label=... (label=_key_ or label=_key=value_), which removes containers with the specified labels. The other format is the label!=... (label!=_key_ or label!=_key=value_), which removes containers without the specified labels.
+
#### **--force**, **-f**
Do not provide an interactive prompt for container removal.
@@ -63,3 +74,4 @@ podman(1), podman-ps
## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
+December 2020, converted filter information from docs.docker.com documentation by Dan Walsh (dwalsh at redhat dot com)
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 64bfdb377..b5f5591a9 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -854,8 +854,8 @@ Security Options
- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used as a seccomp filter
- `unmask=ALL or /path/1:/path/2` : Paths to unmask separated by a colon. If set to **ALL**, it will
- unmask all the paths that are masked by default.
- The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**
+ unmask all the paths that are masked or made read only by default.
+ The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger**.
- `proc-opts=OPTIONS` : Comma separated list of options to use for the /proc mount. More details for the
possible mount options are specified at **proc(5)** man page.
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index 445888d30..032158c56 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -155,7 +155,7 @@ Podman-generated unit files include an `[Install]` section, which carries instal
Once you have generated the systemd unit file, you can copy the generated systemd file to ```/etc/systemd/system``` for installing as a root user and to ```$HOME/.config/systemd/user``` for installing it as a non-root user. Enable the copied unit file or files using `systemctl enable`.
-Note: Coping unit files to ```/etc/systemd/system``` and enabling it marks the unit file to be automatically started at boot. And smillarly, coping a unit file to ```$HOME/.config/systemd/user``` and enabling it marks the unit file to be automatically started on user login.
+Note: Copying unit files to ```/etc/systemd/system``` and enabling it marks the unit file to be automatically started at boot. And similarly, copying a unit file to ```$HOME/.config/systemd/user``` and enabling it marks the unit file to be automatically started on user login.
```
diff --git a/docs/source/markdown/podman-image-prune.1.md b/docs/source/markdown/podman-image-prune.1.md
index d8558d244..73024ffb8 100644
--- a/docs/source/markdown/podman-image-prune.1.md
+++ b/docs/source/markdown/podman-image-prune.1.md
@@ -22,6 +22,17 @@ Remove dangling images and images that have no associated containers.
Provide filter values.
+The --filter flag format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., --filter "foo=bar" --filter "bif=baz")
+
+Supported filters:
+
+- `until` (_timestamp_) - only remove containers and images created before given timestamp
+- `label` (label=_key_, label=_key=value_, label!=_key_, or label!=_key=value_) - only remove containers and images, with (or without, in case label!=... is used) the specified labels.
+
+The until filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the machine’s time.
+
+The label filter accepts two formats. One is the label=... (label=_key_ or label=_key=value_), which removes images with the specified labels. The other format is the label!=... (label!=_key_ or label!=_key=value_), which removes images without the specified labels.
+
#### **--force**, **-f**
Do not provide an interactive prompt for container removal.
@@ -93,3 +104,4 @@ podman(1), podman-images
## HISTORY
December 2018, Originally compiled by Brent Baude (bbaude at redhat dot com)
+December 2020, converted filter information from docs.docker.com documentation by Dan Walsh (dwalsh at redhat dot com)
diff --git a/docs/source/markdown/podman-network-connect.1.md b/docs/source/markdown/podman-network-connect.1.md
index a31a415dc..cff4336d6 100644
--- a/docs/source/markdown/podman-network-connect.1.md
+++ b/docs/source/markdown/podman-network-connect.1.md
@@ -15,7 +15,7 @@ This command is not available for rootless users.
## OPTIONS
#### **--alias**
Add network-scoped alias for the container. If the network is using the `dnsname` CNI plugin, these aliases
-can be used for name resolution on the given network. Multiple *--alias* options may be specificed as input.
+can be used for name resolution on the given network. Multiple *--alias* options may be specified as input.
## EXAMPLE
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 67584ffcc..2de261f66 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -15,6 +15,8 @@ Ideally the input file would be one created by Podman (see podman-generate-kube(
Note: HostPath volume types created by play kube will be given an SELinux private label (Z)
+Note: If the `:latest` tag is used, Podman will attempt to pull the image from a registry. If the image was built locally with Podman or Buildah, it will have `localhost` as the domain, in that case, Podman will use the image from the local store even if it has the `:latest` tag.
+
## OPTIONS
#### **--authfile**=*path*
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 53c5b2d4b..3241cf9f7 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -896,8 +896,8 @@ Security Options
- **proc-opts**=_OPTIONS_ : Comma separated list of options to use for the /proc mount. More details
for the possible mount options are specified at **proc(5)** man page.
- **unmask**=_ALL_ or _/path/1:/path/2_: Paths to unmask separated by a colon. If set to **ALL**, it will
- unmask all the paths that are masked by default.
- The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**
+ unmask all the paths that are masked or made read only by default.
+ The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**. The default paths that are read only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**.
Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file.
diff --git a/docs/source/markdown/podman-system-prune.1.md b/docs/source/markdown/podman-system-prune.1.md
index 431a11267..791503a2c 100644
--- a/docs/source/markdown/podman-system-prune.1.md
+++ b/docs/source/markdown/podman-system-prune.1.md
@@ -18,6 +18,21 @@ By default, volumes are not removed to prevent important data from being deleted
Recursively remove all unused pod, container, image and volume data (Maximum 50 iterations.)
+#### **--filter**=*filters*
+
+Provide filter values.
+
+The --filter flag format is of “key=value”. If there is more than one filter, then pass multiple flags (e.g., --filter "foo=bar" --filter "bif=baz")
+
+Supported filters:
+
+- `until` (_timestamp_) - only remove containers and images created before given timestamp
+- `label` (label=_key_, label=_key=value_, label!=_key_, or label!=_key=value_) - only remove containers and images, with (or without, in case label!=... is used) the specified labels.
+
+The until filter can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the machine’s time.
+
+The label filter accepts two formats. One is the label=... (label=_key_ or label=_key=value_), which removes containers and images with the specified labels. The other format is the label!=... (label!=_key_ or label!=_key=value_), which removes containers and images without the specified labels.
+
#### **--force**, **-f**
Do not prompt for confirmation
@@ -35,3 +50,4 @@ podman(1), podman-image-prune(1), podman-container-prune(1), podman-pod-prune(1)
## HISTORY
February 2019, Originally compiled by Dan Walsh (dwalsh at redhat dot com)
+December 2020, converted filter information from docs.docker.com documentation by Dan Walsh (dwalsh at redhat dot com)
diff --git a/go.mod b/go.mod
index 28a70a1ae..7bb3d1b88 100644
--- a/go.mod
+++ b/go.mod
@@ -9,13 +9,13 @@ require (
github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
github.com/containernetworking/cni v0.8.0
- github.com/containernetworking/plugins v0.8.7
+ github.com/containernetworking/plugins v0.9.0
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c
github.com/containers/common v0.31.0
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.9.0
github.com/containers/psgo v1.5.1
- github.com/containers/storage v1.24.1
+ github.com/containers/storage v1.24.3
github.com/coreos/go-systemd/v22 v22.1.0
github.com/cri-o/ocicni v0.2.1-0.20201125151022-df072ea5421c
github.com/cyphar/filepath-securejoin v0.2.2
@@ -39,13 +39,13 @@ require (
github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2
github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618
github.com/onsi/ginkgo v1.14.2
- github.com/onsi/gomega v1.10.3
+ github.com/onsi/gomega v1.10.4
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6
github.com/opencontainers/runc v1.0.0-rc91.0.20200708210054-ce54a9d4d79b
github.com/opencontainers/runtime-spec v1.0.3-0.20200817204227-f9c09b4ea1df
github.com/opencontainers/runtime-tools v0.9.0
- github.com/opencontainers/selinux v1.6.0
+ github.com/opencontainers/selinux v1.7.0
github.com/opentracing/opentracing-go v1.2.0
github.com/pkg/errors v0.9.1
github.com/pmezard/go-difflib v1.0.0
@@ -57,13 +57,13 @@ require (
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
github.com/uber/jaeger-client-go v2.25.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible // indirect
- github.com/vishvananda/netlink v1.1.0
+ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
go.etcd.io/bbolt v1.3.5
go.uber.org/atomic v1.7.0 // indirect
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
- golang.org/x/sys v0.0.0-20201112073958-5cba982894dd
+ golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637
google.golang.org/appengine v1.6.6 // indirect
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
diff --git a/go.sum b/go.sum
index 64c404633..4f4a368f2 100644
--- a/go.sum
+++ b/go.sum
@@ -22,7 +22,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
-github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o=
github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
github.com/Microsoft/go-winio v0.4.15 h1:qkLXKzb1QoVatRyd/YlXZ/Kg0m5K3SPuoD82jjSOaBc=
github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -92,15 +91,15 @@ github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjM
github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
github.com/containernetworking/plugins v0.8.7 h1:bU7QieuAp+sACI2vCzESJ3FoT860urYP+lThyZkb/2M=
github.com/containernetworking/plugins v0.8.7/go.mod h1:R7lXeZaBzpfqapcAbHRW8/CYwm0dHzbz0XEjofx0uB0=
+github.com/containernetworking/plugins v0.9.0 h1:c+1gegKhR7+d0Caum9pEHugZlyhXPOG6v3V6xJgIGCI=
+github.com/containernetworking/plugins v0.9.0/go.mod h1:dbWv4dI0QrBGuVgj+TuVQ6wJRZVOhrCQj91YyC92sxg=
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c h1:vyc2iYz9b2vfDiigpLyhiXNqXITt/dmDk74HpHzlQow=
github.com/containers/buildah v1.18.1-0.20201125084616-dd26b137459c/go.mod h1:B+0OkXUogxdwsEy4ax3a5/vDtJjL6vCisiV6frQZJ4A=
-github.com/containers/common v0.29.0 h1:hTMC+urdkk5bKfhL/OgCixIX5xjJgQ2l2jPG745ECFQ=
github.com/containers/common v0.29.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
github.com/containers/common v0.31.0 h1:SRnjfoqbjfaojpY9YJq9JBPEslwB5hoXJbaE+5zMFwM=
github.com/containers/common v0.31.0/go.mod h1:yT4GTUHsKRmpaDb+mecXRnIMre7W3ZgwXqaYMywXlaA=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
-github.com/containers/image/v5 v5.8.1 h1:aHW8a/Kd0dTJ7PTL/fc6y12sJqHxWgqilu+XyHfjD8Q=
github.com/containers/image/v5 v5.8.1/go.mod h1:blOEFd/iFdeyh891ByhCVUc+xAcaI3gBegXECwz9UbQ=
github.com/containers/image/v5 v5.9.0 h1:dRmUtcluQcmasNo3DpnRoZjfU0rOu1qZeL6wlDJr10Q=
github.com/containers/image/v5 v5.9.0/go.mod h1:blOEFd/iFdeyh891ByhCVUc+xAcaI3gBegXECwz9UbQ=
@@ -113,6 +112,8 @@ github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzP
github.com/containers/storage v1.23.7/go.mod h1:cUT2zHjtx+WlVri30obWmM2gpqpi8jfPsmIzP1TVpEI=
github.com/containers/storage v1.24.1 h1:1+f8fy6ly35c8SLet5jzZ8t0WJJs5+xSpfMAYw0R3kc=
github.com/containers/storage v1.24.1/go.mod h1:0xJL06Dmd+ZYXIUdnBUPN0JnhHGgwMkLvnnAonJfWJU=
+github.com/containers/storage v1.24.3 h1:8UB4S62l4hrU6Yw3dbsLCJtLg7Ofo39IN2HdckBIX4E=
+github.com/containers/storage v1.24.3/go.mod h1:0xJL06Dmd+ZYXIUdnBUPN0JnhHGgwMkLvnnAonJfWJU=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38=
@@ -230,7 +231,6 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
@@ -417,8 +417,9 @@ github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
+github.com/onsi/gomega v1.10.4 h1:NiTx7EEvBzu9sFOD1zORteLSt3o8gnlvZZwSE9TnY9U=
+github.com/onsi/gomega v1.10.4/go.mod h1:g/HbgYopi++010VEqkFgJHKC09uJiW9UkXvMUuKHUCQ=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -442,6 +443,8 @@ github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pK
github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
github.com/opencontainers/selinux v1.6.0 h1:+bIAS/Za3q5FTwWym4fTB0vObnfCf3G/NC7K6Jx62mY=
github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
+github.com/opencontainers/selinux v1.7.0 h1:I3Qiu8dbuWHHHfwd4id7zXivJ1qWixGQx8nTvQsKnjs=
+github.com/opencontainers/selinux v1.7.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
github.com/openshift/imagebuilder v1.1.8 h1:gjiIl8pbNj0eC4XWvFJHATdDvYm64p9/pLDLQWoLZPA=
github.com/openshift/imagebuilder v1.1.8/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
@@ -556,11 +559,17 @@ github.com/vbauerster/mpb/v5 v5.3.0/go.mod h1:4yTkvAb8Cm4eylAp6t0JRq6pXDkFJ4krUl
github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA=
+github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243 h1:R43TdZy32XXSXjJn7M/HhALJ9imq6ztLnChfYJpVDnM=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
+github.com/willf/bitset v1.1.11 h1:N7Z7E9UvjW+sGsEl7k/SJrvY2reP1A07MrGuCjIOjRE=
+github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b h1:6cLsL+2FW6dRAdl5iMtHgRogVCff0QpRi9653YmdcJA=
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -638,10 +647,10 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0 h1:wBouT66WTYFXdxfVdz9sVWARVd/2vfGcmI45D2gj45M=
golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -685,24 +694,26 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13 h1:5jaG59Zhd+8ZXe8C+lgiAGqkOaZBruqrWclLkgAww34=
golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201112073958-5cba982894dd h1:5CtCZbICpIOFdgO940moixOPjc0178IU44m4EjOO5IY=
golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637 h1:O5hKNaGxIT4A8OTMnuh6UpmBdI3SAPxlZ3g0olDrJVM=
+golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -733,7 +744,6 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index 2a2d16252..c37929927 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -4,7 +4,6 @@ import (
"context"
"fmt"
"io"
- "os"
"path/filepath"
"strings"
@@ -378,29 +377,12 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
return images, nil
}
-// getShortNameMode looks up the `CONTAINERS_SHORT_NAME_ALIASING` environment
-// variable. If it's "on", return `nil` to use the defaults from
-// containers/image and the registries.conf files on the system. If it's
-// "off", empty or unset, return types.ShortNameModeDisabled to turn off
-// short-name aliasing by default.
-//
-// TODO: remove this function once we want to default to short-name aliasing.
-func getShortNameMode() *types.ShortNameMode {
- env := os.Getenv("CONTAINERS_SHORT_NAME_ALIASING")
- if strings.ToLower(env) == "on" {
- return nil // default to whatever registries.conf and c/image decide
- }
- mode := types.ShortNameModeDisabled
- return &mode
-}
-
// pullGoalFromPossiblyUnqualifiedName looks at inputName and determines the possible
// image references to try pulling in combination with the registries.conf file as well
func (ir *Runtime) pullGoalFromPossiblyUnqualifiedName(sys *types.SystemContext, writer io.Writer, inputName string) (*pullGoal, error) {
if sys == nil {
sys = &types.SystemContext{}
}
- sys.ShortNameMode = getShortNameMode()
resolved, err := shortnames.Resolve(sys, inputName)
if err != nil {
diff --git a/pkg/api/handlers/compat/containers_archive.go b/pkg/api/handlers/compat/containers_archive.go
index 223eb2cd5..d8197415c 100644
--- a/pkg/api/handlers/compat/containers_archive.go
+++ b/pkg/api/handlers/compat/containers_archive.go
@@ -1,13 +1,8 @@
package compat
import (
- "bytes"
- "encoding/base64"
- "encoding/json"
"fmt"
"net/http"
- "os"
- "time"
"github.com/containers/podman/v2/libpod"
"github.com/containers/podman/v2/libpod/define"
@@ -15,6 +10,7 @@ import (
"github.com/containers/podman/v2/pkg/copy"
"github.com/gorilla/schema"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
)
func Archive(w http.ResponseWriter, r *http.Request) {
@@ -71,12 +67,12 @@ func handleHeadAndGet(w http.ResponseWriter, r *http.Request, decoder *schema.De
utils.Error(w, "Not found.", http.StatusNotFound, errors.Wrapf(err, "error stating container path %q", query.Path))
return
}
- statHeader, err := fileInfoToDockerStats(info)
+ statHeader, err := copy.EncodeFileInfo(info)
if err != nil {
utils.Error(w, "Something went wrong", http.StatusInternalServerError, err)
return
}
- w.Header().Add("X-Docker-Container-Path-Stat", statHeader)
+ w.Header().Add(copy.XDockerContainerPathStatHeader, statHeader)
// Our work is done when the user is interested in the header only.
if r.Method == http.MethodHead {
@@ -91,47 +87,16 @@ func handleHeadAndGet(w http.ResponseWriter, r *http.Request, decoder *schema.De
return
}
- w.WriteHeader(http.StatusOK)
- if err := copy.Copy(&source, &destination, false); err != nil {
+ copier, err := copy.GetCopier(&source, &destination, false)
+ if err != nil {
utils.Error(w, "Something went wrong", http.StatusInternalServerError, err)
return
}
-}
-
-func fileInfoToDockerStats(info *copy.FileInfo) (string, error) {
- dockerStats := struct {
- Name string `json:"name"`
- Size int64 `json:"size"`
- Mode os.FileMode `json:"mode"`
- ModTime time.Time `json:"mtime"`
- LinkTarget string `json:"linkTarget"`
- }{
- Name: info.Name,
- Size: info.Size,
- Mode: info.Mode,
- ModTime: info.ModTime,
- LinkTarget: info.LinkTarget,
- }
-
- jsonBytes, err := json.Marshal(&dockerStats)
- if err != nil {
- return "", errors.Wrap(err, "failed to serialize file stats")
- }
-
- buff := bytes.NewBuffer(make([]byte, 0, 128))
- base64encoder := base64.NewEncoder(base64.StdEncoding, buff)
-
- _, err = base64encoder.Write(jsonBytes)
- if err != nil {
- return "", err
- }
-
- err = base64encoder.Close()
- if err != nil {
- return "", err
+ w.WriteHeader(http.StatusOK)
+ if err := copier.Copy(); err != nil {
+ logrus.Errorf("Error during copy: %v", err)
+ return
}
-
- return buff.String(), nil
}
func handlePut(w http.ResponseWriter, r *http.Request, decoder *schema.Decoder, runtime *libpod.Runtime) {
@@ -170,9 +135,14 @@ func handlePut(w http.ResponseWriter, r *http.Request, decoder *schema.Decoder,
return
}
- w.WriteHeader(http.StatusOK)
- if err := copy.Copy(&source, &destination, false); err != nil {
+ copier, err := copy.GetCopier(&source, &destination, false)
+ if err != nil {
utils.Error(w, "Something went wrong", http.StatusInternalServerError, err)
return
}
+ w.WriteHeader(http.StatusOK)
+ if err := copier.Copy(); err != nil {
+ logrus.Errorf("Error during copy: %v", err)
+ return
+ }
}
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 43478c1d3..415ff85cd 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -71,6 +71,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
ForceRm bool `schema:"forcerm"`
HTTPProxy bool `schema:"httpproxy"`
Labels string `schema:"labels"`
+ Layers bool `schema:"layers"`
MemSwap int64 `schema:"memswap"`
Memory int64 `schema:"memory"`
NetworkMode string `schema:"networkmode"`
@@ -165,6 +166,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Registry: query.Registry,
IgnoreUnrecognizedInstructions: true,
Quiet: query.Quiet,
+ Layers: query.Layers,
Isolation: buildah.IsolationChroot,
Compression: archive.Gzip,
Args: buildArgs,
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index fe13971b0..f0b922885 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -131,7 +131,7 @@ func getNetworkResourceByNameOrID(nameOrID string, runtime *libpod.Runtime, filt
Name: conf.Name,
ID: network.GetNetworkID(conf.Name),
Created: time.Unix(int64(stat.Ctim.Sec), int64(stat.Ctim.Nsec)), // nolint: unconvert
- Scope: "",
+ Scope: "local",
Driver: network.DefaultNetworkDriver,
EnableIPv6: false,
IPAM: dockerNetwork.IPAM{
@@ -197,7 +197,7 @@ func ListNetworks(w http.ResponseWriter, r *http.Request) {
}
var reports []*types.NetworkResource
- logrus.Errorf("netNames: %q", strings.Join(netNames, ", "))
+ logrus.Debugf("netNames: %q", strings.Join(netNames, ", "))
for _, name := range netNames {
report, err := getNetworkResourceByNameOrID(name, runtime, query.Filters)
if err != nil {
@@ -239,7 +239,7 @@ func CreateNetwork(w http.ResponseWriter, r *http.Request) {
Internal: networkCreate.Internal,
Labels: networkCreate.Labels,
}
- if networkCreate.IPAM != nil && networkCreate.IPAM.Config != nil {
+ if networkCreate.IPAM != nil && len(networkCreate.IPAM.Config) > 0 {
if len(networkCreate.IPAM.Config) > 1 {
utils.InternalServerError(w, errors.New("compat network create can only support one IPAM config"))
return
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 6145207ca..505c96126 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -51,7 +51,7 @@ func ImageExists(w http.ResponseWriter, r *http.Request) {
return
}
if !report.Value {
- utils.Error(w, "Something went wrong.", http.StatusNotFound, errors.Wrapf(nil, "failed to find image %s", name))
+ utils.Error(w, "Something went wrong.", http.StatusNotFound, errors.Errorf("failed to find image %s", name))
return
}
utils.WriteResponse(w, http.StatusNoContent, "")
diff --git a/pkg/bindings/generator/generator.go b/pkg/bindings/generator/generator.go
new file mode 100644
index 000000000..24c2310ff
--- /dev/null
+++ b/pkg/bindings/generator/generator.go
@@ -0,0 +1,234 @@
+package main
+
+import (
+ "errors"
+ "fmt"
+ "go/ast"
+ "go/parser"
+ "go/token"
+ "io/ioutil"
+ "os"
+ "os/exec"
+ "strings"
+ "text/template"
+ "time"
+)
+
+var bodyTmpl = `package {{.PackageName}}
+
+import (
+{{range $import := .Imports}} {{$import}}
+{{end}}
+
+)
+
+/*
+This file is generated automatically by go generate. Do not edit.
+
+Created {{.Date}}
+*/
+
+// Changed
+func (o *{{.StructName}}) Changed(fieldName string) bool {
+ r := reflect.ValueOf(o)
+ value := reflect.Indirect(r).FieldByName(fieldName)
+ return !value.IsNil()
+}
+
+// ToParams
+func (o *{{.StructName}}) ToParams() (url.Values, error) {
+ params := url.Values{}
+ if o == nil {
+ return params, nil
+ }
+ json := jsoniter.ConfigCompatibleWithStandardLibrary
+ s := reflect.ValueOf(o)
+ if reflect.Ptr == s.Kind() {
+ s = s.Elem()
+ }
+ sType := s.Type()
+ for i := 0; i < s.NumField(); i++ {
+ fieldName := sType.Field(i).Name
+ if !o.Changed(fieldName) {
+ continue
+ }
+ f := s.Field(i)
+ if reflect.Ptr == f.Kind() {
+ f = f.Elem()
+ }
+ switch f.Kind() {
+ case reflect.Bool:
+ params.Set(fieldName, strconv.FormatBool(f.Bool()))
+ case reflect.String:
+ params.Set(fieldName, f.String())
+ case reflect.Int, reflect.Int64:
+ // f.Int() is always an int64
+ params.Set(fieldName, strconv.FormatInt(f.Int(), 10))
+ case reflect.Slice:
+ typ := reflect.TypeOf(f.Interface()).Elem()
+ slice := reflect.MakeSlice(reflect.SliceOf(typ), f.Len(), f.Cap())
+ switch typ.Kind() {
+ case reflect.String:
+ s, ok := slice.Interface().([]string)
+ if !ok {
+ return nil, errors.New("failed to convert to string slice")
+ }
+ for _, val := range s {
+ params.Add(fieldName, val)
+ }
+ default:
+ return nil, errors.Errorf("unknown slice type %s", f.Kind().String())
+ }
+ case reflect.Map:
+ lowerCaseKeys := make(map[string][]string)
+ // I dont know if this code is needed anymore, TBD
+ // for k, v := range filters {
+ // lowerCaseKeys[strings.ToLower(k)] = v
+ // }
+ s, err := json.MarshalToString(lowerCaseKeys)
+ if err != nil {
+ return nil, err
+ }
+
+ params.Set(fieldName, s)
+ default:
+ return nil, errors.Errorf("unknown type %s", f.Kind().String())
+ }
+ }
+ return params, nil
+}
+`
+
+var fieldTmpl = `
+// With{{.Name}}
+func(o *{{.StructName}}) With{{.Name}}(value {{.Type}}) *{{.StructName}} {
+ v := &value
+ o.{{.Name}} = v
+ return o
+}
+`
+
+type fieldStruct struct {
+ Name string
+ StructName string
+ Type string
+}
+
+func main() {
+ var (
+ closed bool
+ fieldStructs []fieldStruct
+ structNode ast.Node
+ )
+ srcFile := os.Getenv("GOFILE")
+ pkg := os.Getenv("GOPACKAGE")
+ inputStructName := os.Args[1]
+ b, err := ioutil.ReadFile(srcFile)
+ if err != nil {
+ panic(err)
+ }
+ fset := token.NewFileSet() // positions are relative to fset
+ f, err := parser.ParseFile(fset, "", b, parser.ParseComments)
+ if err != nil {
+ panic(err)
+ }
+
+ // always add reflect
+ imports := []string{"\"reflect\""}
+ for _, imp := range f.Imports {
+ imports = append(imports, imp.Path.Value)
+ }
+
+ out, err := os.Create(strings.ToLower(inputStructName) + "_" + srcFile)
+ if err != nil {
+ panic(err)
+ }
+ defer func() {
+ if !closed {
+ out.Close()
+ }
+ }()
+ bodyStruct := struct {
+ PackageName string
+ Imports []string
+ Date string
+ StructName string
+ }{
+ PackageName: pkg,
+ Imports: imports,
+ Date: time.Now().String(),
+ StructName: inputStructName,
+ }
+
+ body := template.Must(template.New("body").Parse(bodyTmpl))
+ fields := template.Must(template.New("fields").Parse(fieldTmpl))
+ ast.Inspect(f, func(n ast.Node) bool {
+ ref, refOK := n.(*ast.TypeSpec)
+ if refOK {
+ if ref.Name.Name == inputStructName {
+ structNode = n
+ x := ref.Type.(*ast.StructType)
+ for _, field := range x.Fields.List {
+ var (
+ name string
+ )
+ typeExpr := field.Type
+ start := typeExpr.Pos() - 1
+ end := typeExpr.End() - 1
+ fieldType := strings.Replace(string(b[start:end]), "*", "", 1)
+ if len(field.Names) > 0 {
+ name = field.Names[0].Name
+ if len(name) < 1 {
+ panic(errors.New("bad name"))
+ }
+ }
+ fStruct := fieldStruct{
+ Name: name,
+ StructName: inputStructName,
+ Type: fieldType,
+ }
+ fieldStructs = append(fieldStructs, fStruct)
+ } // for
+
+ // create the body
+ if err := body.Execute(out, bodyStruct); err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+
+ // create with func from the struct fields
+ for _, fs := range fieldStructs {
+ if err := fields.Execute(out, fs); err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+ }
+
+ // close out file
+ if err := out.Close(); err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+ closed = true
+
+ // go fmt file
+ gofmt := exec.Command("gofmt", "-w", "-s", out.Name())
+ gofmt.Stderr = os.Stdout
+ if err := gofmt.Run(); err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+
+ // go import file
+ goimport := exec.Command("goimports", "-w", out.Name())
+ goimport.Stderr = os.Stdout
+ if err := goimport.Run(); err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+ }
+
+ }
+ return true
+ })
+}
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 815ab4e86..d34ab87d9 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -41,6 +41,9 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
if options.NoCache {
params.Set("nocache", "1")
}
+ if options.Layers {
+ params.Set("layers", "1")
+ }
// TODO cachefrom
if options.PullPolicy == buildah.PullAlways {
params.Set("pull", "1")
diff --git a/pkg/bindings/images/removeoptions_types.go b/pkg/bindings/images/removeoptions_types.go
new file mode 100644
index 000000000..5902bf908
--- /dev/null
+++ b/pkg/bindings/images/removeoptions_types.go
@@ -0,0 +1,93 @@
+package images
+
+import (
+ "net/url"
+ "reflect"
+ "strconv"
+
+ jsoniter "github.com/json-iterator/go"
+ "github.com/pkg/errors"
+)
+
+/*
+This file is generated automatically by go generate. Do not edit.
+
+Created 2020-12-10 12:51:06.090426622 -0600 CST m=+0.000133169
+*/
+
+// Changed
+func (o *RemoveOptions) Changed(fieldName string) bool {
+ r := reflect.ValueOf(o)
+ value := reflect.Indirect(r).FieldByName(fieldName)
+ return !value.IsNil()
+}
+
+// ToParams
+func (o *RemoveOptions) ToParams() (url.Values, error) {
+ params := url.Values{}
+ if o == nil {
+ return params, nil
+ }
+ json := jsoniter.ConfigCompatibleWithStandardLibrary
+ s := reflect.ValueOf(o)
+ if reflect.Ptr == s.Kind() {
+ s = s.Elem()
+ }
+ sType := s.Type()
+ for i := 0; i < s.NumField(); i++ {
+ fieldName := sType.Field(i).Name
+ if !o.Changed(fieldName) {
+ continue
+ }
+ f := s.Field(i)
+ if reflect.Ptr == f.Kind() {
+ f = f.Elem()
+ }
+ switch f.Kind() {
+ case reflect.Bool:
+ params.Set(fieldName, strconv.FormatBool(f.Bool()))
+ case reflect.String:
+ params.Set(fieldName, f.String())
+ case reflect.Int, reflect.Int64:
+ // f.Int() is always an int64
+ params.Set(fieldName, strconv.FormatInt(f.Int(), 10))
+ case reflect.Slice:
+ typ := reflect.TypeOf(f.Interface()).Elem()
+ slice := reflect.MakeSlice(reflect.SliceOf(typ), f.Len(), f.Cap())
+ switch typ.Kind() {
+ case reflect.String:
+ s, ok := slice.Interface().([]string)
+ if !ok {
+ return nil, errors.New("failed to convert to string slice")
+ }
+ for _, val := range s {
+ params.Add(fieldName, val)
+ }
+ default:
+ return nil, errors.Errorf("unknown slice type %s", f.Kind().String())
+ }
+ case reflect.Map:
+ lowerCaseKeys := make(map[string][]string)
+ // I dont know if this code is needed anymore, TBD
+ // for k, v := range filters {
+ // lowerCaseKeys[strings.ToLower(k)] = v
+ // }
+ s, err := json.MarshalToString(lowerCaseKeys)
+ if err != nil {
+ return nil, err
+ }
+
+ params.Set(fieldName, s)
+ default:
+ return nil, errors.Errorf("unknown type %s", f.Kind().String())
+ }
+ }
+ return params, nil
+}
+
+// WithForce
+func (o *RemoveOptions) WithForce(value bool) *RemoveOptions {
+ v := &value
+ o.Force = v
+ return o
+}
diff --git a/pkg/bindings/images/rm.go b/pkg/bindings/images/rm.go
index 9685b75e4..0b3b88165 100644
--- a/pkg/bindings/images/rm.go
+++ b/pkg/bindings/images/rm.go
@@ -41,17 +41,19 @@ func BatchRemove(ctx context.Context, images []string, opts entities.ImageRemove
return &report.ImageRemoveReport, errorhandling.StringsToErrors(report.Errors)
}
-// Remove removes an image from the local storage. Use force to remove an
+// Remove removes an image from the local storage. Use optional force option to remove an
// image, even if it's used by containers.
-func Remove(ctx context.Context, nameOrID string, force bool) (*entities.ImageRemoveReport, error) {
+func Remove(ctx context.Context, nameOrID string, options *RemoveOptions) (*entities.ImageRemoveReport, error) {
var report handlers.LibpodImagesRemoveReport
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
}
- params := url.Values{}
- params.Set("force", strconv.FormatBool(force))
+ params, err := options.ToParams()
+ if err != nil {
+ return nil, err
+ }
response, err := conn.DoRequest(nil, http.MethodDelete, "/images/%s", params, nil, nameOrID)
if err != nil {
return nil, err
diff --git a/pkg/bindings/images/types.go b/pkg/bindings/images/types.go
new file mode 100644
index 000000000..340c7bdb9
--- /dev/null
+++ b/pkg/bindings/images/types.go
@@ -0,0 +1,8 @@
+package images
+
+//go:generate go run ../generator/generator.go RemoveOptions
+// RemoveOptions are optional options for image removal
+type RemoveOptions struct {
+ // Forces removes all containers based on the image
+ Force *bool
+}
diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go
index 7d9415f91..684f110e8 100644
--- a/pkg/bindings/test/images_test.go
+++ b/pkg/bindings/test/images_test.go
@@ -84,7 +84,7 @@ var _ = Describe("Podman images", func() {
// Test to validate the remove image api
It("remove image", func() {
// Remove invalid image should be a 404
- response, err := images.Remove(bt.conn, "foobar5000", false)
+ response, err := images.Remove(bt.conn, "foobar5000", nil)
Expect(err).ToNot(BeNil())
Expect(response).To(BeNil())
code, _ := bindings.CheckResponseCode(err)
@@ -93,7 +93,7 @@ var _ = Describe("Podman images", func() {
// Remove an image by name, validate image is removed and error is nil
inspectData, err := images.GetImage(bt.conn, busybox.shortName, nil)
Expect(err).To(BeNil())
- response, err = images.Remove(bt.conn, busybox.shortName, false)
+ response, err = images.Remove(bt.conn, busybox.shortName, nil)
Expect(err).To(BeNil())
code, _ = bindings.CheckResponseCode(err)
@@ -113,12 +113,13 @@ var _ = Describe("Podman images", func() {
// try to remove the image "alpine". This should fail since we are not force
// deleting hence image cannot be deleted until the container is deleted.
- response, err = images.Remove(bt.conn, alpine.shortName, false)
+ response, err = images.Remove(bt.conn, alpine.shortName, nil)
code, _ = bindings.CheckResponseCode(err)
Expect(code).To(BeNumerically("==", http.StatusConflict))
// Removing the image "alpine" where force = true
- response, err = images.Remove(bt.conn, alpine.shortName, true)
+ options := images.RemoveOptions{}
+ response, err = images.Remove(bt.conn, alpine.shortName, options.WithForce(true))
Expect(err).To(BeNil())
// To be extra sure, check if the previously created container
// is gone as well.
@@ -213,7 +214,7 @@ var _ = Describe("Podman images", func() {
It("Load|Import Image", func() {
// load an image
- _, err := images.Remove(bt.conn, alpine.name, false)
+ _, err := images.Remove(bt.conn, alpine.name, nil)
Expect(err).To(BeNil())
exists, err := images.Exists(bt.conn, alpine.name)
Expect(err).To(BeNil())
@@ -231,7 +232,7 @@ var _ = Describe("Podman images", func() {
// load with a repo name
f, err = os.Open(filepath.Join(ImageCacheDir, alpine.tarballName))
Expect(err).To(BeNil())
- _, err = images.Remove(bt.conn, alpine.name, false)
+ _, err = images.Remove(bt.conn, alpine.name, nil)
Expect(err).To(BeNil())
exists, err = images.Exists(bt.conn, alpine.name)
Expect(err).To(BeNil())
@@ -247,7 +248,7 @@ var _ = Describe("Podman images", func() {
// load with a bad repo name should trigger a 500
f, err = os.Open(filepath.Join(ImageCacheDir, alpine.tarballName))
Expect(err).To(BeNil())
- _, err = images.Remove(bt.conn, alpine.name, false)
+ _, err = images.Remove(bt.conn, alpine.name, nil)
Expect(err).To(BeNil())
exists, err = images.Exists(bt.conn, alpine.name)
Expect(err).To(BeNil())
@@ -275,7 +276,7 @@ var _ = Describe("Podman images", func() {
It("Import Image", func() {
// load an image
- _, err = images.Remove(bt.conn, alpine.name, false)
+ _, err = images.Remove(bt.conn, alpine.name, nil)
Expect(err).To(BeNil())
exists, err := images.Exists(bt.conn, alpine.name)
Expect(err).To(BeNil())
diff --git a/pkg/bindings/test/manifests_test.go b/pkg/bindings/test/manifests_test.go
index 55fc4cb0d..a4ecaa20f 100644
--- a/pkg/bindings/test/manifests_test.go
+++ b/pkg/bindings/test/manifests_test.go
@@ -47,7 +47,7 @@ var _ = Describe("Podman containers ", func() {
code, _ := bindings.CheckResponseCode(err)
Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
- _, err = images.Remove(bt.conn, id, false)
+ _, err = images.Remove(bt.conn, id, nil)
Expect(err).To(BeNil())
// create manifest list with images
diff --git a/pkg/copy/copy.go b/pkg/copy/copy.go
index 0e68eb450..13893deb2 100644
--- a/pkg/copy/copy.go
+++ b/pkg/copy/copy.go
@@ -25,31 +25,61 @@ import (
//
// ****************************************************************************
-// Copy the source item to destination. Use extract to untar the source if
-// it's a tar archive.
-func Copy(source *CopyItem, destination *CopyItem, extract bool) error {
+// Copier copies data from a source to a destination CopyItem.
+type Copier struct {
+ copyFunc func() error
+ cleanUpFuncs []deferFunc
+}
+
+// cleanUp releases resources the Copier may hold open.
+func (c *Copier) cleanUp() {
+ for _, f := range c.cleanUpFuncs {
+ f()
+ }
+}
+
+// Copy data from a source to a destination CopyItem.
+func (c *Copier) Copy() error {
+ defer c.cleanUp()
+ return c.copyFunc()
+}
+
+// GetCopiers returns a Copier to copy the source item to destination. Use
+// extract to untar the source if it's a tar archive.
+func GetCopier(source *CopyItem, destination *CopyItem, extract bool) (*Copier, error) {
+ copier := &Copier{}
+
// First, do the man-page dance. See podman-cp(1) for details.
if err := enforceCopyRules(source, destination); err != nil {
- return err
+ return nil, err
}
// Destination is a stream (e.g., stdout or an http body).
if destination.info.IsStream {
// Source is a stream (e.g., stdin or an http body).
if source.info.IsStream {
- _, err := io.Copy(destination.writer, source.reader)
- return err
+ copier.copyFunc = func() error {
+ _, err := io.Copy(destination.writer, source.reader)
+ return err
+ }
+ return copier, nil
}
root, glob, err := source.buildahGlobs()
if err != nil {
- return err
+ return nil, err
}
- return buildahCopiah.Get(root, "", source.getOptions(), []string{glob}, destination.writer)
+ copier.copyFunc = func() error {
+ return buildahCopiah.Get(root, "", source.getOptions(), []string{glob}, destination.writer)
+ }
+ return copier, nil
}
// Destination is either a file or a directory.
if source.info.IsStream {
- return buildahCopiah.Put(destination.root, destination.resolved, source.putOptions(), source.reader)
+ copier.copyFunc = func() error {
+ return buildahCopiah.Put(destination.root, destination.resolved, source.putOptions(), source.reader)
+ }
+ return copier, nil
}
tarOptions := &archive.TarOptions{
@@ -71,33 +101,36 @@ func Copy(source *CopyItem, destination *CopyItem, extract bool) error {
var tarReader io.ReadCloser
if extract && archive.IsArchivePath(source.resolved) {
if !destination.info.IsDir {
- return errors.Errorf("cannot extract archive %q to file %q", source.original, destination.original)
+ return nil, errors.Errorf("cannot extract archive %q to file %q", source.original, destination.original)
}
reader, err := os.Open(source.resolved)
if err != nil {
- return err
+ return nil, err
}
- defer reader.Close()
+ copier.cleanUpFuncs = append(copier.cleanUpFuncs, func() { reader.Close() })
// The stream from stdin may be compressed (e.g., via gzip).
decompressedStream, err := archive.DecompressStream(reader)
if err != nil {
- return err
+ return nil, err
}
- defer decompressedStream.Close()
+ copier.cleanUpFuncs = append(copier.cleanUpFuncs, func() { decompressedStream.Close() })
tarReader = decompressedStream
} else {
reader, err := archive.TarWithOptions(source.resolved, tarOptions)
if err != nil {
- return err
+ return nil, err
}
- defer reader.Close()
+ copier.cleanUpFuncs = append(copier.cleanUpFuncs, func() { reader.Close() })
tarReader = reader
}
- return buildahCopiah.Put(root, dir, source.putOptions(), tarReader)
+ copier.copyFunc = func() error {
+ return buildahCopiah.Put(root, dir, source.putOptions(), tarReader)
+ }
+ return copier, nil
}
// enforceCopyRules enforces the rules for copying from a source to a
@@ -114,7 +147,6 @@ func enforceCopyRules(source, destination *CopyItem) error {
return nil
}
- // Source is a *stream*.
if source.info.IsStream {
if !(destination.info.IsDir || destination.info.IsStream) {
return errors.New("destination must be a directory or stream when copying from a stream")
diff --git a/pkg/copy/fileinfo.go b/pkg/copy/fileinfo.go
new file mode 100644
index 000000000..08b4eb377
--- /dev/null
+++ b/pkg/copy/fileinfo.go
@@ -0,0 +1,56 @@
+package copy
+
+import (
+ "encoding/base64"
+ "encoding/json"
+ "net/http"
+ "os"
+ "strings"
+ "time"
+
+ "github.com/pkg/errors"
+)
+
+// XDockerContainerPathStatHeader is the *key* in http headers pointing to the
+// base64 encoded JSON payload of stating a path in a container.
+const XDockerContainerPathStatHeader = "X-Docker-Container-Path-Stat"
+
+// FileInfo describes a file or directory and is returned by
+// (*CopyItem).Stat().
+type FileInfo struct {
+ Name string `json:"name"`
+ Size int64 `json:"size"`
+ Mode os.FileMode `json:"mode"`
+ ModTime time.Time `json:"mtime"`
+ IsDir bool `json:"isDir"`
+ IsStream bool `json:"isStream"`
+ LinkTarget string `json:"linkTarget"`
+}
+
+// EncodeFileInfo serializes the specified FileInfo as a base64 encoded JSON
+// payload. Intended for Docker compat.
+func EncodeFileInfo(info *FileInfo) (string, error) {
+ buf, err := json.Marshal(&info)
+ if err != nil {
+ return "", errors.Wrap(err, "failed to serialize file stats")
+ }
+ return base64.URLEncoding.EncodeToString(buf), nil
+}
+
+// ExtractFileInfoFromHeader extracts a base64 encoded JSON payload of a
+// FileInfo in the http header. If no such header entry is found, nil is
+// returned. Intended for Docker compat.
+func ExtractFileInfoFromHeader(header *http.Header) (*FileInfo, error) {
+ rawData := header.Get(XDockerContainerPathStatHeader)
+ if len(rawData) == 0 {
+ return nil, nil
+ }
+
+ info := FileInfo{}
+ base64Decoder := base64.NewDecoder(base64.URLEncoding, strings.NewReader(rawData))
+ if err := json.NewDecoder(base64Decoder).Decode(&info); err != nil {
+ return nil, err
+ }
+
+ return &info, nil
+}
diff --git a/pkg/copy/item.go b/pkg/copy/item.go
index db6bca610..df8bf30b9 100644
--- a/pkg/copy/item.go
+++ b/pkg/copy/item.go
@@ -5,7 +5,6 @@ import (
"os"
"path/filepath"
"strings"
- "time"
buildahCopiah "github.com/containers/buildah/copier"
"github.com/containers/buildah/pkg/chrootuser"
@@ -75,18 +74,6 @@ type CopyItem struct {
// deferFunc allows for returning functions that must be deferred at call sites.
type deferFunc func()
-// FileInfo describes a file or directory and is returned by
-// (*CopyItem).Stat().
-type FileInfo struct {
- Name string `json:"name"`
- Size int64 `json:"size"`
- Mode os.FileMode `json:"mode"`
- ModTime time.Time `json:"mtime"`
- IsDir bool `json:"isDir"`
- IsStream bool `json:"isStream"`
- LinkTarget string `json:"linkTarget"`
-}
-
// Stat returns the FileInfo.
func (item *CopyItem) Stat() (*FileInfo, error) {
return &item.info, item.statError
diff --git a/pkg/copy/parse.go b/pkg/copy/parse.go
new file mode 100644
index 000000000..39e0e1547
--- /dev/null
+++ b/pkg/copy/parse.go
@@ -0,0 +1,61 @@
+package copy
+
+import (
+ "strings"
+
+ "github.com/pkg/errors"
+)
+
+// ParseSourceAndDestination parses the source and destination input into a
+// possibly specified container and path. The input format is described in
+// podman-cp(1) as "[nameOrID:]path". Colons in paths are supported as long
+// they start with a dot or slash.
+//
+// It returns, in order, the source container and path, followed by the
+// destination container and path, and an error. Note that exactly one
+// container must be specified.
+func ParseSourceAndDestination(source, destination string) (string, string, string, string, error) {
+ sourceContainer, sourcePath := parseUserInput(source)
+ destContainer, destPath := parseUserInput(destination)
+
+ numContainers := 0
+ if len(sourceContainer) > 0 {
+ numContainers++
+ }
+ if len(destContainer) > 0 {
+ numContainers++
+ }
+
+ if numContainers != 1 {
+ return "", "", "", "", errors.Errorf("invalid arguments %q, %q: exactly 1 container expected but %d specified", source, destination, numContainers)
+ }
+
+ if len(sourcePath) == 0 || len(destPath) == 0 {
+ return "", "", "", "", errors.Errorf("invalid arguments %q, %q: you must specify paths", source, destination)
+ }
+
+ return sourceContainer, sourcePath, destContainer, destPath, nil
+}
+
+// parseUserInput parses the input string and returns, if specified, the name
+// or ID of the container and the path. The input format is described in
+// podman-cp(1) as "[nameOrID:]path". Colons in paths are supported as long
+// they start with a dot or slash.
+func parseUserInput(input string) (container string, path string) {
+ if len(input) == 0 {
+ return
+ }
+ path = input
+
+ // If the input starts with a dot or slash, it cannot refer to a
+ // container.
+ if input[0] == '.' || input[0] == '/' {
+ return
+ }
+
+ if spl := strings.SplitN(path, ":", 2); len(spl) == 2 {
+ container = spl[0]
+ path = spl[1]
+ }
+ return
+}
diff --git a/pkg/domain/entities/system.go b/pkg/domain/entities/system.go
index bde2b6ef2..4af013134 100644
--- a/pkg/domain/entities/system.go
+++ b/pkg/domain/entities/system.go
@@ -19,6 +19,7 @@ type ServiceOptions struct {
type SystemPruneOptions struct {
All bool
Volume bool
+ Filter []string
}
// SystemPruneReport provides report after system prune is executed.
diff --git a/pkg/domain/infra/abi/cp.go b/pkg/domain/infra/abi/cp.go
index 9409df743..362053cce 100644
--- a/pkg/domain/infra/abi/cp.go
+++ b/pkg/domain/infra/abi/cp.go
@@ -2,46 +2,53 @@ package abi
import (
"context"
- "strings"
"github.com/containers/podman/v2/libpod"
"github.com/containers/podman/v2/pkg/copy"
"github.com/containers/podman/v2/pkg/domain/entities"
- "github.com/pkg/errors"
)
func (ic *ContainerEngine) ContainerCp(ctx context.Context, source, dest string, options entities.ContainerCpOptions) error {
- srcCtr, srcPath := parsePath(ic.Libpod, source)
- destCtr, destPath := parsePath(ic.Libpod, dest)
-
- if srcCtr != nil && destCtr != nil {
- return errors.Errorf("invalid arguments %q, %q: you must use just one container", source, dest)
+ // Parse user input.
+ sourceContainerStr, sourcePath, destContainerStr, destPath, err := copy.ParseSourceAndDestination(source, dest)
+ if err != nil {
+ return err
}
- if srcCtr == nil && destCtr == nil {
- return errors.Errorf("invalid arguments %q, %q: you must specify one container", source, dest)
+
+ // Look up containers.
+ var sourceContainer, destContainer *libpod.Container
+ if len(sourceContainerStr) > 0 {
+ sourceContainer, err = ic.Libpod.LookupContainer(sourceContainerStr)
+ if err != nil {
+ return err
+ }
}
- if len(srcPath) == 0 || len(destPath) == 0 {
- return errors.Errorf("invalid arguments %q, %q: you must specify paths", source, dest)
+ if len(destContainerStr) > 0 {
+ destContainer, err = ic.Libpod.LookupContainer(destContainerStr)
+ if err != nil {
+ return err
+ }
}
var sourceItem, destinationItem copy.CopyItem
- var err error
- // Copy from the container to the host.
- if srcCtr != nil {
- sourceItem, err = copy.CopyItemForContainer(srcCtr, srcPath, options.Pause, true)
+
+ // Source ... container OR host.
+ if sourceContainer != nil {
+ sourceItem, err = copy.CopyItemForContainer(sourceContainer, sourcePath, options.Pause, true)
defer sourceItem.CleanUp()
if err != nil {
return err
}
} else {
- sourceItem, err = copy.CopyItemForHost(srcPath, true)
+ sourceItem, err = copy.CopyItemForHost(sourcePath, true)
if err != nil {
return err
}
}
- if destCtr != nil {
- destinationItem, err = copy.CopyItemForContainer(destCtr, destPath, options.Pause, false)
+ // Destination ... container OR host.
+ if destContainer != nil {
+ destinationItem, err = copy.CopyItemForContainer(destContainer, destPath, options.Pause, false)
defer destinationItem.CleanUp()
if err != nil {
return err
@@ -55,22 +62,9 @@ func (ic *ContainerEngine) ContainerCp(ctx context.Context, source, dest string,
}
// Copy from the host to the container.
- return copy.Copy(&sourceItem, &destinationItem, options.Extract)
-}
-
-func parsePath(runtime *libpod.Runtime, path string) (*libpod.Container, string) {
- if len(path) == 0 {
- return nil, ""
- }
- if path[0] == '.' || path[0] == '/' { // A path cannot point to a container.
- return nil, path
- }
- pathArr := strings.SplitN(path, ":", 2)
- if len(pathArr) == 2 {
- ctr, err := runtime.LookupContainer(pathArr[0])
- if err == nil {
- return ctr, pathArr[1]
- }
+ copier, err := copy.GetCopier(&sourceItem, &destinationItem, options.Extract)
+ if err != nil {
+ return err
}
- return nil, path
+ return copier.Copy()
}
diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go
index ad7128b42..600d64b1d 100644
--- a/pkg/domain/infra/abi/manifest.go
+++ b/pkg/domain/infra/abi/manifest.go
@@ -54,7 +54,7 @@ func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte
}
return buf, nil
// no return if local image is not a list of images type
- // continue on getting valid manifest through remote serice
+ // continue on getting valid manifest through remote service
} else if errors.Cause(err) != buildahManifests.ErrManifestTypeNotSupported {
return nil, errors.Wrapf(err, "loading manifest %q", name)
}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 3aeb6a2ee..5b983a3f4 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -212,8 +212,10 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
return nil, errors.Wrapf(err, "Failed to parse image %q", container.Image)
}
// In kube, if the image is tagged with latest, it should always pull
+ // but if the domain is localhost, that means the image was built locally
+ // so do not attempt a pull.
if tagged, isTagged := named.(reference.NamedTagged); isTagged {
- if tagged.Tag() == image.LatestTag {
+ if tagged.Tag() == image.LatestTag && reference.Domain(named) != image.DefaultLocalRegistry {
pullPolicy = util.PullImageAlways
}
}
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 7ed58092b..d6881fdc4 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -4,6 +4,7 @@ import (
"context"
"fmt"
"io/ioutil"
+ "net/url"
"os"
"os/exec"
"path/filepath"
@@ -179,7 +180,16 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys
found = true
}
systemPruneReport.PodPruneReport = append(systemPruneReport.PodPruneReport, podPruneReport...)
- containerPruneReport, err := ic.pruneContainersHelper(nil)
+ containerPruneOptions := entities.ContainerPruneOptions{}
+ for _, f := range options.Filter {
+ t := strings.SplitN(f, "=", 2)
+ containerPruneOptions.Filters = make(url.Values)
+ if len(t) < 2 {
+ return nil, errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f)
+ }
+ containerPruneOptions.Filters.Add(t[0], t[1])
+ }
+ containerPruneReport, err := ic.ContainerPrune(ctx, containerPruneOptions)
if err != nil {
return nil, err
}
@@ -194,7 +204,7 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys
}
}
- results, err := ic.Libpod.ImageRuntime().PruneImages(ctx, options.All, nil)
+ results, err := ic.Libpod.ImageRuntime().PruneImages(ctx, options.All, options.Filter)
if err != nil {
return nil, err
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 3584668c7..e65fef0a4 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -732,7 +732,8 @@ func (ic *ContainerEngine) ContainerPort(ctx context.Context, nameOrID string, o
}
func (ic *ContainerEngine) ContainerCp(ctx context.Context, source, dest string, options entities.ContainerCpOptions) error {
- return errors.New("not implemented")
+ return nil
+ // return containers.Copy(ic.ClientCxt, source, dest, options)
}
// Shutdown Libpod engine
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 1808f99b8..e0b039fb7 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -167,22 +167,23 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, mask, unmask
g.AddLinuxMaskedPaths(mp)
}
}
+ for _, rp := range []string{
+ "/proc/asound",
+ "/proc/bus",
+ "/proc/fs",
+ "/proc/irq",
+ "/proc/sys",
+ "/proc/sysrq-trigger",
+ } {
+ if !util.StringInSlice(rp, unmask) {
+ g.AddLinuxReadonlyPaths(rp)
+ }
+ }
}
if pidModeIsHost && rootless.IsRootless() {
return
}
-
- for _, rp := range []string{
- "/proc/asound",
- "/proc/bus",
- "/proc/fs",
- "/proc/irq",
- "/proc/sys",
- "/proc/sysrq-trigger",
- } {
- g.AddLinuxReadonlyPaths(rp)
- }
}
// mask the paths provided by the user
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index 2ef0f4c23..bb8edabb7 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -103,7 +103,7 @@ func VolumeFromSource(volumeSource v1.VolumeSource) (*KubeVolume, error) {
} else if volumeSource.PersistentVolumeClaim != nil {
return VolumeFromPersistentVolumeClaim(volumeSource.PersistentVolumeClaim)
} else {
- return nil, errors.Errorf("HostPath and PersistentVolumeClaim are currently the conly supported VolumeSource")
+ return nil, errors.Errorf("HostPath and PersistentVolumeClaim are currently the only supported VolumeSource")
}
}
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index dee140282..56947ff24 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -141,7 +141,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
configSpec.Process.Capabilities.Effective = caplist
configSpec.Process.Capabilities.Permitted = caplist
} else {
- userCaps, err := capabilities.NormalizeCapabilities(s.CapAdd)
+ userCaps, err := capabilities.MergeCapabilities(nil, s.CapAdd, nil)
if err != nil {
return errors.Wrapf(err, "capabilities requested by user are not valid: %q", strings.Join(s.CapAdd, ","))
}
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index c105a9278..7b500bf57 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -12,6 +12,8 @@ iid=$(jq -r '.[0].Id' <<<"$output")
t GET libpod/images/$iid/exists 204
t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/exists 204
+t GET libpod/images/${iid}abcdef/exists 404 \
+ .cause="failed to find image ${iid}abcdef"
# FIXME: compare to actual podman info
t GET libpod/images/json 200 \
diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
index 0ce56ee3c..5327bd076 100644
--- a/test/apiv2/35-networks.at
+++ b/test/apiv2/35-networks.at
@@ -50,7 +50,13 @@ t GET networks?filters=%7B%22dangling%22%3A%5B%221%22%5D%7D 500 \
# network inspect docker
t GET networks/a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1 200 \
.Name=network1 \
-.Id=a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1
+.Id=a7662f44d65029fd4635c91feea3d720a57cef52e2a9fcc7772b69072cc1ccd1 \
+.Scope=local
+
+# network create docker
+t POST networks/create '"Name":"net3","IPAM":{"Config":[]}' 201
+# network delete docker
+t DELETE networks/net3 204
# clean the network
t DELETE libpod/networks/network1 200 \
diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go
index ab11128ba..760de55b6 100644
--- a/test/e2e/run_privileged_test.go
+++ b/test/e2e/run_privileged_test.go
@@ -90,6 +90,18 @@ var _ = Describe("Podman privileged container tests", func() {
containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
})
+ It("podman cap-add CapEff with --user", func() {
+ // Get caps of current process
+ host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
+ Expect(host_cap.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
+ })
+
It("podman cap-drop CapEff", func() {
session := podmanTest.Podman([]string{"run", "--cap-drop", "all", "busybox", "grep", "CapEff", "/proc/self/status"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index f73a15633..dbdd6a072 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -272,6 +272,13 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout()
Expect(session.OutputToString()).To(Not(BeEmpty()))
Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr5", "--security-opt", "systempaths=unconfined", ALPINE, "grep", "/proc", "/proc/self/mounts"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ stdoutLines := session.OutputToStringArray()
+ Expect(stdoutLines).Should(HaveLen(1))
+
})
It("podman run seccomp test", func() {
diff --git a/test/system/015-help.bats b/test/system/015-help.bats
index 22db8be8a..5f38c34a1 100644
--- a/test/system/015-help.bats
+++ b/test/system/015-help.bats
@@ -12,22 +12,11 @@
#
load helpers
-# run 'podman help', parse the output looking for 'Available Commands';
-# return that list.
-function podman_commands() {
- dprint "$@"
- run_podman help "$@" |\
- awk '/^Available Commands:/{ok=1;next}/^Options:/{ok=0}ok { print $1 }' |\
- grep .
- "$output"
-}
-
-
function check_help() {
local count=0
local -A found
- for cmd in $(podman_commands "$@"); do
+ for cmd in $(_podman_commands "$@"); do
# Human-readable podman command string, with multiple spaces collapsed
command_string="podman $* $cmd"
command_string=${command_string// / } # 'podman x' -> 'podman x'
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 59da503a6..8e9a2d613 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -381,6 +381,48 @@ a${random3}z"
run_podman rmi -f build_test
}
+@test "podman build --layers test" {
+ rand_content=$(random_string 50)
+ tmpdir=$PODMAN_TMPDIR/build-test
+ run mkdir -p $tmpdir
+ containerfile=$tmpdir/Containerfile
+ cat >$containerfile <<EOF
+FROM $IMAGE
+RUN echo $rand_content
+EOF
+
+ # Build twice to make sure second time uses cache
+ run_podman build -t build_test $tmpdir
+ if [[ "$output" =~ "Using cache" ]]; then
+ is "$output" "[no instance of 'Using cache']" "no cache used"
+ fi
+
+ run_podman build -t build_test $tmpdir
+ is "$output" ".*cache" "used cache"
+
+ run_podman build -t build_test --layers=true $tmpdir
+ is "$output" ".*cache" "used cache"
+
+ run_podman build -t build_test --layers=false $tmpdir
+ if [[ "$output" =~ "Using cache" ]]; then
+ is "$output" "[no instance of 'Using cache']" "no cache used"
+ fi
+
+ BUILDAH_LAYERS=false run_podman build -t build_test $tmpdir
+ if [[ "$output" =~ "Using cache" ]]; then
+ is "$output" "[no instance of 'Using cache']" "no cache used"
+ fi
+
+ BUILDAH_LAYERS=false run_podman build -t build_test --layers=1 $tmpdir
+ is "$output" ".*cache" "used cache"
+
+ BUILDAH_LAYERS=1 run_podman build -t build_test --layers=false $tmpdir
+ if [[ "$output" =~ "Using cache" ]]; then
+ is "$output" "[no instance of 'Using cache']" "no cache used"
+ fi
+
+ run_podman rmi -a --force
+}
function teardown() {
# A timeout or other error in 'build' can leave behind stale images
diff --git a/test/system/600-completion.bats b/test/system/600-completion.bats
new file mode 100644
index 000000000..1e43cdc41
--- /dev/null
+++ b/test/system/600-completion.bats
@@ -0,0 +1,272 @@
+#!/usr/bin/env bats -*- bats -*-
+#
+# Test podman shell completion
+#
+# Shell completion is provided via the cobra library
+# It is implement by calling a hidden subcommand called "__complete"
+#
+
+load helpers
+
+function check_shell_completion() {
+ local count=0
+
+ # Newline character; used for confirming string output
+ local nl="
+"
+
+ for cmd in $(_podman_commands "$@"); do
+ # Human-readable podman command string, with multiple spaces collapsed
+ name="podman"
+ if is_remote; then
+ name="podman-remote"
+ fi
+ command_string="$name $* $cmd"
+ command_string=${command_string// / } # 'podman x' -> 'podman x'
+
+ run_podman "$@" $cmd --help
+ local full_help="$output"
+
+ # The line immediately after 'Usage:' gives us a 1-line synopsis
+ usage=$(echo "$full_help" | grep -A1 '^Usage:' | tail -1)
+ [ -n "$usage" ] || die "podman $cmd: no Usage message found"
+
+ # If usage ends in '[command]', recurse into subcommands
+ if expr "$usage" : '.*\[command\]$' >/dev/null; then
+ check_shell_completion "$@" $cmd
+ continue
+ fi
+
+ # Trim to command path so we only have the args
+ args="${usage/$command_string/}"
+ # Trim leading whitespaces
+ args="${args#"${args%%[![:space:]]*}"}"
+
+ # Extra args is used to match the correct argument number for the command
+ # This is important because some commands provide different suggestions based
+ # on the number of arguments.
+ extra_args=()
+
+ for arg in $args; do
+
+ match=false
+ i=0
+ while true; do
+
+ case $arg in
+
+ # If we have options than we need to check if we are getting flag completion
+ "[options]")
+ # skip this for remote it fails if a command only has the latest flag e.g podman top
+ if ! is_remote; then
+ run_completion "$@" $cmd "--"
+ # If this fails there is most likely a problem with the cobra library
+ is "${lines[0]}" "--.*" "Found flag in suggestions"
+ [ ${#lines[@]} -gt 2 ] || die "No flag suggestions"
+ _check_completion_end NoFileComp
+ fi
+ # continue the outer for args loop
+ continue 2
+ ;;
+
+ *CONTAINER*)
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ is "$output" ".*-$random_container_name${nl}" "Found expected container in suggestions"
+
+ match=true
+ # resume
+ ;;&
+
+ *POD*)
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ is "$output" ".*-$random_pod_name${nl}" "Found expected pod in suggestions"
+ _check_completion_end NoFileComp
+
+ match=true
+ # resume
+ ;;&
+
+ *IMAGE*)
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ is "$output" ".*localhost/$random_image_name:$random_image_tag${nl}" "Found expected image in suggestions"
+
+ # check that we complete the image with and without tag after at least one char is typed
+ run_completion "$@" $cmd "${extra_args[@]}" "${random_image_name:0:1}"
+ is "$output" ".*$random_image_name:$random_image_tag${nl}" "Found expected image with tag in suggestions"
+ is "$output" ".*$random_image_name${nl}" "Found expected image without tag in suggestions"
+
+ # check that we complete the image id after at least two chars are typed
+ run_completion "$@" $cmd "${extra_args[@]}" "${random_image_id:0:2}"
+ is "$output" ".*$random_image_id${nl}" "Found expected image id in suggestions"
+
+ match=true
+ # resume
+ ;;&
+
+ *NETWORK*)
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ is "$output" ".*$random_network_name${nl}" "Found network in suggestions"
+ _check_completion_end NoFileComp
+
+ match=true
+ # resume
+ ;;&
+
+ *VOLUME*)
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ is "$output" ".*$random_volume_name${nl}" "Found volume in suggestions"
+ _check_completion_end NoFileComp
+
+ match=true
+ # resume
+ ;;&
+
+ *REGISTRY*)
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ ### FIXME how can we get the configured registries?
+ _check_completion_end NoFileComp
+ ### FIXME this fails if no registries are configured
+ [[ ${#lines[@]} -gt 2 ]] || die "No registries found in suggestions"
+
+ match=true
+ # resume
+ ;;&
+
+ *PATH* | *CONTEXT* | *KUBEFILE* | *COMMAND* | *ARG...* | *URI*)
+ # default shell completion should be done for everthing which accepts a path
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+
+ # cp is a special case it returns ShellCompDirectiveNoSpace
+ if [[ "$cmd" == "cp" ]]; then
+ _check_completion_end NoSpace
+ else
+ _check_completion_end Default
+ [[ ${#lines[@]} -eq 2 ]] || die "Suggestions are in the output"
+ fi
+ ;;
+
+ *)
+ if [[ "$match" == "false" ]]; then
+ dprint "UNKNOWN arg: $arg for $command_string ${extra_args[*]}"
+ fi
+ ;;
+
+ esac
+
+ # Increment the argument array
+ extra_args+=("arg")
+
+ i=$(($i + 1))
+ # If the argument ends with ...] than we accept 0...n args
+ # Loop three times to make sure we are not only completing the first arg
+ if [[ ! ${arg} =~ "..." ]] || [[ i -gt 3 ]]; then
+ break
+ fi
+
+ done
+
+ done
+
+ # If the command takes no more parameters make sure we are getting no completion
+ if [[ ! ${args##* } =~ "..." ]]; then
+ run_completion "$@" $cmd "${extra_args[@]}" ""
+ _check_completion_end NoFileComp
+ if [ ${#lines[@]} -gt 2 ]; then
+ # checking for line count is not enough since we may inlcude additional debug output
+ # lines starting with [Debug] are allowed
+ i=0
+ length=$(( ${#lines[@]} - 2 ))
+ while [[ i -lt length ]]; do
+ [[ "${lines[$i]:0:7}" == "[Debug]" ]] || die "Suggestions are in the output"
+ i=$(( i + 1 ))
+ done
+ fi
+ fi
+
+ done
+
+}
+
+# run the completion cmd
+function run_completion() {
+ PODMAN="$PODMAN_COMPLETION" run_podman "$@"
+}
+
+# check for the given ShellCompDirective (always last line)
+function _check_completion_end() {
+ is "${lines[-1]}" "Completion ended with directive: ShellCompDirective$1" "Completion has wrong ShellCompDirective set"
+}
+
+
+@test "podman shell completion test" {
+
+ random_container_name=$(random_string 30)
+ random_pod_name=$(random_string 30)
+ random_image_name=$(random_string 30)
+ random_image_name=${random_image_name,,} # name must be lowercase
+ random_image_tag=$(random_string 5)
+ random_network_name=$(random_string 30)
+ random_volume_name=$(random_string 30)
+
+ # create a container for each state since some commands are only suggesting running container for example
+ run_podman create --name created-$random_container_name $IMAGE
+ run_podman run --name running-$random_container_name -d $IMAGE top
+ run_podman run --name pause-$random_container_name -d $IMAGE top
+ run_podman pause pause-$random_container_name
+ run_podman run --name exited-$random_container_name -d $IMAGE echo exited
+
+ # create pods for each state
+ run_podman pod create --name created-$random_pod_name
+ run_podman pod create --name running-$random_pod_name
+ run_podman run -d --name running-$random_pod_name-con --pod running-$random_pod_name $IMAGE top
+ run_podman pod create --name degraded-$random_pod_name
+ run_podman run -d --name degraded-$random_pod_name-con --pod degraded-$random_pod_name $IMAGE echo degraded
+ run_podman pod create --name exited-$random_pod_name
+ run_podman run -d --name exited-$random_pod_name-con --pod exited-$random_pod_name $IMAGE echo exited
+ run_podman pod stop exited-$random_pod_name
+
+ # create image name (just tag with new names no need to pull)
+ run_podman image tag $IMAGE $random_image_name:$random_image_tag
+ run_podman image list --format '{{.ID}}' --filter reference=$random_image_name
+ random_image_id="${lines[0]}"
+
+ # create network
+ run_podman network create $random_network_name
+
+ # create volume
+ run_podman volume create $random_volume_name
+
+
+ # $PODMAN may be a space-separated string, e.g. if we include a --url.
+ local -a podman_as_array=($PODMAN)
+ # __completeNoDesc must be the first arg if we running the completion cmd
+ PODMAN_COMPLETION="${podman_as_array[0]} __completeNoDesc ${podman_as_array[@]:1}"
+
+ # Called with no args -- start with 'podman --help'. check_shell_completion() will
+ # recurse for any subcommands.
+ check_shell_completion
+
+ # cleanup
+ run_podman volume rm $random_volume_name
+
+ run_podman network rm $random_network_name
+
+ run_podman image untag $IMAGE $random_image_name:$random_image_tag
+
+ for state in created running degraded exited; do
+ run_podman pod rm --force $state-$random_pod_name
+ done
+
+ for state in created running pause exited; do
+ run_podman rm --force $state-$random_container_name
+ done
+
+ # Clean up the pod pause image
+ run_podman image list --format '{{.ID}} {{.Repository}}'
+ while read id name; do
+ if [[ "$name" =~ /pause ]]; then
+ run_podman rmi $id
+ fi
+ done <<<"$output"
+
+}
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 2cced10c2..6a7c6cc42 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -521,5 +521,15 @@ function remove_same_dev_warning() {
output=$(printf '%s\n' "${lines[@]}")
}
+# run 'podman help', parse the output looking for 'Available Commands';
+# return that list.
+function _podman_commands() {
+ dprint "$@"
+ run_podman help "$@" |
+ awk '/^Available Commands:/{ok=1;next}/^Options:/{ok=0}ok { print $1 }' |
+ grep .
+ "$output"
+}
+
# END miscellaneous tools
###############################################################################
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index f9e8384bb..ae96cc731 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.24.1
+1.24.3
diff --git a/vendor/github.com/containers/storage/storage.conf b/vendor/github.com/containers/storage/storage.conf
index 0577e84ca..af4953310 100644
--- a/vendor/github.com/containers/storage/storage.conf
+++ b/vendor/github.com/containers/storage/storage.conf
@@ -4,7 +4,7 @@
# The "container storage" table contains all of the server options.
[storage]
-# Default Storage Driver
+# Default Storage Driver, Must be set for proper operation.
driver = ""
# Temporary storage location
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index b9115f195..7b250db9f 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -30,6 +30,7 @@ import (
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
)
var (
@@ -3527,6 +3528,9 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) {
if config.Storage.Driver != "" {
storeOptions.GraphDriverName = config.Storage.Driver
}
+ if storeOptions.GraphDriverName == "" {
+ logrus.Errorf("The storage 'driver' option must be set in %s, guarantee proper operation.", configFile)
+ }
if config.Storage.RunRoot != "" {
storeOptions.RunRoot = config.Storage.RunRoot
}
diff --git a/vendor/github.com/onsi/gomega/.travis.yml b/vendor/github.com/onsi/gomega/.travis.yml
index e250be4ac..348e3014c 100644
--- a/vendor/github.com/onsi/gomega/.travis.yml
+++ b/vendor/github.com/onsi/gomega/.travis.yml
@@ -1,4 +1,7 @@
language: go
+arch:
+ - amd64
+ - ppc64le
go:
- 1.14.x
diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md
index 940953394..0f1765d84 100644
--- a/vendor/github.com/onsi/gomega/CHANGELOG.md
+++ b/vendor/github.com/onsi/gomega/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 1.10.4
+
+### Fixes
+- update golang net library to more recent version without vulnerability (#406) [817a8b9]
+- Correct spelling: alloted -> allotted (#403) [0bae715]
+- fix a panic in MessageWithDiff with long message (#402) [ea06b9b]
+
## 1.10.3
### Fixes
diff --git a/vendor/github.com/onsi/gomega/format/format.go b/vendor/github.com/onsi/gomega/format/format.go
index fae25adce..e59d7d75b 100644
--- a/vendor/github.com/onsi/gomega/format/format.go
+++ b/vendor/github.com/onsi/gomega/format/format.go
@@ -105,7 +105,13 @@ func MessageWithDiff(actual, message, expected string) string {
tabLength := 4
spaceFromMessageToActual := tabLength + len("<string>: ") - len(message)
- padding := strings.Repeat(" ", spaceFromMessageToActual+spacesBeforeFormattedMismatch) + "|"
+
+ paddingCount := spaceFromMessageToActual + spacesBeforeFormattedMismatch
+ if paddingCount < 0 {
+ return Message(formattedActual, message, formattedExpected)
+ }
+
+ padding := strings.Repeat(" ", paddingCount) + "|"
return Message(formattedActual, message+padding, formattedExpected)
}
diff --git a/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go b/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go
index 3caed8769..a41ad6232 100644
--- a/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go
+++ b/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go
@@ -9,17 +9,17 @@ import (
// ErrTimeout is returned by TimeoutCloser, TimeoutReader, and TimeoutWriter when the underlying Closer/Reader/Writer does not return within the specified timeout
var ErrTimeout = errors.New("timeout occurred")
-// TimeoutCloser returns an io.Closer that wraps the passed-in io.Closer. If the underlying Closer fails to close within the alloted timeout ErrTimeout is returned.
+// TimeoutCloser returns an io.Closer that wraps the passed-in io.Closer. If the underlying Closer fails to close within the allotted timeout ErrTimeout is returned.
func TimeoutCloser(c io.Closer, timeout time.Duration) io.Closer {
return timeoutReaderWriterCloser{c: c, d: timeout}
}
-// TimeoutReader returns an io.Reader that wraps the passed-in io.Reader. If the underlying Reader fails to read within the alloted timeout ErrTimeout is returned.
+// TimeoutReader returns an io.Reader that wraps the passed-in io.Reader. If the underlying Reader fails to read within the allotted timeout ErrTimeout is returned.
func TimeoutReader(r io.Reader, timeout time.Duration) io.Reader {
return timeoutReaderWriterCloser{r: r, d: timeout}
}
-// TimeoutWriter returns an io.Writer that wraps the passed-in io.Writer. If the underlying Writer fails to write within the alloted timeout ErrTimeout is returned.
+// TimeoutWriter returns an io.Writer that wraps the passed-in io.Writer. If the underlying Writer fails to write within the allotted timeout ErrTimeout is returned.
func TimeoutWriter(w io.Writer, timeout time.Duration) io.Writer {
return timeoutReaderWriterCloser{w: w, d: timeout}
}
diff --git a/vendor/github.com/onsi/gomega/go.mod b/vendor/github.com/onsi/gomega/go.mod
index 0a80d5ec3..02b99ab60 100644
--- a/vendor/github.com/onsi/gomega/go.mod
+++ b/vendor/github.com/onsi/gomega/go.mod
@@ -5,7 +5,7 @@ go 1.14
require (
github.com/golang/protobuf v1.4.2
github.com/onsi/ginkgo v1.12.1
- golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0
+ golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
gopkg.in/yaml.v2 v2.3.0
)
diff --git a/vendor/github.com/onsi/gomega/go.sum b/vendor/github.com/onsi/gomega/go.sum
index c54e9b88e..fc230153b 100644
--- a/vendor/github.com/onsi/gomega/go.sum
+++ b/vendor/github.com/onsi/gomega/go.sum
@@ -31,6 +31,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dD
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0 h1:wBouT66WTYFXdxfVdz9sVWARVd/2vfGcmI45D2gj45M=
golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e h1:o3PsSEY8E4eXWkXrIP9YJALUkVZqzHJT5DOasTyn8Vs=
@@ -42,6 +44,7 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwg
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go
index 4af1a8c01..a8529f1ca 100644
--- a/vendor/github.com/onsi/gomega/gomega_dsl.go
+++ b/vendor/github.com/onsi/gomega/gomega_dsl.go
@@ -24,7 +24,7 @@ import (
"github.com/onsi/gomega/types"
)
-const GOMEGA_VERSION = "1.10.3"
+const GOMEGA_VERSION = "1.10.4"
const nilFailHandlerPanic = `You are trying to make an assertion, but Gomega's fail handler is nil.
If you're using Ginkgo then you probably forgot to put your assertion in an It().
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
index 10ac15a85..988adc8f4 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
@@ -27,14 +27,14 @@ var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be use
// the container. A list of options can be passed into this function to alter
// the labels. The labels returned will include a random MCS String, that is
// guaranteed to be unique.
-func InitLabels(options []string) (plabel string, mlabel string, Err error) {
+func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
if !selinux.GetEnabled() {
return "", "", nil
}
processLabel, mountLabel := selinux.ContainerLabels()
if processLabel != "" {
defer func() {
- if Err != nil {
+ if retErr != nil {
selinux.ReleaseLabel(mountLabel)
}
}()
@@ -57,7 +57,6 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
con := strings.SplitN(opt, ":", 2)
if !validOptions[con[0]] {
return "", "", errors.Errorf("Bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0])
-
}
if con[0] == "filetype" {
mcon["type"] = con[1]
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
index 50760dc93..d9119908b 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
@@ -30,6 +30,11 @@ var (
// ErrLevelSyntax is returned when a sensitivity or category do not have correct syntax in a level
ErrLevelSyntax = errors.New("invalid level syntax")
+ // ErrContextMissing is returned if a requested context is not found in a file.
+ ErrContextMissing = errors.New("context does not have a match")
+ // ErrVerifierNil is returned when a context verifier function is nil.
+ ErrVerifierNil = errors.New("verifier function is nil")
+
// CategoryRange allows the upper bound on the category range to be adjusted
CategoryRange = DefaultCategoryRange
)
@@ -63,8 +68,12 @@ func FileLabel(fpath string) (string, error) {
return fileLabel(fpath)
}
-// SetFSCreateLabel tells kernel the label to create all file system objects
-// created by this task. Setting label="" to return to default.
+// SetFSCreateLabel tells the kernel what label to use for all file system objects
+// created by this task.
+// Set the label to an empty string to return to the default label. Calls to SetFSCreateLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system
+// objects created by this task are finished to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
func SetFSCreateLabel(label string) error {
return setFSCreateLabel(label)
}
@@ -113,19 +122,27 @@ func CalculateGlbLub(sourceRange, targetRange string) (string, error) {
}
// SetExecLabel sets the SELinux label that the kernel will use for any programs
-// that are executed by the current process thread, or an error.
+// that are executed by the current process thread, or an error. Calls to SetExecLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until execution
+// of the program is finished to guarantee another goroutine does not migrate to the current
+// thread before execution is complete.
func SetExecLabel(label string) error {
return setExecLabel(label)
}
// SetTaskLabel sets the SELinux label for the current thread, or an error.
-// This requires the dyntransition permission.
+// This requires the dyntransition permission. Calls to SetTaskLabel should
+// be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee
+// the current thread does not run in a new mislabeled thread.
func SetTaskLabel(label string) error {
return setTaskLabel(label)
}
// SetSocketLabel takes a process label and tells the kernel to assign the
-// label to the next socket that gets created
+// label to the next socket that gets created. Calls to SetSocketLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until
+// the the socket is created to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
func SetSocketLabel(label string) error {
return setSocketLabel(label)
}
@@ -141,7 +158,10 @@ func PeerLabel(fd uintptr) (string, error) {
}
// SetKeyLabel takes a process label and tells the kernel to assign the
-// label to the next kernel keyring that gets created
+// label to the next kernel keyring that gets created. Calls to SetKeyLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until
+// the kernel keyring is created to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
func SetKeyLabel(label string) error {
return setKeyLabel(label)
}
@@ -247,3 +267,12 @@ func DupSecOpt(src string) ([]string, error) {
func DisableSecOpt() []string {
return disableSecOpt()
}
+
+// GetDefaultContextWithLevel gets a single context for the specified SELinux user
+// identity that is reachable from the specified scon context. The context is based
+// on the per-user /etc/selinux/{SELINUXTYPE}/contexts/users/<username> if it exists,
+// and falls back to the global /etc/selinux/{SELINUXTYPE}/contexts/default_contexts
+// file.
+func GetDefaultContextWithLevel(user, level, scon string) (string, error) {
+ return getDefaultContextWithLevel(user, level, scon)
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index d6b0d49db..904f5b04f 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -28,6 +28,8 @@ const (
minSensLen = 2
contextFile = "/usr/share/containers/selinux/contexts"
selinuxDir = "/etc/selinux/"
+ selinuxUsersDir = "contexts/users"
+ defaultContexts = "contexts/default_contexts"
selinuxConfig = selinuxDir + "config"
selinuxfsMount = "/sys/fs/selinux"
selinuxTypeTag = "SELINUXTYPE"
@@ -35,6 +37,8 @@ const (
xattrNameSelinux = "security.selinux"
)
+var policyRoot = filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
+
type selinuxState struct {
enabledSet bool
enabled bool
@@ -54,6 +58,13 @@ type mlsRange struct {
high *level
}
+type defaultSECtx struct {
+ user, level, scon string
+ userRdr, defaultRdr io.Reader
+
+ verifier func(string) error
+}
+
type levelItem byte
const (
@@ -111,7 +122,7 @@ func verifySELinuxfsMount(mnt string) bool {
if err == nil {
break
}
- if err == unix.EAGAIN {
+ if err == unix.EAGAIN || err == unix.EINTR {
continue
}
return false
@@ -205,28 +216,16 @@ func getEnabled() bool {
}
func readConfig(target string) string {
- var (
- val, key string
- bufin *bufio.Reader
- )
-
in, err := os.Open(selinuxConfig)
if err != nil {
return ""
}
defer in.Close()
- bufin = bufio.NewReader(in)
+ scanner := bufio.NewScanner(in)
- for done := false; !done; {
- var line string
- if line, err = bufin.ReadString('\n'); err != nil {
- if err != io.EOF {
- return ""
- }
- done = true
- }
- line = strings.TrimSpace(line)
+ for scanner.Scan() {
+ line := strings.TrimSpace(scanner.Text())
if len(line) == 0 {
// Skip blank lines
continue
@@ -236,7 +235,7 @@ func readConfig(target string) string {
continue
}
if groups := assignRegex.FindStringSubmatch(line); groups != nil {
- key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
+ key, val := strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
if key == target {
return strings.Trim(val, "\"")
}
@@ -245,15 +244,17 @@ func readConfig(target string) string {
return ""
}
-func getSELinuxPolicyRoot() string {
- return filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
-}
-
func isProcHandle(fh *os.File) error {
var buf unix.Statfs_t
- err := unix.Fstatfs(int(fh.Fd()), &buf)
- if err != nil {
- return errors.Wrapf(err, "statfs(%q) failed", fh.Name())
+
+ for {
+ err := unix.Fstatfs(int(fh.Fd()), &buf)
+ if err == nil {
+ break
+ }
+ if err != unix.EINTR {
+ return errors.Wrapf(err, "statfs(%q) failed", fh.Name())
+ }
}
if buf.Type != unix.PROC_SUPER_MAGIC {
return errors.Errorf("file %q is not on procfs", fh.Name())
@@ -307,9 +308,16 @@ func setFileLabel(fpath string, label string) error {
if fpath == "" {
return ErrEmptyPath
}
- if err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil {
- return errors.Wrapf(err, "failed to set file label on %s", fpath)
+ for {
+ err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)
+ if err == nil {
+ break
+ }
+ if err != unix.EINTR {
+ return errors.Wrapf(err, "failed to set file label on %s", fpath)
+ }
}
+
return nil
}
@@ -751,7 +759,7 @@ func reserveLabel(label string) {
if len(label) != 0 {
con := strings.SplitN(label, ":", 4)
if len(con) > 3 {
- mcsAdd(con[3])
+ _ = mcsAdd(con[3])
}
}
}
@@ -828,11 +836,11 @@ func intToMcs(id int, catRange uint32) string {
}
for ORD > TIER {
- ORD = ORD - TIER
+ ORD -= TIER
TIER--
}
TIER = SETSIZE - TIER
- ORD = ORD + TIER
+ ORD += TIER
return fmt.Sprintf("s0:c%d,c%d", TIER, ORD)
}
@@ -844,16 +852,14 @@ func uniqMcs(catRange uint32) string {
)
for {
- binary.Read(rand.Reader, binary.LittleEndian, &n)
+ _ = binary.Read(rand.Reader, binary.LittleEndian, &n)
c1 = n % catRange
- binary.Read(rand.Reader, binary.LittleEndian, &n)
+ _ = binary.Read(rand.Reader, binary.LittleEndian, &n)
c2 = n % catRange
if c1 == c2 {
continue
- } else {
- if c1 > c2 {
- c1, c2 = c2, c1
- }
+ } else if c1 > c2 {
+ c1, c2 = c2, c1
}
mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
if err := mcsAdd(mcs); err != nil {
@@ -884,18 +890,13 @@ func openContextFile() (*os.File, error) {
if f, err := os.Open(contextFile); err == nil {
return f, nil
}
- lxcPath := filepath.Join(getSELinuxPolicyRoot(), "/contexts/lxc_contexts")
+ lxcPath := filepath.Join(policyRoot, "/contexts/lxc_contexts")
return os.Open(lxcPath)
}
var labels = loadLabels()
func loadLabels() map[string]string {
- var (
- val, key string
- bufin *bufio.Reader
- )
-
labels := make(map[string]string)
in, err := openContextFile()
if err != nil {
@@ -903,18 +904,10 @@ func loadLabels() map[string]string {
}
defer in.Close()
- bufin = bufio.NewReader(in)
+ scanner := bufio.NewScanner(in)
- for done := false; !done; {
- var line string
- if line, err = bufin.ReadString('\n'); err != nil {
- if err == io.EOF {
- done = true
- } else {
- break
- }
- }
- line = strings.TrimSpace(line)
+ for scanner.Scan() {
+ line := strings.TrimSpace(scanner.Text())
if len(line) == 0 {
// Skip blank lines
continue
@@ -924,7 +917,7 @@ func loadLabels() map[string]string {
continue
}
if groups := assignRegex.FindStringSubmatch(line); groups != nil {
- key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
+ key, val := strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
labels[key] = strings.Trim(val, "\"")
}
}
@@ -1015,7 +1008,7 @@ func copyLevel(src, dest string) (string, error) {
return "", err
}
mcsDelete(tcon["level"])
- mcsAdd(scon["level"])
+ _ = mcsAdd(scon["level"])
tcon["level"] = scon["level"]
return tcon.Get(), nil
}
@@ -1095,3 +1088,124 @@ func dupSecOpt(src string) ([]string, error) {
func disableSecOpt() []string {
return []string{"disable"}
}
+
+// findUserInContext scans the reader for a valid SELinux context
+// match that is verified with the verifier. Invalid contexts are
+// skipped. It returns a matched context or an empty string if no
+// match is found. If a scanner error occurs, it is returned.
+func findUserInContext(context Context, r io.Reader, verifier func(string) error) (string, error) {
+ fromRole := context["role"]
+ fromType := context["type"]
+ scanner := bufio.NewScanner(r)
+
+ for scanner.Scan() {
+ fromConns := strings.Fields(scanner.Text())
+ if len(fromConns) == 0 {
+ // Skip blank lines
+ continue
+ }
+
+ line := fromConns[0]
+
+ if line[0] == ';' || line[0] == '#' {
+ // Skip comments
+ continue
+ }
+
+ // user context files contexts are formatted as
+ // role_r:type_t:s0 where the user is missing.
+ lineArr := strings.SplitN(line, ":", 4)
+ // skip context with typo, or role and type do not match
+ if len(lineArr) != 3 ||
+ lineArr[0] != fromRole ||
+ lineArr[1] != fromType {
+ continue
+ }
+
+ for _, cc := range fromConns[1:] {
+ toConns := strings.SplitN(cc, ":", 4)
+ if len(toConns) != 3 {
+ continue
+ }
+
+ context["role"] = toConns[0]
+ context["type"] = toConns[1]
+
+ outConn := context.get()
+ if err := verifier(outConn); err != nil {
+ continue
+ }
+
+ return outConn, nil
+ }
+ }
+
+ if err := scanner.Err(); err != nil {
+ return "", errors.Wrap(err, "failed to scan for context")
+ }
+
+ return "", nil
+}
+
+func getDefaultContextFromReaders(c *defaultSECtx) (string, error) {
+ if c.verifier == nil {
+ return "", ErrVerifierNil
+ }
+
+ context, err := newContext(c.scon)
+ if err != nil {
+ return "", errors.Wrapf(err, "failed to create label for %s", c.scon)
+ }
+
+ // set so the verifier validates the matched context with the provided user and level.
+ context["user"] = c.user
+ context["level"] = c.level
+
+ conn, err := findUserInContext(context, c.userRdr, c.verifier)
+ if err != nil {
+ return "", err
+ }
+
+ if conn != "" {
+ return conn, nil
+ }
+
+ conn, err = findUserInContext(context, c.defaultRdr, c.verifier)
+ if err != nil {
+ return "", err
+ }
+
+ if conn != "" {
+ return conn, nil
+ }
+
+ return "", errors.Wrapf(ErrContextMissing, "context not found: %q", c.scon)
+}
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+ userPath := filepath.Join(policyRoot, selinuxUsersDir, user)
+ defaultPath := filepath.Join(policyRoot, defaultContexts)
+
+ fu, err := os.Open(userPath)
+ if err != nil {
+ return "", err
+ }
+ defer fu.Close()
+
+ fd, err := os.Open(defaultPath)
+ if err != nil {
+ return "", err
+ }
+ defer fd.Close()
+
+ c := defaultSECtx{
+ user: user,
+ level: level,
+ scon: scon,
+ userRdr: fu,
+ defaultRdr: fd,
+ verifier: securityCheckContext,
+ }
+
+ return getDefaultContextFromReaders(&c)
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index c526b210f..e4b65c9e2 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -146,3 +146,7 @@ func dupSecOpt(src string) ([]string, error) {
func disableSecOpt() []string {
return []string{"disable"}
}
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+ return "", nil
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
index de5c80ef3..2365b4bda 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
@@ -6,21 +6,21 @@ import (
"golang.org/x/sys/unix"
)
-// Returns a []byte slice if the xattr is set and nil otherwise
-// Requires path and its attribute as arguments
-func lgetxattr(path string, attr string) ([]byte, error) {
+// lgetxattr returns a []byte slice containing the value of
+// an extended attribute attr set for path.
+func lgetxattr(path, attr string) ([]byte, error) {
// Start with a 128 length byte array
dest := make([]byte, 128)
- sz, errno := unix.Lgetxattr(path, attr, dest)
+ sz, errno := doLgetxattr(path, attr, dest)
for errno == unix.ERANGE {
// Buffer too small, use zero-sized buffer to get the actual size
- sz, errno = unix.Lgetxattr(path, attr, []byte{})
+ sz, errno = doLgetxattr(path, attr, []byte{})
if errno != nil {
return nil, errno
}
dest = make([]byte, sz)
- sz, errno = unix.Lgetxattr(path, attr, dest)
+ sz, errno = doLgetxattr(path, attr, dest)
}
if errno != nil {
return nil, errno
@@ -28,3 +28,13 @@ func lgetxattr(path string, attr string) ([]byte, error) {
return dest[:sz], nil
}
+
+// doLgetxattr is a wrapper that retries on EINTR
+func doLgetxattr(path, attr string, dest []byte) (int, error) {
+ for {
+ sz, err := unix.Lgetxattr(path, attr, dest)
+ if err != unix.EINTR {
+ return sz, err
+ }
+ }
+}
diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
index 63fde1842..437b12b3e 100644
--- a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
+++ b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
@@ -20,17 +20,16 @@ type WalkFunc = filepath.WalkFunc
//
// Note that this implementation only supports primitive error handling:
//
-// * no errors are ever passed to WalkFn
+// - no errors are ever passed to WalkFn;
//
-// * once a walkFn returns any error, all further processing stops
-// and the error is returned to the caller of Walk;
+// - once a walkFn returns any error, all further processing stops
+// and the error is returned to the caller of Walk;
//
-// * filepath.SkipDir is not supported;
-//
-// * if more than one walkFn instance will return an error, only one
-// of such errors will be propagated and returned by Walk, others
-// will be silently discarded.
+// - filepath.SkipDir is not supported;
//
+// - if more than one walkFn instance will return an error, only one
+// of such errors will be propagated and returned by Walk, others
+// will be silently discarded.
func Walk(root string, walkFn WalkFunc) error {
return WalkN(root, walkFn, runtime.NumCPU()*2)
}
@@ -38,6 +37,8 @@ func Walk(root string, walkFn WalkFunc) error {
// WalkN is a wrapper for filepath.Walk which can call multiple walkFn
// in parallel, allowing to handle each item concurrently. A maximum of
// num walkFn will be called at any one time.
+//
+// Please see Walk documentation for caveats of using this function.
func WalkN(root string, walkFn WalkFunc, num int) error {
// make sure limit is sensible
if num < 1 {
diff --git a/vendor/github.com/vishvananda/netlink/.travis.yml b/vendor/github.com/vishvananda/netlink/.travis.yml
index 7d14af4d6..80219c69d 100644
--- a/vendor/github.com/vishvananda/netlink/.travis.yml
+++ b/vendor/github.com/vishvananda/netlink/.travis.yml
@@ -1,8 +1,8 @@
language: go
go:
- - "1.10.x"
- - "1.11.x"
- "1.12.x"
+ - "1.13.x"
+ - "1.14.x"
before_script:
# make sure we keep path in tact when we sudo
- sudo sed -i -e 's/^Defaults\tsecure_path.*$//' /etc/sudoers
@@ -14,6 +14,7 @@ before_script:
- sudo modprobe nf_conntrack_ipv4
- sudo modprobe nf_conntrack_ipv6
- sudo modprobe sch_hfsc
+ - sudo modprobe sch_sfq
install:
- - go get github.com/vishvananda/netns
+ - go get -v -t ./...
go_import_path: github.com/vishvananda/netlink
diff --git a/vendor/github.com/vishvananda/netlink/addr.go b/vendor/github.com/vishvananda/netlink/addr.go
index f08c95696..653f540db 100644
--- a/vendor/github.com/vishvananda/netlink/addr.go
+++ b/vendor/github.com/vishvananda/netlink/addr.go
@@ -17,6 +17,7 @@ type Addr struct {
Broadcast net.IP
PreferedLft int
ValidLft int
+ LinkIndex int
}
// String returns $ip/$netmask $label
diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go
index 28746d5af..71da251ca 100644
--- a/vendor/github.com/vishvananda/netlink/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/addr_linux.go
@@ -11,9 +11,6 @@ import (
"golang.org/x/sys/unix"
)
-// IFA_FLAGS is a u32 attribute.
-const IFA_FLAGS = 0x8
-
// AddrAdd will add an IP address to a link device.
//
// Equivalent to: `ip addr add $addr dev $link`
@@ -125,7 +122,7 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
} else {
b := make([]byte, 4)
native.PutUint32(b, uint32(addr.Flags))
- flagsData := nl.NewRtAttr(IFA_FLAGS, b)
+ flagsData := nl.NewRtAttr(unix.IFA_FLAGS, b)
req.AddData(flagsData)
}
}
@@ -156,10 +153,10 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
// value should be "forever". To compensate for that, only add the attributes if at least one of the values is
// non-zero, which means the caller has explicitly set them
if addr.ValidLft > 0 || addr.PreferedLft > 0 {
- cachedata := nl.IfaCacheInfo{
- IfaValid: uint32(addr.ValidLft),
- IfaPrefered: uint32(addr.PreferedLft),
- }
+ cachedata := nl.IfaCacheInfo{unix.IfaCacheinfo{
+ Valid: uint32(addr.ValidLft),
+ Prefered: uint32(addr.PreferedLft),
+ }}
req.AddData(nl.NewRtAttr(unix.IFA_CACHEINFO, cachedata.Serialize()))
}
@@ -196,12 +193,12 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
var res []Addr
for _, m := range msgs {
- addr, msgFamily, ifindex, err := parseAddr(m)
+ addr, msgFamily, err := parseAddr(m)
if err != nil {
return res, err
}
- if link != nil && ifindex != indexFilter {
+ if link != nil && addr.LinkIndex != indexFilter {
// Ignore messages from other interfaces
continue
}
@@ -216,11 +213,11 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
return res, nil
}
-func parseAddr(m []byte) (addr Addr, family, index int, err error) {
+func parseAddr(m []byte) (addr Addr, family int, err error) {
msg := nl.DeserializeIfAddrmsg(m)
family = -1
- index = -1
+ addr.LinkIndex = -1
attrs, err1 := nl.ParseRouteAttr(m[msg.Len():])
if err1 != nil {
@@ -229,7 +226,7 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
}
family = int(msg.Family)
- index = int(msg.Index)
+ addr.LinkIndex = int(msg.Index)
var local, dst *net.IPNet
for _, attr := range attrs {
@@ -254,12 +251,12 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
addr.Broadcast = attr.Value
case unix.IFA_LABEL:
addr.Label = string(attr.Value[:len(attr.Value)-1])
- case IFA_FLAGS:
+ case unix.IFA_FLAGS:
addr.Flags = int(native.Uint32(attr.Value[0:4]))
- case nl.IFA_CACHEINFO:
+ case unix.IFA_CACHEINFO:
ci := nl.DeserializeIfaCacheInfo(attr.Value)
- addr.PreferedLft = int(ci.IfaPrefered)
- addr.ValidLft = int(ci.IfaValid)
+ addr.PreferedLft = int(ci.Prefered)
+ addr.ValidLft = int(ci.Valid)
}
}
@@ -394,7 +391,7 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
continue
}
- addr, _, ifindex, err := parseAddr(m.Data)
+ addr, _, err := parseAddr(m.Data)
if err != nil {
if cberr != nil {
cberr(fmt.Errorf("could not parse address: %v", err))
@@ -403,7 +400,7 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
}
ch <- AddrUpdate{LinkAddress: *addr.IPNet,
- LinkIndex: ifindex,
+ LinkIndex: addr.LinkIndex,
NewAddr: msgType == unix.RTM_NEWADDR,
Flags: addr.Flags,
Scope: addr.Scope,
diff --git a/vendor/github.com/vishvananda/netlink/class.go b/vendor/github.com/vishvananda/netlink/class.go
index dcc22d9e9..10ceffed8 100644
--- a/vendor/github.com/vishvananda/netlink/class.go
+++ b/vendor/github.com/vishvananda/netlink/class.go
@@ -132,7 +132,10 @@ func (class *GenericClass) Type() string {
return class.ClassType
}
-// ServiceCurve is the way the HFSC curve are represented
+// ServiceCurve is a nondecreasing function of some time unit, returning the amount of service
+// (an allowed or allocated amount of bandwidth) at some specific point in time. The purpose of it
+// should be subconsciously obvious: if a class was allowed to transfer not less than the amount
+// specified by its service curve, then the service curve is not violated.
type ServiceCurve struct {
m1 uint32
d uint32
@@ -144,6 +147,21 @@ func (c *ServiceCurve) Attrs() (uint32, uint32, uint32) {
return c.m1, c.d, c.m2
}
+// Burst returns the burst rate (m1) of the curve
+func (c *ServiceCurve) Burst() uint32 {
+ return c.m1
+}
+
+// Delay return the delay (d) of the curve
+func (c *ServiceCurve) Delay() uint32 {
+ return c.d
+}
+
+// Rate returns the rate (m2) of the curve
+func (c *ServiceCurve) Rate() uint32 {
+ return c.m2
+}
+
// HfscClass is a representation of the HFSC class
type HfscClass struct {
ClassAttrs
@@ -152,35 +170,44 @@ type HfscClass struct {
Usc ServiceCurve
}
-// SetUsc sets the Usc curve
+// SetUsc sets the USC curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetUsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetFsc sets the Fsc curve
+// SetFsc sets the Fsc curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetFsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetRsc sets the Rsc curve
+// SetRsc sets the Rsc curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetRsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetSC implements the SC from the tc CLI
+// SetSC implements the SC from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetSC(m1 uint32, d uint32, m2 uint32) {
- hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetRsc(m1, d, m2)
+ hfsc.SetFsc(m1, d, m2)
}
-// SetUL implements the UL from the tc CLI
+// SetUL implements the UL from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetUL(m1 uint32, d uint32, m2 uint32) {
- hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetUsc(m1, d, m2)
}
-// SetLS implements the LS from the tc CLI
+// SetLS implements the LS from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetLS(m1 uint32, d uint32, m2 uint32) {
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetFsc(m1, d, m2)
}
// NewHfscClass returns a new HFSC struct with the set parameters
@@ -193,6 +220,7 @@ func NewHfscClass(attrs ClassAttrs) *HfscClass {
}
}
+// String() returns a string that contains the information and attributes of the HFSC class
func (hfsc *HfscClass) String() string {
return fmt.Sprintf(
"{%s -- {RSC: {m1=%d d=%d m2=%d}} {FSC: {m1=%d d=%d m2=%d}} {USC: {m1=%d d=%d m2=%d}}}",
diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go
index 31091e501..e664ade7f 100644
--- a/vendor/github.com/vishvananda/netlink/class_linux.go
+++ b/vendor/github.com/vishvananda/netlink/class_linux.go
@@ -43,12 +43,12 @@ func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
if buffer == 0 {
buffer = uint32(float64(rate)/Hz() + float64(mtu))
}
- buffer = uint32(Xmittime(rate, buffer))
+ buffer = Xmittime(rate, buffer)
if cbuffer == 0 {
cbuffer = uint32(float64(ceil)/Hz() + float64(mtu))
}
- cbuffer = uint32(Xmittime(ceil, cbuffer))
+ cbuffer = Xmittime(ceil, cbuffer)
return &HtbClass{
ClassAttrs: attrs,
@@ -56,9 +56,9 @@ func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
Ceil: ceil,
Buffer: buffer,
Cbuffer: cbuffer,
- Quantum: 10,
Level: 0,
- Prio: 0,
+ Prio: cattrs.Prio,
+ Quantum: cattrs.Quantum,
}
}
@@ -179,12 +179,15 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
case "hfsc":
hfsc := class.(*HfscClass)
opt := nl.HfscCopt{}
- opt.Rsc.Set(hfsc.Rsc.Attrs())
- opt.Fsc.Set(hfsc.Fsc.Attrs())
- opt.Usc.Set(hfsc.Usc.Attrs())
- options.AddRtAttr(nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
- options.AddRtAttr(nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
- options.AddRtAttr(nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
+ rm1, rd, rm2 := hfsc.Rsc.Attrs()
+ opt.Rsc.Set(rm1/8, rd, rm2/8)
+ fm1, fd, fm2 := hfsc.Fsc.Attrs()
+ opt.Fsc.Set(fm1/8, fd, fm2/8)
+ um1, ud, um2 := hfsc.Usc.Attrs()
+ opt.Usc.Set(um1/8, ud, um2/8)
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
}
req.AddData(options)
return nil
@@ -315,11 +318,11 @@ func parseHfscClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, err
m1, d, m2 := nl.DeserializeHfscCurve(datum.Value).Attrs()
switch datum.Attr.Type {
case nl.TCA_HFSC_RSC:
- hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Rsc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
case nl.TCA_HFSC_FSC:
- hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Fsc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
case nl.TCA_HFSC_USC:
- hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Usc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
}
}
return detailed, nil
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
index 4bff0dcba..ab91f4e55 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
@@ -318,18 +318,25 @@ func parseRawData(data []byte) *ConntrackFlow {
// --mask-src ip Source mask address
// --mask-dst ip Destination mask address
+// Layer 4 Protocol common parameters and options:
+// TCP, UDP, SCTP, UDPLite and DCCP
+// --sport, --orig-port-src port Source port in original direction
+// --dport, --orig-port-dst port Destination port in original direction
+
// Filter types
type ConntrackFilterType uint8
const (
- ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction
- ConntrackOrigDstIP // -orig-dst ip Destination address from original direction
- ConntrackReplySrcIP // --reply-src ip Reply Source IP
- ConntrackReplyDstIP // --reply-dst ip Reply Destination IP
- ConntrackReplyAnyIP // Match source or destination reply IP
- ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
- ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
- ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instaed ConntrackReplyAnyIP
+ ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction
+ ConntrackOrigDstIP // -orig-dst ip Destination address from original direction
+ ConntrackReplySrcIP // --reply-src ip Reply Source IP
+ ConntrackReplyDstIP // --reply-dst ip Reply Destination IP
+ ConntrackReplyAnyIP // Match source or destination reply IP
+ ConntrackOrigSrcPort // --orig-port-src port Source port in original direction
+ ConntrackOrigDstPort // --orig-port-dst port Destination port in original direction
+ ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
+ ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
+ ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instead ConntrackReplyAnyIP
)
type CustomConntrackFilter interface {
@@ -339,7 +346,9 @@ type CustomConntrackFilter interface {
}
type ConntrackFilter struct {
- ipFilter map[ConntrackFilterType]net.IP
+ ipFilter map[ConntrackFilterType]net.IP
+ portFilter map[ConntrackFilterType]uint16
+ protoFilter uint8
}
// AddIP adds an IP to the conntrack filter
@@ -354,38 +363,89 @@ func (f *ConntrackFilter) AddIP(tp ConntrackFilterType, ip net.IP) error {
return nil
}
+// AddPort adds a Port to the conntrack filter if the Layer 4 protocol allows it
+func (f *ConntrackFilter) AddPort(tp ConntrackFilterType, port uint16) error {
+ switch f.protoFilter {
+ // TCP, UDP, DCCP, SCTP, UDPLite
+ case 6, 17, 33, 132, 136:
+ default:
+ return fmt.Errorf("Filter attribute not available without a valid Layer 4 protocol: %d", f.protoFilter)
+ }
+
+ if f.portFilter == nil {
+ f.portFilter = make(map[ConntrackFilterType]uint16)
+ }
+ if _, ok := f.portFilter[tp]; ok {
+ return errors.New("Filter attribute already present")
+ }
+ f.portFilter[tp] = port
+ return nil
+}
+
+// AddProtocol adds the Layer 4 protocol to the conntrack filter
+func (f *ConntrackFilter) AddProtocol(proto uint8) error {
+ if f.protoFilter != 0 {
+ return errors.New("Filter attribute already present")
+ }
+ f.protoFilter = proto
+ return nil
+}
+
// MatchConntrackFlow applies the filter to the flow and returns true if the flow matches the filter
// false otherwise
func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool {
- if len(f.ipFilter) == 0 {
+ if len(f.ipFilter) == 0 && len(f.portFilter) == 0 && f.protoFilter == 0 {
// empty filter always not match
return false
}
- match := true
- // -orig-src ip Source address from original direction
- if elem, found := f.ipFilter[ConntrackOrigSrcIP]; found {
- match = match && elem.Equal(flow.Forward.SrcIP)
+ // -p, --protonum proto Layer 4 Protocol, eg. 'tcp'
+ if f.protoFilter != 0 && flow.Forward.Protocol != f.protoFilter {
+ // different Layer 4 protocol always not match
+ return false
}
- // -orig-dst ip Destination address from original direction
- if elem, found := f.ipFilter[ConntrackOrigDstIP]; match && found {
- match = match && elem.Equal(flow.Forward.DstIP)
- }
+ match := true
- // -src-nat ip Source NAT ip
- if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
- match = match && elem.Equal(flow.Reverse.SrcIP)
- }
+ // IP conntrack filter
+ if len(f.ipFilter) > 0 {
+ // -orig-src ip Source address from original direction
+ if elem, found := f.ipFilter[ConntrackOrigSrcIP]; found {
+ match = match && elem.Equal(flow.Forward.SrcIP)
+ }
+
+ // -orig-dst ip Destination address from original direction
+ if elem, found := f.ipFilter[ConntrackOrigDstIP]; match && found {
+ match = match && elem.Equal(flow.Forward.DstIP)
+ }
- // -dst-nat ip Destination NAT ip
- if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
- match = match && elem.Equal(flow.Reverse.DstIP)
+ // -src-nat ip Source NAT ip
+ if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
+ match = match && elem.Equal(flow.Reverse.SrcIP)
+ }
+
+ // -dst-nat ip Destination NAT ip
+ if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
+ match = match && elem.Equal(flow.Reverse.DstIP)
+ }
+
+ // Match source or destination reply IP
+ if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
+ match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
+ }
}
- // Match source or destination reply IP
- if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
- match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
+ // Layer 4 Port filter
+ if len(f.portFilter) > 0 {
+ // -orig-port-src port Source port from original direction
+ if elem, found := f.portFilter[ConntrackOrigSrcPort]; match && found {
+ match = match && elem == flow.Forward.SrcPort
+ }
+
+ // -orig-port-dst port Destination port from original direction
+ if elem, found := f.portFilter[ConntrackOrigDstPort]; match && found {
+ match = match && elem == flow.Forward.DstPort
+ }
}
return match
diff --git a/vendor/github.com/vishvananda/netlink/filter.go b/vendor/github.com/vishvananda/netlink/filter.go
index 88792eab0..2dc34b995 100644
--- a/vendor/github.com/vishvananda/netlink/filter.go
+++ b/vendor/github.com/vishvananda/netlink/filter.go
@@ -213,10 +213,11 @@ const (
type TunnelKeyAction struct {
ActionAttrs
- Action TunnelKeyAct
- SrcAddr net.IP
- DstAddr net.IP
- KeyID uint32
+ Action TunnelKeyAct
+ SrcAddr net.IP
+ DstAddr net.IP
+ KeyID uint32
+ DestPort uint16
}
func (action *TunnelKeyAction) Type() string {
diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go
index c56f314cd..ef6fabe81 100644
--- a/vendor/github.com/vishvananda/netlink/filter_linux.go
+++ b/vendor/github.com/vishvananda/netlink/filter_linux.go
@@ -6,7 +6,6 @@ import (
"encoding/hex"
"errors"
"fmt"
- "net"
"syscall"
"github.com/vishvananda/netlink/nl"
@@ -89,7 +88,7 @@ func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error) {
if CalcRtable(&police.Rate, rtab[:], rcellLog, fattrs.Mtu, linklayer) < 0 {
return nil, errors.New("TBF: failed to calculate rate table")
}
- police.Burst = uint32(Xmittime(uint64(police.Rate.Rate), uint32(buffer)))
+ police.Burst = Xmittime(uint64(police.Rate.Rate), uint32(buffer))
}
police.Mtu = fattrs.Mtu
if police.PeakRate.Rate != 0 {
@@ -456,6 +455,9 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error {
} else {
return fmt.Errorf("invalid dst addr %s for tunnel_key action", action.DstAddr)
}
+ if action.DestPort != 0 {
+ aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_DST_PORT, htons(action.DestPort))
+ }
}
case *SkbEditAction:
table := attr.AddRtAttr(tabIndex, nil)
@@ -566,12 +568,12 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
action.(*TunnelKeyAction).Action = TunnelKeyAct(tun.Action)
case nl.TCA_TUNNEL_KEY_ENC_KEY_ID:
action.(*TunnelKeyAction).KeyID = networkOrder.Uint32(adatum.Value[0:4])
- case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC:
- case nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
- action.(*TunnelKeyAction).SrcAddr = net.IP(adatum.Value[:])
- case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST:
- case nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
- action.(*TunnelKeyAction).DstAddr = net.IP(adatum.Value[:])
+ case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC, nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
+ action.(*TunnelKeyAction).SrcAddr = adatum.Value[:]
+ case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST, nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
+ action.(*TunnelKeyAction).DstAddr = adatum.Value[:]
+ case nl.TCA_TUNNEL_KEY_ENC_DST_PORT:
+ action.(*TunnelKeyAction).DestPort = ntohs(adatum.Value)
}
case "skbedit":
switch adatum.Attr.Type {
@@ -783,7 +785,7 @@ func CalcRtable(rate *nl.TcRateSpec, rtab []uint32, cellLog int, mtu uint32, lin
}
for i := 0; i < 256; i++ {
sz = AdjustSize(uint((i+1)<<uint32(cellLog)), uint(mpu), linklayer)
- rtab[i] = uint32(Xmittime(uint64(bps), uint32(sz)))
+ rtab[i] = Xmittime(uint64(bps), uint32(sz))
}
rate.CellAlign = -1
rate.CellLog = uint8(cellLog)
diff --git a/vendor/github.com/vishvananda/netlink/go.mod b/vendor/github.com/vishvananda/netlink/go.mod
index 09ee60e77..9d8455ee7 100644
--- a/vendor/github.com/vishvananda/netlink/go.mod
+++ b/vendor/github.com/vishvananda/netlink/go.mod
@@ -3,6 +3,6 @@ module github.com/vishvananda/netlink
go 1.12
require (
- github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
- golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444
+ github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
+ golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
)
diff --git a/vendor/github.com/vishvananda/netlink/go.sum b/vendor/github.com/vishvananda/netlink/go.sum
index 402d14ec5..ed5d30891 100644
--- a/vendor/github.com/vishvananda/netlink/go.sum
+++ b/vendor/github.com/vishvananda/netlink/go.sum
@@ -1,4 +1,6 @@
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444 h1:/d2cWp6PSamH4jDPFLyO150psQdqvtoNX8Zjg3AQ31g=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netlink/handle_unspecified.go b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
index ef914dcb8..df341f706 100644
--- a/vendor/github.com/vishvananda/netlink/handle_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
@@ -85,7 +85,7 @@ func (h *Handle) LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
return ErrNotImplemented
}
-func (h *Handle) LinkSetMaster(link Link, master *Bridge) error {
+func (h *Handle) LinkSetMaster(link Link, master Link) error {
return ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/inet_diag.go b/vendor/github.com/vishvananda/netlink/inet_diag.go
new file mode 100644
index 000000000..72c1fcb59
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/inet_diag.go
@@ -0,0 +1,30 @@
+package netlink
+
+// INET_DIAG constatns
+const (
+ INET_DIAG_NONE = iota
+ INET_DIAG_MEMINFO
+ INET_DIAG_INFO
+ INET_DIAG_VEGASINFO
+ INET_DIAG_CONG
+ INET_DIAG_TOS
+ INET_DIAG_TCLASS
+ INET_DIAG_SKMEMINFO
+ INET_DIAG_SHUTDOWN
+ INET_DIAG_DCTCPINFO
+ INET_DIAG_PROTOCOL
+ INET_DIAG_SKV6ONLY
+ INET_DIAG_LOCALS
+ INET_DIAG_PEERS
+ INET_DIAG_PAD
+ INET_DIAG_MARK
+ INET_DIAG_BBRINFO
+ INET_DIAG_CLASS_ID
+ INET_DIAG_MD5SIG
+ INET_DIAG_MAX
+)
+
+type InetDiagTCPInfoResp struct {
+ InetDiagMsg *Socket
+ TCPInfo *TCPInfo
+}
diff --git a/vendor/github.com/vishvananda/netlink/ipset_linux.go b/vendor/github.com/vishvananda/netlink/ipset_linux.go
new file mode 100644
index 000000000..5487fc1cc
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/ipset_linux.go
@@ -0,0 +1,335 @@
+package netlink
+
+import (
+ "log"
+ "net"
+ "syscall"
+
+ "github.com/vishvananda/netlink/nl"
+ "golang.org/x/sys/unix"
+)
+
+// IPSetEntry is used for adding, updating, retreiving and deleting entries
+type IPSetEntry struct {
+ Comment string
+ MAC net.HardwareAddr
+ IP net.IP
+ Timeout *uint32
+ Packets *uint64
+ Bytes *uint64
+
+ Replace bool // replace existing entry
+}
+
+// IPSetResult is the result of a dump request for a set
+type IPSetResult struct {
+ Nfgenmsg *nl.Nfgenmsg
+ Protocol uint8
+ Revision uint8
+ Family uint8
+ Flags uint8
+ SetName string
+ TypeName string
+
+ HashSize uint32
+ NumEntries uint32
+ MaxElements uint32
+ References uint32
+ SizeInMemory uint32
+ CadtFlags uint32
+ Timeout *uint32
+
+ Entries []IPSetEntry
+}
+
+// IpsetCreateOptions is the options struct for creating a new ipset
+type IpsetCreateOptions struct {
+ Replace bool // replace existing ipset
+ Timeout *uint32
+ Counters bool
+ Comments bool
+ Skbinfo bool
+}
+
+// IpsetProtocol returns the ipset protocol version from the kernel
+func IpsetProtocol() (uint8, error) {
+ return pkgHandle.IpsetProtocol()
+}
+
+// IpsetCreate creates a new ipset
+func IpsetCreate(setname, typename string, options IpsetCreateOptions) error {
+ return pkgHandle.IpsetCreate(setname, typename, options)
+}
+
+// IpsetDestroy destroys an existing ipset
+func IpsetDestroy(setname string) error {
+ return pkgHandle.IpsetDestroy(setname)
+}
+
+// IpsetFlush flushes an existing ipset
+func IpsetFlush(setname string) error {
+ return pkgHandle.IpsetFlush(setname)
+}
+
+// IpsetList dumps an specific ipset.
+func IpsetList(setname string) (*IPSetResult, error) {
+ return pkgHandle.IpsetList(setname)
+}
+
+// IpsetListAll dumps all ipsets.
+func IpsetListAll() ([]IPSetResult, error) {
+ return pkgHandle.IpsetListAll()
+}
+
+// IpsetAdd adds an entry to an existing ipset.
+func IpsetAdd(setname string, entry *IPSetEntry) error {
+ return pkgHandle.ipsetAddDel(nl.IPSET_CMD_ADD, setname, entry)
+}
+
+// IpsetDele deletes an entry from an existing ipset.
+func IpsetDel(setname string, entry *IPSetEntry) error {
+ return pkgHandle.ipsetAddDel(nl.IPSET_CMD_DEL, setname, entry)
+}
+
+func (h *Handle) IpsetProtocol() (uint8, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_PROTOCOL)
+ msgs, err := req.Execute(unix.NETLINK_NETFILTER, 0)
+
+ if err != nil {
+ return 0, err
+ }
+
+ return ipsetUnserialize(msgs).Protocol, nil
+}
+
+func (h *Handle) IpsetCreate(setname, typename string, options IpsetCreateOptions) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_CREATE)
+
+ if !options.Replace {
+ req.Flags |= unix.NLM_F_EXCL
+ }
+
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_TYPENAME, nl.ZeroTerminated(typename)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_REVISION, nl.Uint8Attr(0)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_FAMILY, nl.Uint8Attr(0)))
+
+ data := nl.NewRtAttr(nl.IPSET_ATTR_DATA|int(nl.NLA_F_NESTED), nil)
+
+ if timeout := options.Timeout; timeout != nil {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *timeout})
+ }
+
+ var cadtFlags uint32
+
+ if options.Comments {
+ cadtFlags |= nl.IPSET_FLAG_WITH_COMMENT
+ }
+ if options.Counters {
+ cadtFlags |= nl.IPSET_FLAG_WITH_COUNTERS
+ }
+ if options.Skbinfo {
+ cadtFlags |= nl.IPSET_FLAG_WITH_SKBINFO
+ }
+
+ if cadtFlags != 0 {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER, Value: cadtFlags})
+ }
+
+ req.AddData(data)
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetDestroy(setname string) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_DESTROY)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetFlush(setname string) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_FLUSH)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetList(name string) (*IPSetResult, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_LIST)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(name)))
+
+ msgs, err := ipsetExecute(req)
+ if err != nil {
+ return nil, err
+ }
+
+ result := ipsetUnserialize(msgs)
+ return &result, nil
+}
+
+func (h *Handle) IpsetListAll() ([]IPSetResult, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_LIST)
+
+ msgs, err := ipsetExecute(req)
+ if err != nil {
+ return nil, err
+ }
+
+ result := make([]IPSetResult, len(msgs))
+ for i, msg := range msgs {
+ result[i].unserialize(msg)
+ }
+
+ return result, nil
+}
+
+func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error {
+ req := h.newIpsetRequest(nlCmd)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ data := nl.NewRtAttr(nl.IPSET_ATTR_DATA|int(nl.NLA_F_NESTED), nil)
+
+ if !entry.Replace {
+ req.Flags |= unix.NLM_F_EXCL
+ }
+
+ if entry.Timeout != nil {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *entry.Timeout})
+ }
+ if entry.MAC != nil {
+ data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_ETHER, entry.MAC))
+ }
+
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_LINENO | nl.NLA_F_NET_BYTEORDER, Value: 0})
+ req.AddData(data)
+
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) newIpsetRequest(cmd int) *nl.NetlinkRequest {
+ req := h.newNetlinkRequest(cmd|(unix.NFNL_SUBSYS_IPSET<<8), nl.GetIpsetFlags(cmd))
+
+ // Add the netfilter header
+ msg := &nl.Nfgenmsg{
+ NfgenFamily: uint8(unix.AF_NETLINK),
+ Version: nl.NFNETLINK_V0,
+ ResId: 0,
+ }
+ req.AddData(msg)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_PROTOCOL, nl.Uint8Attr(nl.IPSET_PROTOCOL)))
+
+ return req
+}
+
+func ipsetExecute(req *nl.NetlinkRequest) (msgs [][]byte, err error) {
+ msgs, err = req.Execute(unix.NETLINK_NETFILTER, 0)
+
+ if err != nil {
+ if errno := int(err.(syscall.Errno)); errno >= nl.IPSET_ERR_PRIVATE {
+ err = nl.IPSetError(uintptr(errno))
+ }
+ }
+ return
+}
+
+func ipsetUnserialize(msgs [][]byte) (result IPSetResult) {
+ for _, msg := range msgs {
+ result.unserialize(msg)
+ }
+ return result
+}
+
+func (result *IPSetResult) unserialize(msg []byte) {
+ result.Nfgenmsg = nl.DeserializeNfgenmsg(msg)
+
+ for attr := range nl.ParseAttributes(msg[4:]) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_PROTOCOL:
+ result.Protocol = attr.Value[0]
+ case nl.IPSET_ATTR_SETNAME:
+ result.SetName = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_TYPENAME:
+ result.TypeName = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_REVISION:
+ result.Revision = attr.Value[0]
+ case nl.IPSET_ATTR_FAMILY:
+ result.Family = attr.Value[0]
+ case nl.IPSET_ATTR_FLAGS:
+ result.Flags = attr.Value[0]
+ case nl.IPSET_ATTR_DATA | nl.NLA_F_NESTED:
+ result.parseAttrData(attr.Value)
+ case nl.IPSET_ATTR_ADT | nl.NLA_F_NESTED:
+ result.parseAttrADT(attr.Value)
+ default:
+ log.Printf("unknown ipset attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func (result *IPSetResult) parseAttrData(data []byte) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_HASHSIZE | nl.NLA_F_NET_BYTEORDER:
+ result.HashSize = attr.Uint32()
+ case nl.IPSET_ATTR_MAXELEM | nl.NLA_F_NET_BYTEORDER:
+ result.MaxElements = attr.Uint32()
+ case nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint32()
+ result.Timeout = &val
+ case nl.IPSET_ATTR_ELEMENTS | nl.NLA_F_NET_BYTEORDER:
+ result.NumEntries = attr.Uint32()
+ case nl.IPSET_ATTR_REFERENCES | nl.NLA_F_NET_BYTEORDER:
+ result.References = attr.Uint32()
+ case nl.IPSET_ATTR_MEMSIZE | nl.NLA_F_NET_BYTEORDER:
+ result.SizeInMemory = attr.Uint32()
+ case nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER:
+ result.CadtFlags = attr.Uint32()
+ default:
+ log.Printf("unknown ipset data attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func (result *IPSetResult) parseAttrADT(data []byte) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_DATA | nl.NLA_F_NESTED:
+ result.Entries = append(result.Entries, parseIPSetEntry(attr.Value))
+ default:
+ log.Printf("unknown ADT attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func parseIPSetEntry(data []byte) (entry IPSetEntry) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint32()
+ entry.Timeout = &val
+ case nl.IPSET_ATTR_BYTES | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint64()
+ entry.Bytes = &val
+ case nl.IPSET_ATTR_PACKETS | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint64()
+ entry.Packets = &val
+ case nl.IPSET_ATTR_ETHER:
+ entry.MAC = net.HardwareAddr(attr.Value)
+ case nl.IPSET_ATTR_COMMENT:
+ entry.Comment = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_IP | nl.NLA_F_NESTED:
+ for attr := range nl.ParseAttributes(attr.Value) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_IP:
+ entry.IP = net.IP(attr.Value)
+ default:
+ log.Printf("unknown nested ADT attribute from kernel: %+v", attr)
+ }
+ }
+ default:
+ log.Printf("unknown ADT attribute from kernel: %+v", attr)
+ }
+ }
+ return
+}
diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go
index 886d88d1b..e2441bd71 100644
--- a/vendor/github.com/vishvananda/netlink/link.go
+++ b/vendor/github.com/vishvananda/netlink/link.go
@@ -65,6 +65,17 @@ type VfInfo struct {
LinkState uint32
MaxTxRate uint32 // IFLA_VF_RATE Max TxRate
MinTxRate uint32 // IFLA_VF_RATE Min TxRate
+ RxPackets uint64
+ TxPackets uint64
+ RxBytes uint64
+ TxBytes uint64
+ Multicast uint64
+ Broadcast uint64
+ RxDropped uint64
+ TxDropped uint64
+
+ RssQuery uint32
+ Trust uint32
}
// LinkOperState represents the values of the IFLA_OPERSTATE link
@@ -103,7 +114,8 @@ func (s LinkOperState) String() string {
// NewLinkAttrs returns LinkAttrs structure filled with default values
func NewLinkAttrs() LinkAttrs {
return LinkAttrs{
- TxQLen: -1,
+ NetNsID: -1,
+ TxQLen: -1,
}
}
@@ -196,10 +208,11 @@ type LinkStatistics64 struct {
}
type LinkXdp struct {
- Fd int
- Attached bool
- Flags uint32
- ProgId uint32
+ Fd int
+ Attached bool
+ AttachMode uint32
+ Flags uint32
+ ProgId uint32
}
// Device links cannot be created via netlink. These links
@@ -246,6 +259,7 @@ func (ifb *Ifb) Type() string {
type Bridge struct {
LinkAttrs
MulticastSnooping *bool
+ AgeingTime *uint32
HelloTime *uint32
VlanFiltering *bool
}
@@ -338,6 +352,7 @@ type Veth struct {
LinkAttrs
PeerName string // veth on create only
PeerHardwareAddr net.HardwareAddr
+ PeerNamespace interface{}
}
func (veth *Veth) Attrs() *LinkAttrs {
@@ -348,6 +363,19 @@ func (veth *Veth) Type() string {
return "veth"
}
+// Wireguard represent links of type "wireguard", see https://www.wireguard.com/
+type Wireguard struct {
+ LinkAttrs
+}
+
+func (wg *Wireguard) Attrs() *LinkAttrs {
+ return &wg.LinkAttrs
+}
+
+func (wg *Wireguard) Type() string {
+ return "wireguard"
+}
+
// GenericLink links represent types that are not currently understood
// by this netlink library.
type GenericLink struct {
@@ -878,10 +906,14 @@ type Ip6tnl struct {
Remote net.IP
Ttl uint8
Tos uint8
- EncapLimit uint8
Flags uint32
Proto uint8
FlowInfo uint32
+ EncapLimit uint8
+ EncapType uint16
+ EncapFlags uint16
+ EncapSport uint16
+ EncapDport uint16
}
func (ip6tnl *Ip6tnl) Attrs() *LinkAttrs {
@@ -895,11 +927,13 @@ func (ip6tnl *Ip6tnl) Type() string {
type Sittun struct {
LinkAttrs
Link uint32
- Local net.IP
- Remote net.IP
Ttl uint8
Tos uint8
PMtuDisc uint8
+ Proto uint8
+ Local net.IP
+ Remote net.IP
+ EncapLimit uint8
EncapType uint16
EncapFlags uint16
EncapSport uint16
diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go
index ec915a0b9..c02fa63b8 100644
--- a/vendor/github.com/vishvananda/netlink/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/link_linux.go
@@ -237,6 +237,37 @@ func (h *Handle) macvlanMACAddrChange(link Link, addrs []net.HardwareAddr, mode
return err
}
+// LinkSetMacvlanMode sets the mode of a macvlan or macvtap link device.
+// Note that passthrough mode cannot be set to and from and will fail.
+// Equivalent to: `ip link set $link type (macvlan|macvtap) mode $mode
+func LinkSetMacvlanMode(link Link, mode MacvlanMode) error {
+ return pkgHandle.LinkSetMacvlanMode(link, mode)
+}
+
+// LinkSetMacvlanMode sets the mode of the macvlan or macvtap link device.
+// Note that passthrough mode cannot be set to and from and will fail.
+// Equivalent to: `ip link set $link type (macvlan|macvtap) mode $mode
+func (h *Handle) LinkSetMacvlanMode(link Link, mode MacvlanMode) error {
+ base := link.Attrs()
+ h.ensureIndex(base)
+ req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
+
+ msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+ msg.Index = int32(base.Index)
+ req.AddData(msg)
+
+ linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+ linkInfo.AddRtAttr(nl.IFLA_INFO_KIND, nl.NonZeroTerminated(link.Type()))
+
+ data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+ data.AddRtAttr(nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[mode]))
+
+ req.AddData(linkInfo)
+
+ _, err := req.Execute(unix.NETLINK_ROUTE, 0)
+ return err
+}
+
func BridgeSetMcastSnoop(link Link, on bool) error {
return pkgHandle.BridgeSetMcastSnoop(link, on)
}
@@ -247,6 +278,16 @@ func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error {
return h.linkModify(bridge, unix.NLM_F_ACK)
}
+func BridgeSetVlanFiltering(link Link, on bool) error {
+ return pkgHandle.BridgeSetVlanFiltering(link, on)
+}
+
+func (h *Handle) BridgeSetVlanFiltering(link Link, on bool) error {
+ bridge := link.(*Bridge)
+ bridge.VlanFiltering = &on
+ return h.linkModify(bridge, unix.NLM_F_ACK)
+}
+
func SetPromiscOn(link Link) error {
return pkgHandle.SetPromiscOn(link)
}
@@ -1048,6 +1089,10 @@ func (h *Handle) LinkAdd(link Link) error {
return h.linkModify(link, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
}
+func (h *Handle) LinkModify(link Link) error {
+ return h.linkModify(link, unix.NLM_F_REQUEST|unix.NLM_F_ACK)
+}
+
func (h *Handle) linkModify(link Link, flags int) error {
// TODO: support extra data for macvlan
base := link.Attrs()
@@ -1060,8 +1105,6 @@ func (h *Handle) linkModify(link Link, flags int) error {
}
if isTuntap {
- // TODO: support user
- // TODO: support group
if tuntap.Mode < unix.IFF_TUN || tuntap.Mode > unix.IFF_TAP {
return fmt.Errorf("Tuntap.Mode %v unknown", tuntap.Mode)
}
@@ -1089,21 +1132,64 @@ func (h *Handle) linkModify(link Link, flags int) error {
}
req.Flags |= uint16(tuntap.Mode)
-
+ const TUN = "/dev/net/tun"
for i := 0; i < queues; i++ {
localReq := req
- file, err := os.OpenFile("/dev/net/tun", os.O_RDWR, 0)
+ fd, err := unix.Open(TUN, os.O_RDWR|syscall.O_CLOEXEC, 0)
if err != nil {
cleanupFds(fds)
return err
}
- fds = append(fds, file)
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
if errno != 0 {
+ // close the new fd
+ unix.Close(fd)
+ // and the already opened ones
cleanupFds(fds)
return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed [%d], errno %v", i, errno)
}
+
+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETOWNER, uintptr(tuntap.Owner))
+ if errno != 0 {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap IOCTL TUNSETOWNER failed [%d], errno %v", i, errno)
+ }
+
+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETGROUP, uintptr(tuntap.Group))
+ if errno != 0 {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap IOCTL TUNSETGROUP failed [%d], errno %v", i, errno)
+ }
+
+ // Set the tun device to non-blocking before use. The below comment
+ // taken from:
+ //
+ // https://github.com/mistsys/tuntap/commit/161418c25003bbee77d085a34af64d189df62bea
+ //
+ // Note there is a complication because in go, if a device node is
+ // opened, go sets it to use nonblocking I/O. However a /dev/net/tun
+ // doesn't work with epoll until after the TUNSETIFF ioctl has been
+ // done. So we open the unix fd directly, do the ioctl, then put the
+ // fd in nonblocking mode, an then finally wrap it in a os.File,
+ // which will see the nonblocking mode and add the fd to the
+ // pollable set, so later on when we Read() from it blocked the
+ // calling thread in the kernel.
+ //
+ // See
+ // https://github.com/golang/go/issues/30426
+ // which got exposed in go 1.13 by the fix to
+ // https://github.com/golang/go/issues/30624
+ err = unix.SetNonblock(fd, true)
+ if err != nil {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap set to non-blocking failed [%d], err %v", i, err)
+ }
+
+ // create the file from the file descriptor and store it
+ file := os.NewFile(uintptr(fd), TUN)
+ fds = append(fds, file)
+
// 1) we only care for the name of the first tap in the multi queue set
// 2) if the original name was empty, the localReq has now the actual name
//
@@ -1114,6 +1200,7 @@ func (h *Handle) linkModify(link Link, flags int) error {
if i == 0 {
link.Attrs().Name = strings.Trim(string(localReq.Name[:]), "\x00")
}
+
}
// only persist interface if NonPersist is NOT set
@@ -1193,6 +1280,11 @@ func (h *Handle) linkModify(link Link, flags int) error {
nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(base.Name))
req.AddData(nameData)
+ if base.Alias != "" {
+ alias := nl.NewRtAttr(unix.IFLA_IFALIAS, []byte(base.Alias))
+ req.AddData(alias)
+ }
+
if base.MTU > 0 {
mtu := nl.NewRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
req.AddData(mtu)
@@ -1272,12 +1364,28 @@ func (h *Handle) linkModify(link Link, flags int) error {
if base.TxQLen >= 0 {
peer.AddRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
}
+ if base.NumTxQueues > 0 {
+ peer.AddRtAttr(unix.IFLA_NUM_TX_QUEUES, nl.Uint32Attr(uint32(base.NumTxQueues)))
+ }
+ if base.NumRxQueues > 0 {
+ peer.AddRtAttr(unix.IFLA_NUM_RX_QUEUES, nl.Uint32Attr(uint32(base.NumRxQueues)))
+ }
if base.MTU > 0 {
peer.AddRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
}
if link.PeerHardwareAddr != nil {
peer.AddRtAttr(unix.IFLA_ADDRESS, []byte(link.PeerHardwareAddr))
}
+ if link.PeerNamespace != nil {
+ switch ns := link.PeerNamespace.(type) {
+ case NsPid:
+ val := nl.Uint32Attr(uint32(ns))
+ peer.AddRtAttr(unix.IFLA_NET_NS_PID, val)
+ case NsFd:
+ val := nl.Uint32Attr(uint32(ns))
+ peer.AddRtAttr(unix.IFLA_NET_NS_FD, val)
+ }
+ }
case *Vxlan:
addVxlanAttrs(link, linkInfo)
case *Bond:
@@ -1509,7 +1617,11 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
return nil, err
}
- base := LinkAttrs{Index: int(msg.Index), RawFlags: msg.Flags, Flags: linkFlags(msg.Flags), EncapType: msg.EncapType()}
+ base := NewLinkAttrs()
+ base.Index = int(msg.Index)
+ base.RawFlags = msg.Flags
+ base.Flags = linkFlags(msg.Flags)
+ base.EncapType = msg.EncapType()
if msg.Flags&unix.IFF_PROMISC != 0 {
base.Promisc = 1
}
@@ -1543,6 +1655,8 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
link = &Vlan{}
case "veth":
link = &Veth{}
+ case "wireguard":
+ link = &Wireguard{}
case "vxlan":
link = &Vxlan{}
case "bond":
@@ -2080,6 +2194,13 @@ func parseVlanData(link Link, data []syscall.NetlinkRouteAttr) {
func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) {
vxlan := link.(*Vxlan)
for _, datum := range data {
+ // NOTE(vish): Apparently some messages can be sent with no value.
+ // We special case GBP here to not change existing
+ // functionality. It appears that GBP sends a datum.Value
+ // of null.
+ if len(datum.Value) == 0 && datum.Attr.Type != nl.IFLA_VXLAN_GBP {
+ continue
+ }
switch datum.Attr.Type {
case nl.IFLA_VXLAN_ID:
vxlan.VxlanId = int(native.Uint32(datum.Value[0:4]))
@@ -2513,7 +2634,8 @@ func parseLinkXdp(data []byte) (*LinkXdp, error) {
case nl.IFLA_XDP_FD:
xdp.Fd = int(native.Uint32(attr.Value[0:4]))
case nl.IFLA_XDP_ATTACHED:
- xdp.Attached = attr.Value[0] != 0
+ xdp.AttachMode = uint32(attr.Value[0])
+ xdp.Attached = xdp.AttachMode != 0
case nl.IFLA_XDP_FLAGS:
xdp.Flags = native.Uint32(attr.Value[0:4])
case nl.IFLA_XDP_PROG_ID:
@@ -2577,7 +2699,7 @@ func parseIptunData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_ENCAP_FLAGS:
iptun.EncapFlags = native.Uint16(datum.Value[0:2])
case nl.IFLA_IPTUN_COLLECT_METADATA:
- iptun.FlowBased = int8(datum.Value[0]) != 0
+ iptun.FlowBased = true
}
}
}
@@ -2601,10 +2723,14 @@ func addIp6tnlAttrs(ip6tnl *Ip6tnl, linkInfo *nl.RtAttr) {
data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(ip6tnl.Ttl))
data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(ip6tnl.Tos))
- data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
data.AddRtAttr(nl.IFLA_IPTUN_FLAGS, nl.Uint32Attr(ip6tnl.Flags))
data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(ip6tnl.Proto))
data.AddRtAttr(nl.IFLA_IPTUN_FLOWINFO, nl.Uint32Attr(ip6tnl.FlowInfo))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(ip6tnl.EncapType))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(ip6tnl.EncapFlags))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(ip6tnl.EncapSport))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_DPORT, htons(ip6tnl.EncapDport))
}
func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -2616,17 +2742,25 @@ func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_REMOTE:
ip6tnl.Remote = net.IP(datum.Value[:16])
case nl.IFLA_IPTUN_TTL:
- ip6tnl.Ttl = uint8(datum.Value[0])
+ ip6tnl.Ttl = datum.Value[0]
case nl.IFLA_IPTUN_TOS:
- ip6tnl.Tos = uint8(datum.Value[0])
- case nl.IFLA_IPTUN_ENCAP_LIMIT:
- ip6tnl.EncapLimit = uint8(datum.Value[0])
+ ip6tnl.Tos = datum.Value[0]
case nl.IFLA_IPTUN_FLAGS:
ip6tnl.Flags = native.Uint32(datum.Value[:4])
case nl.IFLA_IPTUN_PROTO:
- ip6tnl.Proto = uint8(datum.Value[0])
+ ip6tnl.Proto = datum.Value[0]
case nl.IFLA_IPTUN_FLOWINFO:
ip6tnl.FlowInfo = native.Uint32(datum.Value[:4])
+ case nl.IFLA_IPTUN_ENCAP_LIMIT:
+ ip6tnl.EncapLimit = datum.Value[0]
+ case nl.IFLA_IPTUN_ENCAP_TYPE:
+ ip6tnl.EncapType = native.Uint16(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_FLAGS:
+ ip6tnl.EncapFlags = native.Uint16(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_SPORT:
+ ip6tnl.EncapSport = ntohs(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_DPORT:
+ ip6tnl.EncapDport = ntohs(datum.Value[0:2])
}
}
}
@@ -2653,8 +2787,10 @@ func addSittunAttrs(sittun *Sittun, linkInfo *nl.RtAttr) {
data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(sittun.Ttl))
}
+ data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(sittun.Proto))
data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(sittun.Tos))
data.AddRtAttr(nl.IFLA_IPTUN_PMTUDISC, nl.Uint8Attr(sittun.PMtuDisc))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(sittun.EncapLimit))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(sittun.EncapType))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(sittun.EncapFlags))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(sittun.EncapSport))
@@ -2670,11 +2806,13 @@ func parseSittunData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_REMOTE:
sittun.Remote = net.IP(datum.Value[0:4])
case nl.IFLA_IPTUN_TTL:
- sittun.Ttl = uint8(datum.Value[0])
+ sittun.Ttl = datum.Value[0]
case nl.IFLA_IPTUN_TOS:
- sittun.Tos = uint8(datum.Value[0])
+ sittun.Tos = datum.Value[0]
case nl.IFLA_IPTUN_PMTUDISC:
- sittun.PMtuDisc = uint8(datum.Value[0])
+ sittun.PMtuDisc = datum.Value[0]
+ case nl.IFLA_IPTUN_PROTO:
+ sittun.Proto = datum.Value[0]
case nl.IFLA_IPTUN_ENCAP_TYPE:
sittun.EncapType = native.Uint16(datum.Value[0:2])
case nl.IFLA_IPTUN_ENCAP_FLAGS:
@@ -2761,6 +2899,9 @@ func addBridgeAttrs(bridge *Bridge, linkInfo *nl.RtAttr) {
if bridge.MulticastSnooping != nil {
data.AddRtAttr(nl.IFLA_BR_MCAST_SNOOPING, boolToByte(*bridge.MulticastSnooping))
}
+ if bridge.AgeingTime != nil {
+ data.AddRtAttr(nl.IFLA_BR_AGEING_TIME, nl.Uint32Attr(*bridge.AgeingTime))
+ }
if bridge.HelloTime != nil {
data.AddRtAttr(nl.IFLA_BR_HELLO_TIME, nl.Uint32Attr(*bridge.HelloTime))
}
@@ -2773,6 +2914,9 @@ func parseBridgeData(bridge Link, data []syscall.NetlinkRouteAttr) {
br := bridge.(*Bridge)
for _, datum := range data {
switch datum.Attr.Type {
+ case nl.IFLA_BR_AGEING_TIME:
+ ageingTime := native.Uint32(datum.Value[0:4])
+ br.AgeingTime = &ageingTime
case nl.IFLA_BR_HELLO_TIME:
helloTime := native.Uint32(datum.Value[0:4])
br.HelloTime = &helloTime
@@ -2852,6 +2996,24 @@ func parseVfInfo(data []syscall.NetlinkRouteAttr, id int) VfInfo {
vfr := nl.DeserializeVfRate(element.Value[:])
vf.MaxTxRate = vfr.MaxTxRate
vf.MinTxRate = vfr.MinTxRate
+ case nl.IFLA_VF_STATS:
+ vfstats := nl.DeserializeVfStats(element.Value[:])
+ vf.RxPackets = vfstats.RxPackets
+ vf.TxPackets = vfstats.TxPackets
+ vf.RxBytes = vfstats.RxBytes
+ vf.TxBytes = vfstats.TxBytes
+ vf.Multicast = vfstats.Multicast
+ vf.Broadcast = vfstats.Broadcast
+ vf.RxDropped = vfstats.RxDropped
+ vf.TxDropped = vfstats.TxDropped
+
+ case nl.IFLA_VF_RSS_QUERY_EN:
+ result := nl.DeserializeVfRssQueryEn(element.Value)
+ vf.RssQuery = result.Setting
+
+ case nl.IFLA_VF_TRUST:
+ result := nl.DeserializeVfTrust(element.Value)
+ vf.Trust = result.Setting
}
}
return vf
diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go
index cb3b55d35..fb220d141 100644
--- a/vendor/github.com/vishvananda/netlink/neigh_linux.go
+++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go
@@ -243,6 +243,18 @@ func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
// Ignore messages from other interfaces
continue
}
+ if msg.Family != 0 && ndm.Family != msg.Family {
+ continue
+ }
+ if msg.State != 0 && ndm.State != msg.State {
+ continue
+ }
+ if msg.Type != 0 && ndm.Type != msg.Type {
+ continue
+ }
+ if msg.Flags != 0 && ndm.Flags != msg.Flags {
+ continue
+ }
neigh, err := NeighDeserialize(m)
if err != nil {
diff --git a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
index 42d3acf91..71436f25c 100644
--- a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
@@ -16,7 +16,7 @@ func LinkSetMTU(link Link, mtu int) error {
return ErrNotImplemented
}
-func LinkSetMaster(link Link, master *Bridge) error {
+func LinkSetMaster(link Link, master Link) error {
return ErrNotImplemented
}
@@ -72,6 +72,10 @@ func LinkSetXdpFd(link Link, fd int) error {
return ErrNotImplemented
}
+func LinkSetXdpFdWithFlags(link Link, fd, flags int) error {
+ return ErrNotImplemented
+}
+
func LinkSetARPOff(link Link) error {
return ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
index 50db3b4cd..6bea4ed02 100644
--- a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
@@ -54,24 +54,18 @@ func (msg *IfAddrmsg) Len() int {
// __u32 tstamp; /* updated timestamp, hundredths of seconds */
// };
-const IFA_CACHEINFO = 6
-const SizeofIfaCacheInfo = 0x10
-
type IfaCacheInfo struct {
- IfaPrefered uint32
- IfaValid uint32
- Cstamp uint32
- Tstamp uint32
+ unix.IfaCacheinfo
}
func (msg *IfaCacheInfo) Len() int {
- return SizeofIfaCacheInfo
+ return unix.SizeofIfaCacheinfo
}
func DeserializeIfaCacheInfo(b []byte) *IfaCacheInfo {
- return (*IfaCacheInfo)(unsafe.Pointer(&b[0:SizeofIfaCacheInfo][0]))
+ return (*IfaCacheInfo)(unsafe.Pointer(&b[0:unix.SizeofIfaCacheinfo][0]))
}
func (msg *IfaCacheInfo) Serialize() []byte {
- return (*(*[SizeofIfaCacheInfo]byte)(unsafe.Pointer(msg)))[:]
+ return (*(*[unix.SizeofIfaCacheinfo]byte)(unsafe.Pointer(msg)))[:]
}
diff --git a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
index 79d2b6b89..14924027e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
@@ -40,9 +40,10 @@ const (
NFNETLINK_V0 = 0
)
-// #define NLA_F_NESTED (1 << 15)
const (
- NLA_F_NESTED = (1 << 15)
+ NLA_F_NESTED uint16 = (1 << 15) // #define NLA_F_NESTED (1 << 15)
+ NLA_F_NET_BYTEORDER uint16 = (1 << 14) // #define NLA_F_NESTED (1 << 14)
+ NLA_TYPE_MASK = ^(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
)
// enum ctattr_type {
diff --git a/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go b/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go
new file mode 100644
index 000000000..a60b4b09d
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go
@@ -0,0 +1,222 @@
+package nl
+
+import (
+ "strconv"
+
+ "golang.org/x/sys/unix"
+)
+
+const (
+ /* The protocol version */
+ IPSET_PROTOCOL = 6
+
+ /* The max length of strings including NUL: set and type identifiers */
+ IPSET_MAXNAMELEN = 32
+
+ /* The maximum permissible comment length we will accept over netlink */
+ IPSET_MAX_COMMENT_SIZE = 255
+)
+
+const (
+ _ = iota
+ IPSET_CMD_PROTOCOL /* 1: Return protocol version */
+ IPSET_CMD_CREATE /* 2: Create a new (empty) set */
+ IPSET_CMD_DESTROY /* 3: Destroy a (empty) set */
+ IPSET_CMD_FLUSH /* 4: Remove all elements from a set */
+ IPSET_CMD_RENAME /* 5: Rename a set */
+ IPSET_CMD_SWAP /* 6: Swap two sets */
+ IPSET_CMD_LIST /* 7: List sets */
+ IPSET_CMD_SAVE /* 8: Save sets */
+ IPSET_CMD_ADD /* 9: Add an element to a set */
+ IPSET_CMD_DEL /* 10: Delete an element from a set */
+ IPSET_CMD_TEST /* 11: Test an element in a set */
+ IPSET_CMD_HEADER /* 12: Get set header data only */
+ IPSET_CMD_TYPE /* 13: Get set type */
+)
+
+/* Attributes at command level */
+const (
+ _ = iota
+ IPSET_ATTR_PROTOCOL /* 1: Protocol version */
+ IPSET_ATTR_SETNAME /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME /* 3: Typename */
+ IPSET_ATTR_REVISION /* 4: Settype revision */
+ IPSET_ATTR_FAMILY /* 5: Settype family */
+ IPSET_ATTR_FLAGS /* 6: Flags at command level */
+ IPSET_ATTR_DATA /* 7: Nested attributes */
+ IPSET_ATTR_ADT /* 8: Multiple data containers */
+ IPSET_ATTR_LINENO /* 9: Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
+
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME /* Setname at rename/swap */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
+)
+
+/* CADT specific attributes */
+const (
+ IPSET_ATTR_IP = 1
+ IPSET_ATTR_IP_FROM = 1
+ IPSET_ATTR_IP_TO = 2
+ IPSET_ATTR_CIDR = 3
+ IPSET_ATTR_PORT = 4
+ IPSET_ATTR_PORT_FROM = 4
+ IPSET_ATTR_PORT_TO = 5
+ IPSET_ATTR_TIMEOUT = 6
+ IPSET_ATTR_PROTO = 7
+ IPSET_ATTR_CADT_FLAGS = 8
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
+ IPSET_ATTR_MARK = 10
+ IPSET_ATTR_MARKMASK = 11
+
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16
+
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC = 3 + iota
+ IPSET_ATTR_HASHSIZE
+ IPSET_ATTR_MAXELEM
+ IPSET_ATTR_NETMASK
+ IPSET_ATTR_PROBES
+ IPSET_ATTR_RESIZE
+ IPSET_ATTR_SIZE
+
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS
+ IPSET_ATTR_REFERENCES
+ IPSET_ATTR_MEMSIZE
+
+ SET_ATTR_CREATE_MAX
+)
+
+/* ADT specific attributes */
+const (
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
+ IPSET_ATTR_NAME
+ IPSET_ATTR_NAMEREF
+ IPSET_ATTR_IP2
+ IPSET_ATTR_CIDR2
+ IPSET_ATTR_IP2_TO
+ IPSET_ATTR_IFACE
+ IPSET_ATTR_BYTES
+ IPSET_ATTR_PACKETS
+ IPSET_ATTR_COMMENT
+ IPSET_ATTR_SKBMARK
+ IPSET_ATTR_SKBPRIO
+ IPSET_ATTR_SKBQUEUE
+)
+
+/* Flags at CADT attribute level, upper half of cmdattrs */
+const (
+ IPSET_FLAG_BIT_BEFORE = 0
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE)
+ IPSET_FLAG_BIT_PHYSDEV = 1
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV)
+ IPSET_FLAG_BIT_NOMATCH = 2
+ IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH)
+ IPSET_FLAG_BIT_WITH_COUNTERS = 3
+ IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
+ IPSET_FLAG_BIT_WITH_COMMENT = 4
+ IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
+ IPSET_FLAG_BIT_WITH_FORCEADD = 5
+ IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
+ IPSET_FLAG_BIT_WITH_SKBINFO = 6
+ IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
+ IPSET_FLAG_CADT_MAX = 15
+)
+
+const (
+ IPSET_ERR_PRIVATE = 4096 + iota
+ IPSET_ERR_PROTOCOL
+ IPSET_ERR_FIND_TYPE
+ IPSET_ERR_MAX_SETS
+ IPSET_ERR_BUSY
+ IPSET_ERR_EXIST_SETNAME2
+ IPSET_ERR_TYPE_MISMATCH
+ IPSET_ERR_EXIST
+ IPSET_ERR_INVALID_CIDR
+ IPSET_ERR_INVALID_NETMASK
+ IPSET_ERR_INVALID_FAMILY
+ IPSET_ERR_TIMEOUT
+ IPSET_ERR_REFERENCED
+ IPSET_ERR_IPADDR_IPV4
+ IPSET_ERR_IPADDR_IPV6
+ IPSET_ERR_COUNTER
+ IPSET_ERR_COMMENT
+ IPSET_ERR_INVALID_MARKMASK
+ IPSET_ERR_SKBINFO
+
+ /* Type specific error codes */
+ IPSET_ERR_TYPE_SPECIFIC = 4352
+)
+
+type IPSetError uintptr
+
+func (e IPSetError) Error() string {
+ switch int(e) {
+ case IPSET_ERR_PRIVATE:
+ return "private"
+ case IPSET_ERR_PROTOCOL:
+ return "invalid protocol"
+ case IPSET_ERR_FIND_TYPE:
+ return "invalid type"
+ case IPSET_ERR_MAX_SETS:
+ return "max sets reached"
+ case IPSET_ERR_BUSY:
+ return "busy"
+ case IPSET_ERR_EXIST_SETNAME2:
+ return "exist_setname2"
+ case IPSET_ERR_TYPE_MISMATCH:
+ return "type mismatch"
+ case IPSET_ERR_EXIST:
+ return "exist"
+ case IPSET_ERR_INVALID_CIDR:
+ return "invalid cidr"
+ case IPSET_ERR_INVALID_NETMASK:
+ return "invalid netmask"
+ case IPSET_ERR_INVALID_FAMILY:
+ return "invalid family"
+ case IPSET_ERR_TIMEOUT:
+ return "timeout"
+ case IPSET_ERR_REFERENCED:
+ return "referenced"
+ case IPSET_ERR_IPADDR_IPV4:
+ return "invalid ipv4 address"
+ case IPSET_ERR_IPADDR_IPV6:
+ return "invalid ipv6 address"
+ case IPSET_ERR_COUNTER:
+ return "invalid counter"
+ case IPSET_ERR_COMMENT:
+ return "invalid comment"
+ case IPSET_ERR_INVALID_MARKMASK:
+ return "invalid markmask"
+ case IPSET_ERR_SKBINFO:
+ return "skbinfo"
+ default:
+ return "errno " + strconv.Itoa(int(e))
+ }
+}
+
+func GetIpsetFlags(cmd int) int {
+ switch cmd {
+ case IPSET_CMD_CREATE:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
+ case IPSET_CMD_DESTROY,
+ IPSET_CMD_FLUSH,
+ IPSET_CMD_RENAME,
+ IPSET_CMD_SWAP,
+ IPSET_CMD_TEST:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK
+ case IPSET_CMD_LIST,
+ IPSET_CMD_SAVE:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
+ case IPSET_CMD_ADD,
+ IPSET_CMD_DEL:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK
+ case IPSET_CMD_HEADER,
+ IPSET_CMD_TYPE,
+ IPSET_CMD_PROTOCOL:
+ return unix.NLM_F_REQUEST
+ default:
+ return 0
+ }
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
index afb16a9c1..faee2fa03 100644
--- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
@@ -1,6 +1,8 @@
package nl
import (
+ "bytes"
+ "encoding/binary"
"unsafe"
)
@@ -243,7 +245,9 @@ const (
IFLA_VF_STATS_TX_BYTES
IFLA_VF_STATS_BROADCAST
IFLA_VF_STATS_MULTICAST
- IFLA_VF_STATS_MAX = IFLA_VF_STATS_MULTICAST
+ IFLA_VF_STATS_RX_DROPPED
+ IFLA_VF_STATS_TX_DROPPED
+ IFLA_VF_STATS_MAX = IFLA_VF_STATS_TX_DROPPED
)
const (
@@ -326,6 +330,59 @@ func (msg *VfTxRate) Serialize() []byte {
return (*(*[SizeofVfTxRate]byte)(unsafe.Pointer(msg)))[:]
}
+//struct ifla_vf_stats {
+// __u64 rx_packets;
+// __u64 tx_packets;
+// __u64 rx_bytes;
+// __u64 tx_bytes;
+// __u64 broadcast;
+// __u64 multicast;
+//};
+
+type VfStats struct {
+ RxPackets uint64
+ TxPackets uint64
+ RxBytes uint64
+ TxBytes uint64
+ Multicast uint64
+ Broadcast uint64
+ RxDropped uint64
+ TxDropped uint64
+}
+
+func DeserializeVfStats(b []byte) VfStats {
+ var vfstat VfStats
+ stats, err := ParseRouteAttr(b)
+ if err != nil {
+ return vfstat
+ }
+ var valueVar uint64
+ for _, stat := range stats {
+ if err := binary.Read(bytes.NewBuffer(stat.Value), NativeEndian(), &valueVar); err != nil {
+ break
+ }
+ switch stat.Attr.Type {
+ case IFLA_VF_STATS_RX_PACKETS:
+ vfstat.RxPackets = valueVar
+ case IFLA_VF_STATS_TX_PACKETS:
+ vfstat.TxPackets = valueVar
+ case IFLA_VF_STATS_RX_BYTES:
+ vfstat.RxBytes = valueVar
+ case IFLA_VF_STATS_TX_BYTES:
+ vfstat.TxBytes = valueVar
+ case IFLA_VF_STATS_MULTICAST:
+ vfstat.Multicast = valueVar
+ case IFLA_VF_STATS_BROADCAST:
+ vfstat.Broadcast = valueVar
+ case IFLA_VF_STATS_RX_DROPPED:
+ vfstat.RxDropped = valueVar
+ case IFLA_VF_STATS_TX_DROPPED:
+ vfstat.TxDropped = valueVar
+ }
+ }
+ return vfstat
+}
+
// struct ifla_vf_rate {
// __u32 vf;
// __u32 min_tx_rate; /* Min Bandwidth in Mbps */
@@ -478,6 +535,14 @@ const (
IFLA_XDP_MAX = IFLA_XDP_PROG_ID
)
+// XDP program attach mode (used as dump value for IFLA_XDP_ATTACHED)
+const (
+ XDP_ATTACHED_NONE = iota
+ XDP_ATTACHED_DRV
+ XDP_ATTACHED_SKB
+ XDP_ATTACHED_HW
+)
+
const (
IFLA_IPTUN_UNSPEC = iota
IFLA_IPTUN_LINK
diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
index aaf56c671..cef64b82e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
@@ -259,6 +259,29 @@ func NewIfInfomsgChild(parent *RtAttr, family int) *IfInfomsg {
return msg
}
+type Uint32Attribute struct {
+ Type uint16
+ Value uint32
+}
+
+func (a *Uint32Attribute) Serialize() []byte {
+ native := NativeEndian()
+ buf := make([]byte, rtaAlignOf(8))
+ native.PutUint16(buf[0:2], 8)
+ native.PutUint16(buf[2:4], a.Type)
+
+ if a.Type&NLA_F_NET_BYTEORDER != 0 {
+ binary.BigEndian.PutUint32(buf[4:], a.Value)
+ } else {
+ native.PutUint32(buf[4:], a.Value)
+ }
+ return buf
+}
+
+func (a *Uint32Attribute) Len() int {
+ return 8
+}
+
// Extend RtAttr to handle data and children
type RtAttr struct {
unix.RtAttr
@@ -439,10 +462,7 @@ done:
if m.Header.Pid != pid {
continue
}
- if m.Header.Type == unix.NLMSG_DONE {
- break done
- }
- if m.Header.Type == unix.NLMSG_ERROR {
+ if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR {
native := NativeEndian()
error := int32(native.Uint32(m.Data[0:4]))
if error == 0 {
diff --git a/vendor/github.com/vishvananda/netlink/nl/parse_attr.go b/vendor/github.com/vishvananda/netlink/nl/parse_attr.go
new file mode 100644
index 000000000..19eb8f28e
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/parse_attr.go
@@ -0,0 +1,67 @@
+package nl
+
+import (
+ "encoding/binary"
+ "fmt"
+)
+
+type Attribute struct {
+ Type uint16
+ Value []byte
+}
+
+func ParseAttributes(data []byte) <-chan Attribute {
+ native := NativeEndian()
+ result := make(chan Attribute)
+
+ go func() {
+ i := 0
+ for i+4 < len(data) {
+ length := int(native.Uint16(data[i : i+2]))
+
+ result <- Attribute{
+ Type: native.Uint16(data[i+2 : i+4]),
+ Value: data[i+4 : i+length],
+ }
+ i += rtaAlignOf(length)
+ }
+ close(result)
+ }()
+
+ return result
+}
+
+func PrintAttributes(data []byte) {
+ printAttributes(data, 0)
+}
+
+func printAttributes(data []byte, level int) {
+ for attr := range ParseAttributes(data) {
+ for i := 0; i < level; i++ {
+ print("> ")
+ }
+ nested := attr.Type&NLA_F_NESTED != 0
+ fmt.Printf("type=%d nested=%v len=%v %v\n", attr.Type&NLA_TYPE_MASK, nested, len(attr.Value), attr.Value)
+ if nested {
+ printAttributes(attr.Value, level+1)
+ }
+ }
+}
+
+// Uint32 returns the uint32 value respecting the NET_BYTEORDER flag
+func (attr *Attribute) Uint32() uint32 {
+ if attr.Type&NLA_F_NET_BYTEORDER != 0 {
+ return binary.BigEndian.Uint32(attr.Value)
+ } else {
+ return NativeEndian().Uint32(attr.Value)
+ }
+}
+
+// Uint64 returns the uint64 value respecting the NET_BYTEORDER flag
+func (attr *Attribute) Uint64() uint64 {
+ if attr.Type&NLA_F_NET_BYTEORDER != 0 {
+ return binary.BigEndian.Uint64(attr.Value)
+ } else {
+ return NativeEndian().Uint64(attr.Value)
+ }
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/syscall.go b/vendor/github.com/vishvananda/netlink/nl/syscall.go
index f7f7f92e6..4a01e6e59 100644
--- a/vendor/github.com/vishvananda/netlink/nl/syscall.go
+++ b/vendor/github.com/vishvananda/netlink/nl/syscall.go
@@ -21,6 +21,13 @@ const (
FRA_TABLE /* Extended table id */
FRA_FWMASK /* mask for netfilter mark */
FRA_OIFNAME
+ FRA_PAD
+ FRA_L3MDEV /* iif or oif is l3mdev goto its table */
+ FRA_UID_RANGE /* UID range */
+ FRA_PROTOCOL /* Originator of the rule */
+ FRA_IP_PROTO /* ip proto */
+ FRA_SPORT_RANGE /* sport */
+ FRA_DPORT_RANGE /* dport */
)
// ip rule netlink request types
diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
index 501f554b2..c24d53eb7 100644
--- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
@@ -94,6 +94,9 @@ const (
SizeofTcTunnelKey = SizeofTcGen + 0x04
SizeofTcSkbEdit = SizeofTcGen
SizeofTcPolice = 2*SizeofTcRateSpec + 0x20
+ SizeofTcSfqQopt = 0x0b
+ SizeofTcSfqRedStats = 0x18
+ SizeofTcSfqQoptV1 = SizeofTcSfqQopt + SizeofTcSfqRedStats + 0x1c
)
// struct tcmsg {
@@ -735,7 +738,13 @@ const (
TCA_TUNNEL_KEY_ENC_IPV6_SRC
TCA_TUNNEL_KEY_ENC_IPV6_DST
TCA_TUNNEL_KEY_ENC_KEY_ID
- TCA_TUNNEL_KEY_MAX = TCA_TUNNEL_KEY_ENC_KEY_ID
+ TCA_TUNNEL_KEY_PAD
+ TCA_TUNNEL_KEY_ENC_DST_PORT
+ TCA_TUNNEL_KEY_NO_CSUM
+ TCA_TUNNEL_KEY_ENC_OPTS
+ TCA_TUNNEL_KEY_ENC_TOS
+ TCA_TUNNEL_KEY_ENC_TTL
+ TCA_TUNNEL_KEY_MAX
)
type TcTunnelKey struct {
@@ -872,3 +881,103 @@ const (
TCA_HFSC_FSC
TCA_HFSC_USC
)
+
+// struct tc_sfq_qopt {
+// unsigned quantum; /* Bytes per round allocated to flow */
+// int perturb_period; /* Period of hash perturbation */
+// __u32 limit; /* Maximal packets in queue */
+// unsigned divisor; /* Hash divisor */
+// unsigned flows; /* Maximal number of flows */
+// };
+
+type TcSfqQopt struct {
+ Quantum uint8
+ Perturb int32
+ Limit uint32
+ Divisor uint8
+ Flows uint8
+}
+
+func (x *TcSfqQopt) Len() int {
+ return SizeofTcSfqQopt
+}
+
+func DeserializeTcSfqQopt(b []byte) *TcSfqQopt {
+ return (*TcSfqQopt)(unsafe.Pointer(&b[0:SizeofTcSfqQopt][0]))
+}
+
+func (x *TcSfqQopt) Serialize() []byte {
+ return (*(*[SizeofTcSfqQopt]byte)(unsafe.Pointer(x)))[:]
+}
+
+// struct tc_sfqred_stats {
+// __u32 prob_drop; /* Early drops, below max threshold */
+// __u32 forced_drop; /* Early drops, after max threshold */
+// __u32 prob_mark; /* Marked packets, below max threshold */
+// __u32 forced_mark; /* Marked packets, after max threshold */
+// __u32 prob_mark_head; /* Marked packets, below max threshold */
+// __u32 forced_mark_head;/* Marked packets, after max threshold */
+// };
+type TcSfqRedStats struct {
+ ProbDrop uint32
+ ForcedDrop uint32
+ ProbMark uint32
+ ForcedMark uint32
+ ProbMarkHead uint32
+ ForcedMarkHead uint32
+}
+
+func (x *TcSfqRedStats) Len() int {
+ return SizeofTcSfqRedStats
+}
+
+func DeserializeTcSfqRedStats(b []byte) *TcSfqRedStats {
+ return (*TcSfqRedStats)(unsafe.Pointer(&b[0:SizeofTcSfqRedStats][0]))
+}
+
+func (x *TcSfqRedStats) Serialize() []byte {
+ return (*(*[SizeofTcSfqRedStats]byte)(unsafe.Pointer(x)))[:]
+}
+
+// struct tc_sfq_qopt_v1 {
+// struct tc_sfq_qopt v0;
+// unsigned int depth; /* max number of packets per flow */
+// unsigned int headdrop;
+// /* SFQRED parameters */
+// __u32 limit; /* HARD maximal flow queue length (bytes) */
+// __u32 qth_min; /* Min average length threshold (bytes) */
+// __u32 qth_max; /* Max average length threshold (bytes) */
+// unsigned char Wlog; /* log(W) */
+// unsigned char Plog; /* log(P_max/(qth_max-qth_min)) */
+// unsigned char Scell_log; /* cell size for idle damping */
+// unsigned char flags;
+// __u32 max_P; /* probability, high resolution */
+// /* SFQRED stats */
+// struct tc_sfqred_stats stats;
+// };
+type TcSfqQoptV1 struct {
+ TcSfqQopt
+ Depth uint32
+ HeadDrop uint32
+ Limit uint32
+ QthMin uint32
+ QthMax uint32
+ Wlog byte
+ Plog byte
+ ScellLog byte
+ Flags byte
+ MaxP uint32
+ TcSfqRedStats
+}
+
+func (x *TcSfqQoptV1) Len() int {
+ return SizeofTcSfqQoptV1
+}
+
+func DeserializeTcSfqQoptV1(b []byte) *TcSfqQoptV1 {
+ return (*TcSfqQoptV1)(unsafe.Pointer(&b[0:SizeofTcSfqQoptV1][0]))
+}
+
+func (x *TcSfqQoptV1) Serialize() []byte {
+ return (*(*[SizeofTcSfqQoptV1]byte)(unsafe.Pointer(x)))[:]
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
index b6290fd54..43a947f22 100644
--- a/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
@@ -13,7 +13,7 @@ const (
SizeofXfrmAlgoAuth = 0x48
SizeofXfrmAlgoAEAD = 0x48
SizeofXfrmEncapTmpl = 0x18
- SizeofXfrmUsersaFlush = 0x8
+ SizeofXfrmUsersaFlush = 0x1
SizeofXfrmReplayStateEsn = 0x18
)
diff --git a/vendor/github.com/vishvananda/netlink/qdisc.go b/vendor/github.com/vishvananda/netlink/qdisc.go
index af78305ac..8418569ee 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc.go
@@ -338,3 +338,27 @@ func (qdisc *FqCodel) Attrs() *QdiscAttrs {
func (qdisc *FqCodel) Type() string {
return "fq_codel"
}
+
+type Sfq struct {
+ QdiscAttrs
+ // TODO: Only the simplified options for SFQ are handled here. Support for the extended one can be added later.
+ Quantum uint8
+ Perturb uint8
+ Limit uint32
+ Divisor uint8
+}
+
+func (sfq *Sfq) String() string {
+ return fmt.Sprintf(
+ "{%v -- Quantum: %v, Perturb: %v, Limit: %v, Divisor: %v}",
+ sfq.Attrs(), sfq.Quantum, sfq.Perturb, sfq.Limit, sfq.Divisor,
+ )
+}
+
+func (qdisc *Sfq) Attrs() *QdiscAttrs {
+ return &qdisc.QdiscAttrs
+}
+
+func (qdisc *Sfq) Type() string {
+ return "sfq"
+}
diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
index e9eee5908..d0e1ca194 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
@@ -278,6 +278,14 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
if qdisc.FlowDefaultRate > 0 {
options.AddRtAttr(nl.TCA_FQ_FLOW_DEFAULT_RATE, nl.Uint32Attr((uint32(qdisc.FlowDefaultRate))))
}
+ case *Sfq:
+ opt := nl.TcSfqQoptV1{}
+ opt.TcSfqQopt.Quantum = qdisc.Quantum
+ opt.TcSfqQopt.Perturb = int32(qdisc.Perturb)
+ opt.TcSfqQopt.Limit = qdisc.Limit
+ opt.TcSfqQopt.Divisor = qdisc.Divisor
+
+ options = nl.NewRtAttr(nl.TCA_OPTIONS, opt.Serialize())
default:
options = nil
}
@@ -362,6 +370,8 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
qdisc = &FqCodel{}
case "netem":
qdisc = &Netem{}
+ case "sfq":
+ qdisc = &Sfq{}
default:
qdisc = &GenericQdisc{QdiscType: qdiscType}
}
@@ -417,6 +427,10 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
if err := parseNetemData(qdisc, attr.Value); err != nil {
return nil, err
}
+ case "sfq":
+ if err := parseSfqData(qdisc, attr.Value); err != nil {
+ return nil, err
+ }
// no options for ingress
}
@@ -582,6 +596,17 @@ func parseTbfData(qdisc Qdisc, data []syscall.NetlinkRouteAttr) error {
return nil
}
+func parseSfqData(qdisc Qdisc, value []byte) error {
+ sfq := qdisc.(*Sfq)
+ opt := nl.DeserializeTcSfqQoptV1(value)
+ sfq.Quantum = opt.TcSfqQopt.Quantum
+ sfq.Perturb = uint8(opt.TcSfqQopt.Perturb)
+ sfq.Limit = opt.TcSfqQopt.Limit
+ sfq.Divisor = opt.TcSfqQopt.Divisor
+
+ return nil
+}
+
const (
TIME_UNITS_PER_SEC = 1000000
)
@@ -598,10 +623,10 @@ func initClock() {
return
}
parts := strings.Split(strings.TrimSpace(string(data)), " ")
- if len(parts) < 3 {
+ if len(parts) < 4 {
return
}
- var vals [3]uint64
+ var vals [4]uint64
for i := range vals {
val, err := strconv.ParseUint(parts[i], 16, 32)
if err != nil {
@@ -615,7 +640,12 @@ func initClock() {
}
clockFactor = float64(vals[2]) / TIME_UNITS_PER_SEC
tickInUsec = float64(vals[0]) / float64(vals[1]) * clockFactor
- hz = float64(vals[0])
+ if vals[2] == 1000000 {
+ // ref https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/utils.c#n963
+ hz = float64(vals[3])
+ } else {
+ hz = 100
+ }
}
func TickInUsec() float64 {
@@ -663,6 +693,7 @@ func latency(rate uint64, limit, buffer uint32) float64 {
return TIME_UNITS_PER_SEC*(float64(limit)/float64(rate)) - float64(tick2Time(buffer))
}
-func Xmittime(rate uint64, size uint32) float64 {
- return TickInUsec() * TIME_UNITS_PER_SEC * (float64(size) / float64(rate))
+func Xmittime(rate uint64, size uint32) uint32 {
+ // https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/tc/tc_core.c#n62
+ return time2Tick(uint32(TIME_UNITS_PER_SEC * (float64(size) / float64(rate))))
}
diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
index 2d0bdc8c3..ff014ca4c 100644
--- a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
@@ -77,28 +77,39 @@ func executeOneGetRdmaLink(data []byte) (*RdmaLink, error) {
return &link, nil
}
-func execRdmaGetLink(req *nl.NetlinkRequest, name string) (*RdmaLink, error) {
+func execRdmaSetLink(req *nl.NetlinkRequest) error {
+
+ _, err := req.Execute(unix.NETLINK_RDMA, 0)
+ return err
+}
+
+// RdmaLinkList gets a list of RDMA link devices.
+// Equivalent to: `rdma dev show`
+func RdmaLinkList() ([]*RdmaLink, error) {
+ return pkgHandle.RdmaLinkList()
+}
+
+// RdmaLinkList gets a list of RDMA link devices.
+// Equivalent to: `rdma dev show`
+func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
+ proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
+ req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
if err != nil {
return nil, err
}
+
+ var res []*RdmaLink
for _, m := range msgs {
link, err := executeOneGetRdmaLink(m)
if err != nil {
return nil, err
}
- if link.Attrs.Name == name {
- return link, nil
- }
+ res = append(res, link)
}
- return nil, fmt.Errorf("Rdma device %v not found", name)
-}
-func execRdmaSetLink(req *nl.NetlinkRequest) error {
-
- _, err := req.Execute(unix.NETLINK_RDMA, 0)
- return err
+ return res, nil
}
// RdmaLinkByName finds a link by name and returns a pointer to the object if
@@ -110,11 +121,16 @@ func RdmaLinkByName(name string) (*RdmaLink, error) {
// RdmaLinkByName finds a link by name and returns a pointer to the object if
// found and nil error, otherwise returns error code.
func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) {
-
- proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
- req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
-
- return execRdmaGetLink(req, name)
+ links, err := h.RdmaLinkList()
+ if err != nil {
+ return nil, err
+ }
+ for _, link := range links {
+ if link.Attrs.Name == name {
+ return link, nil
+ }
+ }
+ return nil, fmt.Errorf("Rdma device %v not found", name)
}
// RdmaLinkSetName sets the name of the rdma link device. Return nil on success
diff --git a/vendor/github.com/vishvananda/netlink/route.go b/vendor/github.com/vishvananda/netlink/route.go
index 58ff1af60..b16254174 100644
--- a/vendor/github.com/vishvananda/netlink/route.go
+++ b/vendor/github.com/vishvananda/netlink/route.go
@@ -29,25 +29,38 @@ type Encap interface {
// Route represents a netlink route.
type Route struct {
- LinkIndex int
- ILinkIndex int
- Scope Scope
- Dst *net.IPNet
- Src net.IP
- Gw net.IP
- MultiPath []*NexthopInfo
- Protocol int
- Priority int
- Table int
- Type int
- Tos int
- Flags int
- MPLSDst *int
- NewDst Destination
- Encap Encap
- MTU int
- AdvMSS int
- Hoplimit int
+ LinkIndex int
+ ILinkIndex int
+ Scope Scope
+ Dst *net.IPNet
+ Src net.IP
+ Gw net.IP
+ MultiPath []*NexthopInfo
+ Protocol int
+ Priority int
+ Table int
+ Type int
+ Tos int
+ Flags int
+ MPLSDst *int
+ NewDst Destination
+ Encap Encap
+ MTU int
+ Window int
+ Rtt int
+ RttVar int
+ Ssthresh int
+ Cwnd int
+ AdvMSS int
+ Reordering int
+ Hoplimit int
+ InitCwnd int
+ Features int
+ RtoMin int
+ InitRwnd int
+ QuickACK int
+ Congctl string
+ FastOpenNoCookie int
}
func (r Route) String() string {
diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go
index c69c595ed..4e778a417 100644
--- a/vendor/github.com/vishvananda/netlink/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/route_linux.go
@@ -33,6 +33,9 @@ const (
RT_FILTER_GW
RT_FILTER_TABLE
RT_FILTER_HOPLIMIT
+ RT_FILTER_PRIORITY
+ RT_FILTER_MARK
+ RT_FILTER_MASK
)
const (
@@ -639,19 +642,70 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
}
var metrics []*nl.RtAttr
- // TODO: support other rta_metric values
if route.MTU > 0 {
b := nl.Uint32Attr(uint32(route.MTU))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_MTU, b))
}
+ if route.Window > 0 {
+ b := nl.Uint32Attr(uint32(route.Window))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_WINDOW, b))
+ }
+ if route.Rtt > 0 {
+ b := nl.Uint32Attr(uint32(route.Rtt))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTT, b))
+ }
+ if route.RttVar > 0 {
+ b := nl.Uint32Attr(uint32(route.RttVar))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTTVAR, b))
+ }
+ if route.Ssthresh > 0 {
+ b := nl.Uint32Attr(uint32(route.Ssthresh))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_SSTHRESH, b))
+ }
+ if route.Cwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.Cwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_CWND, b))
+ }
if route.AdvMSS > 0 {
b := nl.Uint32Attr(uint32(route.AdvMSS))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_ADVMSS, b))
}
+ if route.Reordering > 0 {
+ b := nl.Uint32Attr(uint32(route.Reordering))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_REORDERING, b))
+ }
if route.Hoplimit > 0 {
b := nl.Uint32Attr(uint32(route.Hoplimit))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_HOPLIMIT, b))
}
+ if route.InitCwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.InitCwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_INITCWND, b))
+ }
+ if route.Features > 0 {
+ b := nl.Uint32Attr(uint32(route.Features))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_FEATURES, b))
+ }
+ if route.RtoMin > 0 {
+ b := nl.Uint32Attr(uint32(route.RtoMin))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTO_MIN, b))
+ }
+ if route.InitRwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.InitRwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_INITRWND, b))
+ }
+ if route.QuickACK > 0 {
+ b := nl.Uint32Attr(uint32(route.QuickACK))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_QUICKACK, b))
+ }
+ if route.Congctl != "" {
+ b := nl.ZeroTerminated(route.Congctl)
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_CC_ALGO, b))
+ }
+ if route.FastOpenNoCookie > 0 {
+ b := nl.Uint32Attr(uint32(route.FastOpenNoCookie))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_FASTOPEN_NO_COOKIE, b))
+ }
if metrics != nil {
attr := nl.NewRtAttr(unix.RTA_METRICS, nil)
@@ -903,10 +957,36 @@ func deserializeRoute(m []byte) (Route, error) {
switch metric.Attr.Type {
case unix.RTAX_MTU:
route.MTU = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_WINDOW:
+ route.Window = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTT:
+ route.Rtt = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTTVAR:
+ route.RttVar = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_SSTHRESH:
+ route.Ssthresh = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_CWND:
+ route.Cwnd = int(native.Uint32(metric.Value[0:4]))
case unix.RTAX_ADVMSS:
route.AdvMSS = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_REORDERING:
+ route.Reordering = int(native.Uint32(metric.Value[0:4]))
case unix.RTAX_HOPLIMIT:
route.Hoplimit = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_INITCWND:
+ route.InitCwnd = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_FEATURES:
+ route.Features = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTO_MIN:
+ route.RtoMin = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_INITRWND:
+ route.InitRwnd = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_QUICKACK:
+ route.QuickACK = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_CC_ALGO:
+ route.Congctl = nl.BytesToString(metric.Value)
+ case unix.RTAX_FASTOPEN_NO_COOKIE:
+ route.FastOpenNoCookie = int(native.Uint32(metric.Value[0:4]))
}
}
}
@@ -938,15 +1018,27 @@ func deserializeRoute(m []byte) (Route, error) {
return route, nil
}
+// RouteGetOptions contains a set of options to use with
+// RouteGetWithOptions
+type RouteGetOptions struct {
+ VrfName string
+}
+
+// RouteGetWithOptions gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get <> vrf <VrfName>'.
+func RouteGetWithOptions(destination net.IP, options *RouteGetOptions) ([]Route, error) {
+ return pkgHandle.RouteGetWithOptions(destination, options)
+}
+
// RouteGet gets a route to a specific destination from the host system.
// Equivalent to: 'ip route get'.
func RouteGet(destination net.IP) ([]Route, error) {
return pkgHandle.RouteGet(destination)
}
-// RouteGet gets a route to a specific destination from the host system.
-// Equivalent to: 'ip route get'.
-func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+// RouteGetWithOptions gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get <> vrf <VrfName>'.
+func (h *Handle) RouteGetWithOptions(destination net.IP, options *RouteGetOptions) ([]Route, error) {
req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_REQUEST)
family := nl.GetIPFamily(destination)
var destinationData []byte
@@ -966,6 +1058,20 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
rtaDst := nl.NewRtAttr(unix.RTA_DST, destinationData)
req.AddData(rtaDst)
+ if options != nil {
+ link, err := LinkByName(options.VrfName)
+ if err != nil {
+ return nil, err
+ }
+ var (
+ b = make([]byte, 4)
+ native = nl.NativeEndian()
+ )
+ native.PutUint32(b, uint32(link.Attrs().Index))
+
+ req.AddData(nl.NewRtAttr(unix.RTA_OIF, b))
+ }
+
msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWROUTE)
if err != nil {
return nil, err
@@ -980,7 +1086,12 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
res = append(res, route)
}
return res, nil
+}
+// RouteGet gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get'.
+func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+ return h.RouteGetWithOptions(destination, nil)
}
// RouteSubscribe takes a chan down which notifications will be sent
diff --git a/vendor/github.com/vishvananda/netlink/rule.go b/vendor/github.com/vishvananda/netlink/rule.go
index 7fc8ae5df..95f2facfb 100644
--- a/vendor/github.com/vishvananda/netlink/rule.go
+++ b/vendor/github.com/vishvananda/netlink/rule.go
@@ -12,6 +12,7 @@ type Rule struct {
Table int
Mark int
Mask int
+ Tos uint
TunID uint
Goto int
Src *net.IPNet
@@ -22,6 +23,8 @@ type Rule struct {
SuppressIfgroup int
SuppressPrefixlen int
Invert bool
+ Dport *RulePortRange
+ Sport *RulePortRange
}
func (r Rule) String() string {
@@ -40,3 +43,14 @@ func NewRule() *Rule {
Flow: -1,
}
}
+
+// NewRulePortRange creates rule sport/dport range.
+func NewRulePortRange(start, end uint16) *RulePortRange {
+ return &RulePortRange{Start: start, End: end}
+}
+
+// RulePortRange represents rule sport/dport range.
+type RulePortRange struct {
+ Start uint16
+ End uint16
+}
diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go
index e12569fe4..40474f30e 100644
--- a/vendor/github.com/vishvananda/netlink/rule_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rule_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "bytes"
"fmt"
"net"
@@ -55,6 +56,9 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
if rule.Table >= 0 && rule.Table < 256 {
msg.Table = uint8(rule.Table)
}
+ if rule.Tos != 0 {
+ msg.Tos = uint8(rule.Tos)
+ }
var dstFamily uint8
var rtAttrs []*nl.RtAttr
@@ -138,10 +142,10 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
}
}
if rule.IifName != "" {
- req.AddData(nl.NewRtAttr(nl.FRA_IIFNAME, []byte(rule.IifName)))
+ req.AddData(nl.NewRtAttr(nl.FRA_IIFNAME, []byte(rule.IifName+"\x00")))
}
if rule.OifName != "" {
- req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName)))
+ req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName+"\x00")))
}
if rule.Goto >= 0 {
msg.Type = nl.FR_ACT_GOTO
@@ -150,6 +154,16 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
req.AddData(nl.NewRtAttr(nl.FRA_GOTO, b))
}
+ if rule.Dport != nil {
+ b := rule.Dport.toRtAttrData()
+ req.AddData(nl.NewRtAttr(nl.FRA_DPORT_RANGE, b))
+ }
+
+ if rule.Sport != nil {
+ b := rule.Sport.toRtAttrData()
+ req.AddData(nl.NewRtAttr(nl.FRA_SPORT_RANGE, b))
+ }
+
_, err := req.Execute(unix.NETLINK_ROUTE, 0)
return err
}
@@ -163,6 +177,19 @@ func RuleList(family int) ([]Rule, error) {
// RuleList lists rules in the system.
// Equivalent to: ip rule list
func (h *Handle) RuleList(family int) ([]Rule, error) {
+ return h.RuleListFiltered(family, nil, 0)
+}
+
+// RuleListFiltered gets a list of rules in the system filtered by the
+// specified rule template `filter`.
+// Equivalent to: ip rule list
+func RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
+ return pkgHandle.RuleListFiltered(family, filter, filterMask)
+}
+
+// RuleListFiltered lists rules in the system.
+// Equivalent to: ip rule list
+func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST)
msg := nl.NewIfInfomsg(family)
req.AddData(msg)
@@ -184,6 +211,7 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
rule := NewRule()
rule.Invert = msg.Flags&FibRuleInvert > 0
+ rule.Tos = uint(msg.Tos)
for j := range attrs {
switch attrs[j].Attr.Type {
@@ -225,10 +253,44 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
rule.Goto = int(native.Uint32(attrs[j].Value[0:4]))
case nl.FRA_PRIORITY:
rule.Priority = int(native.Uint32(attrs[j].Value[0:4]))
+ case nl.FRA_DPORT_RANGE:
+ rule.Dport = NewRulePortRange(native.Uint16(attrs[j].Value[0:2]), native.Uint16(attrs[j].Value[2:4]))
+ case nl.FRA_SPORT_RANGE:
+ rule.Sport = NewRulePortRange(native.Uint16(attrs[j].Value[0:2]), native.Uint16(attrs[j].Value[2:4]))
+ }
+ }
+
+ if filter != nil {
+ switch {
+ case filterMask&RT_FILTER_SRC != 0 &&
+ (rule.Src == nil || rule.Src.String() != filter.Src.String()):
+ continue
+ case filterMask&RT_FILTER_DST != 0 &&
+ (rule.Dst == nil || rule.Dst.String() != filter.Dst.String()):
+ continue
+ case filterMask&RT_FILTER_TABLE != 0 &&
+ filter.Table != unix.RT_TABLE_UNSPEC && rule.Table != filter.Table:
+ continue
+ case filterMask&RT_FILTER_TOS != 0 && rule.Tos != filter.Tos:
+ continue
+ case filterMask&RT_FILTER_PRIORITY != 0 && rule.Priority != filter.Priority:
+ continue
+ case filterMask&RT_FILTER_MARK != 0 && rule.Mark != filter.Mark:
+ continue
+ case filterMask&RT_FILTER_MASK != 0 && rule.Mask != filter.Mask:
+ continue
}
}
+
res = append(res, *rule)
}
return res, nil
}
+
+func (pr *RulePortRange) toRtAttrData() []byte {
+ b := [][]byte{make([]byte, 2), make([]byte, 2)}
+ native.PutUint16(b[0], pr.Start)
+ native.PutUint16(b[1], pr.End)
+ return bytes.Join(b, []byte{})
+}
diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go
index c4d89c17e..e4e7f7ac3 100644
--- a/vendor/github.com/vishvananda/netlink/socket_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_linux.go
@@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"net"
+ "syscall"
"github.com/vishvananda/netlink/nl"
"golang.org/x/sys/unix"
@@ -49,10 +50,15 @@ func (r *socketRequest) Serialize() []byte {
native.PutUint32(b.Next(4), r.States)
networkOrder.PutUint16(b.Next(2), r.ID.SourcePort)
networkOrder.PutUint16(b.Next(2), r.ID.DestinationPort)
- copy(b.Next(4), r.ID.Source.To4())
- b.Next(12)
- copy(b.Next(4), r.ID.Destination.To4())
- b.Next(12)
+ if r.Family == unix.AF_INET6 {
+ copy(b.Next(16), r.ID.Source)
+ copy(b.Next(16), r.ID.Destination)
+ } else {
+ copy(b.Next(4), r.ID.Source.To4())
+ b.Next(12)
+ copy(b.Next(4), r.ID.Destination.To4())
+ b.Next(12)
+ }
native.PutUint32(b.Next(4), r.ID.Interface)
native.PutUint32(b.Next(4), r.ID.Cookie[0])
native.PutUint32(b.Next(4), r.ID.Cookie[1])
@@ -89,10 +95,15 @@ func (s *Socket) deserialize(b []byte) error {
s.Retrans = rb.Read()
s.ID.SourcePort = networkOrder.Uint16(rb.Next(2))
s.ID.DestinationPort = networkOrder.Uint16(rb.Next(2))
- s.ID.Source = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
- rb.Next(12)
- s.ID.Destination = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
- rb.Next(12)
+ if s.Family == unix.AF_INET6 {
+ s.ID.Source = net.IP(rb.Next(16))
+ s.ID.Destination = net.IP(rb.Next(16))
+ } else {
+ s.ID.Source = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
+ rb.Next(12)
+ s.ID.Destination = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
+ rb.Next(12)
+ }
s.ID.Interface = native.Uint32(rb.Next(4))
s.ID.Cookie[0] = native.Uint32(rb.Next(4))
s.ID.Cookie[1] = native.Uint32(rb.Next(4))
@@ -160,3 +171,68 @@ func SocketGet(local, remote net.Addr) (*Socket, error) {
}
return sock, nil
}
+
+// SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type.
+func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
+ s, err := nl.Subscribe(unix.NETLINK_INET_DIAG)
+ if err != nil {
+ return nil, err
+ }
+ defer s.Close()
+
+ req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
+ req.AddData(&socketRequest{
+ Family: family,
+ Protocol: unix.IPPROTO_TCP,
+ Ext: INET_DIAG_INFO,
+ States: uint32(0xfff), // All TCP states
+ })
+ s.Send(req)
+
+ var result []*InetDiagTCPInfoResp
+loop:
+ for {
+ msgs, from, err := s.Receive()
+ if err != nil {
+ return nil, err
+ }
+ if from.Pid != nl.PidKernel {
+ return nil, fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel)
+ }
+ if len(msgs) == 0 {
+ return nil, errors.New("no message nor error from netlink")
+ }
+
+ for _, m := range msgs {
+ switch m.Header.Type {
+ case unix.NLMSG_DONE:
+ break loop
+ case unix.NLMSG_ERROR:
+ native := nl.NativeEndian()
+ error := int32(native.Uint32(m.Data[0:4]))
+ return nil, syscall.Errno(-error)
+ }
+ sockInfo := &Socket{}
+ if err := sockInfo.deserialize(m.Data); err != nil {
+ return nil, err
+ }
+ attrs, err := nl.ParseRouteAttr(m.Data[sizeofSocket:])
+ if err != nil {
+ return nil, err
+ }
+ var tcpInfo *TCPInfo
+ for _, a := range attrs {
+ if a.Attr.Type == INET_DIAG_INFO {
+ tcpInfo = &TCPInfo{}
+ if err := tcpInfo.deserialize(a.Value); err != nil {
+ return nil, err
+ }
+ break
+ }
+ }
+ r := &InetDiagTCPInfoResp{InetDiagMsg: sockInfo, TCPInfo: tcpInfo}
+ result = append(result, r)
+ }
+ }
+ return result, nil
+}
diff --git a/vendor/github.com/vishvananda/netlink/tcp.go b/vendor/github.com/vishvananda/netlink/tcp.go
new file mode 100644
index 000000000..4a42ee5a6
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/tcp.go
@@ -0,0 +1,18 @@
+package netlink
+
+// TCP States
+const (
+ TCP_ESTABLISHED = iota + 0x01
+ TCP_SYN_SENT
+ TCP_SYN_RECV
+ TCP_FIN_WAIT1
+ TCP_FIN_WAIT2
+ TCP_TIME_WAIT
+ TCP_CLOSE
+ TCP_CLOSE_WAIT
+ TCP_LAST_ACK
+ TCP_LISTEN
+ TCP_CLOSING
+ TCP_NEW_SYN_REC
+ TCP_MAX_STATES
+)
diff --git a/vendor/github.com/vishvananda/netlink/tcp_linux.go b/vendor/github.com/vishvananda/netlink/tcp_linux.go
new file mode 100644
index 000000000..741ea1655
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/tcp_linux.go
@@ -0,0 +1,393 @@
+package netlink
+
+import (
+ "bytes"
+ "io"
+)
+
+type TCPInfo struct {
+ State uint8
+ Ca_state uint8
+ Retransmits uint8
+ Probes uint8
+ Backoff uint8
+ Options uint8
+ Snd_wscale uint8 // no uint4
+ Rcv_wscale uint8
+ Delivery_rate_app_limited uint8
+ Fastopen_client_fail uint8
+ Rto uint32
+ Ato uint32
+ Snd_mss uint32
+ Rcv_mss uint32
+ Unacked uint32
+ Sacked uint32
+ Lost uint32
+ Retrans uint32
+ Fackets uint32
+ Last_data_sent uint32
+ Last_ack_sent uint32
+ Last_data_recv uint32
+ Last_ack_recv uint32
+ Pmtu uint32
+ Rcv_ssthresh uint32
+ Rtt uint32
+ Rttvar uint32
+ Snd_ssthresh uint32
+ Snd_cwnd uint32
+ Advmss uint32
+ Reordering uint32
+ Rcv_rtt uint32
+ Rcv_space uint32
+ Total_retrans uint32
+ Pacing_rate uint64
+ Max_pacing_rate uint64
+ Bytes_acked uint64 /* RFC4898 tcpEStatsAppHCThruOctetsAcked */
+ Bytes_received uint64 /* RFC4898 tcpEStatsAppHCThruOctetsReceived */
+ Segs_out uint32 /* RFC4898 tcpEStatsPerfSegsOut */
+ Segs_in uint32 /* RFC4898 tcpEStatsPerfSegsIn */
+ Notsent_bytes uint32
+ Min_rtt uint32
+ Data_segs_in uint32 /* RFC4898 tcpEStatsDataSegsIn */
+ Data_segs_out uint32 /* RFC4898 tcpEStatsDataSegsOut */
+ Delivery_rate uint64
+ Busy_time uint64 /* Time (usec) busy sending data */
+ Rwnd_limited uint64 /* Time (usec) limited by receive window */
+ Sndbuf_limited uint64 /* Time (usec) limited by send buffer */
+ Delivered uint32
+ Delivered_ce uint32
+ Bytes_sent uint64 /* RFC4898 tcpEStatsPerfHCDataOctetsOut */
+ Bytes_retrans uint64 /* RFC4898 tcpEStatsPerfOctetsRetrans */
+ Dsack_dups uint32 /* RFC4898 tcpEStatsStackDSACKDups */
+ Reord_seen uint32 /* reordering events seen */
+ Rcv_ooopack uint32 /* Out-of-order packets received */
+ Snd_wnd uint32 /* peer's advertised receive window after * scaling (bytes) */
+}
+
+func checkDeserErr(err error) error {
+ if err == io.EOF {
+ return nil
+ }
+ return err
+}
+
+func (t *TCPInfo) deserialize(b []byte) error {
+ var err error
+ rb := bytes.NewBuffer(b)
+
+ t.State, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Ca_state, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Retransmits, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Probes, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Backoff, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Options, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ scales, err := rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Snd_wscale = scales >> 4 // first 4 bits
+ t.Rcv_wscale = scales & 0xf // last 4 bits
+
+ rateLimAndFastOpen, err := rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Delivery_rate_app_limited = rateLimAndFastOpen >> 7 // get first bit
+ t.Fastopen_client_fail = rateLimAndFastOpen >> 5 & 3 // get next two bits
+
+ next := rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rto = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Ato = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_mss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_mss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Unacked = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Sacked = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Lost = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Retrans = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Fackets = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_data_sent = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_ack_sent = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_data_recv = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_ack_recv = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Pmtu = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_ssthresh = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rtt = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rttvar = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_ssthresh = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_cwnd = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Advmss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Reordering = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_rtt = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_space = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Total_retrans = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Pacing_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Max_pacing_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_acked = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_received = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Segs_out = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Segs_in = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Notsent_bytes = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Min_rtt = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Data_segs_in = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Data_segs_out = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivery_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Busy_time = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rwnd_limited = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Sndbuf_limited = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivered = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivered_ce = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_sent = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_retrans = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Dsack_dups = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Reord_seen = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_ooopack = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_wnd = native.Uint32(next)
+ return nil
+}
diff --git a/vendor/github.com/vishvananda/netns/go.mod b/vendor/github.com/vishvananda/netns/go.mod
index 8221f782c..9cdf577ad 100644
--- a/vendor/github.com/vishvananda/netns/go.mod
+++ b/vendor/github.com/vishvananda/netns/go.mod
@@ -1,3 +1,5 @@
module github.com/vishvananda/netns
go 1.12
+
+require golang.org/x/sys v0.0.0-20200217220822-9197077df867
diff --git a/vendor/github.com/vishvananda/netns/go.sum b/vendor/github.com/vishvananda/netns/go.sum
index e69de29bb..1d4adf451 100644
--- a/vendor/github.com/vishvananda/netns/go.sum
+++ b/vendor/github.com/vishvananda/netns/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netns/netns.go b/vendor/github.com/vishvananda/netns/netns.go
index dd2f21570..116befd54 100644
--- a/vendor/github.com/vishvananda/netns/netns.go
+++ b/vendor/github.com/vishvananda/netns/netns.go
@@ -10,7 +10,8 @@ package netns
import (
"fmt"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
// NsHandle is a handle to a network namespace. It can be cast directly
@@ -24,11 +25,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
if ns == other {
return true
}
- var s1, s2 syscall.Stat_t
- if err := syscall.Fstat(int(ns), &s1); err != nil {
+ var s1, s2 unix.Stat_t
+ if err := unix.Fstat(int(ns), &s1); err != nil {
return false
}
- if err := syscall.Fstat(int(other), &s2); err != nil {
+ if err := unix.Fstat(int(other), &s2); err != nil {
return false
}
return (s1.Dev == s2.Dev) && (s1.Ino == s2.Ino)
@@ -36,11 +37,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
// String shows the file descriptor number and its dev and inode.
func (ns NsHandle) String() string {
- var s syscall.Stat_t
if ns == -1 {
return "NS(None)"
}
- if err := syscall.Fstat(int(ns), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(int(ns), &s); err != nil {
return fmt.Sprintf("NS(%d: unknown)", ns)
}
return fmt.Sprintf("NS(%d: %d, %d)", ns, s.Dev, s.Ino)
@@ -49,11 +50,11 @@ func (ns NsHandle) String() string {
// UniqueId returns a string which uniquely identifies the namespace
// associated with the network handle.
func (ns NsHandle) UniqueId() string {
- var s syscall.Stat_t
if ns == -1 {
return "NS(none)"
}
- if err := syscall.Fstat(int(ns), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(int(ns), &s); err != nil {
return "NS(unknown)"
}
return fmt.Sprintf("NS(%d:%d)", s.Dev, s.Ino)
@@ -67,7 +68,7 @@ func (ns NsHandle) IsOpen() bool {
// Close closes the NsHandle and resets its file descriptor to -1.
// It is not safe to use an NsHandle after Close() is called.
func (ns *NsHandle) Close() error {
- if err := syscall.Close(int(*ns)); err != nil {
+ if err := unix.Close(int(*ns)); err != nil {
return err
}
(*ns) = -1
diff --git a/vendor/github.com/vishvananda/netns/netns_linux.go b/vendor/github.com/vishvananda/netns/netns_linux.go
index b1e3b07c0..c76acd087 100644
--- a/vendor/github.com/vishvananda/netns/netns_linux.go
+++ b/vendor/github.com/vishvananda/netns/netns_linux.go
@@ -6,46 +6,30 @@ import (
"fmt"
"io/ioutil"
"os"
+ "path"
"path/filepath"
- "runtime"
"strconv"
"strings"
"syscall"
-)
-// SYS_SETNS syscall allows changing the namespace of the current process.
-var SYS_SETNS = map[string]uintptr{
- "386": 346,
- "amd64": 308,
- "arm64": 268,
- "arm": 375,
- "mips": 4344,
- "mipsle": 4344,
- "mips64le": 4344,
- "ppc64": 350,
- "ppc64le": 350,
- "riscv64": 268,
- "s390x": 339,
-}[runtime.GOARCH]
+ "golang.org/x/sys/unix"
+)
// Deprecated: use syscall pkg instead (go >= 1.5 needed).
const (
- CLONE_NEWUTS = 0x04000000 /* New utsname group? */
- CLONE_NEWIPC = 0x08000000 /* New ipcs */
- CLONE_NEWUSER = 0x10000000 /* New user namespace */
- CLONE_NEWPID = 0x20000000 /* New pid namespace */
- CLONE_NEWNET = 0x40000000 /* New network namespace */
- CLONE_IO = 0x80000000 /* Get io context */
+ CLONE_NEWUTS = 0x04000000 /* New utsname group? */
+ CLONE_NEWIPC = 0x08000000 /* New ipcs */
+ CLONE_NEWUSER = 0x10000000 /* New user namespace */
+ CLONE_NEWPID = 0x20000000 /* New pid namespace */
+ CLONE_NEWNET = 0x40000000 /* New network namespace */
+ CLONE_IO = 0x80000000 /* Get io context */
+ bindMountPath = "/run/netns" /* Bind mount path for named netns */
)
// Setns sets namespace using syscall. Note that this should be a method
// in syscall but it has not been added.
func Setns(ns NsHandle, nstype int) (err error) {
- _, _, e1 := syscall.Syscall(SYS_SETNS, uintptr(ns), uintptr(nstype), 0)
- if e1 != 0 {
- err = e1
- }
- return
+ return unix.Setns(int(ns), nstype)
}
// Set sets the current network namespace to the namespace represented
@@ -57,21 +41,64 @@ func Set(ns NsHandle) (err error) {
// New creates a new network namespace, sets it as current and returns
// a handle to it.
func New() (ns NsHandle, err error) {
- if err := syscall.Unshare(CLONE_NEWNET); err != nil {
+ if err := unix.Unshare(CLONE_NEWNET); err != nil {
return -1, err
}
return Get()
}
+// NewNamed creates a new named network namespace and returns a handle to it
+func NewNamed(name string) (NsHandle, error) {
+ if _, err := os.Stat(bindMountPath); os.IsNotExist(err) {
+ err = os.MkdirAll(bindMountPath, 0755)
+ if err != nil {
+ return None(), err
+ }
+ }
+
+ newNs, err := New()
+ if err != nil {
+ return None(), err
+ }
+
+ namedPath := path.Join(bindMountPath, name)
+
+ f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
+ if err != nil {
+ return None(), err
+ }
+ f.Close()
+
+ nsPath := fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid())
+ err = syscall.Mount(nsPath, namedPath, "bind", syscall.MS_BIND, "")
+ if err != nil {
+ return None(), err
+ }
+
+ return newNs, nil
+}
+
+// DeleteNamed deletes a named network namespace
+func DeleteNamed(name string) error {
+ namedPath := path.Join(bindMountPath, name)
+
+ err := syscall.Unmount(namedPath, syscall.MNT_DETACH)
+ if err != nil {
+ return err
+ }
+
+ return os.Remove(namedPath)
+}
+
// Get gets a handle to the current threads network namespace.
func Get() (NsHandle, error) {
- return GetFromThread(os.Getpid(), syscall.Gettid())
+ return GetFromThread(os.Getpid(), unix.Gettid())
}
// GetFromPath gets a handle to a network namespace
// identified by the path
func GetFromPath(path string) (NsHandle, error) {
- fd, err := syscall.Open(path, syscall.O_RDONLY, 0)
+ fd, err := unix.Open(path, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil {
return -1, err
}
diff --git a/vendor/github.com/willf/bitset/Makefile b/vendor/github.com/willf/bitset/Makefile
deleted file mode 100644
index db8377106..000000000
--- a/vendor/github.com/willf/bitset/Makefile
+++ /dev/null
@@ -1,191 +0,0 @@
-# MAKEFILE
-#
-# @author Nicola Asuni <info@tecnick.com>
-# @link https://github.com/willf/bitset
-# ------------------------------------------------------------------------------
-
-# List special make targets that are not associated with files
-.PHONY: help all test format fmtcheck vet lint coverage cyclo ineffassign misspell structcheck varcheck errcheck gosimple astscan qa deps clean nuke
-
-# Use bash as shell (Note: Ubuntu now uses dash which doesn't support PIPESTATUS).
-SHELL=/bin/bash
-
-# CVS path (path to the parent dir containing the project)
-CVSPATH=github.com/willf
-
-# Project owner
-OWNER=willf
-
-# Project vendor
-VENDOR=willf
-
-# Project name
-PROJECT=bitset
-
-# Project version
-VERSION=$(shell cat VERSION)
-
-# Name of RPM or DEB package
-PKGNAME=${VENDOR}-${PROJECT}
-
-# Current directory
-CURRENTDIR=$(shell pwd)
-
-# GO lang path
-ifneq ($(GOPATH),)
- ifeq ($(findstring $(GOPATH),$(CURRENTDIR)),)
- # the defined GOPATH is not valid
- GOPATH=
- endif
-endif
-ifeq ($(GOPATH),)
- # extract the GOPATH
- GOPATH=$(firstword $(subst /src/, ,$(CURRENTDIR)))
-endif
-
-# --- MAKE TARGETS ---
-
-# Display general help about this command
-help:
- @echo ""
- @echo "$(PROJECT) Makefile."
- @echo "GOPATH=$(GOPATH)"
- @echo "The following commands are available:"
- @echo ""
- @echo " make qa : Run all the tests"
- @echo " make test : Run the unit tests"
- @echo ""
- @echo " make format : Format the source code"
- @echo " make fmtcheck : Check if the source code has been formatted"
- @echo " make vet : Check for suspicious constructs"
- @echo " make lint : Check for style errors"
- @echo " make coverage : Generate the coverage report"
- @echo " make cyclo : Generate the cyclomatic complexity report"
- @echo " make ineffassign : Detect ineffectual assignments"
- @echo " make misspell : Detect commonly misspelled words in source files"
- @echo " make structcheck : Find unused struct fields"
- @echo " make varcheck : Find unused global variables and constants"
- @echo " make errcheck : Check that error return values are used"
- @echo " make gosimple : Suggest code simplifications"
- @echo " make astscan : GO AST scanner"
- @echo ""
- @echo " make docs : Generate source code documentation"
- @echo ""
- @echo " make deps : Get the dependencies"
- @echo " make clean : Remove any build artifact"
- @echo " make nuke : Deletes any intermediate file"
- @echo ""
-
-# Alias for help target
-all: help
-
-# Run the unit tests
-test:
- @mkdir -p target/test
- @mkdir -p target/report
- GOPATH=$(GOPATH) \
- go test \
- -covermode=atomic \
- -bench=. \
- -race \
- -cpuprofile=target/report/cpu.out \
- -memprofile=target/report/mem.out \
- -mutexprofile=target/report/mutex.out \
- -coverprofile=target/report/coverage.out \
- -v ./... | \
- tee >(PATH=$(GOPATH)/bin:$(PATH) go-junit-report > target/test/report.xml); \
- test $${PIPESTATUS[0]} -eq 0
-
-# Format the source code
-format:
- @find . -type f -name "*.go" -exec gofmt -s -w {} \;
-
-# Check if the source code has been formatted
-fmtcheck:
- @mkdir -p target
- @find . -type f -name "*.go" -exec gofmt -s -d {} \; | tee target/format.diff
- @test ! -s target/format.diff || { echo "ERROR: the source code has not been formatted - please use 'make format' or 'gofmt'"; exit 1; }
-
-# Check for syntax errors
-vet:
- GOPATH=$(GOPATH) go vet .
-
-# Check for style errors
-lint:
- GOPATH=$(GOPATH) PATH=$(GOPATH)/bin:$(PATH) golint .
-
-# Generate the coverage report
-coverage:
- @mkdir -p target/report
- GOPATH=$(GOPATH) \
- go tool cover -html=target/report/coverage.out -o target/report/coverage.html
-
-# Report cyclomatic complexity
-cyclo:
- @mkdir -p target/report
- GOPATH=$(GOPATH) gocyclo -avg ./ | tee target/report/cyclo.txt ; test $${PIPESTATUS[0]} -eq 0
-
-# Detect ineffectual assignments
-ineffassign:
- @mkdir -p target/report
- GOPATH=$(GOPATH) ineffassign ./ | tee target/report/ineffassign.txt ; test $${PIPESTATUS[0]} -eq 0
-
-# Detect commonly misspelled words in source files
-misspell:
- @mkdir -p target/report
- GOPATH=$(GOPATH) misspell -error ./ | tee target/report/misspell.txt ; test $${PIPESTATUS[0]} -eq 0
-
-# Find unused struct fields
-structcheck:
- @mkdir -p target/report
- GOPATH=$(GOPATH) structcheck -a ./ | tee target/report/structcheck.txt
-
-# Find unused global variables and constants
-varcheck:
- @mkdir -p target/report
- GOPATH=$(GOPATH) varcheck -e ./ | tee target/report/varcheck.txt
-
-# Check that error return values are used
-errcheck:
- @mkdir -p target/report
- GOPATH=$(GOPATH) errcheck ./ | tee target/report/errcheck.txt
-
-# AST scanner
-astscan:
- @mkdir -p target/report
- GOPATH=$(GOPATH) gosec . | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 || true
-
-# Generate source docs
-docs:
- @mkdir -p target/docs
- nohup sh -c 'GOPATH=$(GOPATH) godoc -http=127.0.0.1:6060' > target/godoc_server.log 2>&1 &
- wget --directory-prefix=target/docs/ --execute robots=off --retry-connrefused --recursive --no-parent --adjust-extension --page-requisites --convert-links http://127.0.0.1:6060/pkg/github.com/${VENDOR}/${PROJECT}/ ; kill -9 `lsof -ti :6060`
- @echo '<html><head><meta http-equiv="refresh" content="0;./127.0.0.1:6060/pkg/'${CVSPATH}'/'${PROJECT}'/index.html"/></head><a href="./127.0.0.1:6060/pkg/'${CVSPATH}'/'${PROJECT}'/index.html">'${PKGNAME}' Documentation ...</a></html>' > target/docs/index.html
-
-# Alias to run all quality-assurance checks
-qa: fmtcheck test vet lint coverage cyclo ineffassign misspell structcheck varcheck errcheck gosimple astscan
-
-# --- INSTALL ---
-
-# Get the dependencies
-deps:
- GOPATH=$(GOPATH) go get ./...
- GOPATH=$(GOPATH) go get golang.org/x/lint/golint
- GOPATH=$(GOPATH) go get github.com/jstemmer/go-junit-report
- GOPATH=$(GOPATH) go get github.com/axw/gocov/gocov
- GOPATH=$(GOPATH) go get github.com/fzipp/gocyclo
- GOPATH=$(GOPATH) go get github.com/gordonklaus/ineffassign
- GOPATH=$(GOPATH) go get github.com/client9/misspell/cmd/misspell
- GOPATH=$(GOPATH) go get github.com/opennota/check/cmd/structcheck
- GOPATH=$(GOPATH) go get github.com/opennota/check/cmd/varcheck
- GOPATH=$(GOPATH) go get github.com/kisielk/errcheck
- GOPATH=$(GOPATH) go get github.com/securego/gosec/cmd/gosec/...
-
-# Remove any build artifact
-clean:
- GOPATH=$(GOPATH) go clean ./...
-
-# Deletes any intermediate file
-nuke:
- rm -rf ./target
- GOPATH=$(GOPATH) go clean -i ./...
diff --git a/vendor/github.com/willf/bitset/README.md b/vendor/github.com/willf/bitset/README.md
index 6c62b20c6..50338e71d 100644
--- a/vendor/github.com/willf/bitset/README.md
+++ b/vendor/github.com/willf/bitset/README.md
@@ -2,10 +2,10 @@
*Go language library to map between non-negative integers and boolean values*
-[![Master Build Status](https://secure.travis-ci.org/willf/bitset.png?branch=master)](https://travis-ci.org/willf/bitset?branch=master)
+[![Test](https://github.com/willf/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest)
[![Master Coverage Status](https://coveralls.io/repos/willf/bitset/badge.svg?branch=master&service=github)](https://coveralls.io/github/willf/bitset?branch=master)
[![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset)
-[![GoDoc](https://godoc.org/github.com/willf/bitset?status.svg)](http://godoc.org/github.com/willf/bitset)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/willf/bitset?tab=doc)](https://pkg.go.dev/github.com/willf/bitset?tab=doc)
## Description
@@ -63,8 +63,11 @@ func main() {
As an alternative to BitSets, one should check out the 'big' package, which provides a (less set-theoretical) view of bitsets.
-Godoc documentation is at: https://godoc.org/github.com/willf/bitset
+Package documentation is at: https://pkg.go.dev/github.com/willf/bitset?tab=doc
+## Memory Usage
+
+The memory usage of a bitset using N bits is at least N/8 bytes. The number of bits in a bitset is at least as large as one plus the greatest bit index you have accessed. Thus it is possible to run out of memory while using a bitset. If you have lots of bits, you might prefer compressed bitsets, like the [Roaring bitmaps](http://roaringbitmap.org) and its [Go implementation](https://github.com/RoaringBitmap/roaring).
## Implementation Note
@@ -82,15 +85,10 @@ go get github.com/willf/bitset
If you wish to contribute to this project, please branch and issue a pull request against master ("[GitHub Flow](https://guides.github.com/introduction/flow/)")
-This project include a Makefile that allows you to test and build the project with simple commands.
-To see all available options:
-```bash
-make help
-```
-
## Running all tests
-Before committing the code, please check if it passes all tests using (note: this will install some dependencies):
+Before committing the code, please check if it passes tests, has adequate coverage, etc.
```bash
-make qa
+go test
+go test -cover
```
diff --git a/vendor/github.com/willf/bitset/bitset.go b/vendor/github.com/willf/bitset/bitset.go
index 22e5d42e5..21e889da2 100644
--- a/vendor/github.com/willf/bitset/bitset.go
+++ b/vendor/github.com/willf/bitset/bitset.go
@@ -138,6 +138,9 @@ func (b *BitSet) Len() uint {
// extendSetMaybe adds additional words to incorporate new bits if needed
func (b *BitSet) extendSetMaybe(i uint) {
if i >= b.length { // if we need more bits, make 'em
+ if i >= Cap() {
+ panic("You are exceeding the capacity")
+ }
nsize := wordsNeeded(i + 1)
if b.set == nil {
b.set = make([]uint64, nsize)
@@ -160,7 +163,12 @@ func (b *BitSet) Test(i uint) bool {
return b.set[i>>log2WordSize]&(1<<(i&(wordSize-1))) != 0
}
-// Set bit i to 1
+// Set bit i to 1, the capacity of the bitset is automatically
+// increased accordingly.
+// If i>= Cap(), this function will panic.
+// Warning: using a very large value for 'i'
+// may lead to a memory shortage and a panic: the caller is responsible
+// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) Set(i uint) *BitSet {
b.extendSetMaybe(i)
b.set[i>>log2WordSize] |= 1 << (i & (wordSize - 1))
@@ -176,7 +184,11 @@ func (b *BitSet) Clear(i uint) *BitSet {
return b
}
-// SetTo sets bit i to value
+// SetTo sets bit i to value.
+// If i>= Cap(), this function will panic.
+// Warning: using a very large value for 'i'
+// may lead to a memory shortage and a panic: the caller is responsible
+// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) SetTo(i uint, value bool) *BitSet {
if value {
return b.Set(i)
@@ -184,7 +196,11 @@ func (b *BitSet) SetTo(i uint, value bool) *BitSet {
return b.Clear(i)
}
-// Flip bit at i
+// Flip bit at i.
+// If i>= Cap(), this function will panic.
+// Warning: using a very large value for 'i'
+// may lead to a memory shortage and a panic: the caller is responsible
+// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) Flip(i uint) *BitSet {
if i >= b.length {
return b.Set(i)
@@ -193,26 +209,51 @@ func (b *BitSet) Flip(i uint) *BitSet {
return b
}
-// Shrink shrinks BitSet to desired length in bits. It clears all bits > length
-// and reduces the size and length of the set.
+// Shrink shrinks BitSet so that the provided value is the last possible
+// set value. It clears all bits > the provided index and reduces the size
+// and length of the set.
+//
+// Note that the parameter value is not the new length in bits: it is the
+// maximal value that can be stored in the bitset after the function call.
+// The new length in bits is the parameter value + 1. Thus it is not possible
+// to use this function to set the length to 0, the minimal value of the length
+// after this function call is 1.
//
// A new slice is allocated to store the new bits, so you may see an increase in
// memory usage until the GC runs. Normally this should not be a problem, but if you
// have an extremely large BitSet its important to understand that the old BitSet will
// remain in memory until the GC frees it.
-func (b *BitSet) Shrink(length uint) *BitSet {
- idx := wordsNeeded(length + 1)
+func (b *BitSet) Shrink(lastbitindex uint) *BitSet {
+ length := lastbitindex + 1
+ idx := wordsNeeded(length)
if idx > len(b.set) {
return b
}
shrunk := make([]uint64, idx)
copy(shrunk, b.set[:idx])
b.set = shrunk
- b.length = length + 1
- b.set[idx-1] &= (allBits >> (uint64(64) - uint64(length&(wordSize-1)) - 1))
+ b.length = length
+ b.set[idx-1] &= (allBits >> (uint64(64) - uint64(length&(wordSize-1))))
return b
}
+// Compact shrinks BitSet to so that we preserve all set bits, while minimizing
+// memory usage. Compact calls Shrink.
+func (b *BitSet) Compact() *BitSet {
+ idx := len(b.set) - 1
+ for ; idx >= 0 && b.set[idx] == 0; idx-- {
+ }
+ newlength := uint((idx + 1) << log2WordSize)
+ if newlength >= b.length {
+ return b // nothing to do
+ }
+ if newlength > 0 {
+ return b.Shrink(newlength - 1)
+ }
+ // We preserve one word
+ return b.Shrink(63)
+}
+
// InsertAt takes an index which indicates where a bit should be
// inserted. Then it shifts all the bits in the set to the left by 1, starting
// from the given index position, and sets the index position to 0.
@@ -323,6 +364,9 @@ func (b *BitSet) DeleteAt(i uint) *BitSet {
// including possibly the current index
// along with an error code (true = valid, false = no set bit found)
// for i,e := v.NextSet(0); e; i,e = v.NextSet(i + 1) {...}
+//
+// Users concerned with performance may want to use NextSetMany to
+// retrieve several values at once.
func (b *BitSet) NextSet(i uint) (uint, bool) {
x := int(i >> log2WordSize)
if x >= len(b.set) {
@@ -358,6 +402,14 @@ func (b *BitSet) NextSet(i uint) (uint, bool) {
// j += 1
// }
//
+//
+// It is possible to retrieve all set bits as follow:
+//
+// indices := make([]uint, bitmap.Count())
+// bitmap.NextSetMany(0, indices)
+//
+// However if bitmap.Count() is large, it might be preferable to
+// use several calls to NextSetMany, for performance reasons.
func (b *BitSet) NextSetMany(i uint, buffer []uint) (uint, []uint) {
myanswer := buffer
capacity := cap(buffer)
@@ -809,7 +861,7 @@ func (b *BitSet) ReadFrom(stream io.Reader) (int64, error) {
newset := New(uint(length))
if uint64(newset.length) != length {
- return 0, errors.New("Unmarshalling error: type mismatch")
+ return 0, errors.New("unmarshalling error: type mismatch")
}
// Read remaining bytes as set
diff --git a/vendor/github.com/willf/bitset/go.mod b/vendor/github.com/willf/bitset/go.mod
new file mode 100644
index 000000000..583ecab78
--- /dev/null
+++ b/vendor/github.com/willf/bitset/go.mod
@@ -0,0 +1,3 @@
+module github.com/willf/bitset
+
+go 1.14
diff --git a/vendor/github.com/willf/bitset/go.sum b/vendor/github.com/willf/bitset/go.sum
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/willf/bitset/go.sum
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index 8b129b794..7688d72c3 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -2632,7 +2632,9 @@ func (t *Transport) getBodyWriterState(cs *clientStream, body io.Reader) (s body
func (s bodyWriterState) cancel() {
if s.timer != nil {
- s.timer.Stop()
+ if s.timer.Stop() {
+ s.resc <- nil
+ }
}
}
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index 06f84b855..6b4027b33 100644
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index a54436e39..cfc08c979 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
index 7b88e865a..7f7f272a0 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
index 568bcd031..75a955661 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index f7cb46971..4adb89cf9 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build 386 amd64 amd64p32
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index e5037d92e..964946df9 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 47f084128..2f557a588 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build 386 amd64 amd64p32
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
index 78fe25e86..5b427d67e 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -7,7 +7,7 @@
// (See golang.org/issue/32102)
// +build aix,ppc64
-// +build !gccgo
+// +build gc
package cpu
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index 06f84b855..6b4027b33 100644
--- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_386.s b/vendor/golang.org/x/sys/unix/asm_darwin_386.s
index 8a7278319..8a06b87d7 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s b/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
index 6321421f2..f2397fde5 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_arm.s b/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
index 333242d50..c9e6b6fc8 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
// +build arm,darwin
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s b/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
index 97e017437..89843f8f4 100644
--- a/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
// +build arm64,darwin
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s b/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
index 603dd5728..27674e1ca 100644
--- a/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_386.s b/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
index c9a0a2601..49f0ac236 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
index 35172477c..f2dfc57b8 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s b/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
index 9227c875b..6d740db2c 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
index d9318cbf0..a8f5a29b3 100644
--- a/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 448bebbb5..0655ecbfb 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index c6468a958..bc3fb6ac3 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index cf0f3575c..55b13c7ba 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index afe6fdf6b..22a83d8e3 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -4,7 +4,7 @@
// +build linux
// +build arm64
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index ab9d63831..dc222b90c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -4,7 +4,7 @@
// +build linux
// +build mips64 mips64le
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 99e539904..d333f13cf 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -4,7 +4,7 @@
// +build linux
// +build mips mipsle
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 88f712557..459a629c2 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -4,7 +4,7 @@
// +build linux
// +build ppc64 ppc64le
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index 3cfefed2e..04d38497c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build riscv64,!gccgo
+// +build riscv64,gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index a5a863c6b..cc303989e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -4,7 +4,7 @@
// +build s390x
// +build linux
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_386.s b/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
index 48bdcd763..ae7b498d5 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
index 2ede05c72..e57367c17 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s b/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
index e8928571c..d7da175e1 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
index 6f98ba5a3..e7cbe1904 100644
--- a/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_386.s b/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
index 00576f3c8..2f00b0310 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_386.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
index 790ef77f8..07632c99c 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s b/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
index 469bfa100..73e997320 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
index 0cedea3d3..c47302aa4 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_arm64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 567a4763c..47c93fcb6 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index ded8260f3..1f2c755a7 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !gccgo
+// +build gc
#include "textflag.h"
diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go
index 5e9269063..86781eac2 100644
--- a/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/vendor/golang.org/x/sys/unix/endian_big.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
-// +build ppc64 s390x mips mips64
+// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
package unix
diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go
index bcdb5d30e..8822d8541 100644
--- a/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/vendor/golang.org/x/sys/unix/endian_little.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
-// +build 386 amd64 amd64p32 arm arm64 ppc64le mipsle mips64le riscv64
+// +build 386 amd64 amd64p32 alpha arm arm64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 21a4946ba..baa771f8a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build amd64,linux
-// +build !gccgo
+// +build gc
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index c26e6ec23..9edf3961b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build linux,!gccgo
+// +build linux,gc
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 070bd3899..90e33d8cf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build linux,!gccgo,386
+// +build linux,gc,386
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index 8c514c95e..1a97baae7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build arm,!gccgo,linux
+// +build arm,gc,linux
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index 1c70d1b69..87bd161ce 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,7 +3,7 @@
// license that can be found in the LICENSE file.
// +build darwin dragonfly freebsd linux netbsd openbsd solaris
-// +build !gccgo,!ppc64le,!ppc64
+// +build gc,!ppc64le,!ppc64
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index 86dc765ab..d36216c3c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -4,7 +4,7 @@
// +build linux
// +build ppc64le ppc64
-// +build !gccgo
+// +build gc
package unix
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index 4b3a8ad7b..0550da06d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,7 @@
// Code generated by the command above; see README.md. DO NOT EDIT.
// +build aix,ppc64
-// +build !gccgo
+// +build gc
package unix
diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go
index 82076fb74..9cd147b7e 100644
--- a/vendor/golang.org/x/sys/windows/dll_windows.go
+++ b/vendor/golang.org/x/sys/windows/dll_windows.go
@@ -32,6 +32,8 @@ type DLLError struct {
func (e *DLLError) Error() string { return e.Msg }
+func (e *DLLError) Unwrap() error { return e.Err }
+
// A DLL implements access to a single DLL.
type DLL struct {
Name string
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 9e3c44a85..14906485f 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -1103,9 +1103,10 @@ type OBJECTS_AND_NAME struct {
}
//sys getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetSecurityInfo
-//sys SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) = advapi32.SetSecurityInfo
+//sys SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetSecurityInfo
//sys getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetNamedSecurityInfoW
//sys SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetNamedSecurityInfoW
+//sys SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) = advapi32.SetKernelObjectSecurity
//sys buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) = advapi32.BuildSecurityDescriptorW
//sys initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) = advapi32.InitializeSecurityDescriptor
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 008ffc11a..86a46f771 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -174,6 +174,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
//sys ExitProcess(exitcode uint32)
//sys IsWow64Process(handle Handle, isWow64 *bool) (err error) = IsWow64Process
+//sys IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint16) (err error) = IsWow64Process2?
//sys CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
//sys ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
//sys WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error)
@@ -187,6 +188,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys FindClose(handle Handle) (err error)
//sys GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error)
//sys GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error)
+//sys SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error)
//sys GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) = GetCurrentDirectoryW
//sys SetCurrentDirectory(path *uint16) (err error) = SetCurrentDirectoryW
//sys CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) = CreateDirectoryW
@@ -243,6 +245,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) = kernel32.GetFullPathNameW
//sys GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) = kernel32.GetLongPathNameW
//sys GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) = kernel32.GetShortPathNameW
+//sys GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) = kernel32.GetFinalPathNameByHandleW
//sys CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) = kernel32.CreateFileMappingW
//sys MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error)
//sys UnmapViewOfFile(addr uintptr) (err error)
@@ -351,7 +354,6 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetThreadPreferredUILanguages
//sys getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetUserPreferredUILanguages
//sys getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) = kernel32.GetSystemPreferredUILanguages
-//sys GetFinalPathNameByHandleW(file syscall.Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) = kernel32.GetFinalPathNameByHandleW
// Process Status API (PSAPI)
//sys EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index da1652e74..e7ae37f88 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1772,3 +1772,32 @@ const (
MUI_LANGUAGE_INSTALLED = 0x20
MUI_LANGUAGE_LICENSED = 0x40
)
+
+// FILE_INFO_BY_HANDLE_CLASS constants for SetFileInformationByHandle/GetFileInformationByHandleEx
+const (
+ FileBasicInfo = 0
+ FileStandardInfo = 1
+ FileNameInfo = 2
+ FileRenameInfo = 3
+ FileDispositionInfo = 4
+ FileAllocationInfo = 5
+ FileEndOfFileInfo = 6
+ FileStreamInfo = 7
+ FileCompressionInfo = 8
+ FileAttributeTagInfo = 9
+ FileIdBothDirectoryInfo = 10
+ FileIdBothDirectoryRestartInfo = 11
+ FileIoPriorityHintInfo = 12
+ FileRemoteProtocolInfo = 13
+ FileFullDirectoryInfo = 14
+ FileFullDirectoryRestartInfo = 15
+ FileStorageInfo = 16
+ FileAlignmentInfo = 17
+ FileIdInfo = 18
+ FileIdExtdDirectoryInfo = 19
+ FileIdExtdDirectoryRestartInfo = 20
+ FileDispositionInfoEx = 21
+ FileRenameInfoEx = 22
+ FileCaseSensitiveInfo = 23
+ FileNormalizedNameInfo = 24
+)
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index d400c3512..8fbef7da6 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -122,6 +122,7 @@ var (
procReportEventW = modadvapi32.NewProc("ReportEventW")
procRevertToSelf = modadvapi32.NewProc("RevertToSelf")
procSetEntriesInAclW = modadvapi32.NewProc("SetEntriesInAclW")
+ procSetKernelObjectSecurity = modadvapi32.NewProc("SetKernelObjectSecurity")
procSetNamedSecurityInfoW = modadvapi32.NewProc("SetNamedSecurityInfoW")
procSetSecurityDescriptorControl = modadvapi32.NewProc("SetSecurityDescriptorControl")
procSetSecurityDescriptorDacl = modadvapi32.NewProc("SetSecurityDescriptorDacl")
@@ -248,6 +249,7 @@ var (
procGetVolumePathNamesForVolumeNameW = modkernel32.NewProc("GetVolumePathNamesForVolumeNameW")
procGetWindowsDirectoryW = modkernel32.NewProc("GetWindowsDirectoryW")
procIsWow64Process = modkernel32.NewProc("IsWow64Process")
+ procIsWow64Process2 = modkernel32.NewProc("IsWow64Process2")
procLoadLibraryExW = modkernel32.NewProc("LoadLibraryExW")
procLoadLibraryW = modkernel32.NewProc("LoadLibraryW")
procLocalFree = modkernel32.NewProc("LocalFree")
@@ -283,6 +285,7 @@ var (
procSetEvent = modkernel32.NewProc("SetEvent")
procSetFileAttributesW = modkernel32.NewProc("SetFileAttributesW")
procSetFileCompletionNotificationModes = modkernel32.NewProc("SetFileCompletionNotificationModes")
+ procSetFileInformationByHandle = modkernel32.NewProc("SetFileInformationByHandle")
procSetFilePointer = modkernel32.NewProc("SetFilePointer")
procSetFileTime = modkernel32.NewProc("SetFileTime")
procSetHandleInformation = modkernel32.NewProc("SetHandleInformation")
@@ -970,6 +973,14 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE
return
}
+func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) {
+ r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
var _p0 *uint16
_p0, ret = syscall.UTF16PtrFromString(objectName)
@@ -1056,8 +1067,11 @@ func setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl *
return
}
-func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) {
- syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) {
+ r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+ if r0 != 0 {
+ ret = syscall.Errno(r0)
+ }
return
}
@@ -1727,7 +1741,7 @@ func GetFileType(filehandle Handle) (n uint32, err error) {
return
}
-func GetFinalPathNameByHandleW(file syscall.Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) {
+func GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) {
r0, _, e1 := syscall.Syscall6(procGetFinalPathNameByHandleW.Addr(), 4, uintptr(file), uintptr(unsafe.Pointer(filePath)), uintptr(filePathSize), uintptr(flags), 0, 0)
n = uint32(r0)
if n == 0 {
@@ -2055,6 +2069,18 @@ func IsWow64Process(handle Handle, isWow64 *bool) (err error) {
return
}
+func IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint16) (err error) {
+ err = procIsWow64Process2.Find()
+ if err != nil {
+ return
+ }
+ r1, _, e1 := syscall.Syscall(procIsWow64Process2.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(processMachine)), uintptr(unsafe.Pointer(nativeMachine)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) {
var _p0 *uint16
_p0, err = syscall.UTF16PtrFromString(libname)
@@ -2386,6 +2412,14 @@ func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error)
return
}
+func SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procSetFileInformationByHandle.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) {
r0, _, e1 := syscall.Syscall6(procSetFilePointer.Addr(), 4, uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence), 0, 0)
newlowoffset = uint32(r0)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b78e059db..fe45f9237 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -60,7 +60,7 @@ github.com/containernetworking/cni/pkg/types/020
github.com/containernetworking/cni/pkg/types/current
github.com/containernetworking/cni/pkg/utils
github.com/containernetworking/cni/pkg/version
-# github.com/containernetworking/plugins v0.8.7
+# github.com/containernetworking/plugins v0.9.0
github.com/containernetworking/plugins/pkg/ip
github.com/containernetworking/plugins/pkg/ns
github.com/containernetworking/plugins/pkg/utils/hwaddr
@@ -168,7 +168,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.24.1
+# github.com/containers/storage v1.24.3
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs
@@ -422,7 +422,7 @@ github.com/onsi/ginkgo/reporters/stenographer
github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable
github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty
github.com/onsi/ginkgo/types
-# github.com/onsi/gomega v1.10.3
+# github.com/onsi/gomega v1.10.4
github.com/onsi/gomega
github.com/onsi/gomega/format
github.com/onsi/gomega/gbytes
@@ -459,7 +459,7 @@ github.com/opencontainers/runtime-tools/generate
github.com/opencontainers/runtime-tools/generate/seccomp
github.com/opencontainers/runtime-tools/specerror
github.com/opencontainers/runtime-tools/validate
-# github.com/opencontainers/selinux v1.6.0
+# github.com/opencontainers/selinux v1.7.0
github.com/opencontainers/selinux/go-selinux
github.com/opencontainers/selinux/go-selinux/label
github.com/opencontainers/selinux/pkg/pwalk
@@ -563,12 +563,12 @@ github.com/vbauerster/mpb/v5
github.com/vbauerster/mpb/v5/cwriter
github.com/vbauerster/mpb/v5/decor
github.com/vbauerster/mpb/v5/internal
-# github.com/vishvananda/netlink v1.1.0
+# github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
github.com/vishvananda/netlink
github.com/vishvananda/netlink/nl
-# github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
+# github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
github.com/vishvananda/netns
-# github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243
+# github.com/willf/bitset v1.1.11
github.com/willf/bitset
# github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b
github.com/xeipuuv/gojsonpointer
@@ -609,7 +609,7 @@ golang.org/x/crypto/ssh/agent
golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
golang.org/x/crypto/ssh/knownhosts
golang.org/x/crypto/ssh/terminal
-# golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
+# golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb
golang.org/x/net/context
golang.org/x/net/context/ctxhttp
golang.org/x/net/html
@@ -627,7 +627,7 @@ golang.org/x/oauth2/internal
# golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
golang.org/x/sync/errgroup
golang.org/x/sync/semaphore
-# golang.org/x/sys v0.0.0-20201112073958-5cba982894dd
+# golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637
golang.org/x/sys/cpu
golang.org/x/sys/internal/unsafeheader
golang.org/x/sys/unix