summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/storage.conf2
-rw-r--r--vendor/github.com/containers/storage/store.go4
-rw-r--r--vendor/github.com/onsi/gomega/.travis.yml3
-rw-r--r--vendor/github.com/onsi/gomega/CHANGELOG.md7
-rw-r--r--vendor/github.com/onsi/gomega/format/format.go8
-rw-r--r--vendor/github.com/onsi/gomega/gbytes/io_wrappers.go6
-rw-r--r--vendor/github.com/onsi/gomega/go.mod2
-rw-r--r--vendor/github.com/onsi/gomega/go.sum3
-rw-r--r--vendor/github.com/onsi/gomega/gomega_dsl.go2
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go5
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux.go41
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go222
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go4
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go22
-rw-r--r--vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go17
-rw-r--r--vendor/github.com/vishvananda/netlink/.travis.yml7
-rw-r--r--vendor/github.com/vishvananda/netlink/addr.go1
-rw-r--r--vendor/github.com/vishvananda/netlink/addr_linux.go35
-rw-r--r--vendor/github.com/vishvananda/netlink/class.go56
-rw-r--r--vendor/github.com/vishvananda/netlink/class_linux.go29
-rw-r--r--vendor/github.com/vishvananda/netlink/conntrack_linux.go116
-rw-r--r--vendor/github.com/vishvananda/netlink/filter.go9
-rw-r--r--vendor/github.com/vishvananda/netlink/filter_linux.go20
-rw-r--r--vendor/github.com/vishvananda/netlink/go.mod4
-rw-r--r--vendor/github.com/vishvananda/netlink/go.sum10
-rw-r--r--vendor/github.com/vishvananda/netlink/handle_unspecified.go2
-rw-r--r--vendor/github.com/vishvananda/netlink/inet_diag.go30
-rw-r--r--vendor/github.com/vishvananda/netlink/ipset_linux.go335
-rw-r--r--vendor/github.com/vishvananda/netlink/link.go50
-rw-r--r--vendor/github.com/vishvananda/netlink/link_linux.go198
-rw-r--r--vendor/github.com/vishvananda/netlink/neigh_linux.go12
-rw-r--r--vendor/github.com/vishvananda/netlink/netlink_unspecified.go6
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/addr_linux.go14
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go5
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/ipset_linux.go222
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/link_linux.go67
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/nl_linux.go28
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/parse_attr.go67
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/syscall.go7
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/tc_linux.go111
-rw-r--r--vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go2
-rw-r--r--vendor/github.com/vishvananda/netlink/qdisc.go24
-rw-r--r--vendor/github.com/vishvananda/netlink/qdisc_linux.go41
-rw-r--r--vendor/github.com/vishvananda/netlink/rdma_link_linux.go46
-rw-r--r--vendor/github.com/vishvananda/netlink/route.go51
-rw-r--r--vendor/github.com/vishvananda/netlink/route_linux.go119
-rw-r--r--vendor/github.com/vishvananda/netlink/rule.go14
-rw-r--r--vendor/github.com/vishvananda/netlink/rule_linux.go66
-rw-r--r--vendor/github.com/vishvananda/netlink/socket_linux.go92
-rw-r--r--vendor/github.com/vishvananda/netlink/tcp.go18
-rw-r--r--vendor/github.com/vishvananda/netlink/tcp_linux.go393
-rw-r--r--vendor/github.com/vishvananda/netns/go.mod2
-rw-r--r--vendor/github.com/vishvananda/netns/go.sum2
-rw-r--r--vendor/github.com/vishvananda/netns/netns.go19
-rw-r--r--vendor/github.com/vishvananda/netns/netns_linux.go87
-rw-r--r--vendor/github.com/willf/bitset/Makefile191
-rw-r--r--vendor/github.com/willf/bitset/README.md20
-rw-r--r--vendor/github.com/willf/bitset/bitset.go72
-rw-r--r--vendor/github.com/willf/bitset/go.mod3
-rw-r--r--vendor/github.com/willf/bitset/go.sum0
61 files changed, 2521 insertions, 532 deletions
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index f9e8384bb..ae96cc731 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.24.1
+1.24.3
diff --git a/vendor/github.com/containers/storage/storage.conf b/vendor/github.com/containers/storage/storage.conf
index 0577e84ca..af4953310 100644
--- a/vendor/github.com/containers/storage/storage.conf
+++ b/vendor/github.com/containers/storage/storage.conf
@@ -4,7 +4,7 @@
# The "container storage" table contains all of the server options.
[storage]
-# Default Storage Driver
+# Default Storage Driver, Must be set for proper operation.
driver = ""
# Temporary storage location
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index b9115f195..7b250db9f 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -30,6 +30,7 @@ import (
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
)
var (
@@ -3527,6 +3528,9 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) {
if config.Storage.Driver != "" {
storeOptions.GraphDriverName = config.Storage.Driver
}
+ if storeOptions.GraphDriverName == "" {
+ logrus.Errorf("The storage 'driver' option must be set in %s, guarantee proper operation.", configFile)
+ }
if config.Storage.RunRoot != "" {
storeOptions.RunRoot = config.Storage.RunRoot
}
diff --git a/vendor/github.com/onsi/gomega/.travis.yml b/vendor/github.com/onsi/gomega/.travis.yml
index e250be4ac..348e3014c 100644
--- a/vendor/github.com/onsi/gomega/.travis.yml
+++ b/vendor/github.com/onsi/gomega/.travis.yml
@@ -1,4 +1,7 @@
language: go
+arch:
+ - amd64
+ - ppc64le
go:
- 1.14.x
diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md
index 940953394..0f1765d84 100644
--- a/vendor/github.com/onsi/gomega/CHANGELOG.md
+++ b/vendor/github.com/onsi/gomega/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 1.10.4
+
+### Fixes
+- update golang net library to more recent version without vulnerability (#406) [817a8b9]
+- Correct spelling: alloted -> allotted (#403) [0bae715]
+- fix a panic in MessageWithDiff with long message (#402) [ea06b9b]
+
## 1.10.3
### Fixes
diff --git a/vendor/github.com/onsi/gomega/format/format.go b/vendor/github.com/onsi/gomega/format/format.go
index fae25adce..e59d7d75b 100644
--- a/vendor/github.com/onsi/gomega/format/format.go
+++ b/vendor/github.com/onsi/gomega/format/format.go
@@ -105,7 +105,13 @@ func MessageWithDiff(actual, message, expected string) string {
tabLength := 4
spaceFromMessageToActual := tabLength + len("<string>: ") - len(message)
- padding := strings.Repeat(" ", spaceFromMessageToActual+spacesBeforeFormattedMismatch) + "|"
+
+ paddingCount := spaceFromMessageToActual + spacesBeforeFormattedMismatch
+ if paddingCount < 0 {
+ return Message(formattedActual, message, formattedExpected)
+ }
+
+ padding := strings.Repeat(" ", paddingCount) + "|"
return Message(formattedActual, message+padding, formattedExpected)
}
diff --git a/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go b/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go
index 3caed8769..a41ad6232 100644
--- a/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go
+++ b/vendor/github.com/onsi/gomega/gbytes/io_wrappers.go
@@ -9,17 +9,17 @@ import (
// ErrTimeout is returned by TimeoutCloser, TimeoutReader, and TimeoutWriter when the underlying Closer/Reader/Writer does not return within the specified timeout
var ErrTimeout = errors.New("timeout occurred")
-// TimeoutCloser returns an io.Closer that wraps the passed-in io.Closer. If the underlying Closer fails to close within the alloted timeout ErrTimeout is returned.
+// TimeoutCloser returns an io.Closer that wraps the passed-in io.Closer. If the underlying Closer fails to close within the allotted timeout ErrTimeout is returned.
func TimeoutCloser(c io.Closer, timeout time.Duration) io.Closer {
return timeoutReaderWriterCloser{c: c, d: timeout}
}
-// TimeoutReader returns an io.Reader that wraps the passed-in io.Reader. If the underlying Reader fails to read within the alloted timeout ErrTimeout is returned.
+// TimeoutReader returns an io.Reader that wraps the passed-in io.Reader. If the underlying Reader fails to read within the allotted timeout ErrTimeout is returned.
func TimeoutReader(r io.Reader, timeout time.Duration) io.Reader {
return timeoutReaderWriterCloser{r: r, d: timeout}
}
-// TimeoutWriter returns an io.Writer that wraps the passed-in io.Writer. If the underlying Writer fails to write within the alloted timeout ErrTimeout is returned.
+// TimeoutWriter returns an io.Writer that wraps the passed-in io.Writer. If the underlying Writer fails to write within the allotted timeout ErrTimeout is returned.
func TimeoutWriter(w io.Writer, timeout time.Duration) io.Writer {
return timeoutReaderWriterCloser{w: w, d: timeout}
}
diff --git a/vendor/github.com/onsi/gomega/go.mod b/vendor/github.com/onsi/gomega/go.mod
index 0a80d5ec3..02b99ab60 100644
--- a/vendor/github.com/onsi/gomega/go.mod
+++ b/vendor/github.com/onsi/gomega/go.mod
@@ -5,7 +5,7 @@ go 1.14
require (
github.com/golang/protobuf v1.4.2
github.com/onsi/ginkgo v1.12.1
- golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0
+ golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
gopkg.in/yaml.v2 v2.3.0
)
diff --git a/vendor/github.com/onsi/gomega/go.sum b/vendor/github.com/onsi/gomega/go.sum
index c54e9b88e..fc230153b 100644
--- a/vendor/github.com/onsi/gomega/go.sum
+++ b/vendor/github.com/onsi/gomega/go.sum
@@ -31,6 +31,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dD
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0 h1:wBouT66WTYFXdxfVdz9sVWARVd/2vfGcmI45D2gj45M=
golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U=
+golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e h1:o3PsSEY8E4eXWkXrIP9YJALUkVZqzHJT5DOasTyn8Vs=
@@ -42,6 +44,7 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwg
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go
index 4af1a8c01..a8529f1ca 100644
--- a/vendor/github.com/onsi/gomega/gomega_dsl.go
+++ b/vendor/github.com/onsi/gomega/gomega_dsl.go
@@ -24,7 +24,7 @@ import (
"github.com/onsi/gomega/types"
)
-const GOMEGA_VERSION = "1.10.3"
+const GOMEGA_VERSION = "1.10.4"
const nilFailHandlerPanic = `You are trying to make an assertion, but Gomega's fail handler is nil.
If you're using Ginkgo then you probably forgot to put your assertion in an It().
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
index 10ac15a85..988adc8f4 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
@@ -27,14 +27,14 @@ var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be use
// the container. A list of options can be passed into this function to alter
// the labels. The labels returned will include a random MCS String, that is
// guaranteed to be unique.
-func InitLabels(options []string) (plabel string, mlabel string, Err error) {
+func InitLabels(options []string) (plabel string, mlabel string, retErr error) {
if !selinux.GetEnabled() {
return "", "", nil
}
processLabel, mountLabel := selinux.ContainerLabels()
if processLabel != "" {
defer func() {
- if Err != nil {
+ if retErr != nil {
selinux.ReleaseLabel(mountLabel)
}
}()
@@ -57,7 +57,6 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
con := strings.SplitN(opt, ":", 2)
if !validOptions[con[0]] {
return "", "", errors.Errorf("Bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0])
-
}
if con[0] == "filetype" {
mcon["type"] = con[1]
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
index 50760dc93..d9119908b 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
@@ -30,6 +30,11 @@ var (
// ErrLevelSyntax is returned when a sensitivity or category do not have correct syntax in a level
ErrLevelSyntax = errors.New("invalid level syntax")
+ // ErrContextMissing is returned if a requested context is not found in a file.
+ ErrContextMissing = errors.New("context does not have a match")
+ // ErrVerifierNil is returned when a context verifier function is nil.
+ ErrVerifierNil = errors.New("verifier function is nil")
+
// CategoryRange allows the upper bound on the category range to be adjusted
CategoryRange = DefaultCategoryRange
)
@@ -63,8 +68,12 @@ func FileLabel(fpath string) (string, error) {
return fileLabel(fpath)
}
-// SetFSCreateLabel tells kernel the label to create all file system objects
-// created by this task. Setting label="" to return to default.
+// SetFSCreateLabel tells the kernel what label to use for all file system objects
+// created by this task.
+// Set the label to an empty string to return to the default label. Calls to SetFSCreateLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system
+// objects created by this task are finished to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
func SetFSCreateLabel(label string) error {
return setFSCreateLabel(label)
}
@@ -113,19 +122,27 @@ func CalculateGlbLub(sourceRange, targetRange string) (string, error) {
}
// SetExecLabel sets the SELinux label that the kernel will use for any programs
-// that are executed by the current process thread, or an error.
+// that are executed by the current process thread, or an error. Calls to SetExecLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until execution
+// of the program is finished to guarantee another goroutine does not migrate to the current
+// thread before execution is complete.
func SetExecLabel(label string) error {
return setExecLabel(label)
}
// SetTaskLabel sets the SELinux label for the current thread, or an error.
-// This requires the dyntransition permission.
+// This requires the dyntransition permission. Calls to SetTaskLabel should
+// be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee
+// the current thread does not run in a new mislabeled thread.
func SetTaskLabel(label string) error {
return setTaskLabel(label)
}
// SetSocketLabel takes a process label and tells the kernel to assign the
-// label to the next socket that gets created
+// label to the next socket that gets created. Calls to SetSocketLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until
+// the the socket is created to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
func SetSocketLabel(label string) error {
return setSocketLabel(label)
}
@@ -141,7 +158,10 @@ func PeerLabel(fd uintptr) (string, error) {
}
// SetKeyLabel takes a process label and tells the kernel to assign the
-// label to the next kernel keyring that gets created
+// label to the next kernel keyring that gets created. Calls to SetKeyLabel
+// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until
+// the kernel keyring is created to guarantee another goroutine does not migrate
+// to the current thread before execution is complete.
func SetKeyLabel(label string) error {
return setKeyLabel(label)
}
@@ -247,3 +267,12 @@ func DupSecOpt(src string) ([]string, error) {
func DisableSecOpt() []string {
return disableSecOpt()
}
+
+// GetDefaultContextWithLevel gets a single context for the specified SELinux user
+// identity that is reachable from the specified scon context. The context is based
+// on the per-user /etc/selinux/{SELINUXTYPE}/contexts/users/<username> if it exists,
+// and falls back to the global /etc/selinux/{SELINUXTYPE}/contexts/default_contexts
+// file.
+func GetDefaultContextWithLevel(user, level, scon string) (string, error) {
+ return getDefaultContextWithLevel(user, level, scon)
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index d6b0d49db..904f5b04f 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -28,6 +28,8 @@ const (
minSensLen = 2
contextFile = "/usr/share/containers/selinux/contexts"
selinuxDir = "/etc/selinux/"
+ selinuxUsersDir = "contexts/users"
+ defaultContexts = "contexts/default_contexts"
selinuxConfig = selinuxDir + "config"
selinuxfsMount = "/sys/fs/selinux"
selinuxTypeTag = "SELINUXTYPE"
@@ -35,6 +37,8 @@ const (
xattrNameSelinux = "security.selinux"
)
+var policyRoot = filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
+
type selinuxState struct {
enabledSet bool
enabled bool
@@ -54,6 +58,13 @@ type mlsRange struct {
high *level
}
+type defaultSECtx struct {
+ user, level, scon string
+ userRdr, defaultRdr io.Reader
+
+ verifier func(string) error
+}
+
type levelItem byte
const (
@@ -111,7 +122,7 @@ func verifySELinuxfsMount(mnt string) bool {
if err == nil {
break
}
- if err == unix.EAGAIN {
+ if err == unix.EAGAIN || err == unix.EINTR {
continue
}
return false
@@ -205,28 +216,16 @@ func getEnabled() bool {
}
func readConfig(target string) string {
- var (
- val, key string
- bufin *bufio.Reader
- )
-
in, err := os.Open(selinuxConfig)
if err != nil {
return ""
}
defer in.Close()
- bufin = bufio.NewReader(in)
+ scanner := bufio.NewScanner(in)
- for done := false; !done; {
- var line string
- if line, err = bufin.ReadString('\n'); err != nil {
- if err != io.EOF {
- return ""
- }
- done = true
- }
- line = strings.TrimSpace(line)
+ for scanner.Scan() {
+ line := strings.TrimSpace(scanner.Text())
if len(line) == 0 {
// Skip blank lines
continue
@@ -236,7 +235,7 @@ func readConfig(target string) string {
continue
}
if groups := assignRegex.FindStringSubmatch(line); groups != nil {
- key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
+ key, val := strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
if key == target {
return strings.Trim(val, "\"")
}
@@ -245,15 +244,17 @@ func readConfig(target string) string {
return ""
}
-func getSELinuxPolicyRoot() string {
- return filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
-}
-
func isProcHandle(fh *os.File) error {
var buf unix.Statfs_t
- err := unix.Fstatfs(int(fh.Fd()), &buf)
- if err != nil {
- return errors.Wrapf(err, "statfs(%q) failed", fh.Name())
+
+ for {
+ err := unix.Fstatfs(int(fh.Fd()), &buf)
+ if err == nil {
+ break
+ }
+ if err != unix.EINTR {
+ return errors.Wrapf(err, "statfs(%q) failed", fh.Name())
+ }
}
if buf.Type != unix.PROC_SUPER_MAGIC {
return errors.Errorf("file %q is not on procfs", fh.Name())
@@ -307,9 +308,16 @@ func setFileLabel(fpath string, label string) error {
if fpath == "" {
return ErrEmptyPath
}
- if err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil {
- return errors.Wrapf(err, "failed to set file label on %s", fpath)
+ for {
+ err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)
+ if err == nil {
+ break
+ }
+ if err != unix.EINTR {
+ return errors.Wrapf(err, "failed to set file label on %s", fpath)
+ }
}
+
return nil
}
@@ -751,7 +759,7 @@ func reserveLabel(label string) {
if len(label) != 0 {
con := strings.SplitN(label, ":", 4)
if len(con) > 3 {
- mcsAdd(con[3])
+ _ = mcsAdd(con[3])
}
}
}
@@ -828,11 +836,11 @@ func intToMcs(id int, catRange uint32) string {
}
for ORD > TIER {
- ORD = ORD - TIER
+ ORD -= TIER
TIER--
}
TIER = SETSIZE - TIER
- ORD = ORD + TIER
+ ORD += TIER
return fmt.Sprintf("s0:c%d,c%d", TIER, ORD)
}
@@ -844,16 +852,14 @@ func uniqMcs(catRange uint32) string {
)
for {
- binary.Read(rand.Reader, binary.LittleEndian, &n)
+ _ = binary.Read(rand.Reader, binary.LittleEndian, &n)
c1 = n % catRange
- binary.Read(rand.Reader, binary.LittleEndian, &n)
+ _ = binary.Read(rand.Reader, binary.LittleEndian, &n)
c2 = n % catRange
if c1 == c2 {
continue
- } else {
- if c1 > c2 {
- c1, c2 = c2, c1
- }
+ } else if c1 > c2 {
+ c1, c2 = c2, c1
}
mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
if err := mcsAdd(mcs); err != nil {
@@ -884,18 +890,13 @@ func openContextFile() (*os.File, error) {
if f, err := os.Open(contextFile); err == nil {
return f, nil
}
- lxcPath := filepath.Join(getSELinuxPolicyRoot(), "/contexts/lxc_contexts")
+ lxcPath := filepath.Join(policyRoot, "/contexts/lxc_contexts")
return os.Open(lxcPath)
}
var labels = loadLabels()
func loadLabels() map[string]string {
- var (
- val, key string
- bufin *bufio.Reader
- )
-
labels := make(map[string]string)
in, err := openContextFile()
if err != nil {
@@ -903,18 +904,10 @@ func loadLabels() map[string]string {
}
defer in.Close()
- bufin = bufio.NewReader(in)
+ scanner := bufio.NewScanner(in)
- for done := false; !done; {
- var line string
- if line, err = bufin.ReadString('\n'); err != nil {
- if err == io.EOF {
- done = true
- } else {
- break
- }
- }
- line = strings.TrimSpace(line)
+ for scanner.Scan() {
+ line := strings.TrimSpace(scanner.Text())
if len(line) == 0 {
// Skip blank lines
continue
@@ -924,7 +917,7 @@ func loadLabels() map[string]string {
continue
}
if groups := assignRegex.FindStringSubmatch(line); groups != nil {
- key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
+ key, val := strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
labels[key] = strings.Trim(val, "\"")
}
}
@@ -1015,7 +1008,7 @@ func copyLevel(src, dest string) (string, error) {
return "", err
}
mcsDelete(tcon["level"])
- mcsAdd(scon["level"])
+ _ = mcsAdd(scon["level"])
tcon["level"] = scon["level"]
return tcon.Get(), nil
}
@@ -1095,3 +1088,124 @@ func dupSecOpt(src string) ([]string, error) {
func disableSecOpt() []string {
return []string{"disable"}
}
+
+// findUserInContext scans the reader for a valid SELinux context
+// match that is verified with the verifier. Invalid contexts are
+// skipped. It returns a matched context or an empty string if no
+// match is found. If a scanner error occurs, it is returned.
+func findUserInContext(context Context, r io.Reader, verifier func(string) error) (string, error) {
+ fromRole := context["role"]
+ fromType := context["type"]
+ scanner := bufio.NewScanner(r)
+
+ for scanner.Scan() {
+ fromConns := strings.Fields(scanner.Text())
+ if len(fromConns) == 0 {
+ // Skip blank lines
+ continue
+ }
+
+ line := fromConns[0]
+
+ if line[0] == ';' || line[0] == '#' {
+ // Skip comments
+ continue
+ }
+
+ // user context files contexts are formatted as
+ // role_r:type_t:s0 where the user is missing.
+ lineArr := strings.SplitN(line, ":", 4)
+ // skip context with typo, or role and type do not match
+ if len(lineArr) != 3 ||
+ lineArr[0] != fromRole ||
+ lineArr[1] != fromType {
+ continue
+ }
+
+ for _, cc := range fromConns[1:] {
+ toConns := strings.SplitN(cc, ":", 4)
+ if len(toConns) != 3 {
+ continue
+ }
+
+ context["role"] = toConns[0]
+ context["type"] = toConns[1]
+
+ outConn := context.get()
+ if err := verifier(outConn); err != nil {
+ continue
+ }
+
+ return outConn, nil
+ }
+ }
+
+ if err := scanner.Err(); err != nil {
+ return "", errors.Wrap(err, "failed to scan for context")
+ }
+
+ return "", nil
+}
+
+func getDefaultContextFromReaders(c *defaultSECtx) (string, error) {
+ if c.verifier == nil {
+ return "", ErrVerifierNil
+ }
+
+ context, err := newContext(c.scon)
+ if err != nil {
+ return "", errors.Wrapf(err, "failed to create label for %s", c.scon)
+ }
+
+ // set so the verifier validates the matched context with the provided user and level.
+ context["user"] = c.user
+ context["level"] = c.level
+
+ conn, err := findUserInContext(context, c.userRdr, c.verifier)
+ if err != nil {
+ return "", err
+ }
+
+ if conn != "" {
+ return conn, nil
+ }
+
+ conn, err = findUserInContext(context, c.defaultRdr, c.verifier)
+ if err != nil {
+ return "", err
+ }
+
+ if conn != "" {
+ return conn, nil
+ }
+
+ return "", errors.Wrapf(ErrContextMissing, "context not found: %q", c.scon)
+}
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+ userPath := filepath.Join(policyRoot, selinuxUsersDir, user)
+ defaultPath := filepath.Join(policyRoot, defaultContexts)
+
+ fu, err := os.Open(userPath)
+ if err != nil {
+ return "", err
+ }
+ defer fu.Close()
+
+ fd, err := os.Open(defaultPath)
+ if err != nil {
+ return "", err
+ }
+ defer fd.Close()
+
+ c := defaultSECtx{
+ user: user,
+ level: level,
+ scon: scon,
+ userRdr: fu,
+ defaultRdr: fd,
+ verifier: securityCheckContext,
+ }
+
+ return getDefaultContextFromReaders(&c)
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
index c526b210f..e4b65c9e2 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@@ -146,3 +146,7 @@ func dupSecOpt(src string) ([]string, error) {
func disableSecOpt() []string {
return []string{"disable"}
}
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+ return "", nil
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
index de5c80ef3..2365b4bda 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/xattrs.go
@@ -6,21 +6,21 @@ import (
"golang.org/x/sys/unix"
)
-// Returns a []byte slice if the xattr is set and nil otherwise
-// Requires path and its attribute as arguments
-func lgetxattr(path string, attr string) ([]byte, error) {
+// lgetxattr returns a []byte slice containing the value of
+// an extended attribute attr set for path.
+func lgetxattr(path, attr string) ([]byte, error) {
// Start with a 128 length byte array
dest := make([]byte, 128)
- sz, errno := unix.Lgetxattr(path, attr, dest)
+ sz, errno := doLgetxattr(path, attr, dest)
for errno == unix.ERANGE {
// Buffer too small, use zero-sized buffer to get the actual size
- sz, errno = unix.Lgetxattr(path, attr, []byte{})
+ sz, errno = doLgetxattr(path, attr, []byte{})
if errno != nil {
return nil, errno
}
dest = make([]byte, sz)
- sz, errno = unix.Lgetxattr(path, attr, dest)
+ sz, errno = doLgetxattr(path, attr, dest)
}
if errno != nil {
return nil, errno
@@ -28,3 +28,13 @@ func lgetxattr(path string, attr string) ([]byte, error) {
return dest[:sz], nil
}
+
+// doLgetxattr is a wrapper that retries on EINTR
+func doLgetxattr(path, attr string, dest []byte) (int, error) {
+ for {
+ sz, err := unix.Lgetxattr(path, attr, dest)
+ if err != unix.EINTR {
+ return sz, err
+ }
+ }
+}
diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
index 63fde1842..437b12b3e 100644
--- a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
+++ b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
@@ -20,17 +20,16 @@ type WalkFunc = filepath.WalkFunc
//
// Note that this implementation only supports primitive error handling:
//
-// * no errors are ever passed to WalkFn
+// - no errors are ever passed to WalkFn;
//
-// * once a walkFn returns any error, all further processing stops
-// and the error is returned to the caller of Walk;
+// - once a walkFn returns any error, all further processing stops
+// and the error is returned to the caller of Walk;
//
-// * filepath.SkipDir is not supported;
-//
-// * if more than one walkFn instance will return an error, only one
-// of such errors will be propagated and returned by Walk, others
-// will be silently discarded.
+// - filepath.SkipDir is not supported;
//
+// - if more than one walkFn instance will return an error, only one
+// of such errors will be propagated and returned by Walk, others
+// will be silently discarded.
func Walk(root string, walkFn WalkFunc) error {
return WalkN(root, walkFn, runtime.NumCPU()*2)
}
@@ -38,6 +37,8 @@ func Walk(root string, walkFn WalkFunc) error {
// WalkN is a wrapper for filepath.Walk which can call multiple walkFn
// in parallel, allowing to handle each item concurrently. A maximum of
// num walkFn will be called at any one time.
+//
+// Please see Walk documentation for caveats of using this function.
func WalkN(root string, walkFn WalkFunc, num int) error {
// make sure limit is sensible
if num < 1 {
diff --git a/vendor/github.com/vishvananda/netlink/.travis.yml b/vendor/github.com/vishvananda/netlink/.travis.yml
index 7d14af4d6..80219c69d 100644
--- a/vendor/github.com/vishvananda/netlink/.travis.yml
+++ b/vendor/github.com/vishvananda/netlink/.travis.yml
@@ -1,8 +1,8 @@
language: go
go:
- - "1.10.x"
- - "1.11.x"
- "1.12.x"
+ - "1.13.x"
+ - "1.14.x"
before_script:
# make sure we keep path in tact when we sudo
- sudo sed -i -e 's/^Defaults\tsecure_path.*$//' /etc/sudoers
@@ -14,6 +14,7 @@ before_script:
- sudo modprobe nf_conntrack_ipv4
- sudo modprobe nf_conntrack_ipv6
- sudo modprobe sch_hfsc
+ - sudo modprobe sch_sfq
install:
- - go get github.com/vishvananda/netns
+ - go get -v -t ./...
go_import_path: github.com/vishvananda/netlink
diff --git a/vendor/github.com/vishvananda/netlink/addr.go b/vendor/github.com/vishvananda/netlink/addr.go
index f08c95696..653f540db 100644
--- a/vendor/github.com/vishvananda/netlink/addr.go
+++ b/vendor/github.com/vishvananda/netlink/addr.go
@@ -17,6 +17,7 @@ type Addr struct {
Broadcast net.IP
PreferedLft int
ValidLft int
+ LinkIndex int
}
// String returns $ip/$netmask $label
diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go
index 28746d5af..71da251ca 100644
--- a/vendor/github.com/vishvananda/netlink/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/addr_linux.go
@@ -11,9 +11,6 @@ import (
"golang.org/x/sys/unix"
)
-// IFA_FLAGS is a u32 attribute.
-const IFA_FLAGS = 0x8
-
// AddrAdd will add an IP address to a link device.
//
// Equivalent to: `ip addr add $addr dev $link`
@@ -125,7 +122,7 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
} else {
b := make([]byte, 4)
native.PutUint32(b, uint32(addr.Flags))
- flagsData := nl.NewRtAttr(IFA_FLAGS, b)
+ flagsData := nl.NewRtAttr(unix.IFA_FLAGS, b)
req.AddData(flagsData)
}
}
@@ -156,10 +153,10 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
// value should be "forever". To compensate for that, only add the attributes if at least one of the values is
// non-zero, which means the caller has explicitly set them
if addr.ValidLft > 0 || addr.PreferedLft > 0 {
- cachedata := nl.IfaCacheInfo{
- IfaValid: uint32(addr.ValidLft),
- IfaPrefered: uint32(addr.PreferedLft),
- }
+ cachedata := nl.IfaCacheInfo{unix.IfaCacheinfo{
+ Valid: uint32(addr.ValidLft),
+ Prefered: uint32(addr.PreferedLft),
+ }}
req.AddData(nl.NewRtAttr(unix.IFA_CACHEINFO, cachedata.Serialize()))
}
@@ -196,12 +193,12 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
var res []Addr
for _, m := range msgs {
- addr, msgFamily, ifindex, err := parseAddr(m)
+ addr, msgFamily, err := parseAddr(m)
if err != nil {
return res, err
}
- if link != nil && ifindex != indexFilter {
+ if link != nil && addr.LinkIndex != indexFilter {
// Ignore messages from other interfaces
continue
}
@@ -216,11 +213,11 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
return res, nil
}
-func parseAddr(m []byte) (addr Addr, family, index int, err error) {
+func parseAddr(m []byte) (addr Addr, family int, err error) {
msg := nl.DeserializeIfAddrmsg(m)
family = -1
- index = -1
+ addr.LinkIndex = -1
attrs, err1 := nl.ParseRouteAttr(m[msg.Len():])
if err1 != nil {
@@ -229,7 +226,7 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
}
family = int(msg.Family)
- index = int(msg.Index)
+ addr.LinkIndex = int(msg.Index)
var local, dst *net.IPNet
for _, attr := range attrs {
@@ -254,12 +251,12 @@ func parseAddr(m []byte) (addr Addr, family, index int, err error) {
addr.Broadcast = attr.Value
case unix.IFA_LABEL:
addr.Label = string(attr.Value[:len(attr.Value)-1])
- case IFA_FLAGS:
+ case unix.IFA_FLAGS:
addr.Flags = int(native.Uint32(attr.Value[0:4]))
- case nl.IFA_CACHEINFO:
+ case unix.IFA_CACHEINFO:
ci := nl.DeserializeIfaCacheInfo(attr.Value)
- addr.PreferedLft = int(ci.IfaPrefered)
- addr.ValidLft = int(ci.IfaValid)
+ addr.PreferedLft = int(ci.Prefered)
+ addr.ValidLft = int(ci.Valid)
}
}
@@ -394,7 +391,7 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
continue
}
- addr, _, ifindex, err := parseAddr(m.Data)
+ addr, _, err := parseAddr(m.Data)
if err != nil {
if cberr != nil {
cberr(fmt.Errorf("could not parse address: %v", err))
@@ -403,7 +400,7 @@ func addrSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- AddrUpdate, done <-c
}
ch <- AddrUpdate{LinkAddress: *addr.IPNet,
- LinkIndex: ifindex,
+ LinkIndex: addr.LinkIndex,
NewAddr: msgType == unix.RTM_NEWADDR,
Flags: addr.Flags,
Scope: addr.Scope,
diff --git a/vendor/github.com/vishvananda/netlink/class.go b/vendor/github.com/vishvananda/netlink/class.go
index dcc22d9e9..10ceffed8 100644
--- a/vendor/github.com/vishvananda/netlink/class.go
+++ b/vendor/github.com/vishvananda/netlink/class.go
@@ -132,7 +132,10 @@ func (class *GenericClass) Type() string {
return class.ClassType
}
-// ServiceCurve is the way the HFSC curve are represented
+// ServiceCurve is a nondecreasing function of some time unit, returning the amount of service
+// (an allowed or allocated amount of bandwidth) at some specific point in time. The purpose of it
+// should be subconsciously obvious: if a class was allowed to transfer not less than the amount
+// specified by its service curve, then the service curve is not violated.
type ServiceCurve struct {
m1 uint32
d uint32
@@ -144,6 +147,21 @@ func (c *ServiceCurve) Attrs() (uint32, uint32, uint32) {
return c.m1, c.d, c.m2
}
+// Burst returns the burst rate (m1) of the curve
+func (c *ServiceCurve) Burst() uint32 {
+ return c.m1
+}
+
+// Delay return the delay (d) of the curve
+func (c *ServiceCurve) Delay() uint32 {
+ return c.d
+}
+
+// Rate returns the rate (m2) of the curve
+func (c *ServiceCurve) Rate() uint32 {
+ return c.m2
+}
+
// HfscClass is a representation of the HFSC class
type HfscClass struct {
ClassAttrs
@@ -152,35 +170,44 @@ type HfscClass struct {
Usc ServiceCurve
}
-// SetUsc sets the Usc curve
+// SetUsc sets the USC curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetUsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetFsc sets the Fsc curve
+// SetFsc sets the Fsc curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetFsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetRsc sets the Rsc curve
+// SetRsc sets the Rsc curve. The bandwidth (m1 and m2) is specified in bits and the delay in
+// seconds.
func (hfsc *HfscClass) SetRsc(m1 uint32, d uint32, m2 uint32) {
- hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
}
-// SetSC implements the SC from the tc CLI
+// SetSC implements the SC from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetSC(m1 uint32, d uint32, m2 uint32) {
- hfsc.Rsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetRsc(m1, d, m2)
+ hfsc.SetFsc(m1, d, m2)
}
-// SetUL implements the UL from the tc CLI
+// SetUL implements the UL from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetUL(m1 uint32, d uint32, m2 uint32) {
- hfsc.Usc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetUsc(m1, d, m2)
}
-// SetLS implements the LS from the tc CLI
+// SetLS implements the LS from the `tc` CLI. This function behaves the same as if one would set the
+// USC through the `tc` command-line tool. This means bandwidth (m1 and m2) is specified in bits and
+// the delay in ms.
func (hfsc *HfscClass) SetLS(m1 uint32, d uint32, m2 uint32) {
- hfsc.Fsc = ServiceCurve{m1: m1 / 8, d: d, m2: m2 / 8}
+ hfsc.SetFsc(m1, d, m2)
}
// NewHfscClass returns a new HFSC struct with the set parameters
@@ -193,6 +220,7 @@ func NewHfscClass(attrs ClassAttrs) *HfscClass {
}
}
+// String() returns a string that contains the information and attributes of the HFSC class
func (hfsc *HfscClass) String() string {
return fmt.Sprintf(
"{%s -- {RSC: {m1=%d d=%d m2=%d}} {FSC: {m1=%d d=%d m2=%d}} {USC: {m1=%d d=%d m2=%d}}}",
diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go
index 31091e501..e664ade7f 100644
--- a/vendor/github.com/vishvananda/netlink/class_linux.go
+++ b/vendor/github.com/vishvananda/netlink/class_linux.go
@@ -43,12 +43,12 @@ func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
if buffer == 0 {
buffer = uint32(float64(rate)/Hz() + float64(mtu))
}
- buffer = uint32(Xmittime(rate, buffer))
+ buffer = Xmittime(rate, buffer)
if cbuffer == 0 {
cbuffer = uint32(float64(ceil)/Hz() + float64(mtu))
}
- cbuffer = uint32(Xmittime(ceil, cbuffer))
+ cbuffer = Xmittime(ceil, cbuffer)
return &HtbClass{
ClassAttrs: attrs,
@@ -56,9 +56,9 @@ func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass {
Ceil: ceil,
Buffer: buffer,
Cbuffer: cbuffer,
- Quantum: 10,
Level: 0,
- Prio: 0,
+ Prio: cattrs.Prio,
+ Quantum: cattrs.Quantum,
}
}
@@ -179,12 +179,15 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
case "hfsc":
hfsc := class.(*HfscClass)
opt := nl.HfscCopt{}
- opt.Rsc.Set(hfsc.Rsc.Attrs())
- opt.Fsc.Set(hfsc.Fsc.Attrs())
- opt.Usc.Set(hfsc.Usc.Attrs())
- options.AddRtAttr(nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
- options.AddRtAttr(nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
- options.AddRtAttr(nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
+ rm1, rd, rm2 := hfsc.Rsc.Attrs()
+ opt.Rsc.Set(rm1/8, rd, rm2/8)
+ fm1, fd, fm2 := hfsc.Fsc.Attrs()
+ opt.Fsc.Set(fm1/8, fd, fm2/8)
+ um1, ud, um2 := hfsc.Usc.Attrs()
+ opt.Usc.Set(um1/8, ud, um2/8)
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_RSC, nl.SerializeHfscCurve(&opt.Rsc))
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_FSC, nl.SerializeHfscCurve(&opt.Fsc))
+ nl.NewRtAttrChild(options, nl.TCA_HFSC_USC, nl.SerializeHfscCurve(&opt.Usc))
}
req.AddData(options)
return nil
@@ -315,11 +318,11 @@ func parseHfscClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, err
m1, d, m2 := nl.DeserializeHfscCurve(datum.Value).Attrs()
switch datum.Attr.Type {
case nl.TCA_HFSC_RSC:
- hfsc.Rsc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Rsc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
case nl.TCA_HFSC_FSC:
- hfsc.Fsc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Fsc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
case nl.TCA_HFSC_USC:
- hfsc.Usc = ServiceCurve{m1: m1, d: d, m2: m2}
+ hfsc.Usc = ServiceCurve{m1: m1 * 8, d: d, m2: m2 * 8}
}
}
return detailed, nil
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
index 4bff0dcba..ab91f4e55 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
@@ -318,18 +318,25 @@ func parseRawData(data []byte) *ConntrackFlow {
// --mask-src ip Source mask address
// --mask-dst ip Destination mask address
+// Layer 4 Protocol common parameters and options:
+// TCP, UDP, SCTP, UDPLite and DCCP
+// --sport, --orig-port-src port Source port in original direction
+// --dport, --orig-port-dst port Destination port in original direction
+
// Filter types
type ConntrackFilterType uint8
const (
- ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction
- ConntrackOrigDstIP // -orig-dst ip Destination address from original direction
- ConntrackReplySrcIP // --reply-src ip Reply Source IP
- ConntrackReplyDstIP // --reply-dst ip Reply Destination IP
- ConntrackReplyAnyIP // Match source or destination reply IP
- ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
- ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
- ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instaed ConntrackReplyAnyIP
+ ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction
+ ConntrackOrigDstIP // -orig-dst ip Destination address from original direction
+ ConntrackReplySrcIP // --reply-src ip Reply Source IP
+ ConntrackReplyDstIP // --reply-dst ip Reply Destination IP
+ ConntrackReplyAnyIP // Match source or destination reply IP
+ ConntrackOrigSrcPort // --orig-port-src port Source port in original direction
+ ConntrackOrigDstPort // --orig-port-dst port Destination port in original direction
+ ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP
+ ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP
+ ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instead ConntrackReplyAnyIP
)
type CustomConntrackFilter interface {
@@ -339,7 +346,9 @@ type CustomConntrackFilter interface {
}
type ConntrackFilter struct {
- ipFilter map[ConntrackFilterType]net.IP
+ ipFilter map[ConntrackFilterType]net.IP
+ portFilter map[ConntrackFilterType]uint16
+ protoFilter uint8
}
// AddIP adds an IP to the conntrack filter
@@ -354,38 +363,89 @@ func (f *ConntrackFilter) AddIP(tp ConntrackFilterType, ip net.IP) error {
return nil
}
+// AddPort adds a Port to the conntrack filter if the Layer 4 protocol allows it
+func (f *ConntrackFilter) AddPort(tp ConntrackFilterType, port uint16) error {
+ switch f.protoFilter {
+ // TCP, UDP, DCCP, SCTP, UDPLite
+ case 6, 17, 33, 132, 136:
+ default:
+ return fmt.Errorf("Filter attribute not available without a valid Layer 4 protocol: %d", f.protoFilter)
+ }
+
+ if f.portFilter == nil {
+ f.portFilter = make(map[ConntrackFilterType]uint16)
+ }
+ if _, ok := f.portFilter[tp]; ok {
+ return errors.New("Filter attribute already present")
+ }
+ f.portFilter[tp] = port
+ return nil
+}
+
+// AddProtocol adds the Layer 4 protocol to the conntrack filter
+func (f *ConntrackFilter) AddProtocol(proto uint8) error {
+ if f.protoFilter != 0 {
+ return errors.New("Filter attribute already present")
+ }
+ f.protoFilter = proto
+ return nil
+}
+
// MatchConntrackFlow applies the filter to the flow and returns true if the flow matches the filter
// false otherwise
func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool {
- if len(f.ipFilter) == 0 {
+ if len(f.ipFilter) == 0 && len(f.portFilter) == 0 && f.protoFilter == 0 {
// empty filter always not match
return false
}
- match := true
- // -orig-src ip Source address from original direction
- if elem, found := f.ipFilter[ConntrackOrigSrcIP]; found {
- match = match && elem.Equal(flow.Forward.SrcIP)
+ // -p, --protonum proto Layer 4 Protocol, eg. 'tcp'
+ if f.protoFilter != 0 && flow.Forward.Protocol != f.protoFilter {
+ // different Layer 4 protocol always not match
+ return false
}
- // -orig-dst ip Destination address from original direction
- if elem, found := f.ipFilter[ConntrackOrigDstIP]; match && found {
- match = match && elem.Equal(flow.Forward.DstIP)
- }
+ match := true
- // -src-nat ip Source NAT ip
- if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
- match = match && elem.Equal(flow.Reverse.SrcIP)
- }
+ // IP conntrack filter
+ if len(f.ipFilter) > 0 {
+ // -orig-src ip Source address from original direction
+ if elem, found := f.ipFilter[ConntrackOrigSrcIP]; found {
+ match = match && elem.Equal(flow.Forward.SrcIP)
+ }
+
+ // -orig-dst ip Destination address from original direction
+ if elem, found := f.ipFilter[ConntrackOrigDstIP]; match && found {
+ match = match && elem.Equal(flow.Forward.DstIP)
+ }
- // -dst-nat ip Destination NAT ip
- if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
- match = match && elem.Equal(flow.Reverse.DstIP)
+ // -src-nat ip Source NAT ip
+ if elem, found := f.ipFilter[ConntrackReplySrcIP]; match && found {
+ match = match && elem.Equal(flow.Reverse.SrcIP)
+ }
+
+ // -dst-nat ip Destination NAT ip
+ if elem, found := f.ipFilter[ConntrackReplyDstIP]; match && found {
+ match = match && elem.Equal(flow.Reverse.DstIP)
+ }
+
+ // Match source or destination reply IP
+ if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
+ match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
+ }
}
- // Match source or destination reply IP
- if elem, found := f.ipFilter[ConntrackReplyAnyIP]; match && found {
- match = match && (elem.Equal(flow.Reverse.SrcIP) || elem.Equal(flow.Reverse.DstIP))
+ // Layer 4 Port filter
+ if len(f.portFilter) > 0 {
+ // -orig-port-src port Source port from original direction
+ if elem, found := f.portFilter[ConntrackOrigSrcPort]; match && found {
+ match = match && elem == flow.Forward.SrcPort
+ }
+
+ // -orig-port-dst port Destination port from original direction
+ if elem, found := f.portFilter[ConntrackOrigDstPort]; match && found {
+ match = match && elem == flow.Forward.DstPort
+ }
}
return match
diff --git a/vendor/github.com/vishvananda/netlink/filter.go b/vendor/github.com/vishvananda/netlink/filter.go
index 88792eab0..2dc34b995 100644
--- a/vendor/github.com/vishvananda/netlink/filter.go
+++ b/vendor/github.com/vishvananda/netlink/filter.go
@@ -213,10 +213,11 @@ const (
type TunnelKeyAction struct {
ActionAttrs
- Action TunnelKeyAct
- SrcAddr net.IP
- DstAddr net.IP
- KeyID uint32
+ Action TunnelKeyAct
+ SrcAddr net.IP
+ DstAddr net.IP
+ KeyID uint32
+ DestPort uint16
}
func (action *TunnelKeyAction) Type() string {
diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go
index c56f314cd..ef6fabe81 100644
--- a/vendor/github.com/vishvananda/netlink/filter_linux.go
+++ b/vendor/github.com/vishvananda/netlink/filter_linux.go
@@ -6,7 +6,6 @@ import (
"encoding/hex"
"errors"
"fmt"
- "net"
"syscall"
"github.com/vishvananda/netlink/nl"
@@ -89,7 +88,7 @@ func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error) {
if CalcRtable(&police.Rate, rtab[:], rcellLog, fattrs.Mtu, linklayer) < 0 {
return nil, errors.New("TBF: failed to calculate rate table")
}
- police.Burst = uint32(Xmittime(uint64(police.Rate.Rate), uint32(buffer)))
+ police.Burst = Xmittime(uint64(police.Rate.Rate), uint32(buffer))
}
police.Mtu = fattrs.Mtu
if police.PeakRate.Rate != 0 {
@@ -456,6 +455,9 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error {
} else {
return fmt.Errorf("invalid dst addr %s for tunnel_key action", action.DstAddr)
}
+ if action.DestPort != 0 {
+ aopts.AddRtAttr(nl.TCA_TUNNEL_KEY_ENC_DST_PORT, htons(action.DestPort))
+ }
}
case *SkbEditAction:
table := attr.AddRtAttr(tabIndex, nil)
@@ -566,12 +568,12 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
action.(*TunnelKeyAction).Action = TunnelKeyAct(tun.Action)
case nl.TCA_TUNNEL_KEY_ENC_KEY_ID:
action.(*TunnelKeyAction).KeyID = networkOrder.Uint32(adatum.Value[0:4])
- case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC:
- case nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
- action.(*TunnelKeyAction).SrcAddr = net.IP(adatum.Value[:])
- case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST:
- case nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
- action.(*TunnelKeyAction).DstAddr = net.IP(adatum.Value[:])
+ case nl.TCA_TUNNEL_KEY_ENC_IPV6_SRC, nl.TCA_TUNNEL_KEY_ENC_IPV4_SRC:
+ action.(*TunnelKeyAction).SrcAddr = adatum.Value[:]
+ case nl.TCA_TUNNEL_KEY_ENC_IPV6_DST, nl.TCA_TUNNEL_KEY_ENC_IPV4_DST:
+ action.(*TunnelKeyAction).DstAddr = adatum.Value[:]
+ case nl.TCA_TUNNEL_KEY_ENC_DST_PORT:
+ action.(*TunnelKeyAction).DestPort = ntohs(adatum.Value)
}
case "skbedit":
switch adatum.Attr.Type {
@@ -783,7 +785,7 @@ func CalcRtable(rate *nl.TcRateSpec, rtab []uint32, cellLog int, mtu uint32, lin
}
for i := 0; i < 256; i++ {
sz = AdjustSize(uint((i+1)<<uint32(cellLog)), uint(mpu), linklayer)
- rtab[i] = uint32(Xmittime(uint64(bps), uint32(sz)))
+ rtab[i] = Xmittime(uint64(bps), uint32(sz))
}
rate.CellAlign = -1
rate.CellLog = uint8(cellLog)
diff --git a/vendor/github.com/vishvananda/netlink/go.mod b/vendor/github.com/vishvananda/netlink/go.mod
index 09ee60e77..9d8455ee7 100644
--- a/vendor/github.com/vishvananda/netlink/go.mod
+++ b/vendor/github.com/vishvananda/netlink/go.mod
@@ -3,6 +3,6 @@ module github.com/vishvananda/netlink
go 1.12
require (
- github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
- golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444
+ github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
+ golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1
)
diff --git a/vendor/github.com/vishvananda/netlink/go.sum b/vendor/github.com/vishvananda/netlink/go.sum
index 402d14ec5..ed5d30891 100644
--- a/vendor/github.com/vishvananda/netlink/go.sum
+++ b/vendor/github.com/vishvananda/netlink/go.sum
@@ -1,4 +1,6 @@
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
-github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444 h1:/d2cWp6PSamH4jDPFLyO150psQdqvtoNX8Zjg3AQ31g=
-golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns=
+github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netlink/handle_unspecified.go b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
index ef914dcb8..df341f706 100644
--- a/vendor/github.com/vishvananda/netlink/handle_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/handle_unspecified.go
@@ -85,7 +85,7 @@ func (h *Handle) LinkSetVfRate(link Link, vf, minRate, maxRate int) error {
return ErrNotImplemented
}
-func (h *Handle) LinkSetMaster(link Link, master *Bridge) error {
+func (h *Handle) LinkSetMaster(link Link, master Link) error {
return ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/inet_diag.go b/vendor/github.com/vishvananda/netlink/inet_diag.go
new file mode 100644
index 000000000..72c1fcb59
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/inet_diag.go
@@ -0,0 +1,30 @@
+package netlink
+
+// INET_DIAG constatns
+const (
+ INET_DIAG_NONE = iota
+ INET_DIAG_MEMINFO
+ INET_DIAG_INFO
+ INET_DIAG_VEGASINFO
+ INET_DIAG_CONG
+ INET_DIAG_TOS
+ INET_DIAG_TCLASS
+ INET_DIAG_SKMEMINFO
+ INET_DIAG_SHUTDOWN
+ INET_DIAG_DCTCPINFO
+ INET_DIAG_PROTOCOL
+ INET_DIAG_SKV6ONLY
+ INET_DIAG_LOCALS
+ INET_DIAG_PEERS
+ INET_DIAG_PAD
+ INET_DIAG_MARK
+ INET_DIAG_BBRINFO
+ INET_DIAG_CLASS_ID
+ INET_DIAG_MD5SIG
+ INET_DIAG_MAX
+)
+
+type InetDiagTCPInfoResp struct {
+ InetDiagMsg *Socket
+ TCPInfo *TCPInfo
+}
diff --git a/vendor/github.com/vishvananda/netlink/ipset_linux.go b/vendor/github.com/vishvananda/netlink/ipset_linux.go
new file mode 100644
index 000000000..5487fc1cc
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/ipset_linux.go
@@ -0,0 +1,335 @@
+package netlink
+
+import (
+ "log"
+ "net"
+ "syscall"
+
+ "github.com/vishvananda/netlink/nl"
+ "golang.org/x/sys/unix"
+)
+
+// IPSetEntry is used for adding, updating, retreiving and deleting entries
+type IPSetEntry struct {
+ Comment string
+ MAC net.HardwareAddr
+ IP net.IP
+ Timeout *uint32
+ Packets *uint64
+ Bytes *uint64
+
+ Replace bool // replace existing entry
+}
+
+// IPSetResult is the result of a dump request for a set
+type IPSetResult struct {
+ Nfgenmsg *nl.Nfgenmsg
+ Protocol uint8
+ Revision uint8
+ Family uint8
+ Flags uint8
+ SetName string
+ TypeName string
+
+ HashSize uint32
+ NumEntries uint32
+ MaxElements uint32
+ References uint32
+ SizeInMemory uint32
+ CadtFlags uint32
+ Timeout *uint32
+
+ Entries []IPSetEntry
+}
+
+// IpsetCreateOptions is the options struct for creating a new ipset
+type IpsetCreateOptions struct {
+ Replace bool // replace existing ipset
+ Timeout *uint32
+ Counters bool
+ Comments bool
+ Skbinfo bool
+}
+
+// IpsetProtocol returns the ipset protocol version from the kernel
+func IpsetProtocol() (uint8, error) {
+ return pkgHandle.IpsetProtocol()
+}
+
+// IpsetCreate creates a new ipset
+func IpsetCreate(setname, typename string, options IpsetCreateOptions) error {
+ return pkgHandle.IpsetCreate(setname, typename, options)
+}
+
+// IpsetDestroy destroys an existing ipset
+func IpsetDestroy(setname string) error {
+ return pkgHandle.IpsetDestroy(setname)
+}
+
+// IpsetFlush flushes an existing ipset
+func IpsetFlush(setname string) error {
+ return pkgHandle.IpsetFlush(setname)
+}
+
+// IpsetList dumps an specific ipset.
+func IpsetList(setname string) (*IPSetResult, error) {
+ return pkgHandle.IpsetList(setname)
+}
+
+// IpsetListAll dumps all ipsets.
+func IpsetListAll() ([]IPSetResult, error) {
+ return pkgHandle.IpsetListAll()
+}
+
+// IpsetAdd adds an entry to an existing ipset.
+func IpsetAdd(setname string, entry *IPSetEntry) error {
+ return pkgHandle.ipsetAddDel(nl.IPSET_CMD_ADD, setname, entry)
+}
+
+// IpsetDele deletes an entry from an existing ipset.
+func IpsetDel(setname string, entry *IPSetEntry) error {
+ return pkgHandle.ipsetAddDel(nl.IPSET_CMD_DEL, setname, entry)
+}
+
+func (h *Handle) IpsetProtocol() (uint8, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_PROTOCOL)
+ msgs, err := req.Execute(unix.NETLINK_NETFILTER, 0)
+
+ if err != nil {
+ return 0, err
+ }
+
+ return ipsetUnserialize(msgs).Protocol, nil
+}
+
+func (h *Handle) IpsetCreate(setname, typename string, options IpsetCreateOptions) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_CREATE)
+
+ if !options.Replace {
+ req.Flags |= unix.NLM_F_EXCL
+ }
+
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_TYPENAME, nl.ZeroTerminated(typename)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_REVISION, nl.Uint8Attr(0)))
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_FAMILY, nl.Uint8Attr(0)))
+
+ data := nl.NewRtAttr(nl.IPSET_ATTR_DATA|int(nl.NLA_F_NESTED), nil)
+
+ if timeout := options.Timeout; timeout != nil {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *timeout})
+ }
+
+ var cadtFlags uint32
+
+ if options.Comments {
+ cadtFlags |= nl.IPSET_FLAG_WITH_COMMENT
+ }
+ if options.Counters {
+ cadtFlags |= nl.IPSET_FLAG_WITH_COUNTERS
+ }
+ if options.Skbinfo {
+ cadtFlags |= nl.IPSET_FLAG_WITH_SKBINFO
+ }
+
+ if cadtFlags != 0 {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER, Value: cadtFlags})
+ }
+
+ req.AddData(data)
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetDestroy(setname string) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_DESTROY)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetFlush(setname string) error {
+ req := h.newIpsetRequest(nl.IPSET_CMD_FLUSH)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) IpsetList(name string) (*IPSetResult, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_LIST)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(name)))
+
+ msgs, err := ipsetExecute(req)
+ if err != nil {
+ return nil, err
+ }
+
+ result := ipsetUnserialize(msgs)
+ return &result, nil
+}
+
+func (h *Handle) IpsetListAll() ([]IPSetResult, error) {
+ req := h.newIpsetRequest(nl.IPSET_CMD_LIST)
+
+ msgs, err := ipsetExecute(req)
+ if err != nil {
+ return nil, err
+ }
+
+ result := make([]IPSetResult, len(msgs))
+ for i, msg := range msgs {
+ result[i].unserialize(msg)
+ }
+
+ return result, nil
+}
+
+func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error {
+ req := h.newIpsetRequest(nlCmd)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
+ data := nl.NewRtAttr(nl.IPSET_ATTR_DATA|int(nl.NLA_F_NESTED), nil)
+
+ if !entry.Replace {
+ req.Flags |= unix.NLM_F_EXCL
+ }
+
+ if entry.Timeout != nil {
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *entry.Timeout})
+ }
+ if entry.MAC != nil {
+ data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_ETHER, entry.MAC))
+ }
+
+ data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_LINENO | nl.NLA_F_NET_BYTEORDER, Value: 0})
+ req.AddData(data)
+
+ _, err := ipsetExecute(req)
+ return err
+}
+
+func (h *Handle) newIpsetRequest(cmd int) *nl.NetlinkRequest {
+ req := h.newNetlinkRequest(cmd|(unix.NFNL_SUBSYS_IPSET<<8), nl.GetIpsetFlags(cmd))
+
+ // Add the netfilter header
+ msg := &nl.Nfgenmsg{
+ NfgenFamily: uint8(unix.AF_NETLINK),
+ Version: nl.NFNETLINK_V0,
+ ResId: 0,
+ }
+ req.AddData(msg)
+ req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_PROTOCOL, nl.Uint8Attr(nl.IPSET_PROTOCOL)))
+
+ return req
+}
+
+func ipsetExecute(req *nl.NetlinkRequest) (msgs [][]byte, err error) {
+ msgs, err = req.Execute(unix.NETLINK_NETFILTER, 0)
+
+ if err != nil {
+ if errno := int(err.(syscall.Errno)); errno >= nl.IPSET_ERR_PRIVATE {
+ err = nl.IPSetError(uintptr(errno))
+ }
+ }
+ return
+}
+
+func ipsetUnserialize(msgs [][]byte) (result IPSetResult) {
+ for _, msg := range msgs {
+ result.unserialize(msg)
+ }
+ return result
+}
+
+func (result *IPSetResult) unserialize(msg []byte) {
+ result.Nfgenmsg = nl.DeserializeNfgenmsg(msg)
+
+ for attr := range nl.ParseAttributes(msg[4:]) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_PROTOCOL:
+ result.Protocol = attr.Value[0]
+ case nl.IPSET_ATTR_SETNAME:
+ result.SetName = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_TYPENAME:
+ result.TypeName = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_REVISION:
+ result.Revision = attr.Value[0]
+ case nl.IPSET_ATTR_FAMILY:
+ result.Family = attr.Value[0]
+ case nl.IPSET_ATTR_FLAGS:
+ result.Flags = attr.Value[0]
+ case nl.IPSET_ATTR_DATA | nl.NLA_F_NESTED:
+ result.parseAttrData(attr.Value)
+ case nl.IPSET_ATTR_ADT | nl.NLA_F_NESTED:
+ result.parseAttrADT(attr.Value)
+ default:
+ log.Printf("unknown ipset attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func (result *IPSetResult) parseAttrData(data []byte) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_HASHSIZE | nl.NLA_F_NET_BYTEORDER:
+ result.HashSize = attr.Uint32()
+ case nl.IPSET_ATTR_MAXELEM | nl.NLA_F_NET_BYTEORDER:
+ result.MaxElements = attr.Uint32()
+ case nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint32()
+ result.Timeout = &val
+ case nl.IPSET_ATTR_ELEMENTS | nl.NLA_F_NET_BYTEORDER:
+ result.NumEntries = attr.Uint32()
+ case nl.IPSET_ATTR_REFERENCES | nl.NLA_F_NET_BYTEORDER:
+ result.References = attr.Uint32()
+ case nl.IPSET_ATTR_MEMSIZE | nl.NLA_F_NET_BYTEORDER:
+ result.SizeInMemory = attr.Uint32()
+ case nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER:
+ result.CadtFlags = attr.Uint32()
+ default:
+ log.Printf("unknown ipset data attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func (result *IPSetResult) parseAttrADT(data []byte) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_DATA | nl.NLA_F_NESTED:
+ result.Entries = append(result.Entries, parseIPSetEntry(attr.Value))
+ default:
+ log.Printf("unknown ADT attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
+ }
+ }
+}
+
+func parseIPSetEntry(data []byte) (entry IPSetEntry) {
+ for attr := range nl.ParseAttributes(data) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint32()
+ entry.Timeout = &val
+ case nl.IPSET_ATTR_BYTES | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint64()
+ entry.Bytes = &val
+ case nl.IPSET_ATTR_PACKETS | nl.NLA_F_NET_BYTEORDER:
+ val := attr.Uint64()
+ entry.Packets = &val
+ case nl.IPSET_ATTR_ETHER:
+ entry.MAC = net.HardwareAddr(attr.Value)
+ case nl.IPSET_ATTR_COMMENT:
+ entry.Comment = nl.BytesToString(attr.Value)
+ case nl.IPSET_ATTR_IP | nl.NLA_F_NESTED:
+ for attr := range nl.ParseAttributes(attr.Value) {
+ switch attr.Type {
+ case nl.IPSET_ATTR_IP:
+ entry.IP = net.IP(attr.Value)
+ default:
+ log.Printf("unknown nested ADT attribute from kernel: %+v", attr)
+ }
+ }
+ default:
+ log.Printf("unknown ADT attribute from kernel: %+v", attr)
+ }
+ }
+ return
+}
diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go
index 886d88d1b..e2441bd71 100644
--- a/vendor/github.com/vishvananda/netlink/link.go
+++ b/vendor/github.com/vishvananda/netlink/link.go
@@ -65,6 +65,17 @@ type VfInfo struct {
LinkState uint32
MaxTxRate uint32 // IFLA_VF_RATE Max TxRate
MinTxRate uint32 // IFLA_VF_RATE Min TxRate
+ RxPackets uint64
+ TxPackets uint64
+ RxBytes uint64
+ TxBytes uint64
+ Multicast uint64
+ Broadcast uint64
+ RxDropped uint64
+ TxDropped uint64
+
+ RssQuery uint32
+ Trust uint32
}
// LinkOperState represents the values of the IFLA_OPERSTATE link
@@ -103,7 +114,8 @@ func (s LinkOperState) String() string {
// NewLinkAttrs returns LinkAttrs structure filled with default values
func NewLinkAttrs() LinkAttrs {
return LinkAttrs{
- TxQLen: -1,
+ NetNsID: -1,
+ TxQLen: -1,
}
}
@@ -196,10 +208,11 @@ type LinkStatistics64 struct {
}
type LinkXdp struct {
- Fd int
- Attached bool
- Flags uint32
- ProgId uint32
+ Fd int
+ Attached bool
+ AttachMode uint32
+ Flags uint32
+ ProgId uint32
}
// Device links cannot be created via netlink. These links
@@ -246,6 +259,7 @@ func (ifb *Ifb) Type() string {
type Bridge struct {
LinkAttrs
MulticastSnooping *bool
+ AgeingTime *uint32
HelloTime *uint32
VlanFiltering *bool
}
@@ -338,6 +352,7 @@ type Veth struct {
LinkAttrs
PeerName string // veth on create only
PeerHardwareAddr net.HardwareAddr
+ PeerNamespace interface{}
}
func (veth *Veth) Attrs() *LinkAttrs {
@@ -348,6 +363,19 @@ func (veth *Veth) Type() string {
return "veth"
}
+// Wireguard represent links of type "wireguard", see https://www.wireguard.com/
+type Wireguard struct {
+ LinkAttrs
+}
+
+func (wg *Wireguard) Attrs() *LinkAttrs {
+ return &wg.LinkAttrs
+}
+
+func (wg *Wireguard) Type() string {
+ return "wireguard"
+}
+
// GenericLink links represent types that are not currently understood
// by this netlink library.
type GenericLink struct {
@@ -878,10 +906,14 @@ type Ip6tnl struct {
Remote net.IP
Ttl uint8
Tos uint8
- EncapLimit uint8
Flags uint32
Proto uint8
FlowInfo uint32
+ EncapLimit uint8
+ EncapType uint16
+ EncapFlags uint16
+ EncapSport uint16
+ EncapDport uint16
}
func (ip6tnl *Ip6tnl) Attrs() *LinkAttrs {
@@ -895,11 +927,13 @@ func (ip6tnl *Ip6tnl) Type() string {
type Sittun struct {
LinkAttrs
Link uint32
- Local net.IP
- Remote net.IP
Ttl uint8
Tos uint8
PMtuDisc uint8
+ Proto uint8
+ Local net.IP
+ Remote net.IP
+ EncapLimit uint8
EncapType uint16
EncapFlags uint16
EncapSport uint16
diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go
index ec915a0b9..c02fa63b8 100644
--- a/vendor/github.com/vishvananda/netlink/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/link_linux.go
@@ -237,6 +237,37 @@ func (h *Handle) macvlanMACAddrChange(link Link, addrs []net.HardwareAddr, mode
return err
}
+// LinkSetMacvlanMode sets the mode of a macvlan or macvtap link device.
+// Note that passthrough mode cannot be set to and from and will fail.
+// Equivalent to: `ip link set $link type (macvlan|macvtap) mode $mode
+func LinkSetMacvlanMode(link Link, mode MacvlanMode) error {
+ return pkgHandle.LinkSetMacvlanMode(link, mode)
+}
+
+// LinkSetMacvlanMode sets the mode of the macvlan or macvtap link device.
+// Note that passthrough mode cannot be set to and from and will fail.
+// Equivalent to: `ip link set $link type (macvlan|macvtap) mode $mode
+func (h *Handle) LinkSetMacvlanMode(link Link, mode MacvlanMode) error {
+ base := link.Attrs()
+ h.ensureIndex(base)
+ req := h.newNetlinkRequest(unix.RTM_NEWLINK, unix.NLM_F_ACK)
+
+ msg := nl.NewIfInfomsg(unix.AF_UNSPEC)
+ msg.Index = int32(base.Index)
+ req.AddData(msg)
+
+ linkInfo := nl.NewRtAttr(unix.IFLA_LINKINFO, nil)
+ linkInfo.AddRtAttr(nl.IFLA_INFO_KIND, nl.NonZeroTerminated(link.Type()))
+
+ data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil)
+ data.AddRtAttr(nl.IFLA_MACVLAN_MODE, nl.Uint32Attr(macvlanModes[mode]))
+
+ req.AddData(linkInfo)
+
+ _, err := req.Execute(unix.NETLINK_ROUTE, 0)
+ return err
+}
+
func BridgeSetMcastSnoop(link Link, on bool) error {
return pkgHandle.BridgeSetMcastSnoop(link, on)
}
@@ -247,6 +278,16 @@ func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error {
return h.linkModify(bridge, unix.NLM_F_ACK)
}
+func BridgeSetVlanFiltering(link Link, on bool) error {
+ return pkgHandle.BridgeSetVlanFiltering(link, on)
+}
+
+func (h *Handle) BridgeSetVlanFiltering(link Link, on bool) error {
+ bridge := link.(*Bridge)
+ bridge.VlanFiltering = &on
+ return h.linkModify(bridge, unix.NLM_F_ACK)
+}
+
func SetPromiscOn(link Link) error {
return pkgHandle.SetPromiscOn(link)
}
@@ -1048,6 +1089,10 @@ func (h *Handle) LinkAdd(link Link) error {
return h.linkModify(link, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
}
+func (h *Handle) LinkModify(link Link) error {
+ return h.linkModify(link, unix.NLM_F_REQUEST|unix.NLM_F_ACK)
+}
+
func (h *Handle) linkModify(link Link, flags int) error {
// TODO: support extra data for macvlan
base := link.Attrs()
@@ -1060,8 +1105,6 @@ func (h *Handle) linkModify(link Link, flags int) error {
}
if isTuntap {
- // TODO: support user
- // TODO: support group
if tuntap.Mode < unix.IFF_TUN || tuntap.Mode > unix.IFF_TAP {
return fmt.Errorf("Tuntap.Mode %v unknown", tuntap.Mode)
}
@@ -1089,21 +1132,64 @@ func (h *Handle) linkModify(link Link, flags int) error {
}
req.Flags |= uint16(tuntap.Mode)
-
+ const TUN = "/dev/net/tun"
for i := 0; i < queues; i++ {
localReq := req
- file, err := os.OpenFile("/dev/net/tun", os.O_RDWR, 0)
+ fd, err := unix.Open(TUN, os.O_RDWR|syscall.O_CLOEXEC, 0)
if err != nil {
cleanupFds(fds)
return err
}
- fds = append(fds, file)
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
+ _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), uintptr(unix.TUNSETIFF), uintptr(unsafe.Pointer(&localReq)))
if errno != 0 {
+ // close the new fd
+ unix.Close(fd)
+ // and the already opened ones
cleanupFds(fds)
return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed [%d], errno %v", i, errno)
}
+
+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETOWNER, uintptr(tuntap.Owner))
+ if errno != 0 {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap IOCTL TUNSETOWNER failed [%d], errno %v", i, errno)
+ }
+
+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.TUNSETGROUP, uintptr(tuntap.Group))
+ if errno != 0 {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap IOCTL TUNSETGROUP failed [%d], errno %v", i, errno)
+ }
+
+ // Set the tun device to non-blocking before use. The below comment
+ // taken from:
+ //
+ // https://github.com/mistsys/tuntap/commit/161418c25003bbee77d085a34af64d189df62bea
+ //
+ // Note there is a complication because in go, if a device node is
+ // opened, go sets it to use nonblocking I/O. However a /dev/net/tun
+ // doesn't work with epoll until after the TUNSETIFF ioctl has been
+ // done. So we open the unix fd directly, do the ioctl, then put the
+ // fd in nonblocking mode, an then finally wrap it in a os.File,
+ // which will see the nonblocking mode and add the fd to the
+ // pollable set, so later on when we Read() from it blocked the
+ // calling thread in the kernel.
+ //
+ // See
+ // https://github.com/golang/go/issues/30426
+ // which got exposed in go 1.13 by the fix to
+ // https://github.com/golang/go/issues/30624
+ err = unix.SetNonblock(fd, true)
+ if err != nil {
+ cleanupFds(fds)
+ return fmt.Errorf("Tuntap set to non-blocking failed [%d], err %v", i, err)
+ }
+
+ // create the file from the file descriptor and store it
+ file := os.NewFile(uintptr(fd), TUN)
+ fds = append(fds, file)
+
// 1) we only care for the name of the first tap in the multi queue set
// 2) if the original name was empty, the localReq has now the actual name
//
@@ -1114,6 +1200,7 @@ func (h *Handle) linkModify(link Link, flags int) error {
if i == 0 {
link.Attrs().Name = strings.Trim(string(localReq.Name[:]), "\x00")
}
+
}
// only persist interface if NonPersist is NOT set
@@ -1193,6 +1280,11 @@ func (h *Handle) linkModify(link Link, flags int) error {
nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(base.Name))
req.AddData(nameData)
+ if base.Alias != "" {
+ alias := nl.NewRtAttr(unix.IFLA_IFALIAS, []byte(base.Alias))
+ req.AddData(alias)
+ }
+
if base.MTU > 0 {
mtu := nl.NewRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
req.AddData(mtu)
@@ -1272,12 +1364,28 @@ func (h *Handle) linkModify(link Link, flags int) error {
if base.TxQLen >= 0 {
peer.AddRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen)))
}
+ if base.NumTxQueues > 0 {
+ peer.AddRtAttr(unix.IFLA_NUM_TX_QUEUES, nl.Uint32Attr(uint32(base.NumTxQueues)))
+ }
+ if base.NumRxQueues > 0 {
+ peer.AddRtAttr(unix.IFLA_NUM_RX_QUEUES, nl.Uint32Attr(uint32(base.NumRxQueues)))
+ }
if base.MTU > 0 {
peer.AddRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU)))
}
if link.PeerHardwareAddr != nil {
peer.AddRtAttr(unix.IFLA_ADDRESS, []byte(link.PeerHardwareAddr))
}
+ if link.PeerNamespace != nil {
+ switch ns := link.PeerNamespace.(type) {
+ case NsPid:
+ val := nl.Uint32Attr(uint32(ns))
+ peer.AddRtAttr(unix.IFLA_NET_NS_PID, val)
+ case NsFd:
+ val := nl.Uint32Attr(uint32(ns))
+ peer.AddRtAttr(unix.IFLA_NET_NS_FD, val)
+ }
+ }
case *Vxlan:
addVxlanAttrs(link, linkInfo)
case *Bond:
@@ -1509,7 +1617,11 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
return nil, err
}
- base := LinkAttrs{Index: int(msg.Index), RawFlags: msg.Flags, Flags: linkFlags(msg.Flags), EncapType: msg.EncapType()}
+ base := NewLinkAttrs()
+ base.Index = int(msg.Index)
+ base.RawFlags = msg.Flags
+ base.Flags = linkFlags(msg.Flags)
+ base.EncapType = msg.EncapType()
if msg.Flags&unix.IFF_PROMISC != 0 {
base.Promisc = 1
}
@@ -1543,6 +1655,8 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) {
link = &Vlan{}
case "veth":
link = &Veth{}
+ case "wireguard":
+ link = &Wireguard{}
case "vxlan":
link = &Vxlan{}
case "bond":
@@ -2080,6 +2194,13 @@ func parseVlanData(link Link, data []syscall.NetlinkRouteAttr) {
func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) {
vxlan := link.(*Vxlan)
for _, datum := range data {
+ // NOTE(vish): Apparently some messages can be sent with no value.
+ // We special case GBP here to not change existing
+ // functionality. It appears that GBP sends a datum.Value
+ // of null.
+ if len(datum.Value) == 0 && datum.Attr.Type != nl.IFLA_VXLAN_GBP {
+ continue
+ }
switch datum.Attr.Type {
case nl.IFLA_VXLAN_ID:
vxlan.VxlanId = int(native.Uint32(datum.Value[0:4]))
@@ -2513,7 +2634,8 @@ func parseLinkXdp(data []byte) (*LinkXdp, error) {
case nl.IFLA_XDP_FD:
xdp.Fd = int(native.Uint32(attr.Value[0:4]))
case nl.IFLA_XDP_ATTACHED:
- xdp.Attached = attr.Value[0] != 0
+ xdp.AttachMode = uint32(attr.Value[0])
+ xdp.Attached = xdp.AttachMode != 0
case nl.IFLA_XDP_FLAGS:
xdp.Flags = native.Uint32(attr.Value[0:4])
case nl.IFLA_XDP_PROG_ID:
@@ -2577,7 +2699,7 @@ func parseIptunData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_ENCAP_FLAGS:
iptun.EncapFlags = native.Uint16(datum.Value[0:2])
case nl.IFLA_IPTUN_COLLECT_METADATA:
- iptun.FlowBased = int8(datum.Value[0]) != 0
+ iptun.FlowBased = true
}
}
}
@@ -2601,10 +2723,14 @@ func addIp6tnlAttrs(ip6tnl *Ip6tnl, linkInfo *nl.RtAttr) {
data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(ip6tnl.Ttl))
data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(ip6tnl.Tos))
- data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
data.AddRtAttr(nl.IFLA_IPTUN_FLAGS, nl.Uint32Attr(ip6tnl.Flags))
data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(ip6tnl.Proto))
data.AddRtAttr(nl.IFLA_IPTUN_FLOWINFO, nl.Uint32Attr(ip6tnl.FlowInfo))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(ip6tnl.EncapLimit))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(ip6tnl.EncapType))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(ip6tnl.EncapFlags))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(ip6tnl.EncapSport))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_DPORT, htons(ip6tnl.EncapDport))
}
func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
@@ -2616,17 +2742,25 @@ func parseIp6tnlData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_REMOTE:
ip6tnl.Remote = net.IP(datum.Value[:16])
case nl.IFLA_IPTUN_TTL:
- ip6tnl.Ttl = uint8(datum.Value[0])
+ ip6tnl.Ttl = datum.Value[0]
case nl.IFLA_IPTUN_TOS:
- ip6tnl.Tos = uint8(datum.Value[0])
- case nl.IFLA_IPTUN_ENCAP_LIMIT:
- ip6tnl.EncapLimit = uint8(datum.Value[0])
+ ip6tnl.Tos = datum.Value[0]
case nl.IFLA_IPTUN_FLAGS:
ip6tnl.Flags = native.Uint32(datum.Value[:4])
case nl.IFLA_IPTUN_PROTO:
- ip6tnl.Proto = uint8(datum.Value[0])
+ ip6tnl.Proto = datum.Value[0]
case nl.IFLA_IPTUN_FLOWINFO:
ip6tnl.FlowInfo = native.Uint32(datum.Value[:4])
+ case nl.IFLA_IPTUN_ENCAP_LIMIT:
+ ip6tnl.EncapLimit = datum.Value[0]
+ case nl.IFLA_IPTUN_ENCAP_TYPE:
+ ip6tnl.EncapType = native.Uint16(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_FLAGS:
+ ip6tnl.EncapFlags = native.Uint16(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_SPORT:
+ ip6tnl.EncapSport = ntohs(datum.Value[0:2])
+ case nl.IFLA_IPTUN_ENCAP_DPORT:
+ ip6tnl.EncapDport = ntohs(datum.Value[0:2])
}
}
}
@@ -2653,8 +2787,10 @@ func addSittunAttrs(sittun *Sittun, linkInfo *nl.RtAttr) {
data.AddRtAttr(nl.IFLA_IPTUN_TTL, nl.Uint8Attr(sittun.Ttl))
}
+ data.AddRtAttr(nl.IFLA_IPTUN_PROTO, nl.Uint8Attr(sittun.Proto))
data.AddRtAttr(nl.IFLA_IPTUN_TOS, nl.Uint8Attr(sittun.Tos))
data.AddRtAttr(nl.IFLA_IPTUN_PMTUDISC, nl.Uint8Attr(sittun.PMtuDisc))
+ data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_LIMIT, nl.Uint8Attr(sittun.EncapLimit))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_TYPE, nl.Uint16Attr(sittun.EncapType))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_FLAGS, nl.Uint16Attr(sittun.EncapFlags))
data.AddRtAttr(nl.IFLA_IPTUN_ENCAP_SPORT, htons(sittun.EncapSport))
@@ -2670,11 +2806,13 @@ func parseSittunData(link Link, data []syscall.NetlinkRouteAttr) {
case nl.IFLA_IPTUN_REMOTE:
sittun.Remote = net.IP(datum.Value[0:4])
case nl.IFLA_IPTUN_TTL:
- sittun.Ttl = uint8(datum.Value[0])
+ sittun.Ttl = datum.Value[0]
case nl.IFLA_IPTUN_TOS:
- sittun.Tos = uint8(datum.Value[0])
+ sittun.Tos = datum.Value[0]
case nl.IFLA_IPTUN_PMTUDISC:
- sittun.PMtuDisc = uint8(datum.Value[0])
+ sittun.PMtuDisc = datum.Value[0]
+ case nl.IFLA_IPTUN_PROTO:
+ sittun.Proto = datum.Value[0]
case nl.IFLA_IPTUN_ENCAP_TYPE:
sittun.EncapType = native.Uint16(datum.Value[0:2])
case nl.IFLA_IPTUN_ENCAP_FLAGS:
@@ -2761,6 +2899,9 @@ func addBridgeAttrs(bridge *Bridge, linkInfo *nl.RtAttr) {
if bridge.MulticastSnooping != nil {
data.AddRtAttr(nl.IFLA_BR_MCAST_SNOOPING, boolToByte(*bridge.MulticastSnooping))
}
+ if bridge.AgeingTime != nil {
+ data.AddRtAttr(nl.IFLA_BR_AGEING_TIME, nl.Uint32Attr(*bridge.AgeingTime))
+ }
if bridge.HelloTime != nil {
data.AddRtAttr(nl.IFLA_BR_HELLO_TIME, nl.Uint32Attr(*bridge.HelloTime))
}
@@ -2773,6 +2914,9 @@ func parseBridgeData(bridge Link, data []syscall.NetlinkRouteAttr) {
br := bridge.(*Bridge)
for _, datum := range data {
switch datum.Attr.Type {
+ case nl.IFLA_BR_AGEING_TIME:
+ ageingTime := native.Uint32(datum.Value[0:4])
+ br.AgeingTime = &ageingTime
case nl.IFLA_BR_HELLO_TIME:
helloTime := native.Uint32(datum.Value[0:4])
br.HelloTime = &helloTime
@@ -2852,6 +2996,24 @@ func parseVfInfo(data []syscall.NetlinkRouteAttr, id int) VfInfo {
vfr := nl.DeserializeVfRate(element.Value[:])
vf.MaxTxRate = vfr.MaxTxRate
vf.MinTxRate = vfr.MinTxRate
+ case nl.IFLA_VF_STATS:
+ vfstats := nl.DeserializeVfStats(element.Value[:])
+ vf.RxPackets = vfstats.RxPackets
+ vf.TxPackets = vfstats.TxPackets
+ vf.RxBytes = vfstats.RxBytes
+ vf.TxBytes = vfstats.TxBytes
+ vf.Multicast = vfstats.Multicast
+ vf.Broadcast = vfstats.Broadcast
+ vf.RxDropped = vfstats.RxDropped
+ vf.TxDropped = vfstats.TxDropped
+
+ case nl.IFLA_VF_RSS_QUERY_EN:
+ result := nl.DeserializeVfRssQueryEn(element.Value)
+ vf.RssQuery = result.Setting
+
+ case nl.IFLA_VF_TRUST:
+ result := nl.DeserializeVfTrust(element.Value)
+ vf.Trust = result.Setting
}
}
return vf
diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go
index cb3b55d35..fb220d141 100644
--- a/vendor/github.com/vishvananda/netlink/neigh_linux.go
+++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go
@@ -243,6 +243,18 @@ func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
// Ignore messages from other interfaces
continue
}
+ if msg.Family != 0 && ndm.Family != msg.Family {
+ continue
+ }
+ if msg.State != 0 && ndm.State != msg.State {
+ continue
+ }
+ if msg.Type != 0 && ndm.Type != msg.Type {
+ continue
+ }
+ if msg.Flags != 0 && ndm.Flags != msg.Flags {
+ continue
+ }
neigh, err := NeighDeserialize(m)
if err != nil {
diff --git a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
index 42d3acf91..71436f25c 100644
--- a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go
@@ -16,7 +16,7 @@ func LinkSetMTU(link Link, mtu int) error {
return ErrNotImplemented
}
-func LinkSetMaster(link Link, master *Bridge) error {
+func LinkSetMaster(link Link, master Link) error {
return ErrNotImplemented
}
@@ -72,6 +72,10 @@ func LinkSetXdpFd(link Link, fd int) error {
return ErrNotImplemented
}
+func LinkSetXdpFdWithFlags(link Link, fd, flags int) error {
+ return ErrNotImplemented
+}
+
func LinkSetARPOff(link Link) error {
return ErrNotImplemented
}
diff --git a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
index 50db3b4cd..6bea4ed02 100644
--- a/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/addr_linux.go
@@ -54,24 +54,18 @@ func (msg *IfAddrmsg) Len() int {
// __u32 tstamp; /* updated timestamp, hundredths of seconds */
// };
-const IFA_CACHEINFO = 6
-const SizeofIfaCacheInfo = 0x10
-
type IfaCacheInfo struct {
- IfaPrefered uint32
- IfaValid uint32
- Cstamp uint32
- Tstamp uint32
+ unix.IfaCacheinfo
}
func (msg *IfaCacheInfo) Len() int {
- return SizeofIfaCacheInfo
+ return unix.SizeofIfaCacheinfo
}
func DeserializeIfaCacheInfo(b []byte) *IfaCacheInfo {
- return (*IfaCacheInfo)(unsafe.Pointer(&b[0:SizeofIfaCacheInfo][0]))
+ return (*IfaCacheInfo)(unsafe.Pointer(&b[0:unix.SizeofIfaCacheinfo][0]))
}
func (msg *IfaCacheInfo) Serialize() []byte {
- return (*(*[SizeofIfaCacheInfo]byte)(unsafe.Pointer(msg)))[:]
+ return (*(*[unix.SizeofIfaCacheinfo]byte)(unsafe.Pointer(msg)))[:]
}
diff --git a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
index 79d2b6b89..14924027e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go
@@ -40,9 +40,10 @@ const (
NFNETLINK_V0 = 0
)
-// #define NLA_F_NESTED (1 << 15)
const (
- NLA_F_NESTED = (1 << 15)
+ NLA_F_NESTED uint16 = (1 << 15) // #define NLA_F_NESTED (1 << 15)
+ NLA_F_NET_BYTEORDER uint16 = (1 << 14) // #define NLA_F_NESTED (1 << 14)
+ NLA_TYPE_MASK = ^(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
)
// enum ctattr_type {
diff --git a/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go b/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go
new file mode 100644
index 000000000..a60b4b09d
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go
@@ -0,0 +1,222 @@
+package nl
+
+import (
+ "strconv"
+
+ "golang.org/x/sys/unix"
+)
+
+const (
+ /* The protocol version */
+ IPSET_PROTOCOL = 6
+
+ /* The max length of strings including NUL: set and type identifiers */
+ IPSET_MAXNAMELEN = 32
+
+ /* The maximum permissible comment length we will accept over netlink */
+ IPSET_MAX_COMMENT_SIZE = 255
+)
+
+const (
+ _ = iota
+ IPSET_CMD_PROTOCOL /* 1: Return protocol version */
+ IPSET_CMD_CREATE /* 2: Create a new (empty) set */
+ IPSET_CMD_DESTROY /* 3: Destroy a (empty) set */
+ IPSET_CMD_FLUSH /* 4: Remove all elements from a set */
+ IPSET_CMD_RENAME /* 5: Rename a set */
+ IPSET_CMD_SWAP /* 6: Swap two sets */
+ IPSET_CMD_LIST /* 7: List sets */
+ IPSET_CMD_SAVE /* 8: Save sets */
+ IPSET_CMD_ADD /* 9: Add an element to a set */
+ IPSET_CMD_DEL /* 10: Delete an element from a set */
+ IPSET_CMD_TEST /* 11: Test an element in a set */
+ IPSET_CMD_HEADER /* 12: Get set header data only */
+ IPSET_CMD_TYPE /* 13: Get set type */
+)
+
+/* Attributes at command level */
+const (
+ _ = iota
+ IPSET_ATTR_PROTOCOL /* 1: Protocol version */
+ IPSET_ATTR_SETNAME /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME /* 3: Typename */
+ IPSET_ATTR_REVISION /* 4: Settype revision */
+ IPSET_ATTR_FAMILY /* 5: Settype family */
+ IPSET_ATTR_FLAGS /* 6: Flags at command level */
+ IPSET_ATTR_DATA /* 7: Nested attributes */
+ IPSET_ATTR_ADT /* 8: Multiple data containers */
+ IPSET_ATTR_LINENO /* 9: Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
+
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME /* Setname at rename/swap */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
+)
+
+/* CADT specific attributes */
+const (
+ IPSET_ATTR_IP = 1
+ IPSET_ATTR_IP_FROM = 1
+ IPSET_ATTR_IP_TO = 2
+ IPSET_ATTR_CIDR = 3
+ IPSET_ATTR_PORT = 4
+ IPSET_ATTR_PORT_FROM = 4
+ IPSET_ATTR_PORT_TO = 5
+ IPSET_ATTR_TIMEOUT = 6
+ IPSET_ATTR_PROTO = 7
+ IPSET_ATTR_CADT_FLAGS = 8
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
+ IPSET_ATTR_MARK = 10
+ IPSET_ATTR_MARKMASK = 11
+
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16
+
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC = 3 + iota
+ IPSET_ATTR_HASHSIZE
+ IPSET_ATTR_MAXELEM
+ IPSET_ATTR_NETMASK
+ IPSET_ATTR_PROBES
+ IPSET_ATTR_RESIZE
+ IPSET_ATTR_SIZE
+
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS
+ IPSET_ATTR_REFERENCES
+ IPSET_ATTR_MEMSIZE
+
+ SET_ATTR_CREATE_MAX
+)
+
+/* ADT specific attributes */
+const (
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
+ IPSET_ATTR_NAME
+ IPSET_ATTR_NAMEREF
+ IPSET_ATTR_IP2
+ IPSET_ATTR_CIDR2
+ IPSET_ATTR_IP2_TO
+ IPSET_ATTR_IFACE
+ IPSET_ATTR_BYTES
+ IPSET_ATTR_PACKETS
+ IPSET_ATTR_COMMENT
+ IPSET_ATTR_SKBMARK
+ IPSET_ATTR_SKBPRIO
+ IPSET_ATTR_SKBQUEUE
+)
+
+/* Flags at CADT attribute level, upper half of cmdattrs */
+const (
+ IPSET_FLAG_BIT_BEFORE = 0
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE)
+ IPSET_FLAG_BIT_PHYSDEV = 1
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV)
+ IPSET_FLAG_BIT_NOMATCH = 2
+ IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH)
+ IPSET_FLAG_BIT_WITH_COUNTERS = 3
+ IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
+ IPSET_FLAG_BIT_WITH_COMMENT = 4
+ IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
+ IPSET_FLAG_BIT_WITH_FORCEADD = 5
+ IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
+ IPSET_FLAG_BIT_WITH_SKBINFO = 6
+ IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
+ IPSET_FLAG_CADT_MAX = 15
+)
+
+const (
+ IPSET_ERR_PRIVATE = 4096 + iota
+ IPSET_ERR_PROTOCOL
+ IPSET_ERR_FIND_TYPE
+ IPSET_ERR_MAX_SETS
+ IPSET_ERR_BUSY
+ IPSET_ERR_EXIST_SETNAME2
+ IPSET_ERR_TYPE_MISMATCH
+ IPSET_ERR_EXIST
+ IPSET_ERR_INVALID_CIDR
+ IPSET_ERR_INVALID_NETMASK
+ IPSET_ERR_INVALID_FAMILY
+ IPSET_ERR_TIMEOUT
+ IPSET_ERR_REFERENCED
+ IPSET_ERR_IPADDR_IPV4
+ IPSET_ERR_IPADDR_IPV6
+ IPSET_ERR_COUNTER
+ IPSET_ERR_COMMENT
+ IPSET_ERR_INVALID_MARKMASK
+ IPSET_ERR_SKBINFO
+
+ /* Type specific error codes */
+ IPSET_ERR_TYPE_SPECIFIC = 4352
+)
+
+type IPSetError uintptr
+
+func (e IPSetError) Error() string {
+ switch int(e) {
+ case IPSET_ERR_PRIVATE:
+ return "private"
+ case IPSET_ERR_PROTOCOL:
+ return "invalid protocol"
+ case IPSET_ERR_FIND_TYPE:
+ return "invalid type"
+ case IPSET_ERR_MAX_SETS:
+ return "max sets reached"
+ case IPSET_ERR_BUSY:
+ return "busy"
+ case IPSET_ERR_EXIST_SETNAME2:
+ return "exist_setname2"
+ case IPSET_ERR_TYPE_MISMATCH:
+ return "type mismatch"
+ case IPSET_ERR_EXIST:
+ return "exist"
+ case IPSET_ERR_INVALID_CIDR:
+ return "invalid cidr"
+ case IPSET_ERR_INVALID_NETMASK:
+ return "invalid netmask"
+ case IPSET_ERR_INVALID_FAMILY:
+ return "invalid family"
+ case IPSET_ERR_TIMEOUT:
+ return "timeout"
+ case IPSET_ERR_REFERENCED:
+ return "referenced"
+ case IPSET_ERR_IPADDR_IPV4:
+ return "invalid ipv4 address"
+ case IPSET_ERR_IPADDR_IPV6:
+ return "invalid ipv6 address"
+ case IPSET_ERR_COUNTER:
+ return "invalid counter"
+ case IPSET_ERR_COMMENT:
+ return "invalid comment"
+ case IPSET_ERR_INVALID_MARKMASK:
+ return "invalid markmask"
+ case IPSET_ERR_SKBINFO:
+ return "skbinfo"
+ default:
+ return "errno " + strconv.Itoa(int(e))
+ }
+}
+
+func GetIpsetFlags(cmd int) int {
+ switch cmd {
+ case IPSET_CMD_CREATE:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
+ case IPSET_CMD_DESTROY,
+ IPSET_CMD_FLUSH,
+ IPSET_CMD_RENAME,
+ IPSET_CMD_SWAP,
+ IPSET_CMD_TEST:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK
+ case IPSET_CMD_LIST,
+ IPSET_CMD_SAVE:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
+ case IPSET_CMD_ADD,
+ IPSET_CMD_DEL:
+ return unix.NLM_F_REQUEST | unix.NLM_F_ACK
+ case IPSET_CMD_HEADER,
+ IPSET_CMD_TYPE,
+ IPSET_CMD_PROTOCOL:
+ return unix.NLM_F_REQUEST
+ default:
+ return 0
+ }
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
index afb16a9c1..faee2fa03 100644
--- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
@@ -1,6 +1,8 @@
package nl
import (
+ "bytes"
+ "encoding/binary"
"unsafe"
)
@@ -243,7 +245,9 @@ const (
IFLA_VF_STATS_TX_BYTES
IFLA_VF_STATS_BROADCAST
IFLA_VF_STATS_MULTICAST
- IFLA_VF_STATS_MAX = IFLA_VF_STATS_MULTICAST
+ IFLA_VF_STATS_RX_DROPPED
+ IFLA_VF_STATS_TX_DROPPED
+ IFLA_VF_STATS_MAX = IFLA_VF_STATS_TX_DROPPED
)
const (
@@ -326,6 +330,59 @@ func (msg *VfTxRate) Serialize() []byte {
return (*(*[SizeofVfTxRate]byte)(unsafe.Pointer(msg)))[:]
}
+//struct ifla_vf_stats {
+// __u64 rx_packets;
+// __u64 tx_packets;
+// __u64 rx_bytes;
+// __u64 tx_bytes;
+// __u64 broadcast;
+// __u64 multicast;
+//};
+
+type VfStats struct {
+ RxPackets uint64
+ TxPackets uint64
+ RxBytes uint64
+ TxBytes uint64
+ Multicast uint64
+ Broadcast uint64
+ RxDropped uint64
+ TxDropped uint64
+}
+
+func DeserializeVfStats(b []byte) VfStats {
+ var vfstat VfStats
+ stats, err := ParseRouteAttr(b)
+ if err != nil {
+ return vfstat
+ }
+ var valueVar uint64
+ for _, stat := range stats {
+ if err := binary.Read(bytes.NewBuffer(stat.Value), NativeEndian(), &valueVar); err != nil {
+ break
+ }
+ switch stat.Attr.Type {
+ case IFLA_VF_STATS_RX_PACKETS:
+ vfstat.RxPackets = valueVar
+ case IFLA_VF_STATS_TX_PACKETS:
+ vfstat.TxPackets = valueVar
+ case IFLA_VF_STATS_RX_BYTES:
+ vfstat.RxBytes = valueVar
+ case IFLA_VF_STATS_TX_BYTES:
+ vfstat.TxBytes = valueVar
+ case IFLA_VF_STATS_MULTICAST:
+ vfstat.Multicast = valueVar
+ case IFLA_VF_STATS_BROADCAST:
+ vfstat.Broadcast = valueVar
+ case IFLA_VF_STATS_RX_DROPPED:
+ vfstat.RxDropped = valueVar
+ case IFLA_VF_STATS_TX_DROPPED:
+ vfstat.TxDropped = valueVar
+ }
+ }
+ return vfstat
+}
+
// struct ifla_vf_rate {
// __u32 vf;
// __u32 min_tx_rate; /* Min Bandwidth in Mbps */
@@ -478,6 +535,14 @@ const (
IFLA_XDP_MAX = IFLA_XDP_PROG_ID
)
+// XDP program attach mode (used as dump value for IFLA_XDP_ATTACHED)
+const (
+ XDP_ATTACHED_NONE = iota
+ XDP_ATTACHED_DRV
+ XDP_ATTACHED_SKB
+ XDP_ATTACHED_HW
+)
+
const (
IFLA_IPTUN_UNSPEC = iota
IFLA_IPTUN_LINK
diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
index aaf56c671..cef64b82e 100644
--- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
@@ -259,6 +259,29 @@ func NewIfInfomsgChild(parent *RtAttr, family int) *IfInfomsg {
return msg
}
+type Uint32Attribute struct {
+ Type uint16
+ Value uint32
+}
+
+func (a *Uint32Attribute) Serialize() []byte {
+ native := NativeEndian()
+ buf := make([]byte, rtaAlignOf(8))
+ native.PutUint16(buf[0:2], 8)
+ native.PutUint16(buf[2:4], a.Type)
+
+ if a.Type&NLA_F_NET_BYTEORDER != 0 {
+ binary.BigEndian.PutUint32(buf[4:], a.Value)
+ } else {
+ native.PutUint32(buf[4:], a.Value)
+ }
+ return buf
+}
+
+func (a *Uint32Attribute) Len() int {
+ return 8
+}
+
// Extend RtAttr to handle data and children
type RtAttr struct {
unix.RtAttr
@@ -439,10 +462,7 @@ done:
if m.Header.Pid != pid {
continue
}
- if m.Header.Type == unix.NLMSG_DONE {
- break done
- }
- if m.Header.Type == unix.NLMSG_ERROR {
+ if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR {
native := NativeEndian()
error := int32(native.Uint32(m.Data[0:4]))
if error == 0 {
diff --git a/vendor/github.com/vishvananda/netlink/nl/parse_attr.go b/vendor/github.com/vishvananda/netlink/nl/parse_attr.go
new file mode 100644
index 000000000..19eb8f28e
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/nl/parse_attr.go
@@ -0,0 +1,67 @@
+package nl
+
+import (
+ "encoding/binary"
+ "fmt"
+)
+
+type Attribute struct {
+ Type uint16
+ Value []byte
+}
+
+func ParseAttributes(data []byte) <-chan Attribute {
+ native := NativeEndian()
+ result := make(chan Attribute)
+
+ go func() {
+ i := 0
+ for i+4 < len(data) {
+ length := int(native.Uint16(data[i : i+2]))
+
+ result <- Attribute{
+ Type: native.Uint16(data[i+2 : i+4]),
+ Value: data[i+4 : i+length],
+ }
+ i += rtaAlignOf(length)
+ }
+ close(result)
+ }()
+
+ return result
+}
+
+func PrintAttributes(data []byte) {
+ printAttributes(data, 0)
+}
+
+func printAttributes(data []byte, level int) {
+ for attr := range ParseAttributes(data) {
+ for i := 0; i < level; i++ {
+ print("> ")
+ }
+ nested := attr.Type&NLA_F_NESTED != 0
+ fmt.Printf("type=%d nested=%v len=%v %v\n", attr.Type&NLA_TYPE_MASK, nested, len(attr.Value), attr.Value)
+ if nested {
+ printAttributes(attr.Value, level+1)
+ }
+ }
+}
+
+// Uint32 returns the uint32 value respecting the NET_BYTEORDER flag
+func (attr *Attribute) Uint32() uint32 {
+ if attr.Type&NLA_F_NET_BYTEORDER != 0 {
+ return binary.BigEndian.Uint32(attr.Value)
+ } else {
+ return NativeEndian().Uint32(attr.Value)
+ }
+}
+
+// Uint64 returns the uint64 value respecting the NET_BYTEORDER flag
+func (attr *Attribute) Uint64() uint64 {
+ if attr.Type&NLA_F_NET_BYTEORDER != 0 {
+ return binary.BigEndian.Uint64(attr.Value)
+ } else {
+ return NativeEndian().Uint64(attr.Value)
+ }
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/syscall.go b/vendor/github.com/vishvananda/netlink/nl/syscall.go
index f7f7f92e6..4a01e6e59 100644
--- a/vendor/github.com/vishvananda/netlink/nl/syscall.go
+++ b/vendor/github.com/vishvananda/netlink/nl/syscall.go
@@ -21,6 +21,13 @@ const (
FRA_TABLE /* Extended table id */
FRA_FWMASK /* mask for netfilter mark */
FRA_OIFNAME
+ FRA_PAD
+ FRA_L3MDEV /* iif or oif is l3mdev goto its table */
+ FRA_UID_RANGE /* UID range */
+ FRA_PROTOCOL /* Originator of the rule */
+ FRA_IP_PROTO /* ip proto */
+ FRA_SPORT_RANGE /* sport */
+ FRA_DPORT_RANGE /* dport */
)
// ip rule netlink request types
diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
index 501f554b2..c24d53eb7 100644
--- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go
@@ -94,6 +94,9 @@ const (
SizeofTcTunnelKey = SizeofTcGen + 0x04
SizeofTcSkbEdit = SizeofTcGen
SizeofTcPolice = 2*SizeofTcRateSpec + 0x20
+ SizeofTcSfqQopt = 0x0b
+ SizeofTcSfqRedStats = 0x18
+ SizeofTcSfqQoptV1 = SizeofTcSfqQopt + SizeofTcSfqRedStats + 0x1c
)
// struct tcmsg {
@@ -735,7 +738,13 @@ const (
TCA_TUNNEL_KEY_ENC_IPV6_SRC
TCA_TUNNEL_KEY_ENC_IPV6_DST
TCA_TUNNEL_KEY_ENC_KEY_ID
- TCA_TUNNEL_KEY_MAX = TCA_TUNNEL_KEY_ENC_KEY_ID
+ TCA_TUNNEL_KEY_PAD
+ TCA_TUNNEL_KEY_ENC_DST_PORT
+ TCA_TUNNEL_KEY_NO_CSUM
+ TCA_TUNNEL_KEY_ENC_OPTS
+ TCA_TUNNEL_KEY_ENC_TOS
+ TCA_TUNNEL_KEY_ENC_TTL
+ TCA_TUNNEL_KEY_MAX
)
type TcTunnelKey struct {
@@ -872,3 +881,103 @@ const (
TCA_HFSC_FSC
TCA_HFSC_USC
)
+
+// struct tc_sfq_qopt {
+// unsigned quantum; /* Bytes per round allocated to flow */
+// int perturb_period; /* Period of hash perturbation */
+// __u32 limit; /* Maximal packets in queue */
+// unsigned divisor; /* Hash divisor */
+// unsigned flows; /* Maximal number of flows */
+// };
+
+type TcSfqQopt struct {
+ Quantum uint8
+ Perturb int32
+ Limit uint32
+ Divisor uint8
+ Flows uint8
+}
+
+func (x *TcSfqQopt) Len() int {
+ return SizeofTcSfqQopt
+}
+
+func DeserializeTcSfqQopt(b []byte) *TcSfqQopt {
+ return (*TcSfqQopt)(unsafe.Pointer(&b[0:SizeofTcSfqQopt][0]))
+}
+
+func (x *TcSfqQopt) Serialize() []byte {
+ return (*(*[SizeofTcSfqQopt]byte)(unsafe.Pointer(x)))[:]
+}
+
+// struct tc_sfqred_stats {
+// __u32 prob_drop; /* Early drops, below max threshold */
+// __u32 forced_drop; /* Early drops, after max threshold */
+// __u32 prob_mark; /* Marked packets, below max threshold */
+// __u32 forced_mark; /* Marked packets, after max threshold */
+// __u32 prob_mark_head; /* Marked packets, below max threshold */
+// __u32 forced_mark_head;/* Marked packets, after max threshold */
+// };
+type TcSfqRedStats struct {
+ ProbDrop uint32
+ ForcedDrop uint32
+ ProbMark uint32
+ ForcedMark uint32
+ ProbMarkHead uint32
+ ForcedMarkHead uint32
+}
+
+func (x *TcSfqRedStats) Len() int {
+ return SizeofTcSfqRedStats
+}
+
+func DeserializeTcSfqRedStats(b []byte) *TcSfqRedStats {
+ return (*TcSfqRedStats)(unsafe.Pointer(&b[0:SizeofTcSfqRedStats][0]))
+}
+
+func (x *TcSfqRedStats) Serialize() []byte {
+ return (*(*[SizeofTcSfqRedStats]byte)(unsafe.Pointer(x)))[:]
+}
+
+// struct tc_sfq_qopt_v1 {
+// struct tc_sfq_qopt v0;
+// unsigned int depth; /* max number of packets per flow */
+// unsigned int headdrop;
+// /* SFQRED parameters */
+// __u32 limit; /* HARD maximal flow queue length (bytes) */
+// __u32 qth_min; /* Min average length threshold (bytes) */
+// __u32 qth_max; /* Max average length threshold (bytes) */
+// unsigned char Wlog; /* log(W) */
+// unsigned char Plog; /* log(P_max/(qth_max-qth_min)) */
+// unsigned char Scell_log; /* cell size for idle damping */
+// unsigned char flags;
+// __u32 max_P; /* probability, high resolution */
+// /* SFQRED stats */
+// struct tc_sfqred_stats stats;
+// };
+type TcSfqQoptV1 struct {
+ TcSfqQopt
+ Depth uint32
+ HeadDrop uint32
+ Limit uint32
+ QthMin uint32
+ QthMax uint32
+ Wlog byte
+ Plog byte
+ ScellLog byte
+ Flags byte
+ MaxP uint32
+ TcSfqRedStats
+}
+
+func (x *TcSfqQoptV1) Len() int {
+ return SizeofTcSfqQoptV1
+}
+
+func DeserializeTcSfqQoptV1(b []byte) *TcSfqQoptV1 {
+ return (*TcSfqQoptV1)(unsafe.Pointer(&b[0:SizeofTcSfqQoptV1][0]))
+}
+
+func (x *TcSfqQoptV1) Serialize() []byte {
+ return (*(*[SizeofTcSfqQoptV1]byte)(unsafe.Pointer(x)))[:]
+}
diff --git a/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
index b6290fd54..43a947f22 100644
--- a/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/xfrm_state_linux.go
@@ -13,7 +13,7 @@ const (
SizeofXfrmAlgoAuth = 0x48
SizeofXfrmAlgoAEAD = 0x48
SizeofXfrmEncapTmpl = 0x18
- SizeofXfrmUsersaFlush = 0x8
+ SizeofXfrmUsersaFlush = 0x1
SizeofXfrmReplayStateEsn = 0x18
)
diff --git a/vendor/github.com/vishvananda/netlink/qdisc.go b/vendor/github.com/vishvananda/netlink/qdisc.go
index af78305ac..8418569ee 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc.go
@@ -338,3 +338,27 @@ func (qdisc *FqCodel) Attrs() *QdiscAttrs {
func (qdisc *FqCodel) Type() string {
return "fq_codel"
}
+
+type Sfq struct {
+ QdiscAttrs
+ // TODO: Only the simplified options for SFQ are handled here. Support for the extended one can be added later.
+ Quantum uint8
+ Perturb uint8
+ Limit uint32
+ Divisor uint8
+}
+
+func (sfq *Sfq) String() string {
+ return fmt.Sprintf(
+ "{%v -- Quantum: %v, Perturb: %v, Limit: %v, Divisor: %v}",
+ sfq.Attrs(), sfq.Quantum, sfq.Perturb, sfq.Limit, sfq.Divisor,
+ )
+}
+
+func (qdisc *Sfq) Attrs() *QdiscAttrs {
+ return &qdisc.QdiscAttrs
+}
+
+func (qdisc *Sfq) Type() string {
+ return "sfq"
+}
diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
index e9eee5908..d0e1ca194 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
@@ -278,6 +278,14 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
if qdisc.FlowDefaultRate > 0 {
options.AddRtAttr(nl.TCA_FQ_FLOW_DEFAULT_RATE, nl.Uint32Attr((uint32(qdisc.FlowDefaultRate))))
}
+ case *Sfq:
+ opt := nl.TcSfqQoptV1{}
+ opt.TcSfqQopt.Quantum = qdisc.Quantum
+ opt.TcSfqQopt.Perturb = int32(qdisc.Perturb)
+ opt.TcSfqQopt.Limit = qdisc.Limit
+ opt.TcSfqQopt.Divisor = qdisc.Divisor
+
+ options = nl.NewRtAttr(nl.TCA_OPTIONS, opt.Serialize())
default:
options = nil
}
@@ -362,6 +370,8 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
qdisc = &FqCodel{}
case "netem":
qdisc = &Netem{}
+ case "sfq":
+ qdisc = &Sfq{}
default:
qdisc = &GenericQdisc{QdiscType: qdiscType}
}
@@ -417,6 +427,10 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
if err := parseNetemData(qdisc, attr.Value); err != nil {
return nil, err
}
+ case "sfq":
+ if err := parseSfqData(qdisc, attr.Value); err != nil {
+ return nil, err
+ }
// no options for ingress
}
@@ -582,6 +596,17 @@ func parseTbfData(qdisc Qdisc, data []syscall.NetlinkRouteAttr) error {
return nil
}
+func parseSfqData(qdisc Qdisc, value []byte) error {
+ sfq := qdisc.(*Sfq)
+ opt := nl.DeserializeTcSfqQoptV1(value)
+ sfq.Quantum = opt.TcSfqQopt.Quantum
+ sfq.Perturb = uint8(opt.TcSfqQopt.Perturb)
+ sfq.Limit = opt.TcSfqQopt.Limit
+ sfq.Divisor = opt.TcSfqQopt.Divisor
+
+ return nil
+}
+
const (
TIME_UNITS_PER_SEC = 1000000
)
@@ -598,10 +623,10 @@ func initClock() {
return
}
parts := strings.Split(strings.TrimSpace(string(data)), " ")
- if len(parts) < 3 {
+ if len(parts) < 4 {
return
}
- var vals [3]uint64
+ var vals [4]uint64
for i := range vals {
val, err := strconv.ParseUint(parts[i], 16, 32)
if err != nil {
@@ -615,7 +640,12 @@ func initClock() {
}
clockFactor = float64(vals[2]) / TIME_UNITS_PER_SEC
tickInUsec = float64(vals[0]) / float64(vals[1]) * clockFactor
- hz = float64(vals[0])
+ if vals[2] == 1000000 {
+ // ref https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/lib/utils.c#n963
+ hz = float64(vals[3])
+ } else {
+ hz = 100
+ }
}
func TickInUsec() float64 {
@@ -663,6 +693,7 @@ func latency(rate uint64, limit, buffer uint32) float64 {
return TIME_UNITS_PER_SEC*(float64(limit)/float64(rate)) - float64(tick2Time(buffer))
}
-func Xmittime(rate uint64, size uint32) float64 {
- return TickInUsec() * TIME_UNITS_PER_SEC * (float64(size) / float64(rate))
+func Xmittime(rate uint64, size uint32) uint32 {
+ // https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/tc/tc_core.c#n62
+ return time2Tick(uint32(TIME_UNITS_PER_SEC * (float64(size) / float64(rate))))
}
diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
index 2d0bdc8c3..ff014ca4c 100644
--- a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
@@ -77,28 +77,39 @@ func executeOneGetRdmaLink(data []byte) (*RdmaLink, error) {
return &link, nil
}
-func execRdmaGetLink(req *nl.NetlinkRequest, name string) (*RdmaLink, error) {
+func execRdmaSetLink(req *nl.NetlinkRequest) error {
+
+ _, err := req.Execute(unix.NETLINK_RDMA, 0)
+ return err
+}
+
+// RdmaLinkList gets a list of RDMA link devices.
+// Equivalent to: `rdma dev show`
+func RdmaLinkList() ([]*RdmaLink, error) {
+ return pkgHandle.RdmaLinkList()
+}
+
+// RdmaLinkList gets a list of RDMA link devices.
+// Equivalent to: `rdma dev show`
+func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
+ proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
+ req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
if err != nil {
return nil, err
}
+
+ var res []*RdmaLink
for _, m := range msgs {
link, err := executeOneGetRdmaLink(m)
if err != nil {
return nil, err
}
- if link.Attrs.Name == name {
- return link, nil
- }
+ res = append(res, link)
}
- return nil, fmt.Errorf("Rdma device %v not found", name)
-}
-func execRdmaSetLink(req *nl.NetlinkRequest) error {
-
- _, err := req.Execute(unix.NETLINK_RDMA, 0)
- return err
+ return res, nil
}
// RdmaLinkByName finds a link by name and returns a pointer to the object if
@@ -110,11 +121,16 @@ func RdmaLinkByName(name string) (*RdmaLink, error) {
// RdmaLinkByName finds a link by name and returns a pointer to the object if
// found and nil error, otherwise returns error code.
func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) {
-
- proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
- req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
-
- return execRdmaGetLink(req, name)
+ links, err := h.RdmaLinkList()
+ if err != nil {
+ return nil, err
+ }
+ for _, link := range links {
+ if link.Attrs.Name == name {
+ return link, nil
+ }
+ }
+ return nil, fmt.Errorf("Rdma device %v not found", name)
}
// RdmaLinkSetName sets the name of the rdma link device. Return nil on success
diff --git a/vendor/github.com/vishvananda/netlink/route.go b/vendor/github.com/vishvananda/netlink/route.go
index 58ff1af60..b16254174 100644
--- a/vendor/github.com/vishvananda/netlink/route.go
+++ b/vendor/github.com/vishvananda/netlink/route.go
@@ -29,25 +29,38 @@ type Encap interface {
// Route represents a netlink route.
type Route struct {
- LinkIndex int
- ILinkIndex int
- Scope Scope
- Dst *net.IPNet
- Src net.IP
- Gw net.IP
- MultiPath []*NexthopInfo
- Protocol int
- Priority int
- Table int
- Type int
- Tos int
- Flags int
- MPLSDst *int
- NewDst Destination
- Encap Encap
- MTU int
- AdvMSS int
- Hoplimit int
+ LinkIndex int
+ ILinkIndex int
+ Scope Scope
+ Dst *net.IPNet
+ Src net.IP
+ Gw net.IP
+ MultiPath []*NexthopInfo
+ Protocol int
+ Priority int
+ Table int
+ Type int
+ Tos int
+ Flags int
+ MPLSDst *int
+ NewDst Destination
+ Encap Encap
+ MTU int
+ Window int
+ Rtt int
+ RttVar int
+ Ssthresh int
+ Cwnd int
+ AdvMSS int
+ Reordering int
+ Hoplimit int
+ InitCwnd int
+ Features int
+ RtoMin int
+ InitRwnd int
+ QuickACK int
+ Congctl string
+ FastOpenNoCookie int
}
func (r Route) String() string {
diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go
index c69c595ed..4e778a417 100644
--- a/vendor/github.com/vishvananda/netlink/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/route_linux.go
@@ -33,6 +33,9 @@ const (
RT_FILTER_GW
RT_FILTER_TABLE
RT_FILTER_HOPLIMIT
+ RT_FILTER_PRIORITY
+ RT_FILTER_MARK
+ RT_FILTER_MASK
)
const (
@@ -639,19 +642,70 @@ func (h *Handle) routeHandle(route *Route, req *nl.NetlinkRequest, msg *nl.RtMsg
}
var metrics []*nl.RtAttr
- // TODO: support other rta_metric values
if route.MTU > 0 {
b := nl.Uint32Attr(uint32(route.MTU))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_MTU, b))
}
+ if route.Window > 0 {
+ b := nl.Uint32Attr(uint32(route.Window))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_WINDOW, b))
+ }
+ if route.Rtt > 0 {
+ b := nl.Uint32Attr(uint32(route.Rtt))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTT, b))
+ }
+ if route.RttVar > 0 {
+ b := nl.Uint32Attr(uint32(route.RttVar))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTTVAR, b))
+ }
+ if route.Ssthresh > 0 {
+ b := nl.Uint32Attr(uint32(route.Ssthresh))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_SSTHRESH, b))
+ }
+ if route.Cwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.Cwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_CWND, b))
+ }
if route.AdvMSS > 0 {
b := nl.Uint32Attr(uint32(route.AdvMSS))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_ADVMSS, b))
}
+ if route.Reordering > 0 {
+ b := nl.Uint32Attr(uint32(route.Reordering))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_REORDERING, b))
+ }
if route.Hoplimit > 0 {
b := nl.Uint32Attr(uint32(route.Hoplimit))
metrics = append(metrics, nl.NewRtAttr(unix.RTAX_HOPLIMIT, b))
}
+ if route.InitCwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.InitCwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_INITCWND, b))
+ }
+ if route.Features > 0 {
+ b := nl.Uint32Attr(uint32(route.Features))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_FEATURES, b))
+ }
+ if route.RtoMin > 0 {
+ b := nl.Uint32Attr(uint32(route.RtoMin))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTO_MIN, b))
+ }
+ if route.InitRwnd > 0 {
+ b := nl.Uint32Attr(uint32(route.InitRwnd))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_INITRWND, b))
+ }
+ if route.QuickACK > 0 {
+ b := nl.Uint32Attr(uint32(route.QuickACK))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_QUICKACK, b))
+ }
+ if route.Congctl != "" {
+ b := nl.ZeroTerminated(route.Congctl)
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_CC_ALGO, b))
+ }
+ if route.FastOpenNoCookie > 0 {
+ b := nl.Uint32Attr(uint32(route.FastOpenNoCookie))
+ metrics = append(metrics, nl.NewRtAttr(unix.RTAX_FASTOPEN_NO_COOKIE, b))
+ }
if metrics != nil {
attr := nl.NewRtAttr(unix.RTA_METRICS, nil)
@@ -903,10 +957,36 @@ func deserializeRoute(m []byte) (Route, error) {
switch metric.Attr.Type {
case unix.RTAX_MTU:
route.MTU = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_WINDOW:
+ route.Window = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTT:
+ route.Rtt = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTTVAR:
+ route.RttVar = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_SSTHRESH:
+ route.Ssthresh = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_CWND:
+ route.Cwnd = int(native.Uint32(metric.Value[0:4]))
case unix.RTAX_ADVMSS:
route.AdvMSS = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_REORDERING:
+ route.Reordering = int(native.Uint32(metric.Value[0:4]))
case unix.RTAX_HOPLIMIT:
route.Hoplimit = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_INITCWND:
+ route.InitCwnd = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_FEATURES:
+ route.Features = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_RTO_MIN:
+ route.RtoMin = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_INITRWND:
+ route.InitRwnd = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_QUICKACK:
+ route.QuickACK = int(native.Uint32(metric.Value[0:4]))
+ case unix.RTAX_CC_ALGO:
+ route.Congctl = nl.BytesToString(metric.Value)
+ case unix.RTAX_FASTOPEN_NO_COOKIE:
+ route.FastOpenNoCookie = int(native.Uint32(metric.Value[0:4]))
}
}
}
@@ -938,15 +1018,27 @@ func deserializeRoute(m []byte) (Route, error) {
return route, nil
}
+// RouteGetOptions contains a set of options to use with
+// RouteGetWithOptions
+type RouteGetOptions struct {
+ VrfName string
+}
+
+// RouteGetWithOptions gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get <> vrf <VrfName>'.
+func RouteGetWithOptions(destination net.IP, options *RouteGetOptions) ([]Route, error) {
+ return pkgHandle.RouteGetWithOptions(destination, options)
+}
+
// RouteGet gets a route to a specific destination from the host system.
// Equivalent to: 'ip route get'.
func RouteGet(destination net.IP) ([]Route, error) {
return pkgHandle.RouteGet(destination)
}
-// RouteGet gets a route to a specific destination from the host system.
-// Equivalent to: 'ip route get'.
-func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+// RouteGetWithOptions gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get <> vrf <VrfName>'.
+func (h *Handle) RouteGetWithOptions(destination net.IP, options *RouteGetOptions) ([]Route, error) {
req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_REQUEST)
family := nl.GetIPFamily(destination)
var destinationData []byte
@@ -966,6 +1058,20 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
rtaDst := nl.NewRtAttr(unix.RTA_DST, destinationData)
req.AddData(rtaDst)
+ if options != nil {
+ link, err := LinkByName(options.VrfName)
+ if err != nil {
+ return nil, err
+ }
+ var (
+ b = make([]byte, 4)
+ native = nl.NativeEndian()
+ )
+ native.PutUint32(b, uint32(link.Attrs().Index))
+
+ req.AddData(nl.NewRtAttr(unix.RTA_OIF, b))
+ }
+
msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWROUTE)
if err != nil {
return nil, err
@@ -980,7 +1086,12 @@ func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
res = append(res, route)
}
return res, nil
+}
+// RouteGet gets a route to a specific destination from the host system.
+// Equivalent to: 'ip route get'.
+func (h *Handle) RouteGet(destination net.IP) ([]Route, error) {
+ return h.RouteGetWithOptions(destination, nil)
}
// RouteSubscribe takes a chan down which notifications will be sent
diff --git a/vendor/github.com/vishvananda/netlink/rule.go b/vendor/github.com/vishvananda/netlink/rule.go
index 7fc8ae5df..95f2facfb 100644
--- a/vendor/github.com/vishvananda/netlink/rule.go
+++ b/vendor/github.com/vishvananda/netlink/rule.go
@@ -12,6 +12,7 @@ type Rule struct {
Table int
Mark int
Mask int
+ Tos uint
TunID uint
Goto int
Src *net.IPNet
@@ -22,6 +23,8 @@ type Rule struct {
SuppressIfgroup int
SuppressPrefixlen int
Invert bool
+ Dport *RulePortRange
+ Sport *RulePortRange
}
func (r Rule) String() string {
@@ -40,3 +43,14 @@ func NewRule() *Rule {
Flow: -1,
}
}
+
+// NewRulePortRange creates rule sport/dport range.
+func NewRulePortRange(start, end uint16) *RulePortRange {
+ return &RulePortRange{Start: start, End: end}
+}
+
+// RulePortRange represents rule sport/dport range.
+type RulePortRange struct {
+ Start uint16
+ End uint16
+}
diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go
index e12569fe4..40474f30e 100644
--- a/vendor/github.com/vishvananda/netlink/rule_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rule_linux.go
@@ -1,6 +1,7 @@
package netlink
import (
+ "bytes"
"fmt"
"net"
@@ -55,6 +56,9 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
if rule.Table >= 0 && rule.Table < 256 {
msg.Table = uint8(rule.Table)
}
+ if rule.Tos != 0 {
+ msg.Tos = uint8(rule.Tos)
+ }
var dstFamily uint8
var rtAttrs []*nl.RtAttr
@@ -138,10 +142,10 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
}
}
if rule.IifName != "" {
- req.AddData(nl.NewRtAttr(nl.FRA_IIFNAME, []byte(rule.IifName)))
+ req.AddData(nl.NewRtAttr(nl.FRA_IIFNAME, []byte(rule.IifName+"\x00")))
}
if rule.OifName != "" {
- req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName)))
+ req.AddData(nl.NewRtAttr(nl.FRA_OIFNAME, []byte(rule.OifName+"\x00")))
}
if rule.Goto >= 0 {
msg.Type = nl.FR_ACT_GOTO
@@ -150,6 +154,16 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
req.AddData(nl.NewRtAttr(nl.FRA_GOTO, b))
}
+ if rule.Dport != nil {
+ b := rule.Dport.toRtAttrData()
+ req.AddData(nl.NewRtAttr(nl.FRA_DPORT_RANGE, b))
+ }
+
+ if rule.Sport != nil {
+ b := rule.Sport.toRtAttrData()
+ req.AddData(nl.NewRtAttr(nl.FRA_SPORT_RANGE, b))
+ }
+
_, err := req.Execute(unix.NETLINK_ROUTE, 0)
return err
}
@@ -163,6 +177,19 @@ func RuleList(family int) ([]Rule, error) {
// RuleList lists rules in the system.
// Equivalent to: ip rule list
func (h *Handle) RuleList(family int) ([]Rule, error) {
+ return h.RuleListFiltered(family, nil, 0)
+}
+
+// RuleListFiltered gets a list of rules in the system filtered by the
+// specified rule template `filter`.
+// Equivalent to: ip rule list
+func RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
+ return pkgHandle.RuleListFiltered(family, filter, filterMask)
+}
+
+// RuleListFiltered lists rules in the system.
+// Equivalent to: ip rule list
+func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST)
msg := nl.NewIfInfomsg(family)
req.AddData(msg)
@@ -184,6 +211,7 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
rule := NewRule()
rule.Invert = msg.Flags&FibRuleInvert > 0
+ rule.Tos = uint(msg.Tos)
for j := range attrs {
switch attrs[j].Attr.Type {
@@ -225,10 +253,44 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
rule.Goto = int(native.Uint32(attrs[j].Value[0:4]))
case nl.FRA_PRIORITY:
rule.Priority = int(native.Uint32(attrs[j].Value[0:4]))
+ case nl.FRA_DPORT_RANGE:
+ rule.Dport = NewRulePortRange(native.Uint16(attrs[j].Value[0:2]), native.Uint16(attrs[j].Value[2:4]))
+ case nl.FRA_SPORT_RANGE:
+ rule.Sport = NewRulePortRange(native.Uint16(attrs[j].Value[0:2]), native.Uint16(attrs[j].Value[2:4]))
+ }
+ }
+
+ if filter != nil {
+ switch {
+ case filterMask&RT_FILTER_SRC != 0 &&
+ (rule.Src == nil || rule.Src.String() != filter.Src.String()):
+ continue
+ case filterMask&RT_FILTER_DST != 0 &&
+ (rule.Dst == nil || rule.Dst.String() != filter.Dst.String()):
+ continue
+ case filterMask&RT_FILTER_TABLE != 0 &&
+ filter.Table != unix.RT_TABLE_UNSPEC && rule.Table != filter.Table:
+ continue
+ case filterMask&RT_FILTER_TOS != 0 && rule.Tos != filter.Tos:
+ continue
+ case filterMask&RT_FILTER_PRIORITY != 0 && rule.Priority != filter.Priority:
+ continue
+ case filterMask&RT_FILTER_MARK != 0 && rule.Mark != filter.Mark:
+ continue
+ case filterMask&RT_FILTER_MASK != 0 && rule.Mask != filter.Mask:
+ continue
}
}
+
res = append(res, *rule)
}
return res, nil
}
+
+func (pr *RulePortRange) toRtAttrData() []byte {
+ b := [][]byte{make([]byte, 2), make([]byte, 2)}
+ native.PutUint16(b[0], pr.Start)
+ native.PutUint16(b[1], pr.End)
+ return bytes.Join(b, []byte{})
+}
diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go
index c4d89c17e..e4e7f7ac3 100644
--- a/vendor/github.com/vishvananda/netlink/socket_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_linux.go
@@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"net"
+ "syscall"
"github.com/vishvananda/netlink/nl"
"golang.org/x/sys/unix"
@@ -49,10 +50,15 @@ func (r *socketRequest) Serialize() []byte {
native.PutUint32(b.Next(4), r.States)
networkOrder.PutUint16(b.Next(2), r.ID.SourcePort)
networkOrder.PutUint16(b.Next(2), r.ID.DestinationPort)
- copy(b.Next(4), r.ID.Source.To4())
- b.Next(12)
- copy(b.Next(4), r.ID.Destination.To4())
- b.Next(12)
+ if r.Family == unix.AF_INET6 {
+ copy(b.Next(16), r.ID.Source)
+ copy(b.Next(16), r.ID.Destination)
+ } else {
+ copy(b.Next(4), r.ID.Source.To4())
+ b.Next(12)
+ copy(b.Next(4), r.ID.Destination.To4())
+ b.Next(12)
+ }
native.PutUint32(b.Next(4), r.ID.Interface)
native.PutUint32(b.Next(4), r.ID.Cookie[0])
native.PutUint32(b.Next(4), r.ID.Cookie[1])
@@ -89,10 +95,15 @@ func (s *Socket) deserialize(b []byte) error {
s.Retrans = rb.Read()
s.ID.SourcePort = networkOrder.Uint16(rb.Next(2))
s.ID.DestinationPort = networkOrder.Uint16(rb.Next(2))
- s.ID.Source = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
- rb.Next(12)
- s.ID.Destination = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
- rb.Next(12)
+ if s.Family == unix.AF_INET6 {
+ s.ID.Source = net.IP(rb.Next(16))
+ s.ID.Destination = net.IP(rb.Next(16))
+ } else {
+ s.ID.Source = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
+ rb.Next(12)
+ s.ID.Destination = net.IPv4(rb.Read(), rb.Read(), rb.Read(), rb.Read())
+ rb.Next(12)
+ }
s.ID.Interface = native.Uint32(rb.Next(4))
s.ID.Cookie[0] = native.Uint32(rb.Next(4))
s.ID.Cookie[1] = native.Uint32(rb.Next(4))
@@ -160,3 +171,68 @@ func SocketGet(local, remote net.Addr) (*Socket, error) {
}
return sock, nil
}
+
+// SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type.
+func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
+ s, err := nl.Subscribe(unix.NETLINK_INET_DIAG)
+ if err != nil {
+ return nil, err
+ }
+ defer s.Close()
+
+ req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
+ req.AddData(&socketRequest{
+ Family: family,
+ Protocol: unix.IPPROTO_TCP,
+ Ext: INET_DIAG_INFO,
+ States: uint32(0xfff), // All TCP states
+ })
+ s.Send(req)
+
+ var result []*InetDiagTCPInfoResp
+loop:
+ for {
+ msgs, from, err := s.Receive()
+ if err != nil {
+ return nil, err
+ }
+ if from.Pid != nl.PidKernel {
+ return nil, fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel)
+ }
+ if len(msgs) == 0 {
+ return nil, errors.New("no message nor error from netlink")
+ }
+
+ for _, m := range msgs {
+ switch m.Header.Type {
+ case unix.NLMSG_DONE:
+ break loop
+ case unix.NLMSG_ERROR:
+ native := nl.NativeEndian()
+ error := int32(native.Uint32(m.Data[0:4]))
+ return nil, syscall.Errno(-error)
+ }
+ sockInfo := &Socket{}
+ if err := sockInfo.deserialize(m.Data); err != nil {
+ return nil, err
+ }
+ attrs, err := nl.ParseRouteAttr(m.Data[sizeofSocket:])
+ if err != nil {
+ return nil, err
+ }
+ var tcpInfo *TCPInfo
+ for _, a := range attrs {
+ if a.Attr.Type == INET_DIAG_INFO {
+ tcpInfo = &TCPInfo{}
+ if err := tcpInfo.deserialize(a.Value); err != nil {
+ return nil, err
+ }
+ break
+ }
+ }
+ r := &InetDiagTCPInfoResp{InetDiagMsg: sockInfo, TCPInfo: tcpInfo}
+ result = append(result, r)
+ }
+ }
+ return result, nil
+}
diff --git a/vendor/github.com/vishvananda/netlink/tcp.go b/vendor/github.com/vishvananda/netlink/tcp.go
new file mode 100644
index 000000000..4a42ee5a6
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/tcp.go
@@ -0,0 +1,18 @@
+package netlink
+
+// TCP States
+const (
+ TCP_ESTABLISHED = iota + 0x01
+ TCP_SYN_SENT
+ TCP_SYN_RECV
+ TCP_FIN_WAIT1
+ TCP_FIN_WAIT2
+ TCP_TIME_WAIT
+ TCP_CLOSE
+ TCP_CLOSE_WAIT
+ TCP_LAST_ACK
+ TCP_LISTEN
+ TCP_CLOSING
+ TCP_NEW_SYN_REC
+ TCP_MAX_STATES
+)
diff --git a/vendor/github.com/vishvananda/netlink/tcp_linux.go b/vendor/github.com/vishvananda/netlink/tcp_linux.go
new file mode 100644
index 000000000..741ea1655
--- /dev/null
+++ b/vendor/github.com/vishvananda/netlink/tcp_linux.go
@@ -0,0 +1,393 @@
+package netlink
+
+import (
+ "bytes"
+ "io"
+)
+
+type TCPInfo struct {
+ State uint8
+ Ca_state uint8
+ Retransmits uint8
+ Probes uint8
+ Backoff uint8
+ Options uint8
+ Snd_wscale uint8 // no uint4
+ Rcv_wscale uint8
+ Delivery_rate_app_limited uint8
+ Fastopen_client_fail uint8
+ Rto uint32
+ Ato uint32
+ Snd_mss uint32
+ Rcv_mss uint32
+ Unacked uint32
+ Sacked uint32
+ Lost uint32
+ Retrans uint32
+ Fackets uint32
+ Last_data_sent uint32
+ Last_ack_sent uint32
+ Last_data_recv uint32
+ Last_ack_recv uint32
+ Pmtu uint32
+ Rcv_ssthresh uint32
+ Rtt uint32
+ Rttvar uint32
+ Snd_ssthresh uint32
+ Snd_cwnd uint32
+ Advmss uint32
+ Reordering uint32
+ Rcv_rtt uint32
+ Rcv_space uint32
+ Total_retrans uint32
+ Pacing_rate uint64
+ Max_pacing_rate uint64
+ Bytes_acked uint64 /* RFC4898 tcpEStatsAppHCThruOctetsAcked */
+ Bytes_received uint64 /* RFC4898 tcpEStatsAppHCThruOctetsReceived */
+ Segs_out uint32 /* RFC4898 tcpEStatsPerfSegsOut */
+ Segs_in uint32 /* RFC4898 tcpEStatsPerfSegsIn */
+ Notsent_bytes uint32
+ Min_rtt uint32
+ Data_segs_in uint32 /* RFC4898 tcpEStatsDataSegsIn */
+ Data_segs_out uint32 /* RFC4898 tcpEStatsDataSegsOut */
+ Delivery_rate uint64
+ Busy_time uint64 /* Time (usec) busy sending data */
+ Rwnd_limited uint64 /* Time (usec) limited by receive window */
+ Sndbuf_limited uint64 /* Time (usec) limited by send buffer */
+ Delivered uint32
+ Delivered_ce uint32
+ Bytes_sent uint64 /* RFC4898 tcpEStatsPerfHCDataOctetsOut */
+ Bytes_retrans uint64 /* RFC4898 tcpEStatsPerfOctetsRetrans */
+ Dsack_dups uint32 /* RFC4898 tcpEStatsStackDSACKDups */
+ Reord_seen uint32 /* reordering events seen */
+ Rcv_ooopack uint32 /* Out-of-order packets received */
+ Snd_wnd uint32 /* peer's advertised receive window after * scaling (bytes) */
+}
+
+func checkDeserErr(err error) error {
+ if err == io.EOF {
+ return nil
+ }
+ return err
+}
+
+func (t *TCPInfo) deserialize(b []byte) error {
+ var err error
+ rb := bytes.NewBuffer(b)
+
+ t.State, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Ca_state, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Retransmits, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Probes, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ t.Backoff, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Options, err = rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+
+ scales, err := rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Snd_wscale = scales >> 4 // first 4 bits
+ t.Rcv_wscale = scales & 0xf // last 4 bits
+
+ rateLimAndFastOpen, err := rb.ReadByte()
+ if err != nil {
+ return checkDeserErr(err)
+ }
+ t.Delivery_rate_app_limited = rateLimAndFastOpen >> 7 // get first bit
+ t.Fastopen_client_fail = rateLimAndFastOpen >> 5 & 3 // get next two bits
+
+ next := rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rto = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Ato = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_mss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_mss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Unacked = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Sacked = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Lost = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Retrans = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Fackets = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_data_sent = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_ack_sent = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_data_recv = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Last_ack_recv = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Pmtu = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_ssthresh = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rtt = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rttvar = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_ssthresh = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_cwnd = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Advmss = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Reordering = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_rtt = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_space = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Total_retrans = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Pacing_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Max_pacing_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_acked = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_received = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Segs_out = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Segs_in = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Notsent_bytes = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Min_rtt = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Data_segs_in = native.Uint32(next)
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Data_segs_out = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivery_rate = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Busy_time = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rwnd_limited = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Sndbuf_limited = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivered = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Delivered_ce = native.Uint32(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_sent = native.Uint64(next)
+
+ next = rb.Next(8)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Bytes_retrans = native.Uint64(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Dsack_dups = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Reord_seen = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Rcv_ooopack = native.Uint32(next)
+
+ next = rb.Next(4)
+ if len(next) == 0 {
+ return nil
+ }
+ t.Snd_wnd = native.Uint32(next)
+ return nil
+}
diff --git a/vendor/github.com/vishvananda/netns/go.mod b/vendor/github.com/vishvananda/netns/go.mod
index 8221f782c..9cdf577ad 100644
--- a/vendor/github.com/vishvananda/netns/go.mod
+++ b/vendor/github.com/vishvananda/netns/go.mod
@@ -1,3 +1,5 @@
module github.com/vishvananda/netns
go 1.12
+
+require golang.org/x/sys v0.0.0-20200217220822-9197077df867
diff --git a/vendor/github.com/vishvananda/netns/go.sum b/vendor/github.com/vishvananda/netns/go.sum
index e69de29bb..1d4adf451 100644
--- a/vendor/github.com/vishvananda/netns/go.sum
+++ b/vendor/github.com/vishvananda/netns/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/sys v0.0.0-20200217220822-9197077df867 h1:JoRuNIf+rpHl+VhScRQQvzbHed86tKkqwPMV34T8myw=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/vendor/github.com/vishvananda/netns/netns.go b/vendor/github.com/vishvananda/netns/netns.go
index dd2f21570..116befd54 100644
--- a/vendor/github.com/vishvananda/netns/netns.go
+++ b/vendor/github.com/vishvananda/netns/netns.go
@@ -10,7 +10,8 @@ package netns
import (
"fmt"
- "syscall"
+
+ "golang.org/x/sys/unix"
)
// NsHandle is a handle to a network namespace. It can be cast directly
@@ -24,11 +25,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
if ns == other {
return true
}
- var s1, s2 syscall.Stat_t
- if err := syscall.Fstat(int(ns), &s1); err != nil {
+ var s1, s2 unix.Stat_t
+ if err := unix.Fstat(int(ns), &s1); err != nil {
return false
}
- if err := syscall.Fstat(int(other), &s2); err != nil {
+ if err := unix.Fstat(int(other), &s2); err != nil {
return false
}
return (s1.Dev == s2.Dev) && (s1.Ino == s2.Ino)
@@ -36,11 +37,11 @@ func (ns NsHandle) Equal(other NsHandle) bool {
// String shows the file descriptor number and its dev and inode.
func (ns NsHandle) String() string {
- var s syscall.Stat_t
if ns == -1 {
return "NS(None)"
}
- if err := syscall.Fstat(int(ns), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(int(ns), &s); err != nil {
return fmt.Sprintf("NS(%d: unknown)", ns)
}
return fmt.Sprintf("NS(%d: %d, %d)", ns, s.Dev, s.Ino)
@@ -49,11 +50,11 @@ func (ns NsHandle) String() string {
// UniqueId returns a string which uniquely identifies the namespace
// associated with the network handle.
func (ns NsHandle) UniqueId() string {
- var s syscall.Stat_t
if ns == -1 {
return "NS(none)"
}
- if err := syscall.Fstat(int(ns), &s); err != nil {
+ var s unix.Stat_t
+ if err := unix.Fstat(int(ns), &s); err != nil {
return "NS(unknown)"
}
return fmt.Sprintf("NS(%d:%d)", s.Dev, s.Ino)
@@ -67,7 +68,7 @@ func (ns NsHandle) IsOpen() bool {
// Close closes the NsHandle and resets its file descriptor to -1.
// It is not safe to use an NsHandle after Close() is called.
func (ns *NsHandle) Close() error {
- if err := syscall.Close(int(*ns)); err != nil {
+ if err := unix.Close(int(*ns)); err != nil {
return err
}
(*ns) = -1
diff --git a/vendor/github.com/vishvananda/netns/netns_linux.go b/vendor/github.com/vishvananda/netns/netns_linux.go
index b1e3b07c0..c76acd087 100644
--- a/vendor/github.com/vishvananda/netns/netns_linux.go
+++ b/vendor/github.com/vishvananda/netns/netns_linux.go
@@ -6,46 +6,30 @@ import (
"fmt"
"io/ioutil"
"os"
+ "path"
"path/filepath"
- "runtime"
"strconv"
"strings"
"syscall"
-)
-// SYS_SETNS syscall allows changing the namespace of the current process.
-var SYS_SETNS = map[string]uintptr{
- "386": 346,
- "amd64": 308,
- "arm64": 268,
- "arm": 375,
- "mips": 4344,
- "mipsle": 4344,
- "mips64le": 4344,
- "ppc64": 350,
- "ppc64le": 350,
- "riscv64": 268,
- "s390x": 339,
-}[runtime.GOARCH]
+ "golang.org/x/sys/unix"
+)
// Deprecated: use syscall pkg instead (go >= 1.5 needed).
const (
- CLONE_NEWUTS = 0x04000000 /* New utsname group? */
- CLONE_NEWIPC = 0x08000000 /* New ipcs */
- CLONE_NEWUSER = 0x10000000 /* New user namespace */
- CLONE_NEWPID = 0x20000000 /* New pid namespace */
- CLONE_NEWNET = 0x40000000 /* New network namespace */
- CLONE_IO = 0x80000000 /* Get io context */
+ CLONE_NEWUTS = 0x04000000 /* New utsname group? */
+ CLONE_NEWIPC = 0x08000000 /* New ipcs */
+ CLONE_NEWUSER = 0x10000000 /* New user namespace */
+ CLONE_NEWPID = 0x20000000 /* New pid namespace */
+ CLONE_NEWNET = 0x40000000 /* New network namespace */
+ CLONE_IO = 0x80000000 /* Get io context */
+ bindMountPath = "/run/netns" /* Bind mount path for named netns */
)
// Setns sets namespace using syscall. Note that this should be a method
// in syscall but it has not been added.
func Setns(ns NsHandle, nstype int) (err error) {
- _, _, e1 := syscall.Syscall(SYS_SETNS, uintptr(ns), uintptr(nstype), 0)
- if e1 != 0 {
- err = e1
- }
- return
+ return unix.Setns(int(ns), nstype)
}
// Set sets the current network namespace to the namespace represented
@@ -57,21 +41,64 @@ func Set(ns NsHandle) (err error) {
// New creates a new network namespace, sets it as current and returns
// a handle to it.
func New() (ns NsHandle, err error) {
- if err := syscall.Unshare(CLONE_NEWNET); err != nil {
+ if err := unix.Unshare(CLONE_NEWNET); err != nil {
return -1, err
}
return Get()
}
+// NewNamed creates a new named network namespace and returns a handle to it
+func NewNamed(name string) (NsHandle, error) {
+ if _, err := os.Stat(bindMountPath); os.IsNotExist(err) {
+ err = os.MkdirAll(bindMountPath, 0755)
+ if err != nil {
+ return None(), err
+ }
+ }
+
+ newNs, err := New()
+ if err != nil {
+ return None(), err
+ }
+
+ namedPath := path.Join(bindMountPath, name)
+
+ f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
+ if err != nil {
+ return None(), err
+ }
+ f.Close()
+
+ nsPath := fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), syscall.Gettid())
+ err = syscall.Mount(nsPath, namedPath, "bind", syscall.MS_BIND, "")
+ if err != nil {
+ return None(), err
+ }
+
+ return newNs, nil
+}
+
+// DeleteNamed deletes a named network namespace
+func DeleteNamed(name string) error {
+ namedPath := path.Join(bindMountPath, name)
+
+ err := syscall.Unmount(namedPath, syscall.MNT_DETACH)
+ if err != nil {
+ return err
+ }
+
+ return os.Remove(namedPath)
+}
+
// Get gets a handle to the current threads network namespace.
func Get() (NsHandle, error) {
- return GetFromThread(os.Getpid(), syscall.Gettid())
+ return GetFromThread(os.Getpid(), unix.Gettid())
}
// GetFromPath gets a handle to a network namespace
// identified by the path
func GetFromPath(path string) (NsHandle, error) {
- fd, err := syscall.Open(path, syscall.O_RDONLY, 0)
+ fd, err := unix.Open(path, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil {
return -1, err
}
diff --git a/vendor/github.com/willf/bitset/Makefile b/vendor/github.com/willf/bitset/Makefile
deleted file mode 100644
index db8377106..000000000
--- a/vendor/github.com/willf/bitset/Makefile
+++ /dev/null
@@ -1,191 +0,0 @@
-# MAKEFILE
-#
-# @author Nicola Asuni <info@tecnick.com>
-# @link https://github.com/willf/bitset
-# ------------------------------------------------------------------------------
-
-# List special make targets that are not associated with files
-.PHONY: help all test format fmtcheck vet lint coverage cyclo ineffassign misspell structcheck varcheck errcheck gosimple astscan qa deps clean nuke
-
-# Use bash as shell (Note: Ubuntu now uses dash which doesn't support PIPESTATUS).
-SHELL=/bin/bash
-
-# CVS path (path to the parent dir containing the project)
-CVSPATH=github.com/willf
-
-# Project owner
-OWNER=willf
-
-# Project vendor
-VENDOR=willf
-
-# Project name
-PROJECT=bitset
-
-# Project version
-VERSION=$(shell cat VERSION)
-
-# Name of RPM or DEB package
-PKGNAME=${VENDOR}-${PROJECT}
-
-# Current directory
-CURRENTDIR=$(shell pwd)
-
-# GO lang path
-ifneq ($(GOPATH),)
- ifeq ($(findstring $(GOPATH),$(CURRENTDIR)),)
- # the defined GOPATH is not valid
- GOPATH=
- endif
-endif
-ifeq ($(GOPATH),)
- # extract the GOPATH
- GOPATH=$(firstword $(subst /src/, ,$(CURRENTDIR)))
-endif
-
-# --- MAKE TARGETS ---
-
-# Display general help about this command
-help:
- @echo ""
- @echo "$(PROJECT) Makefile."
- @echo "GOPATH=$(GOPATH)"
- @echo "The following commands are available:"
- @echo ""
- @echo " make qa : Run all the tests"
- @echo " make test : Run the unit tests"
- @echo ""
- @echo " make format : Format the source code"
- @echo " make fmtcheck : Check if the source code has been formatted"
- @echo " make vet : Check for suspicious constructs"
- @echo " make lint : Check for style errors"
- @echo " make coverage : Generate the coverage report"
- @echo " make cyclo : Generate the cyclomatic complexity report"
- @echo " make ineffassign : Detect ineffectual assignments"
- @echo " make misspell : Detect commonly misspelled words in source files"
- @echo " make structcheck : Find unused struct fields"
- @echo " make varcheck : Find unused global variables and constants"
- @echo " make errcheck : Check that error return values are used"
- @echo " make gosimple : Suggest code simplifications"
- @echo " make astscan : GO AST scanner"
- @echo ""
- @echo " make docs : Generate source code documentation"
- @echo ""
- @echo " make deps : Get the dependencies"
- @echo " make clean : Remove any build artifact"
- @echo " make nuke : Deletes any intermediate file"
- @echo ""
-
-# Alias for help target
-all: help
-
-# Run the unit tests
-test:
- @mkdir -p target/test
- @mkdir -p target/report
- GOPATH=$(GOPATH) \
- go test \
- -covermode=atomic \
- -bench=. \
- -race \
- -cpuprofile=target/report/cpu.out \
- -memprofile=target/report/mem.out \
- -mutexprofile=target/report/mutex.out \
- -coverprofile=target/report/coverage.out \
- -v ./... | \
- tee >(PATH=$(GOPATH)/bin:$(PATH) go-junit-report > target/test/report.xml); \
- test $${PIPESTATUS[0]} -eq 0
-
-# Format the source code
-format:
- @find . -type f -name "*.go" -exec gofmt -s -w {} \;
-
-# Check if the source code has been formatted
-fmtcheck:
- @mkdir -p target
- @find . -type f -name "*.go" -exec gofmt -s -d {} \; | tee target/format.diff
- @test ! -s target/format.diff || { echo "ERROR: the source code has not been formatted - please use 'make format' or 'gofmt'"; exit 1; }
-
-# Check for syntax errors
-vet:
- GOPATH=$(GOPATH) go vet .
-
-# Check for style errors
-lint:
- GOPATH=$(GOPATH) PATH=$(GOPATH)/bin:$(PATH) golint .
-
-# Generate the coverage report
-coverage:
- @mkdir -p target/report
- GOPATH=$(GOPATH) \
- go tool cover -html=target/report/coverage.out -o target/report/coverage.html
-
-# Report cyclomatic complexity
-cyclo:
- @mkdir -p target/report
- GOPATH=$(GOPATH) gocyclo -avg ./ | tee target/report/cyclo.txt ; test $${PIPESTATUS[0]} -eq 0
-
-# Detect ineffectual assignments
-ineffassign:
- @mkdir -p target/report
- GOPATH=$(GOPATH) ineffassign ./ | tee target/report/ineffassign.txt ; test $${PIPESTATUS[0]} -eq 0
-
-# Detect commonly misspelled words in source files
-misspell:
- @mkdir -p target/report
- GOPATH=$(GOPATH) misspell -error ./ | tee target/report/misspell.txt ; test $${PIPESTATUS[0]} -eq 0
-
-# Find unused struct fields
-structcheck:
- @mkdir -p target/report
- GOPATH=$(GOPATH) structcheck -a ./ | tee target/report/structcheck.txt
-
-# Find unused global variables and constants
-varcheck:
- @mkdir -p target/report
- GOPATH=$(GOPATH) varcheck -e ./ | tee target/report/varcheck.txt
-
-# Check that error return values are used
-errcheck:
- @mkdir -p target/report
- GOPATH=$(GOPATH) errcheck ./ | tee target/report/errcheck.txt
-
-# AST scanner
-astscan:
- @mkdir -p target/report
- GOPATH=$(GOPATH) gosec . | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 || true
-
-# Generate source docs
-docs:
- @mkdir -p target/docs
- nohup sh -c 'GOPATH=$(GOPATH) godoc -http=127.0.0.1:6060' > target/godoc_server.log 2>&1 &
- wget --directory-prefix=target/docs/ --execute robots=off --retry-connrefused --recursive --no-parent --adjust-extension --page-requisites --convert-links http://127.0.0.1:6060/pkg/github.com/${VENDOR}/${PROJECT}/ ; kill -9 `lsof -ti :6060`
- @echo '<html><head><meta http-equiv="refresh" content="0;./127.0.0.1:6060/pkg/'${CVSPATH}'/'${PROJECT}'/index.html"/></head><a href="./127.0.0.1:6060/pkg/'${CVSPATH}'/'${PROJECT}'/index.html">'${PKGNAME}' Documentation ...</a></html>' > target/docs/index.html
-
-# Alias to run all quality-assurance checks
-qa: fmtcheck test vet lint coverage cyclo ineffassign misspell structcheck varcheck errcheck gosimple astscan
-
-# --- INSTALL ---
-
-# Get the dependencies
-deps:
- GOPATH=$(GOPATH) go get ./...
- GOPATH=$(GOPATH) go get golang.org/x/lint/golint
- GOPATH=$(GOPATH) go get github.com/jstemmer/go-junit-report
- GOPATH=$(GOPATH) go get github.com/axw/gocov/gocov
- GOPATH=$(GOPATH) go get github.com/fzipp/gocyclo
- GOPATH=$(GOPATH) go get github.com/gordonklaus/ineffassign
- GOPATH=$(GOPATH) go get github.com/client9/misspell/cmd/misspell
- GOPATH=$(GOPATH) go get github.com/opennota/check/cmd/structcheck
- GOPATH=$(GOPATH) go get github.com/opennota/check/cmd/varcheck
- GOPATH=$(GOPATH) go get github.com/kisielk/errcheck
- GOPATH=$(GOPATH) go get github.com/securego/gosec/cmd/gosec/...
-
-# Remove any build artifact
-clean:
- GOPATH=$(GOPATH) go clean ./...
-
-# Deletes any intermediate file
-nuke:
- rm -rf ./target
- GOPATH=$(GOPATH) go clean -i ./...
diff --git a/vendor/github.com/willf/bitset/README.md b/vendor/github.com/willf/bitset/README.md
index 6c62b20c6..50338e71d 100644
--- a/vendor/github.com/willf/bitset/README.md
+++ b/vendor/github.com/willf/bitset/README.md
@@ -2,10 +2,10 @@
*Go language library to map between non-negative integers and boolean values*
-[![Master Build Status](https://secure.travis-ci.org/willf/bitset.png?branch=master)](https://travis-ci.org/willf/bitset?branch=master)
+[![Test](https://github.com/willf/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest)
[![Master Coverage Status](https://coveralls.io/repos/willf/bitset/badge.svg?branch=master&service=github)](https://coveralls.io/github/willf/bitset?branch=master)
[![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset)
-[![GoDoc](https://godoc.org/github.com/willf/bitset?status.svg)](http://godoc.org/github.com/willf/bitset)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/willf/bitset?tab=doc)](https://pkg.go.dev/github.com/willf/bitset?tab=doc)
## Description
@@ -63,8 +63,11 @@ func main() {
As an alternative to BitSets, one should check out the 'big' package, which provides a (less set-theoretical) view of bitsets.
-Godoc documentation is at: https://godoc.org/github.com/willf/bitset
+Package documentation is at: https://pkg.go.dev/github.com/willf/bitset?tab=doc
+## Memory Usage
+
+The memory usage of a bitset using N bits is at least N/8 bytes. The number of bits in a bitset is at least as large as one plus the greatest bit index you have accessed. Thus it is possible to run out of memory while using a bitset. If you have lots of bits, you might prefer compressed bitsets, like the [Roaring bitmaps](http://roaringbitmap.org) and its [Go implementation](https://github.com/RoaringBitmap/roaring).
## Implementation Note
@@ -82,15 +85,10 @@ go get github.com/willf/bitset
If you wish to contribute to this project, please branch and issue a pull request against master ("[GitHub Flow](https://guides.github.com/introduction/flow/)")
-This project include a Makefile that allows you to test and build the project with simple commands.
-To see all available options:
-```bash
-make help
-```
-
## Running all tests
-Before committing the code, please check if it passes all tests using (note: this will install some dependencies):
+Before committing the code, please check if it passes tests, has adequate coverage, etc.
```bash
-make qa
+go test
+go test -cover
```
diff --git a/vendor/github.com/willf/bitset/bitset.go b/vendor/github.com/willf/bitset/bitset.go
index 22e5d42e5..21e889da2 100644
--- a/vendor/github.com/willf/bitset/bitset.go
+++ b/vendor/github.com/willf/bitset/bitset.go
@@ -138,6 +138,9 @@ func (b *BitSet) Len() uint {
// extendSetMaybe adds additional words to incorporate new bits if needed
func (b *BitSet) extendSetMaybe(i uint) {
if i >= b.length { // if we need more bits, make 'em
+ if i >= Cap() {
+ panic("You are exceeding the capacity")
+ }
nsize := wordsNeeded(i + 1)
if b.set == nil {
b.set = make([]uint64, nsize)
@@ -160,7 +163,12 @@ func (b *BitSet) Test(i uint) bool {
return b.set[i>>log2WordSize]&(1<<(i&(wordSize-1))) != 0
}
-// Set bit i to 1
+// Set bit i to 1, the capacity of the bitset is automatically
+// increased accordingly.
+// If i>= Cap(), this function will panic.
+// Warning: using a very large value for 'i'
+// may lead to a memory shortage and a panic: the caller is responsible
+// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) Set(i uint) *BitSet {
b.extendSetMaybe(i)
b.set[i>>log2WordSize] |= 1 << (i & (wordSize - 1))
@@ -176,7 +184,11 @@ func (b *BitSet) Clear(i uint) *BitSet {
return b
}
-// SetTo sets bit i to value
+// SetTo sets bit i to value.
+// If i>= Cap(), this function will panic.
+// Warning: using a very large value for 'i'
+// may lead to a memory shortage and a panic: the caller is responsible
+// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) SetTo(i uint, value bool) *BitSet {
if value {
return b.Set(i)
@@ -184,7 +196,11 @@ func (b *BitSet) SetTo(i uint, value bool) *BitSet {
return b.Clear(i)
}
-// Flip bit at i
+// Flip bit at i.
+// If i>= Cap(), this function will panic.
+// Warning: using a very large value for 'i'
+// may lead to a memory shortage and a panic: the caller is responsible
+// for providing sensible parameters in line with their memory capacity.
func (b *BitSet) Flip(i uint) *BitSet {
if i >= b.length {
return b.Set(i)
@@ -193,26 +209,51 @@ func (b *BitSet) Flip(i uint) *BitSet {
return b
}
-// Shrink shrinks BitSet to desired length in bits. It clears all bits > length
-// and reduces the size and length of the set.
+// Shrink shrinks BitSet so that the provided value is the last possible
+// set value. It clears all bits > the provided index and reduces the size
+// and length of the set.
+//
+// Note that the parameter value is not the new length in bits: it is the
+// maximal value that can be stored in the bitset after the function call.
+// The new length in bits is the parameter value + 1. Thus it is not possible
+// to use this function to set the length to 0, the minimal value of the length
+// after this function call is 1.
//
// A new slice is allocated to store the new bits, so you may see an increase in
// memory usage until the GC runs. Normally this should not be a problem, but if you
// have an extremely large BitSet its important to understand that the old BitSet will
// remain in memory until the GC frees it.
-func (b *BitSet) Shrink(length uint) *BitSet {
- idx := wordsNeeded(length + 1)
+func (b *BitSet) Shrink(lastbitindex uint) *BitSet {
+ length := lastbitindex + 1
+ idx := wordsNeeded(length)
if idx > len(b.set) {
return b
}
shrunk := make([]uint64, idx)
copy(shrunk, b.set[:idx])
b.set = shrunk
- b.length = length + 1
- b.set[idx-1] &= (allBits >> (uint64(64) - uint64(length&(wordSize-1)) - 1))
+ b.length = length
+ b.set[idx-1] &= (allBits >> (uint64(64) - uint64(length&(wordSize-1))))
return b
}
+// Compact shrinks BitSet to so that we preserve all set bits, while minimizing
+// memory usage. Compact calls Shrink.
+func (b *BitSet) Compact() *BitSet {
+ idx := len(b.set) - 1
+ for ; idx >= 0 && b.set[idx] == 0; idx-- {
+ }
+ newlength := uint((idx + 1) << log2WordSize)
+ if newlength >= b.length {
+ return b // nothing to do
+ }
+ if newlength > 0 {
+ return b.Shrink(newlength - 1)
+ }
+ // We preserve one word
+ return b.Shrink(63)
+}
+
// InsertAt takes an index which indicates where a bit should be
// inserted. Then it shifts all the bits in the set to the left by 1, starting
// from the given index position, and sets the index position to 0.
@@ -323,6 +364,9 @@ func (b *BitSet) DeleteAt(i uint) *BitSet {
// including possibly the current index
// along with an error code (true = valid, false = no set bit found)
// for i,e := v.NextSet(0); e; i,e = v.NextSet(i + 1) {...}
+//
+// Users concerned with performance may want to use NextSetMany to
+// retrieve several values at once.
func (b *BitSet) NextSet(i uint) (uint, bool) {
x := int(i >> log2WordSize)
if x >= len(b.set) {
@@ -358,6 +402,14 @@ func (b *BitSet) NextSet(i uint) (uint, bool) {
// j += 1
// }
//
+//
+// It is possible to retrieve all set bits as follow:
+//
+// indices := make([]uint, bitmap.Count())
+// bitmap.NextSetMany(0, indices)
+//
+// However if bitmap.Count() is large, it might be preferable to
+// use several calls to NextSetMany, for performance reasons.
func (b *BitSet) NextSetMany(i uint, buffer []uint) (uint, []uint) {
myanswer := buffer
capacity := cap(buffer)
@@ -809,7 +861,7 @@ func (b *BitSet) ReadFrom(stream io.Reader) (int64, error) {
newset := New(uint(length))
if uint64(newset.length) != length {
- return 0, errors.New("Unmarshalling error: type mismatch")
+ return 0, errors.New("unmarshalling error: type mismatch")
}
// Read remaining bytes as set
diff --git a/vendor/github.com/willf/bitset/go.mod b/vendor/github.com/willf/bitset/go.mod
new file mode 100644
index 000000000..583ecab78
--- /dev/null
+++ b/vendor/github.com/willf/bitset/go.mod
@@ -0,0 +1,3 @@
+module github.com/willf/bitset
+
+go 1.14
diff --git a/vendor/github.com/willf/bitset/go.sum b/vendor/github.com/willf/bitset/go.sum
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/willf/bitset/go.sum