diff --git a/go.mod b/go.mod index 757093feb67..06814090081 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.2 require ( github.com/bombsimon/logrusr/v4 v4.1.0 - github.com/cilium/cilium v1.15.4 + github.com/cilium/cilium v1.15.6 github.com/cilium/ebpf v0.15.0 github.com/cilium/little-vm-helper v0.0.17 github.com/cilium/lumberjack/v2 v2.3.0 @@ -39,7 +39,7 @@ require ( github.com/spf13/viper v1.18.2 github.com/sryoya/protorand v0.0.0-20240429201223-e7440656b2a4 github.com/stretchr/testify v1.9.0 - github.com/vishvananda/netlink v1.2.1-beta.2.0.20231127184239-0ced8385386a + github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21 go.uber.org/atomic v1.11.0 go.uber.org/multierr v1.11.0 golang.org/x/sync v0.7.0 @@ -71,7 +71,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3 // indirect + github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1 // indirect github.com/cilium/proxy v0.0.0-20231031145409-f19708f3d018 // indirect github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect github.com/containerd/log v0.1.0 // indirect diff --git a/go.sum b/go.sum index e1643210402..91efccd9219 100644 --- a/go.sum +++ b/go.sum @@ -51,12 +51,12 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cilium/checkmate v1.0.3 h1:CQC5eOmlAZeEjPrVZY3ZwEBH64lHlx9mXYdUehEwI5w= github.com/cilium/checkmate v1.0.3/go.mod h1:KiBTasf39/F2hf2yAmHw21YFl3hcEyP4Yk6filxc12A= -github.com/cilium/cilium v1.15.4 h1:6UWB7y/vWgXEOVmCgLk8rKYodC/odU1IngH1fdKH0nE= -github.com/cilium/cilium v1.15.4/go.mod h1:ojlr/BoauoO2o2884BGO2ukxK953ieha3eSOhhfrmlQ= +github.com/cilium/cilium v1.15.6 h1:YT6UYuvdua6N1KQ6mRprymCct6Ee7uCE1hckbAR2bRM= +github.com/cilium/cilium v1.15.6/go.mod h1:UEP0tpPVhdrLC7rCHZwZ8hTpd6d01dF/1GvFPo8UhXE= github.com/cilium/controller-tools v0.8.0-1 h1:D5xhwSUZZceaKAacHOyfcpUMgLbs2TGeJEijNHlAQlc= github.com/cilium/controller-tools v0.8.0-1/go.mod h1:qE2DXhVOiEq5ijmINcFbqi9GZrrUjzB1TuJU0xa6eoY= -github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3 h1:3PErIjIq4DlOwNsQNPcILFzbGnxPuKuqJsHEFpiwstM= -github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3/go.mod h1:/7LC2GOgyXJ7maupZlaVIumYQiGPIgllSf6mA9sg6RU= +github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1 h1:IR2iQhLyEVDJ52rPpqYAdRZMwlOSDl1XJqkD5PQJAfs= +github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1/go.mod h1:/7LC2GOgyXJ7maupZlaVIumYQiGPIgllSf6mA9sg6RU= github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk= github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso= github.com/cilium/little-vm-helper v0.0.17 h1:uKS/wQSPeFqgZk6fFRhnreGvhuQCnWsZvqhkF/PS/OM= @@ -564,8 +564,8 @@ github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7Am github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms= github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/vishvananda/netlink v1.2.1-beta.2.0.20231127184239-0ced8385386a h1:PdKmLjqKUM8AfjGqDbrF/C56RvuGFDMYB0Z+8TMmGpU= -github.com/vishvananda/netlink v1.2.1-beta.2.0.20231127184239-0ced8385386a/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A= +github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21 h1:tcHUxOT8j/R+0S+A1j8D2InqguXFNxAiij+8QFOlX7Y= +github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= diff --git a/pkg/k8s/go.mod b/pkg/k8s/go.mod index 6091d5a9a5c..98c8d2f323b 100644 --- a/pkg/k8s/go.mod +++ b/pkg/k8s/go.mod @@ -5,7 +5,7 @@ go 1.22.2 require ( github.com/blang/semver/v4 v4.0.0 - github.com/cilium/cilium v1.15.4 + github.com/cilium/cilium v1.15.6 github.com/sirupsen/logrus v1.9.3 golang.org/x/sync v0.7.0 k8s.io/apiextensions-apiserver v0.29.4 @@ -31,7 +31,7 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.5.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect diff --git a/pkg/k8s/go.sum b/pkg/k8s/go.sum index 1f305ddd290..5f10077484e 100644 --- a/pkg/k8s/go.sum +++ b/pkg/k8s/go.sum @@ -2,8 +2,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cilium/checkmate v1.0.3 h1:CQC5eOmlAZeEjPrVZY3ZwEBH64lHlx9mXYdUehEwI5w= github.com/cilium/checkmate v1.0.3/go.mod h1:KiBTasf39/F2hf2yAmHw21YFl3hcEyP4Yk6filxc12A= -github.com/cilium/cilium v1.15.4 h1:6UWB7y/vWgXEOVmCgLk8rKYodC/odU1IngH1fdKH0nE= -github.com/cilium/cilium v1.15.4/go.mod h1:ojlr/BoauoO2o2884BGO2ukxK953ieha3eSOhhfrmlQ= +github.com/cilium/cilium v1.15.6 h1:YT6UYuvdua6N1KQ6mRprymCct6Ee7uCE1hckbAR2bRM= +github.com/cilium/cilium v1.15.6/go.mod h1:UEP0tpPVhdrLC7rCHZwZ8hTpd6d01dF/1GvFPo8UhXE= github.com/cilium/controller-tools v0.8.0-1 h1:D5xhwSUZZceaKAacHOyfcpUMgLbs2TGeJEijNHlAQlc= github.com/cilium/controller-tools v0.8.0-1/go.mod h1:qE2DXhVOiEq5ijmINcFbqi9GZrrUjzB1TuJU0xa6eoY= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -51,8 +51,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= -github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= diff --git a/pkg/k8s/vendor/github.com/cilium/cilium/AUTHORS b/pkg/k8s/vendor/github.com/cilium/cilium/AUTHORS index 0239f7860d9..0e85ebe81c8 100644 --- a/pkg/k8s/vendor/github.com/cilium/cilium/AUTHORS +++ b/pkg/k8s/vendor/github.com/cilium/cilium/AUTHORS @@ -183,6 +183,7 @@ David Donchez donch@dailymotion.com David Korczynski david@adalogics.com David Leadbeater dgl@dgl.cx David Schlosnagle davids@palantir.com +David Swafford dswafford@coreweave.com David Wolffberg 1350533+wolffberg@users.noreply.github.com Dawn lx1960753013@gmail.com dddddai dddwq@foxmail.com @@ -250,6 +251,7 @@ Filip Nikolic oss.filipn@gmail.com Fish-pro zechun.chen@daocloud.io Florian Koch f0@users.noreply.github.com Florian Lehner dev@der-flo.net +Foyer Unix foyerunix@foyer.lu Francois Allard francois@breathelife.com François Joulaud francois.joulaud@radiofrance.com Frank Villaro-Dixon frank.villaro@infomaniak.com @@ -272,6 +274,7 @@ Glen Yu glen.yu@gmail.com Glib Smaga code@gsmaga.com Gobinath Krishnamoorthy gobinathk@google.com Gowtham Sundara gowtham.sundara@rapyuta-robotics.com +gray greyschwinger@gmail.com Gray Lian gray.liang@isovalent.com Guilherme Oki guilherme.oki@wildlifestudios.com Guilherme Souza 101073+guilhermef@users.noreply.github.com @@ -316,6 +319,8 @@ Jan-Erik Rediger janerik@fnordig.de Jan Jansen jan.jansen@gdata.de Jan Mraz strudelpi@pm.me Jarno Rajahalme jarno@isovalent.com +Jason Aliyetti jaliyetti@gmail.com +JBodkin-Amphora james.bodkin@amphora.net Jean Raby jean@raby.sh Jed Salazar jedsalazar@gmail.com Jef Spaleta jspaleta@gmail.com @@ -413,6 +418,7 @@ lou-lan loulan@loulan.me Lucas Leblow lucasleblow@mailbox.org lucming 2876757716@qq.com Ludovic Ortega ludovic.ortega@adminafk.fr +Lukas Stehlik stehlik.lukas@gmail.com Maartje Eyskens maartje@eyskens.me Maciej Fijalkowski maciej.fijalkowski@intel.com Maciej Kwiek maciej@isovalent.com @@ -442,6 +448,7 @@ Mario Constanti mario@constanti.de Marius Gerling marius.gerling@uniberg.com Mark deVilliers markdevilliers@gmail.com Mark Pashmfouroush mark@isovalent.com +Mark St John markstjohn@google.com Markus Blaschke mblaschke82@gmail.com Martin Charles martincharles07@gmail.com Martin Koppehel martin.koppehel@st.ovgu.de @@ -473,6 +480,7 @@ Michael Fischer fiscmi@amazon.com Michael Fornaro 20387402+xUnholy@users.noreply.github.com Michael Francis michael@melenion.com Michael Kashin mmkashin@gmail.com +Michael Mykhaylov 32168861+mikemykhaylov@users.noreply.github.com Michael Petrov michael@openai.com Michael Ryan Dempsey bluestealth@bluestealth.pw michaelsaah michael.saah@segment.com @@ -492,6 +500,7 @@ Mohit Marathe mohitmarathe23@gmail.com Moritz Eckert m1gh7ym0@gmail.com Moritz Johner beller.moritz@googlemail.com Moshe Immerman moshe.immerman@vitalitygroup.com +Natalia Reka Ivanko natalia@isovalent.com Nate Sweet nathanjsweet@pm.me Nate Taylor ntaylor1781@gmail.com Nathan Bird njbird@infiniteenergy.com @@ -663,6 +672,7 @@ Takayoshi Nishida takayoshi.nishida@gmail.com Tamilmani tamanoha@microsoft.com Tam Mach tam.mach@cilium.io Tasdik Rahman prodicus@outlook.com +Taylor tskinn12@gmail.com Te-Yu Chang dale.teyuchang@gmail.com Thales Paiva thales@accuknox.com TheAifam5 theaifam5@gmail.com diff --git a/pkg/k8s/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go b/pkg/k8s/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go index 0eac5f4be0e..ade6fc43498 100644 --- a/pkg/k8s/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go +++ b/pkg/k8s/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go @@ -651,7 +651,7 @@ func (p *Parser) parse() (internalSelector, error) { case IdentifierToken, DoesNotExistToken: r, err := p.parseRequirement() if err != nil { - return nil, fmt.Errorf("unable to parse requirement: %v", err) + return nil, fmt.Errorf("unable to parse requirement: %w", err) } requirements = append(requirements, *r) t, l := p.consume(Values) diff --git a/pkg/k8s/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go b/pkg/k8s/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go index f4810989be3..1416ba904ee 100644 --- a/pkg/k8s/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go +++ b/pkg/k8s/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go @@ -184,6 +184,9 @@ const ( // Port is a L4 port Port = "port" + // Ports is a list of L4 ports + Ports = "ports" + // PortName is a k8s ContainerPort Name PortName = "portName" @@ -736,4 +739,7 @@ const ( // State is the state of an individual component (apiserver, kvstore etc) State = "state" + + // EtcdClusterID is the ID of the etcd cluster + EtcdClusterID = "etcdClusterID" ) diff --git a/pkg/k8s/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go b/pkg/k8s/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go index 6b5e34534f1..88474cfa7ec 100644 --- a/pkg/k8s/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go +++ b/pkg/k8s/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go @@ -20,7 +20,7 @@ import ( func MustCompile(constraint string) semver.Range { verCheck, err := Compile(constraint) if err != nil { - panic(fmt.Errorf("cannot compile go-version constraint '%s' %s", constraint, err)) + panic(fmt.Errorf("cannot compile go-version constraint '%s': %w", constraint, err)) } return verCheck } @@ -36,7 +36,7 @@ func Compile(constraint string) (semver.Range, error) { func MustVersion(version string) semver.Version { ver, err := Version(version) if err != nil { - panic(fmt.Errorf("cannot compile go-version version '%s' %s", version, err)) + panic(fmt.Errorf("cannot compile go-version version '%s': %w", version, err)) } return ver } diff --git a/pkg/k8s/vendor/github.com/google/uuid/CHANGELOG.md b/pkg/k8s/vendor/github.com/google/uuid/CHANGELOG.md index c9fb829dc64..7ec5ac7ea90 100644 --- a/pkg/k8s/vendor/github.com/google/uuid/CHANGELOG.md +++ b/pkg/k8s/vendor/github.com/google/uuid/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## [1.6.0](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) (2024-01-16) + + +### Features + +* add Max UUID constant ([#149](https://github.com/google/uuid/issues/149)) ([c58770e](https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3)) + + +### Bug Fixes + +* fix typo in version 7 uuid documentation ([#153](https://github.com/google/uuid/issues/153)) ([016b199](https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06)) +* Monotonicity in UUIDv7 ([#150](https://github.com/google/uuid/issues/150)) ([a2b2b32](https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6)) + ## [1.5.0](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) (2023-12-12) diff --git a/pkg/k8s/vendor/github.com/google/uuid/hash.go b/pkg/k8s/vendor/github.com/google/uuid/hash.go index b404f4bec27..dc60082d3b3 100644 --- a/pkg/k8s/vendor/github.com/google/uuid/hash.go +++ b/pkg/k8s/vendor/github.com/google/uuid/hash.go @@ -17,6 +17,12 @@ var ( NameSpaceOID = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8")) NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8")) Nil UUID // empty UUID, all zeros + + // The Max UUID is special form of UUID that is specified to have all 128 bits set to 1. + Max = UUID{ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + } ) // NewHash returns a new UUID derived from the hash of space concatenated with diff --git a/pkg/k8s/vendor/github.com/google/uuid/version7.go b/pkg/k8s/vendor/github.com/google/uuid/version7.go index ba9dd5eb689..3167b643d45 100644 --- a/pkg/k8s/vendor/github.com/google/uuid/version7.go +++ b/pkg/k8s/vendor/github.com/google/uuid/version7.go @@ -44,7 +44,7 @@ func NewV7FromReader(r io.Reader) (UUID, error) { // makeV7 fill 48 bits time (uuid[0] - uuid[5]), set version b0111 (uuid[6]) // uuid[8] already has the right version number (Variant is 10) -// see function NewV7 and NewV7FromReader +// see function NewV7 and NewV7FromReader func makeV7(uuid []byte) { /* 0 1 2 3 @@ -52,7 +52,7 @@ func makeV7(uuid []byte) { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | unix_ts_ms | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | unix_ts_ms | ver | rand_a | + | unix_ts_ms | ver | rand_a (12 bit seq) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |var| rand_b | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -61,7 +61,7 @@ func makeV7(uuid []byte) { */ _ = uuid[15] // bounds check - t := timeNow().UnixMilli() + t, s := getV7Time() uuid[0] = byte(t >> 40) uuid[1] = byte(t >> 32) @@ -70,6 +70,35 @@ func makeV7(uuid []byte) { uuid[4] = byte(t >> 8) uuid[5] = byte(t) - uuid[6] = 0x70 | (uuid[6] & 0x0F) - // uuid[8] has already has right version + uuid[6] = 0x70 | (0x0F & byte(s>>8)) + uuid[7] = byte(s) +} + +// lastV7time is the last time we returned stored as: +// +// 52 bits of time in milliseconds since epoch +// 12 bits of (fractional nanoseconds) >> 8 +var lastV7time int64 + +const nanoPerMilli = 1000000 + +// getV7Time returns the time in milliseconds and nanoseconds / 256. +// The returned (milli << 12 + seq) is guarenteed to be greater than +// (milli << 12 + seq) returned by any previous call to getV7Time. +func getV7Time() (milli, seq int64) { + timeMu.Lock() + defer timeMu.Unlock() + + nano := timeNow().UnixNano() + milli = nano / nanoPerMilli + // Sequence number is between 0 and 3906 (nanoPerMilli>>8) + seq = (nano - milli*nanoPerMilli) >> 8 + now := milli<<12 + seq + if now <= lastV7time { + now = lastV7time + 1 + milli = now >> 12 + seq = now & 0xfff + } + lastV7time = now + return milli, seq } diff --git a/pkg/k8s/vendor/modules.txt b/pkg/k8s/vendor/modules.txt index 3d5284efff9..d9186dd54d6 100644 --- a/pkg/k8s/vendor/modules.txt +++ b/pkg/k8s/vendor/modules.txt @@ -1,7 +1,7 @@ # github.com/blang/semver/v4 v4.0.0 ## explicit; go 1.14 github.com/blang/semver/v4 -# github.com/cilium/cilium v1.15.4 +# github.com/cilium/cilium v1.15.6 ## explicit; go 1.21.0 github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1 @@ -68,7 +68,7 @@ github.com/google/go-cmp/cmp/internal/value ## explicit; go 1.12 github.com/google/gofuzz github.com/google/gofuzz/bytesource -# github.com/google/uuid v1.5.0 +# github.com/google/uuid v1.6.0 ## explicit github.com/google/uuid # github.com/inconshreveable/mousetrap v1.1.0 diff --git a/vendor/github.com/cilium/cilium/AUTHORS b/vendor/github.com/cilium/cilium/AUTHORS index 0239f7860d9..0e85ebe81c8 100644 --- a/vendor/github.com/cilium/cilium/AUTHORS +++ b/vendor/github.com/cilium/cilium/AUTHORS @@ -183,6 +183,7 @@ David Donchez donch@dailymotion.com David Korczynski david@adalogics.com David Leadbeater dgl@dgl.cx David Schlosnagle davids@palantir.com +David Swafford dswafford@coreweave.com David Wolffberg 1350533+wolffberg@users.noreply.github.com Dawn lx1960753013@gmail.com dddddai dddwq@foxmail.com @@ -250,6 +251,7 @@ Filip Nikolic oss.filipn@gmail.com Fish-pro zechun.chen@daocloud.io Florian Koch f0@users.noreply.github.com Florian Lehner dev@der-flo.net +Foyer Unix foyerunix@foyer.lu Francois Allard francois@breathelife.com François Joulaud francois.joulaud@radiofrance.com Frank Villaro-Dixon frank.villaro@infomaniak.com @@ -272,6 +274,7 @@ Glen Yu glen.yu@gmail.com Glib Smaga code@gsmaga.com Gobinath Krishnamoorthy gobinathk@google.com Gowtham Sundara gowtham.sundara@rapyuta-robotics.com +gray greyschwinger@gmail.com Gray Lian gray.liang@isovalent.com Guilherme Oki guilherme.oki@wildlifestudios.com Guilherme Souza 101073+guilhermef@users.noreply.github.com @@ -316,6 +319,8 @@ Jan-Erik Rediger janerik@fnordig.de Jan Jansen jan.jansen@gdata.de Jan Mraz strudelpi@pm.me Jarno Rajahalme jarno@isovalent.com +Jason Aliyetti jaliyetti@gmail.com +JBodkin-Amphora james.bodkin@amphora.net Jean Raby jean@raby.sh Jed Salazar jedsalazar@gmail.com Jef Spaleta jspaleta@gmail.com @@ -413,6 +418,7 @@ lou-lan loulan@loulan.me Lucas Leblow lucasleblow@mailbox.org lucming 2876757716@qq.com Ludovic Ortega ludovic.ortega@adminafk.fr +Lukas Stehlik stehlik.lukas@gmail.com Maartje Eyskens maartje@eyskens.me Maciej Fijalkowski maciej.fijalkowski@intel.com Maciej Kwiek maciej@isovalent.com @@ -442,6 +448,7 @@ Mario Constanti mario@constanti.de Marius Gerling marius.gerling@uniberg.com Mark deVilliers markdevilliers@gmail.com Mark Pashmfouroush mark@isovalent.com +Mark St John markstjohn@google.com Markus Blaschke mblaschke82@gmail.com Martin Charles martincharles07@gmail.com Martin Koppehel martin.koppehel@st.ovgu.de @@ -473,6 +480,7 @@ Michael Fischer fiscmi@amazon.com Michael Fornaro 20387402+xUnholy@users.noreply.github.com Michael Francis michael@melenion.com Michael Kashin mmkashin@gmail.com +Michael Mykhaylov 32168861+mikemykhaylov@users.noreply.github.com Michael Petrov michael@openai.com Michael Ryan Dempsey bluestealth@bluestealth.pw michaelsaah michael.saah@segment.com @@ -492,6 +500,7 @@ Mohit Marathe mohitmarathe23@gmail.com Moritz Eckert m1gh7ym0@gmail.com Moritz Johner beller.moritz@googlemail.com Moshe Immerman moshe.immerman@vitalitygroup.com +Natalia Reka Ivanko natalia@isovalent.com Nate Sweet nathanjsweet@pm.me Nate Taylor ntaylor1781@gmail.com Nathan Bird njbird@infiniteenergy.com @@ -663,6 +672,7 @@ Takayoshi Nishida takayoshi.nishida@gmail.com Tamilmani tamanoha@microsoft.com Tam Mach tam.mach@cilium.io Tasdik Rahman prodicus@outlook.com +Taylor tskinn12@gmail.com Te-Yu Chang dale.teyuchang@gmail.com Thales Paiva thales@accuknox.com TheAifam5 theaifam5@gmail.com diff --git a/vendor/github.com/cilium/cilium/api/v1/flow/README.md b/vendor/github.com/cilium/cilium/api/v1/flow/README.md index 0afed6e4c7e..f96ebd64f14 100644 --- a/vendor/github.com/cilium/cilium/api/v1/flow/README.md +++ b/vendor/github.com/cilium/cilium/api/v1/flow/README.md @@ -1006,6 +1006,7 @@ here. | IGMP_SUBSCRIBED | 200 | | | MULTICAST_HANDLED | 201 | | | DROP_HOST_NOT_READY | 202 | A BPF program wants to tail call into bpf_host, but the host datapath hasn't been loaded yet. | +| DROP_EP_NOT_READY | 203 | A BPF program wants to tail call some endpoint's policy program in the POLICY_CALL_MAP, but the program is not available. | diff --git a/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go b/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go index 7b8ea19000b..ebed0110ed5 100644 --- a/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go +++ b/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go @@ -495,6 +495,9 @@ const ( // A BPF program wants to tail call into bpf_host, but the host datapath // hasn't been loaded yet. DropReason_DROP_HOST_NOT_READY DropReason = 202 + // A BPF program wants to tail call some endpoint's policy program in the + // POLICY_CALL_MAP, but the program is not available. + DropReason_DROP_EP_NOT_READY DropReason = 203 ) // Enum value maps for DropReason. @@ -573,6 +576,7 @@ var ( 200: "IGMP_SUBSCRIBED", 201: "MULTICAST_HANDLED", 202: "DROP_HOST_NOT_READY", + 203: "DROP_EP_NOT_READY", } DropReason_value = map[string]int32{ "DROP_REASON_UNKNOWN": 0, @@ -648,6 +652,7 @@ var ( "IGMP_SUBSCRIBED": 200, "MULTICAST_HANDLED": 201, "DROP_HOST_NOT_READY": 202, + "DROP_EP_NOT_READY": 203, } ) @@ -5165,7 +5170,7 @@ var file_flow_flow_proto_rawDesc = []byte{ 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x44, 0x49, 0x54, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x52, 0x45, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x45, 0x44, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x52, 0x41, 0x43, 0x45, 0x44, 0x10, 0x06, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x52, 0x41, 0x4e, 0x53, - 0x4c, 0x41, 0x54, 0x45, 0x44, 0x10, 0x07, 0x2a, 0xe3, 0x10, 0x0a, 0x0a, 0x44, 0x72, 0x6f, 0x70, + 0x4c, 0x41, 0x54, 0x45, 0x44, 0x10, 0x07, 0x2a, 0xfb, 0x10, 0x0a, 0x0a, 0x44, 0x72, 0x6f, 0x70, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x13, 0x44, 0x52, 0x4f, 0x50, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x12, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, @@ -5299,181 +5304,182 @@ var file_flow_flow_proto_rawDesc = []byte{ 0x42, 0x53, 0x43, 0x52, 0x49, 0x42, 0x45, 0x44, 0x10, 0xc8, 0x01, 0x12, 0x16, 0x0a, 0x11, 0x4d, 0x55, 0x4c, 0x54, 0x49, 0x43, 0x41, 0x53, 0x54, 0x5f, 0x48, 0x41, 0x4e, 0x44, 0x4c, 0x45, 0x44, 0x10, 0xc9, 0x01, 0x12, 0x18, 0x0a, 0x13, 0x44, 0x52, 0x4f, 0x50, 0x5f, 0x48, 0x4f, 0x53, 0x54, - 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0xca, 0x01, 0x2a, 0x4a, 0x0a, - 0x10, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x1d, 0x0a, 0x19, 0x54, 0x52, 0x41, 0x46, 0x46, 0x49, 0x43, 0x5f, 0x44, 0x49, 0x52, - 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x47, 0x52, 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0a, 0x0a, - 0x06, 0x45, 0x47, 0x52, 0x45, 0x53, 0x53, 0x10, 0x02, 0x2a, 0x8d, 0x02, 0x0a, 0x11, 0x44, 0x65, - 0x62, 0x75, 0x67, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x12, - 0x1d, 0x0a, 0x19, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x50, - 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x18, - 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, - 0x4c, 0x49, 0x56, 0x45, 0x52, 0x59, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, - 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x4c, 0x42, 0x10, - 0x05, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, - 0x5f, 0x41, 0x46, 0x54, 0x45, 0x52, 0x5f, 0x56, 0x34, 0x36, 0x10, 0x06, 0x12, 0x19, 0x0a, 0x15, - 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x46, 0x54, 0x45, - 0x52, 0x5f, 0x56, 0x36, 0x34, 0x10, 0x07, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x43, - 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x50, 0x52, 0x45, - 0x10, 0x08, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, - 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, - 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x53, 0x4e, - 0x41, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x10, 0x0a, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, - 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x53, 0x4e, 0x41, 0x54, 0x5f, 0x50, 0x4f, 0x53, - 0x54, 0x10, 0x0b, 0x22, 0x04, 0x08, 0x01, 0x10, 0x03, 0x2a, 0x39, 0x0a, 0x09, 0x45, 0x76, 0x65, - 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, - 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x53, 0x61, 0x6d, 0x70, - 0x6c, 0x65, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x4c, 0x6f, - 0x73, 0x74, 0x10, 0x02, 0x2a, 0x7f, 0x0a, 0x0f, 0x4c, 0x6f, 0x73, 0x74, 0x45, 0x76, 0x65, 0x6e, - 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, - 0x57, 0x4e, 0x5f, 0x4c, 0x4f, 0x53, 0x54, 0x5f, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x53, 0x4f, - 0x55, 0x52, 0x43, 0x45, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x50, 0x45, 0x52, 0x46, 0x5f, 0x45, - 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x42, 0x55, 0x46, 0x46, 0x45, 0x52, - 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x42, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x45, - 0x56, 0x45, 0x4e, 0x54, 0x53, 0x5f, 0x51, 0x55, 0x45, 0x55, 0x45, 0x10, 0x02, 0x12, 0x16, 0x0a, - 0x12, 0x48, 0x55, 0x42, 0x42, 0x4c, 0x45, 0x5f, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x42, 0x55, 0x46, - 0x46, 0x45, 0x52, 0x10, 0x03, 0x2a, 0xae, 0x02, 0x0a, 0x0e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x45, - 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, 0x41, 0x47, 0x45, 0x4e, - 0x54, 0x5f, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, - 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x41, 0x47, 0x45, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, - 0x45, 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x55, - 0x50, 0x44, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x4f, 0x4c, 0x49, - 0x43, 0x59, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, 0x04, 0x12, 0x1f, 0x0a, 0x1b, - 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x47, 0x45, 0x4e, 0x45, 0x52, - 0x41, 0x54, 0x45, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x05, 0x12, 0x1f, 0x0a, - 0x1b, 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x47, 0x45, 0x4e, 0x45, - 0x52, 0x41, 0x54, 0x45, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, 0x06, 0x12, 0x14, - 0x0a, 0x10, 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, - 0x45, 0x44, 0x10, 0x07, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, 0x54, - 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, 0x08, 0x12, 0x14, 0x0a, 0x10, 0x49, 0x50, - 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x45, 0x44, 0x10, 0x09, - 0x12, 0x13, 0x0a, 0x0f, 0x49, 0x50, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x44, 0x45, 0x4c, 0x45, - 0x54, 0x45, 0x44, 0x10, 0x0a, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, - 0x5f, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x45, 0x44, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x53, - 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, 0x0c, - 0x22, 0x04, 0x08, 0x01, 0x10, 0x01, 0x2a, 0xd8, 0x01, 0x0a, 0x16, 0x53, 0x6f, 0x63, 0x6b, 0x65, - 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x69, 0x6e, - 0x74, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x4f, 0x43, 0x4b, 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, - 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, - 0x26, 0x0a, 0x22, 0x53, 0x4f, 0x43, 0x4b, 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, - 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x46, 0x57, 0x44, 0x10, 0x01, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x4f, 0x43, 0x4b, 0x5f, - 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x4f, 0x53, 0x54, - 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x57, 0x44, 0x10, 0x02, - 0x12, 0x26, 0x0a, 0x22, 0x53, 0x4f, 0x43, 0x4b, 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, - 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, - 0x4f, 0x4e, 0x5f, 0x52, 0x45, 0x56, 0x10, 0x03, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x4f, 0x43, 0x4b, - 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x4f, 0x53, - 0x54, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x45, 0x56, 0x10, - 0x04, 0x2a, 0x81, 0x0d, 0x0a, 0x0e, 0x44, 0x65, 0x62, 0x75, 0x67, 0x45, 0x76, 0x65, 0x6e, 0x74, - 0x54, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, 0x45, 0x56, 0x45, 0x4e, - 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x44, - 0x42, 0x47, 0x5f, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x49, 0x43, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, - 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x5f, 0x44, 0x45, 0x4c, 0x49, 0x56, 0x45, - 0x52, 0x59, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x42, 0x47, 0x5f, 0x45, 0x4e, 0x43, 0x41, - 0x50, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x58, 0x43, 0x5f, 0x46, - 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, 0x50, 0x4f, - 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x44, 0x45, 0x4e, 0x49, 0x45, 0x44, 0x10, 0x05, 0x12, 0x11, 0x0a, - 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x06, - 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, - 0x50, 0x5f, 0x52, 0x45, 0x56, 0x10, 0x07, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x43, - 0x54, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x10, 0x08, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, - 0x5f, 0x43, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x09, 0x12, 0x13, 0x0a, - 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x32, - 0x10, 0x0a, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, - 0x48, 0x41, 0x4e, 0x44, 0x4c, 0x45, 0x10, 0x0b, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, - 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x0c, 0x12, - 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x4e, 0x53, 0x10, - 0x0d, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x54, - 0x49, 0x4d, 0x45, 0x5f, 0x45, 0x58, 0x43, 0x45, 0x45, 0x44, 0x45, 0x44, 0x10, 0x0e, 0x12, 0x12, - 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x56, 0x45, 0x52, 0x44, 0x49, 0x43, 0x54, - 0x10, 0x0f, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x42, 0x47, 0x5f, 0x44, 0x45, 0x43, 0x41, 0x50, 0x10, - 0x10, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x4d, 0x41, - 0x50, 0x10, 0x11, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, - 0x5f, 0x52, 0x45, 0x54, 0x10, 0x12, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x42, 0x47, 0x5f, 0x54, 0x4f, - 0x5f, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x13, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x54, - 0x4f, 0x5f, 0x53, 0x54, 0x41, 0x43, 0x4b, 0x10, 0x14, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, - 0x5f, 0x50, 0x4b, 0x54, 0x5f, 0x48, 0x41, 0x53, 0x48, 0x10, 0x15, 0x12, 0x1b, 0x0a, 0x17, 0x44, - 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x46, 0x52, - 0x4f, 0x4e, 0x54, 0x45, 0x4e, 0x44, 0x10, 0x16, 0x12, 0x20, 0x0a, 0x1c, 0x44, 0x42, 0x47, 0x5f, - 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x46, 0x52, 0x4f, 0x4e, 0x54, - 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x17, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x42, - 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, - 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x10, 0x18, 0x12, 0x27, 0x0a, 0x23, 0x44, - 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, - 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, - 0x53, 0x53, 0x10, 0x19, 0x12, 0x27, 0x0a, 0x23, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, - 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, - 0x4c, 0x4f, 0x54, 0x5f, 0x56, 0x32, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x1a, 0x12, 0x1f, 0x0a, - 0x1b, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, - 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x1b, 0x12, 0x1e, - 0x0a, 0x1a, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x52, 0x45, 0x56, 0x45, 0x52, 0x53, - 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x1c, 0x12, 0x17, - 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x52, 0x45, 0x56, 0x45, 0x52, 0x53, - 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x10, 0x1d, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, 0x5f, 0x4c, - 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x46, 0x52, 0x4f, 0x4e, 0x54, 0x45, - 0x4e, 0x44, 0x10, 0x1e, 0x12, 0x20, 0x0a, 0x1c, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, - 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x46, 0x52, 0x4f, 0x4e, 0x54, 0x45, 0x4e, 0x44, 0x5f, - 0x46, 0x41, 0x49, 0x4c, 0x10, 0x1f, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, - 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, - 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x10, 0x20, 0x12, 0x27, 0x0a, 0x23, 0x44, 0x42, 0x47, 0x5f, 0x4c, - 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, - 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x21, - 0x12, 0x27, 0x0a, 0x23, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, - 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, - 0x56, 0x32, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x22, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x42, 0x47, - 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, - 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x23, 0x12, 0x1e, 0x0a, 0x1a, 0x44, 0x42, - 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x52, 0x45, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x4e, 0x41, - 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x24, 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, - 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x52, 0x45, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x4e, 0x41, - 0x54, 0x10, 0x25, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, - 0x4f, 0x4f, 0x50, 0x42, 0x41, 0x43, 0x4b, 0x5f, 0x53, 0x4e, 0x41, 0x54, 0x10, 0x26, 0x12, 0x1d, - 0x0a, 0x19, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x50, 0x42, 0x41, - 0x43, 0x4b, 0x5f, 0x53, 0x4e, 0x41, 0x54, 0x5f, 0x52, 0x45, 0x56, 0x10, 0x27, 0x12, 0x12, 0x0a, - 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, 0x10, - 0x28, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, 0x5f, 0x52, 0x52, 0x5f, 0x42, 0x41, 0x43, 0x4b, - 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, 0x53, 0x45, 0x4c, 0x10, 0x29, 0x12, 0x18, - 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x52, 0x45, 0x56, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, - 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x2a, 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, - 0x52, 0x45, 0x56, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, - 0x2b, 0x12, 0x18, 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x52, 0x45, 0x56, 0x5f, 0x50, 0x52, 0x4f, - 0x58, 0x59, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x2c, 0x12, 0x11, 0x0a, 0x0d, 0x44, - 0x42, 0x47, 0x5f, 0x4c, 0x34, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x10, 0x2d, 0x12, 0x19, - 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x4e, 0x45, 0x54, 0x44, 0x45, 0x56, 0x5f, 0x49, 0x4e, 0x5f, - 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x10, 0x2e, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, - 0x5f, 0x4e, 0x45, 0x54, 0x44, 0x45, 0x56, 0x5f, 0x45, 0x4e, 0x43, 0x41, 0x50, 0x34, 0x10, 0x2f, - 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, - 0x50, 0x34, 0x5f, 0x31, 0x10, 0x30, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, - 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, 0x5f, 0x32, 0x10, 0x31, 0x12, 0x13, 0x0a, 0x0f, - 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x34, 0x10, - 0x32, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, - 0x55, 0x50, 0x36, 0x5f, 0x31, 0x10, 0x33, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x43, - 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x36, 0x5f, 0x32, 0x10, 0x34, 0x12, 0x13, 0x0a, - 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x36, - 0x10, 0x35, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x5f, 0x50, - 0x52, 0x4f, 0x58, 0x59, 0x10, 0x36, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x34, - 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x37, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, - 0x5f, 0x49, 0x50, 0x5f, 0x49, 0x44, 0x5f, 0x4d, 0x41, 0x50, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, - 0x44, 0x34, 0x10, 0x38, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x50, 0x5f, 0x49, - 0x44, 0x5f, 0x4d, 0x41, 0x50, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x36, 0x10, 0x39, 0x12, - 0x1a, 0x0a, 0x16, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x50, 0x5f, 0x49, 0x44, 0x5f, 0x4d, 0x41, 0x50, - 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x45, 0x44, 0x34, 0x10, 0x3a, 0x12, 0x1a, 0x0a, 0x16, 0x44, - 0x42, 0x47, 0x5f, 0x49, 0x50, 0x5f, 0x49, 0x44, 0x5f, 0x4d, 0x41, 0x50, 0x5f, 0x53, 0x55, 0x43, - 0x43, 0x45, 0x45, 0x44, 0x36, 0x10, 0x3b, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x4c, - 0x42, 0x5f, 0x53, 0x54, 0x41, 0x4c, 0x45, 0x5f, 0x43, 0x54, 0x10, 0x3c, 0x12, 0x18, 0x0a, 0x14, - 0x44, 0x42, 0x47, 0x5f, 0x49, 0x4e, 0x48, 0x45, 0x52, 0x49, 0x54, 0x5f, 0x49, 0x44, 0x45, 0x4e, - 0x54, 0x49, 0x54, 0x59, 0x10, 0x3d, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, - 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, 0x10, 0x3e, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, - 0x47, 0x5f, 0x53, 0x4b, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x36, 0x10, 0x3f, 0x12, 0x11, - 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, 0x5f, 0x41, 0x53, 0x53, 0x49, 0x47, 0x4e, 0x10, - 0x40, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x37, 0x5f, 0x4c, 0x42, 0x10, 0x41, - 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x5f, 0x50, 0x4f, 0x4c, - 0x49, 0x43, 0x59, 0x10, 0x42, 0x42, 0x26, 0x5a, 0x24, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, - 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x66, 0x6c, 0x6f, 0x77, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0xca, 0x01, 0x12, 0x16, 0x0a, + 0x11, 0x44, 0x52, 0x4f, 0x50, 0x5f, 0x45, 0x50, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x52, 0x45, 0x41, + 0x44, 0x59, 0x10, 0xcb, 0x01, 0x2a, 0x4a, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, + 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x19, 0x54, 0x52, 0x41, + 0x46, 0x46, 0x49, 0x43, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, + 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x47, 0x52, + 0x45, 0x53, 0x53, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x45, 0x47, 0x52, 0x45, 0x53, 0x53, 0x10, + 0x02, 0x2a, 0x8d, 0x02, 0x0a, 0x11, 0x44, 0x65, 0x62, 0x75, 0x67, 0x43, 0x61, 0x70, 0x74, 0x75, + 0x72, 0x65, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x19, 0x44, 0x42, 0x47, 0x5f, 0x43, + 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x4b, + 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, + 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x4c, 0x49, 0x56, 0x45, 0x52, 0x59, 0x10, 0x04, + 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, + 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x4c, 0x42, 0x10, 0x05, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, + 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x46, 0x54, 0x45, 0x52, 0x5f, 0x56, + 0x34, 0x36, 0x10, 0x06, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, + 0x55, 0x52, 0x45, 0x5f, 0x41, 0x46, 0x54, 0x45, 0x52, 0x5f, 0x56, 0x36, 0x34, 0x10, 0x07, 0x12, + 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x50, + 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x50, 0x52, 0x45, 0x10, 0x08, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x42, + 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, + 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, + 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x53, 0x4e, 0x41, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x10, 0x0a, + 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x41, 0x50, 0x54, 0x55, 0x52, 0x45, 0x5f, + 0x53, 0x4e, 0x41, 0x54, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x0b, 0x22, 0x04, 0x08, 0x01, 0x10, + 0x03, 0x2a, 0x39, 0x0a, 0x09, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, + 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x45, + 0x76, 0x65, 0x6e, 0x74, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, + 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x4c, 0x6f, 0x73, 0x74, 0x10, 0x02, 0x2a, 0x7f, 0x0a, 0x0f, + 0x4c, 0x6f, 0x73, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, + 0x1d, 0x0a, 0x19, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x4c, 0x4f, 0x53, 0x54, 0x5f, + 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x10, 0x00, 0x12, 0x1a, + 0x0a, 0x16, 0x50, 0x45, 0x52, 0x46, 0x5f, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x52, 0x49, 0x4e, + 0x47, 0x5f, 0x42, 0x55, 0x46, 0x46, 0x45, 0x52, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x4f, 0x42, + 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x53, 0x5f, 0x51, 0x55, + 0x45, 0x55, 0x45, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x55, 0x42, 0x42, 0x4c, 0x45, 0x5f, + 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x42, 0x55, 0x46, 0x46, 0x45, 0x52, 0x10, 0x03, 0x2a, 0xae, 0x02, + 0x0a, 0x0e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x17, 0x0a, 0x13, 0x41, 0x47, 0x45, 0x4e, 0x54, 0x5f, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, + 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x41, 0x47, 0x45, + 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, + 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, + 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, + 0x45, 0x44, 0x10, 0x04, 0x12, 0x1f, 0x0a, 0x1b, 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, 0x54, + 0x5f, 0x52, 0x45, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x53, 0x55, 0x43, 0x43, + 0x45, 0x53, 0x53, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, + 0x54, 0x5f, 0x52, 0x45, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x46, 0x41, 0x49, + 0x4c, 0x55, 0x52, 0x45, 0x10, 0x06, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, + 0x4e, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x07, 0x12, 0x14, 0x0a, 0x10, + 0x45, 0x4e, 0x44, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, + 0x10, 0x08, 0x12, 0x14, 0x0a, 0x10, 0x49, 0x50, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x55, 0x50, + 0x53, 0x45, 0x52, 0x54, 0x45, 0x44, 0x10, 0x09, 0x12, 0x13, 0x0a, 0x0f, 0x49, 0x50, 0x43, 0x41, + 0x43, 0x48, 0x45, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, 0x0a, 0x12, 0x14, 0x0a, + 0x10, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x55, 0x50, 0x53, 0x45, 0x52, 0x54, 0x45, + 0x44, 0x10, 0x0b, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x44, + 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, 0x0c, 0x22, 0x04, 0x08, 0x01, 0x10, 0x01, 0x2a, 0xd8, + 0x01, 0x0a, 0x16, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x6c, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x4f, 0x43, + 0x4b, 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, + 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x26, 0x0a, 0x22, 0x53, 0x4f, 0x43, 0x4b, 0x5f, + 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x5f, + 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x57, 0x44, 0x10, 0x01, 0x12, + 0x27, 0x0a, 0x23, 0x53, 0x4f, 0x43, 0x4b, 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, + 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, + 0x4f, 0x4e, 0x5f, 0x46, 0x57, 0x44, 0x10, 0x02, 0x12, 0x26, 0x0a, 0x22, 0x53, 0x4f, 0x43, 0x4b, + 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x45, + 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x45, 0x56, 0x10, 0x03, + 0x12, 0x27, 0x0a, 0x23, 0x53, 0x4f, 0x43, 0x4b, 0x5f, 0x58, 0x4c, 0x41, 0x54, 0x45, 0x5f, 0x50, + 0x4f, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, + 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x45, 0x56, 0x10, 0x04, 0x2a, 0x81, 0x0d, 0x0a, 0x0e, 0x44, 0x65, + 0x62, 0x75, 0x67, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x11, + 0x44, 0x42, 0x47, 0x5f, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, + 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x44, 0x42, 0x47, 0x5f, 0x47, 0x45, 0x4e, 0x45, 0x52, + 0x49, 0x43, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x4f, 0x43, 0x41, + 0x4c, 0x5f, 0x44, 0x45, 0x4c, 0x49, 0x56, 0x45, 0x52, 0x59, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, + 0x44, 0x42, 0x47, 0x5f, 0x45, 0x4e, 0x43, 0x41, 0x50, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x44, + 0x42, 0x47, 0x5f, 0x4c, 0x58, 0x43, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x04, 0x12, 0x15, + 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x44, 0x45, 0x4e, + 0x49, 0x45, 0x44, 0x10, 0x05, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, + 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x06, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, + 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x52, 0x45, 0x56, 0x10, 0x07, 0x12, + 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x54, 0x43, 0x48, 0x10, + 0x08, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, + 0x54, 0x45, 0x44, 0x10, 0x09, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, + 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x32, 0x10, 0x0a, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, + 0x47, 0x5f, 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x48, 0x41, 0x4e, 0x44, 0x4c, 0x45, 0x10, 0x0b, + 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x52, 0x45, + 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x0c, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x49, + 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x4e, 0x53, 0x10, 0x0d, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, + 0x5f, 0x49, 0x43, 0x4d, 0x50, 0x36, 0x5f, 0x54, 0x49, 0x4d, 0x45, 0x5f, 0x45, 0x58, 0x43, 0x45, + 0x45, 0x44, 0x45, 0x44, 0x10, 0x0e, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, + 0x5f, 0x56, 0x45, 0x52, 0x44, 0x49, 0x43, 0x54, 0x10, 0x0f, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x42, + 0x47, 0x5f, 0x44, 0x45, 0x43, 0x41, 0x50, 0x10, 0x10, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, + 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x10, 0x11, 0x12, 0x11, 0x0a, 0x0d, 0x44, + 0x42, 0x47, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x54, 0x10, 0x12, 0x12, 0x0f, + 0x0a, 0x0b, 0x44, 0x42, 0x47, 0x5f, 0x54, 0x4f, 0x5f, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x13, 0x12, + 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x54, 0x4f, 0x5f, 0x53, 0x54, 0x41, 0x43, 0x4b, 0x10, + 0x14, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x42, 0x47, 0x5f, 0x50, 0x4b, 0x54, 0x5f, 0x48, 0x41, 0x53, + 0x48, 0x10, 0x15, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, + 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x46, 0x52, 0x4f, 0x4e, 0x54, 0x45, 0x4e, 0x44, 0x10, 0x16, + 0x12, 0x20, 0x0a, 0x1c, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, + 0x55, 0x50, 0x5f, 0x46, 0x52, 0x4f, 0x4e, 0x54, 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, + 0x10, 0x17, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, + 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, + 0x54, 0x10, 0x18, 0x12, 0x27, 0x0a, 0x23, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, + 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, + 0x4f, 0x54, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x19, 0x12, 0x27, 0x0a, 0x23, + 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, + 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, 0x56, 0x32, 0x5f, 0x46, + 0x41, 0x49, 0x4c, 0x10, 0x1a, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x36, + 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, + 0x46, 0x41, 0x49, 0x4c, 0x10, 0x1b, 0x12, 0x1e, 0x0a, 0x1a, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, + 0x36, 0x5f, 0x52, 0x45, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x5f, 0x4c, 0x4f, + 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x1c, 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, + 0x36, 0x5f, 0x52, 0x45, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x10, 0x1d, 0x12, + 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, + 0x50, 0x5f, 0x46, 0x52, 0x4f, 0x4e, 0x54, 0x45, 0x4e, 0x44, 0x10, 0x1e, 0x12, 0x20, 0x0a, 0x1c, + 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x46, + 0x52, 0x4f, 0x4e, 0x54, 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x1f, 0x12, 0x1f, + 0x0a, 0x1b, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, + 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x10, 0x20, 0x12, + 0x27, 0x0a, 0x23, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, + 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, 0x53, + 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x21, 0x12, 0x27, 0x0a, 0x23, 0x44, 0x42, 0x47, 0x5f, + 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, + 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, 0x5f, 0x56, 0x32, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x10, + 0x22, 0x12, 0x1f, 0x0a, 0x1b, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, + 0x4b, 0x55, 0x50, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, + 0x10, 0x23, 0x12, 0x1e, 0x0a, 0x1a, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x52, 0x45, + 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, + 0x10, 0x24, 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x52, 0x45, + 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x10, 0x25, 0x12, 0x19, 0x0a, 0x15, 0x44, + 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x50, 0x42, 0x41, 0x43, 0x4b, 0x5f, + 0x53, 0x4e, 0x41, 0x54, 0x10, 0x26, 0x12, 0x1d, 0x0a, 0x19, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, + 0x34, 0x5f, 0x4c, 0x4f, 0x4f, 0x50, 0x42, 0x41, 0x43, 0x4b, 0x5f, 0x53, 0x4e, 0x41, 0x54, 0x5f, + 0x52, 0x45, 0x56, 0x10, 0x27, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, + 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, 0x10, 0x28, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x42, 0x47, + 0x5f, 0x52, 0x52, 0x5f, 0x42, 0x41, 0x43, 0x4b, 0x45, 0x4e, 0x44, 0x5f, 0x53, 0x4c, 0x4f, 0x54, + 0x5f, 0x53, 0x45, 0x4c, 0x10, 0x29, 0x12, 0x18, 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x52, 0x45, + 0x56, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x2a, + 0x12, 0x17, 0x0a, 0x13, 0x44, 0x42, 0x47, 0x5f, 0x52, 0x45, 0x56, 0x5f, 0x50, 0x52, 0x4f, 0x58, + 0x59, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x2b, 0x12, 0x18, 0x0a, 0x14, 0x44, 0x42, 0x47, + 0x5f, 0x52, 0x45, 0x56, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, + 0x45, 0x10, 0x2c, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x34, 0x5f, 0x50, 0x4f, + 0x4c, 0x49, 0x43, 0x59, 0x10, 0x2d, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x4e, 0x45, + 0x54, 0x44, 0x45, 0x56, 0x5f, 0x49, 0x4e, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x10, + 0x2e, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x42, 0x47, 0x5f, 0x4e, 0x45, 0x54, 0x44, 0x45, 0x56, 0x5f, + 0x45, 0x4e, 0x43, 0x41, 0x50, 0x34, 0x10, 0x2f, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, + 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, 0x5f, 0x31, 0x10, 0x30, 0x12, 0x14, + 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, + 0x5f, 0x32, 0x10, 0x31, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x43, + 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x34, 0x10, 0x32, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, + 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x36, 0x5f, 0x31, 0x10, 0x33, 0x12, + 0x14, 0x0a, 0x10, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, + 0x36, 0x5f, 0x32, 0x10, 0x34, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x43, 0x54, 0x5f, + 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x36, 0x10, 0x35, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, + 0x47, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x5f, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x10, 0x36, 0x12, 0x11, + 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x34, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, + 0x37, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x50, 0x5f, 0x49, 0x44, 0x5f, 0x4d, + 0x41, 0x50, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x34, 0x10, 0x38, 0x12, 0x19, 0x0a, 0x15, + 0x44, 0x42, 0x47, 0x5f, 0x49, 0x50, 0x5f, 0x49, 0x44, 0x5f, 0x4d, 0x41, 0x50, 0x5f, 0x46, 0x41, + 0x49, 0x4c, 0x45, 0x44, 0x36, 0x10, 0x39, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x42, 0x47, 0x5f, 0x49, + 0x50, 0x5f, 0x49, 0x44, 0x5f, 0x4d, 0x41, 0x50, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x45, 0x44, + 0x34, 0x10, 0x3a, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x50, 0x5f, 0x49, 0x44, + 0x5f, 0x4d, 0x41, 0x50, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x45, 0x44, 0x36, 0x10, 0x3b, 0x12, + 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, 0x4c, 0x42, 0x5f, 0x53, 0x54, 0x41, 0x4c, 0x45, 0x5f, + 0x43, 0x54, 0x10, 0x3c, 0x12, 0x18, 0x0a, 0x14, 0x44, 0x42, 0x47, 0x5f, 0x49, 0x4e, 0x48, 0x45, + 0x52, 0x49, 0x54, 0x5f, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x10, 0x3d, 0x12, 0x12, + 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x34, + 0x10, 0x3e, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, 0x5f, 0x4c, 0x4f, 0x4f, + 0x4b, 0x55, 0x50, 0x36, 0x10, 0x3f, 0x12, 0x11, 0x0a, 0x0d, 0x44, 0x42, 0x47, 0x5f, 0x53, 0x4b, + 0x5f, 0x41, 0x53, 0x53, 0x49, 0x47, 0x4e, 0x10, 0x40, 0x12, 0x0d, 0x0a, 0x09, 0x44, 0x42, 0x47, + 0x5f, 0x4c, 0x37, 0x5f, 0x4c, 0x42, 0x10, 0x41, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x42, 0x47, 0x5f, + 0x53, 0x4b, 0x49, 0x50, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x10, 0x42, 0x42, 0x26, 0x5a, + 0x24, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, + 0x75, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, + 0x2f, 0x66, 0x6c, 0x6f, 0x77, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/vendor/github.com/cilium/cilium/api/v1/flow/flow.proto b/vendor/github.com/cilium/cilium/api/v1/flow/flow.proto index 242d0f29911..aa04ad9f3cb 100644 --- a/vendor/github.com/cilium/cilium/api/v1/flow/flow.proto +++ b/vendor/github.com/cilium/cilium/api/v1/flow/flow.proto @@ -409,6 +409,9 @@ enum DropReason { // A BPF program wants to tail call into bpf_host, but the host datapath // hasn't been loaded yet. DROP_HOST_NOT_READY = 202; + // A BPF program wants to tail call some endpoint's policy program in the + // POLICY_CALL_MAP, but the program is not available. + DROP_EP_NOT_READY = 203; } enum TrafficDirection { diff --git a/vendor/github.com/cilium/cilium/api/v1/models/daemon_configuration_status.go b/vendor/github.com/cilium/cilium/api/v1/models/daemon_configuration_status.go index f55612181d7..64daed2b0f4 100644 --- a/vendor/github.com/cilium/cilium/api/v1/models/daemon_configuration_status.go +++ b/vendor/github.com/cilium/cilium/api/v1/models/daemon_configuration_status.go @@ -53,6 +53,9 @@ type DaemonConfigurationStatus struct { // Immutable configuration (read-only) Immutable ConfigurationMap `json:"immutable,omitempty"` + // Comma-separated list of IP ports should be reserved in the workload network namespace + IPLocalReservedPorts string `json:"ipLocalReservedPorts,omitempty"` + // Configured IPAM mode IpamMode string `json:"ipam-mode,omitempty"` diff --git a/vendor/github.com/cilium/cilium/api/v1/models/endpoint_change_request.go b/vendor/github.com/cilium/cilium/api/v1/models/endpoint_change_request.go index e1be73caae7..d59e7f3a164 100644 --- a/vendor/github.com/cilium/cilium/api/v1/models/endpoint_change_request.go +++ b/vendor/github.com/cilium/cilium/api/v1/models/endpoint_change_request.go @@ -67,6 +67,9 @@ type EndpointChangeRequest struct { // Kubernetes pod name K8sPodName string `json:"k8s-pod-name,omitempty"` + // Kubernetes pod UID + K8sUID string `json:"k8s-uid,omitempty"` + // Labels describing the identity Labels Labels `json:"labels,omitempty"` diff --git a/vendor/github.com/cilium/cilium/pkg/alignchecker/alignchecker.go b/vendor/github.com/cilium/cilium/pkg/alignchecker/alignchecker.go index f3999cc2486..8be3e3d62bc 100644 --- a/vendor/github.com/cilium/cilium/pkg/alignchecker/alignchecker.go +++ b/vendor/github.com/cilium/cilium/pkg/alignchecker/alignchecker.go @@ -24,12 +24,12 @@ import ( func CheckStructAlignments(pathToObj string, toCheck map[string][]any, checkOffsets bool) error { spec, err := btf.LoadSpec(pathToObj) if err != nil { - return fmt.Errorf("cannot parse BTF debug info %s: %s", pathToObj, err) + return fmt.Errorf("cannot parse BTF debug info %s: %w", pathToObj, err) } structInfo, err := getStructInfosFromBTF(spec, toCheck) if err != nil { - return fmt.Errorf("cannot extract struct info from BTF %s: %s", pathToObj, err) + return fmt.Errorf("cannot extract struct info from BTF %s: %w", pathToObj, err) } for cName, goStructs := range toCheck { diff --git a/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go b/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go index 56b40c900ae..2792a310867 100644 --- a/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go +++ b/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go @@ -418,7 +418,7 @@ func (a *Allocator) WaitForInitialSync(ctx context.Context) error { select { case <-a.initialListDone: case <-ctx.Done(): - return fmt.Errorf("identity sync was cancelled: %s", ctx.Err()) + return fmt.Errorf("identity sync was cancelled: %w", ctx.Err()) } return nil @@ -524,13 +524,13 @@ func (a *Allocator) lockedAllocate(ctx context.Context, key AllocatorKey) (idpoo if value != 0 { // re-create master key if err := a.backend.UpdateKeyIfLocked(ctx, value, key, true, lock); err != nil { - return 0, false, false, fmt.Errorf("unable to re-create missing master key '%s': %s while allocating ID: %s", key, value, err) + return 0, false, false, fmt.Errorf("unable to re-create missing master key '%s': %s while allocating ID: %w", key, value, err) } } } else { _, firstUse, err = a.localKeys.allocate(k, key, value) if err != nil { - return 0, false, false, fmt.Errorf("unable to reserve local key '%s': %s", k, err) + return 0, false, false, fmt.Errorf("unable to reserve local key '%s': %w", k, err) } if firstUse { @@ -545,7 +545,7 @@ func (a *Allocator) lockedAllocate(ctx context.Context, key AllocatorKey) (idpoo if err = a.backend.AcquireReference(ctx, value, key, lock); err != nil { a.localKeys.release(k) - return 0, false, false, fmt.Errorf("unable to create secondary key '%s': %s", k, err) + return 0, false, false, fmt.Errorf("unable to create secondary key '%s': %w", k, err) } // mark the key as verified in the local cache @@ -572,7 +572,7 @@ func (a *Allocator) lockedAllocate(ctx context.Context, key AllocatorKey) (idpoo oldID, firstUse, err := a.localKeys.allocate(k, key, id) if err != nil { a.idPool.Release(unmaskedID) - return 0, false, false, fmt.Errorf("unable to reserve local key '%s': %s", k, err) + return 0, false, false, fmt.Errorf("unable to reserve local key '%s': %w", k, err) } // Another local writer beat us to allocating an ID for the same key, @@ -602,7 +602,7 @@ func (a *Allocator) lockedAllocate(ctx context.Context, key AllocatorKey) (idpoo // Creation failed. Another agent most likely beat us to allocting this // ID, retry. releaseKeyAndID() - return 0, false, false, fmt.Errorf("unable to allocate ID %s for key %s: %s", strID, key2, err) + return 0, false, false, fmt.Errorf("unable to allocate ID %s for key %s: %w", strID, key2, err) } // Notify pool that leased ID is now in-use. @@ -613,7 +613,7 @@ func (a *Allocator) lockedAllocate(ctx context.Context, key AllocatorKey) (idpoo // exposed and may be in use by other nodes. The garbage // collector will release it again. releaseKeyAndID() - return 0, false, false, fmt.Errorf("secondary key creation failed '%s': %s", k, err) + return 0, false, false, fmt.Errorf("secondary key creation failed '%s': %w", k, err) } // mark the key as verified in the local cache @@ -651,7 +651,7 @@ func (a *Allocator) Allocate(ctx context.Context, key AllocatorKey) (idpool.ID, select { case <-a.initialListDone: case <-ctx.Done(): - return 0, false, false, fmt.Errorf("allocation was cancelled while waiting for initial key list to be received: %s", ctx.Err()) + return 0, false, false, fmt.Errorf("allocation was cancelled while waiting for initial key list to be received: %w", ctx.Err()) } kvstore.Trace("Allocating from kvstore", nil, logrus.Fields{fieldKey: key}) @@ -690,7 +690,7 @@ func (a *Allocator) Allocate(ctx context.Context, key AllocatorKey) (idpool.ID, select { case <-ctx.Done(): scopedLog.WithError(ctx.Err()).Warning("Ongoing key allocation has been cancelled") - return 0, false, false, fmt.Errorf("key allocation cancelled: %s", ctx.Err()) + return 0, false, false, fmt.Errorf("key allocation cancelled: %w", ctx.Err()) default: scopedLog.WithError(err).Warning("Key allocation attempt failed") } @@ -813,7 +813,7 @@ func (a *Allocator) Release(ctx context.Context, key AllocatorKey) (lastUse bool select { case <-a.initialListDone: case <-ctx.Done(): - return false, fmt.Errorf("release was cancelled while waiting for initial key list to be received: %s", ctx.Err()) + return false, fmt.Errorf("release was cancelled while waiting for initial key list to be received: %w", ctx.Err()) } k := a.encodeKey(key) diff --git a/vendor/github.com/cilium/cilium/pkg/backoff/backoff.go b/vendor/github.com/cilium/cilium/pkg/backoff/backoff.go index 2cfbde3dcad..3ddada53096 100644 --- a/vendor/github.com/cilium/cilium/pkg/backoff/backoff.go +++ b/vendor/github.com/cilium/cilium/pkg/backoff/backoff.go @@ -166,7 +166,7 @@ func (b *Exponential) Wait(ctx context.Context) error { select { case <-ctx.Done(): - return fmt.Errorf("exponential backoff cancelled via context: %s", ctx.Err()) + return fmt.Errorf("exponential backoff cancelled via context: %w", ctx.Err()) case <-time.After(t): } diff --git a/vendor/github.com/cilium/cilium/pkg/bpf/bpf_linux.go b/vendor/github.com/cilium/cilium/pkg/bpf/bpf_linux.go index 1a8972bafca..bc689ecdf4f 100644 --- a/vendor/github.com/cilium/cilium/pkg/bpf/bpf_linux.go +++ b/vendor/github.com/cilium/cilium/pkg/bpf/bpf_linux.go @@ -161,7 +161,7 @@ func GetMtime() (uint64, error) { err := unix.ClockGettime(unix.CLOCK_MONOTONIC, &ts) if err != nil { - return 0, fmt.Errorf("Unable get time: %s", err) + return 0, fmt.Errorf("Unable get time: %w", err) } return uint64(unix.TimespecToNsec(ts)), nil diff --git a/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_linux.go b/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_linux.go index 8a22cc6942d..1a94dde4199 100644 --- a/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_linux.go +++ b/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_linux.go @@ -133,10 +133,10 @@ func mountFS(printWarning bool) error { if err != nil { if os.IsNotExist(err) { if err := MkdirBPF(bpffsRoot); err != nil { - return fmt.Errorf("unable to create bpf mount directory: %s", err) + return fmt.Errorf("unable to create bpf mount directory: %w", err) } } else { - return fmt.Errorf("failed to stat the mount path %s: %s", bpffsRoot, err) + return fmt.Errorf("failed to stat the mount path %s: %w", bpffsRoot, err) } } else if !mapRootStat.IsDir() { @@ -144,7 +144,7 @@ func mountFS(printWarning bool) error { } if err := unix.Mount(bpffsRoot, bpffsRoot, "bpf", 0, ""); err != nil { - return fmt.Errorf("failed to mount %s: %s", bpffsRoot, err) + return fmt.Errorf("failed to mount %s: %w", bpffsRoot, err) } return nil } diff --git a/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_migrate.go b/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_migrate.go index d0a61be998a..99a8e49c042 100644 --- a/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_migrate.go +++ b/vendor/github.com/cilium/cilium/pkg/bpf/bpffs_migrate.go @@ -90,7 +90,7 @@ func RepinMap(bpffsPath string, name string, spec *ebpf.MapSpec) error { } if err != nil { - return fmt.Errorf("map not found at path %s: %v", name, err) + return fmt.Errorf("map not found at path %s: %w", name, err) } defer pinned.Close() @@ -148,7 +148,7 @@ func FinalizeMap(bpffsPath, name string, revert bool) error { } if err != nil { - return fmt.Errorf("unable to open pinned map at path %s: %v", name, err) + return fmt.Errorf("unable to open pinned map at path %s: %w", name, err) } // Pending Map was found on bpffs and needs to be reverted. diff --git a/vendor/github.com/cilium/cilium/pkg/cgroups/cgroups_linux.go b/vendor/github.com/cilium/cilium/pkg/cgroups/cgroups_linux.go index a8ed26469b8..0c882558a90 100644 --- a/vendor/github.com/cilium/cilium/pkg/cgroups/cgroups_linux.go +++ b/vendor/github.com/cilium/cilium/pkg/cgroups/cgroups_linux.go @@ -20,17 +20,17 @@ func mountCgroup() error { if err != nil { if os.IsNotExist(err) { if err := os.MkdirAll(cgroupRoot, 0755); err != nil { - return fmt.Errorf("Unable to create cgroup mount directory: %s", err) + return fmt.Errorf("Unable to create cgroup mount directory: %w", err) } } else { - return fmt.Errorf("Failed to stat the mount path %s: %s", cgroupRoot, err) + return fmt.Errorf("Failed to stat the mount path %s: %w", cgroupRoot, err) } } else if !cgroupRootStat.IsDir() { return fmt.Errorf("%s is a file which is not a directory", cgroupRoot) } if err := unix.Mount("none", cgroupRoot, "cgroup2", 0, ""); err != nil { - return fmt.Errorf("failed to mount %s: %s", cgroupRoot, err) + return fmt.Errorf("failed to mount %s: %w", cgroupRoot, err) } return nil diff --git a/vendor/github.com/cilium/cilium/pkg/cgroups/manager/provider.go b/vendor/github.com/cilium/cilium/pkg/cgroups/manager/provider.go index 2dae690c605..792bc08c02d 100644 --- a/vendor/github.com/cilium/cilium/pkg/cgroups/manager/provider.go +++ b/vendor/github.com/cilium/cilium/pkg/cgroups/manager/provider.go @@ -141,12 +141,12 @@ func getSystemdContainerPathCommon(subPaths []string, podId string, containerId podIdStr := fmt.Sprintf("pod%s", podId) if qos == v1.PodQOSGuaranteed { if path, err = toSystemd(append(subPaths, podIdStr)); err != nil { - return "", fmt.Errorf("unable to construct cgroup path %w", err) + return "", fmt.Errorf("unable to construct cgroup path: %w", err) } } else { qosStr := strings.ToLower(string(qos)) if path, err = toSystemd(append(subPaths, qosStr, podIdStr)); err != nil { - return "", fmt.Errorf("unable to construct cgroup path %w", err) + return "", fmt.Errorf("unable to construct cgroup path: %w", err) } } // construct and append container sub path with container id @@ -211,7 +211,7 @@ func toSystemd(cgroupName []string) (string, error) { result, err := expandSlice(strings.Join(newparts, "-") + systemdSuffix) if err != nil { - return "", fmt.Errorf("error converting cgroup name [%v] to systemd format: %v", cgroupName, err) + return "", fmt.Errorf("error converting cgroup name [%v] to systemd format: %w", cgroupName, err) } return result, nil } diff --git a/vendor/github.com/cilium/cilium/pkg/client/client.go b/vendor/github.com/cilium/cilium/pkg/client/client.go index f0f26333d75..2b3f9321ef4 100644 --- a/vendor/github.com/cilium/cilium/pkg/client/client.go +++ b/vendor/github.com/cilium/cilium/pkg/client/client.go @@ -75,7 +75,7 @@ func NewDefaultClientWithTimeout(timeout time.Duration) (*Client, error) { for { select { case <-timeoutAfter: - return nil, fmt.Errorf("failed to create cilium agent client after %f seconds timeout: %s", timeout.Seconds(), err) + return nil, fmt.Errorf("failed to create cilium agent client after %f seconds timeout: %w", timeout.Seconds(), err) default: } @@ -88,7 +88,7 @@ func NewDefaultClientWithTimeout(timeout time.Duration) (*Client, error) { for { select { case <-timeoutAfter: - return nil, fmt.Errorf("failed to create cilium agent client after %f seconds timeout: %s", timeout.Seconds(), err) + return nil, fmt.Errorf("failed to create cilium agent client after %f seconds timeout: %w", timeout.Seconds(), err) default: } // This is an API call that we do to the cilium-agent to check @@ -256,9 +256,9 @@ func clusterReadiness(cluster *models.RemoteCluster) string { return "ready" } -func numReadyClusters(clustermesh *models.ClusterMeshStatus) int { +func NumReadyClusters(clusters []*models.RemoteCluster) int { numReady := 0 - for _, cluster := range clustermesh.Clusters { + for _, cluster := range clusters { if cluster.Ready { numReady++ } @@ -425,34 +425,14 @@ func FormatStatusResponse(w io.Writer, sr *models.StatusResponse, sd StatusDetai if sr.ClusterMesh != nil { fmt.Fprintf(w, "ClusterMesh:\t%d/%d clusters ready, %d global-services\n", - numReadyClusters(sr.ClusterMesh), len(sr.ClusterMesh.Clusters), sr.ClusterMesh.NumGlobalServices) - - for _, cluster := range sr.ClusterMesh.Clusters { - if sd.AllClusters || !cluster.Ready { - fmt.Fprintf(w, " %s: %s, %d nodes, %d endpoints, %d identities, %d services, %d failures (last: %s)\n", - cluster.Name, clusterReadiness(cluster), cluster.NumNodes, - cluster.NumEndpoints, cluster.NumIdentities, cluster.NumSharedServices, - cluster.NumFailures, timeSince(time.Time(cluster.LastFailure))) - fmt.Fprintf(w, " └ %s\n", cluster.Status) - - fmt.Fprint(w, " └ remote configuration: ") - if cluster.Config != nil { - fmt.Fprintf(w, "expected=%t, retrieved=%t", cluster.Config.Required, cluster.Config.Retrieved) - if cluster.Config.Retrieved { - fmt.Fprintf(w, ", cluster-id=%d, kvstoremesh=%t, sync-canaries=%t", - cluster.Config.ClusterID, cluster.Config.Kvstoremesh, cluster.Config.SyncCanaries) - } - } else { - fmt.Fprint(w, "expected=unknown, retrieved=unknown") - } - fmt.Fprint(w, "\n") + NumReadyClusters(sr.ClusterMesh.Clusters), len(sr.ClusterMesh.Clusters), sr.ClusterMesh.NumGlobalServices) - if cluster.Synced != nil { - fmt.Fprintf(w, " └ synchronization status: nodes=%v, endpoints=%v, identities=%v, services=%v\n", - cluster.Synced.Nodes, cluster.Synced.Endpoints, cluster.Synced.Identities, cluster.Synced.Services) - } - } + verbosity := RemoteClustersStatusNotReadyOnly + if sd.AllClusters { + verbosity = RemoteClustersStatusVerbose } + + FormatStatusResponseRemoteClusters(w, sr.ClusterMesh.Clusters, verbosity) } if sr.IPV4BigTCP != nil { @@ -794,3 +774,49 @@ func FormatStatusResponse(w io.Writer, sr *models.StatusResponse, sd StatusDetai fmt.Fprintf(w, "Encryption:\t%s\t%s\n", sr.Encryption.Mode, strings.Join(fields, ", ")) } } + +// RemoteClustersStatusVerbosity specifies the verbosity when formatting the remote clusters status information. +type RemoteClustersStatusVerbosity uint + +const ( + // RemoteClustersStatusVerbose outputs all remote clusters information. + RemoteClustersStatusVerbose RemoteClustersStatusVerbosity = iota + // RemoteClustersStatusBrief outputs a one-line summary only for ready clusters. + RemoteClustersStatusBrief + // RemoteClustersStatusNotReadyOnly outputs the remote clusters information for non-ready clusters only. + RemoteClustersStatusNotReadyOnly +) + +func FormatStatusResponseRemoteClusters(w io.Writer, clusters []*models.RemoteCluster, verbosity RemoteClustersStatusVerbosity) { + for _, cluster := range clusters { + if verbosity != RemoteClustersStatusNotReadyOnly || !cluster.Ready { + fmt.Fprintf(w, " %s: %s, %d nodes, %d endpoints, %d identities, %d services, %d failures (last: %s)\n", + cluster.Name, clusterReadiness(cluster), cluster.NumNodes, + cluster.NumEndpoints, cluster.NumIdentities, cluster.NumSharedServices, + cluster.NumFailures, timeSince(time.Time(cluster.LastFailure))) + + if verbosity == RemoteClustersStatusBrief && cluster.Ready { + continue + } + + fmt.Fprintf(w, " └ %s\n", cluster.Status) + + fmt.Fprint(w, " └ remote configuration: ") + if cluster.Config != nil { + fmt.Fprintf(w, "expected=%t, retrieved=%t", cluster.Config.Required, cluster.Config.Retrieved) + if cluster.Config.Retrieved { + fmt.Fprintf(w, ", cluster-id=%d, kvstoremesh=%t, sync-canaries=%t", + cluster.Config.ClusterID, cluster.Config.Kvstoremesh, cluster.Config.SyncCanaries) + } + } else { + fmt.Fprint(w, "expected=unknown, retrieved=unknown") + } + fmt.Fprint(w, "\n") + + if cluster.Synced != nil { + fmt.Fprintf(w, " └ synchronization status: nodes=%v, endpoints=%v, identities=%v, services=%v\n", + cluster.Synced.Nodes, cluster.Synced.Endpoints, cluster.Synced.Identities, cluster.Synced.Services) + } + } + } +} diff --git a/vendor/github.com/cilium/cilium/pkg/command/output.go b/vendor/github.com/cilium/cilium/pkg/command/output.go index a3d0490df57..f6196048c5f 100644 --- a/vendor/github.com/cilium/cilium/pkg/command/output.go +++ b/vendor/github.com/cilium/cilium/pkg/command/output.go @@ -58,7 +58,7 @@ func PrintOutput(data interface{}) error { func PrintOutputWithPatch(data interface{}, patch interface{}) error { mergedInterface, err := mergeInterfaces(data, patch) if err != nil { - return fmt.Errorf("Unable to merge Interfaces:%v", err) + return fmt.Errorf("Unable to merge Interfaces: %w", err) } return PrintOutputWithType(mergedInterface, outputOpt) } diff --git a/vendor/github.com/cilium/cilium/pkg/controller/controller.go b/vendor/github.com/cilium/cilium/pkg/controller/controller.go index f35bded20df..821020c7df2 100644 --- a/vendor/github.com/cilium/cilium/pkg/controller/controller.go +++ b/vendor/github.com/cilium/cilium/pkg/controller/controller.go @@ -265,11 +265,11 @@ func (c *controller) runController(params ControllerParams) { err = NewExitReason("controller context canceled") } - switch err := err.(type) { - case ExitReason: + var exitReason ExitReason + if errors.As(err, &exitReason) { // This is actually not an error case, but it causes an exit c.recordSuccess(params.HealthReporter) - c.lastError = err // This will be shown in the controller status + c.lastError = exitReason // This will be shown in the controller status // Don't exit the goroutine, since that only happens when the // controller is explicitly stopped. Instead, just wait for @@ -277,7 +277,7 @@ func (c *controller) runController(params ControllerParams) { c.getLogger().Debug("Controller run succeeded; waiting for next controller update or stop") interval = time.Duration(math.MaxInt64) - default: + } else { c.getLogger().WithField(fieldConsecutiveErrors, errorRetries). WithError(err).Debug("Controller run failed") c.recordError(err, params.HealthReporter) diff --git a/vendor/github.com/cilium/cilium/pkg/counter/prefixes.go b/vendor/github.com/cilium/cilium/pkg/counter/prefixes.go index 6c883c6bb50..fad776b674b 100644 --- a/vendor/github.com/cilium/cilium/pkg/counter/prefixes.go +++ b/vendor/github.com/cilium/cilium/pkg/counter/prefixes.go @@ -67,7 +67,7 @@ func DefaultPrefixLengthCounter() *PrefixLengthCounter { createIPNet(net.IPv6len*8, net.IPv6len*8), // hosts } if _, err := counter.Add(defaultPrefixes); err != nil { - panic(fmt.Errorf("Failed to create default prefix lengths: %s", err)) + panic(fmt.Errorf("Failed to create default prefix lengths: %w", err)) } return counter diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/linux/bandwidth/bandwidth.go b/vendor/github.com/cilium/cilium/pkg/datapath/linux/bandwidth/bandwidth.go index c91130e6342..8afcc2b1bbc 100644 --- a/vendor/github.com/cilium/cilium/pkg/datapath/linux/bandwidth/bandwidth.go +++ b/vendor/github.com/cilium/cilium/pkg/datapath/linux/bandwidth/bandwidth.go @@ -237,7 +237,7 @@ func setBaselineSysctls(p bandwidthManagerParams) error { for name, value := range baseIntSettings { currentValue, err := sysctl.ReadInt(name) if err != nil { - return fmt.Errorf("read sysctl %s failed: %s", name, err) + return fmt.Errorf("read sysctl %s failed: %w", name, err) } scopedLog := p.Log.WithFields(logrus.Fields{ @@ -253,7 +253,7 @@ func setBaselineSysctls(p bandwidthManagerParams) error { scopedLog.Info("Setting sysctl to baseline for BPF bandwidth manager") if err := sysctl.WriteInt(name, value); err != nil { - return fmt.Errorf("set sysctl %s=%d failed: %s", name, value, err) + return fmt.Errorf("set sysctl %s=%d failed: %w", name, value, err) } } @@ -275,7 +275,7 @@ func setBaselineSysctls(p bandwidthManagerParams) error { }).Info("Setting sysctl to baseline for BPF bandwidth manager") if err := sysctl.Write(name, value); err != nil { - return fmt.Errorf("set sysctl %s=%s failed: %s", name, value, err) + return fmt.Errorf("set sysctl %s=%s failed: %w", name, value, err) } } @@ -294,7 +294,7 @@ func setBaselineSysctls(p bandwidthManagerParams) error { }).Info("Setting sysctl to baseline for BPF bandwidth manager") if err := sysctl.WriteInt(name, value); err != nil { - return fmt.Errorf("set sysctl %s=%d failed: %s", name, value, err) + return fmt.Errorf("set sysctl %s=%d failed: %w", name, value, err) } } } diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go b/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go index f260c1e2ffb..2d8196d5352 100644 --- a/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go +++ b/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go @@ -62,7 +62,7 @@ func haveManagedNeighbors() (outer error) { // The current goroutine is locked to an OS thread and we've failed // to undo state modifications to the thread. Returning without unlocking // the goroutine will make sure the underlying OS thread dies. - outer = fmt.Errorf("error setting thread back to its original netns: %w (original error: %s)", nerr, outer) + outer = fmt.Errorf("error setting thread back to its original netns: %w (original error: %w)", nerr, outer) return } // only now that we have successfully changed the thread back to its diff --git a/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go b/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go index a17bf474daa..11234c219af 100644 --- a/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go +++ b/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go @@ -240,6 +240,10 @@ const ( // be necessary on key rotations. EnableIPsecKeyWatcher = true + // Enable caching for XfrmState for IPSec. Significantly reduces CPU usage + // in large clusters. + EnableIPSecXfrmStateCaching = false + // EncryptNode enables encrypting traffic from host networking applications // which are not part of Cilium manged pods. EncryptNode = false @@ -507,11 +511,9 @@ const ( // InstallNoConntrackRules instructs Cilium to install Iptables rules to skip netfilter connection tracking on all pod traffic. InstallNoConntrackIptRules = false - // WireguardSubnetV4 is a default WireGuard tunnel subnet - WireguardSubnetV4 = "172.16.43.0/24" - - // WireguardSubnetV6 is a default WireGuard tunnel subnet - WireguardSubnetV6 = "fdc9:281f:04d7:9ee9::1/64" + // ContainerIPLocalReservedPortsAuto instructs the Cilium CNI plugin to reserve + // an auto-generated list of ports in the container network namespace + ContainerIPLocalReservedPortsAuto = "auto" // ExternalClusterIP enables cluster external access to ClusterIP services. // Defaults to false to retain prior behaviour of not routing external packets to ClusterIPs. @@ -556,6 +558,9 @@ const ( // identity in a numeric identity. Values > 255 will decrease the number of // allocatable identities. MaxConnectedClusters = 255 + + // EnableEnvoyConfig is the default value for option.EnableEnvoyConfig + EnableEnvoyConfig = false ) var ( diff --git a/vendor/github.com/cilium/cilium/pkg/endpoint/id/id.go b/vendor/github.com/cilium/cilium/pkg/endpoint/id/id.go index a785e2d0f01..96b8d7b1025 100644 --- a/vendor/github.com/cilium/cilium/pkg/endpoint/id/id.go +++ b/vendor/github.com/cilium/cilium/pkg/endpoint/id/id.go @@ -129,7 +129,7 @@ func ParseCiliumID(id string) (int64, error) { } n, err := strconv.ParseInt(id, 0, 64) if err != nil || n < 0 { - return 0, fmt.Errorf("invalid numeric cilium id: %s", err) + return 0, fmt.Errorf("invalid numeric cilium id: %w", err) } if n > MaxEndpointID { return 0, fmt.Errorf("endpoint id too large: %d", n) diff --git a/vendor/github.com/cilium/cilium/pkg/health/client/modules.go b/vendor/github.com/cilium/cilium/pkg/health/client/modules.go index 52d65037912..470da8ed15b 100644 --- a/vendor/github.com/cilium/cilium/pkg/health/client/modules.go +++ b/vendor/github.com/cilium/cilium/pkg/health/client/modules.go @@ -62,15 +62,13 @@ func GetAndFormatModulesHealth(w io.Writer, clt ModulesHealth, verbose bool) { for _, m := range resp.Payload.Modules { tally[cell.Level(m.Level)] += 1 } - fmt.Fprintf(w, "\t%s(%d) %s(%d) %s(%d) %s(%d)\n", + fmt.Fprintf(w, "\t%s(%d) %s(%d) %s(%d)\n", cell.StatusStopped, tally[cell.StatusStopped], cell.StatusDegraded, tally[cell.StatusDegraded], cell.StatusOK, tally[cell.StatusOK], - cell.StatusUnknown, - tally[cell.StatusUnknown], ) } diff --git a/vendor/github.com/cilium/cilium/pkg/identity/cache/allocator.go b/vendor/github.com/cilium/cilium/pkg/identity/cache/allocator.go index c637cea34ac..d5134ec77b9 100644 --- a/vendor/github.com/cilium/cilium/pkg/identity/cache/allocator.go +++ b/vendor/github.com/cilium/cilium/pkg/identity/cache/allocator.go @@ -283,7 +283,7 @@ func (m *CachingIdentityAllocator) WaitForInitialGlobalIdentities(ctx context.Co select { case <-m.globalIdentityAllocatorInitialized: case <-ctx.Done(): - return fmt.Errorf("initial global identity sync was cancelled: %s", ctx.Err()) + return fmt.Errorf("initial global identity sync was cancelled: %w", ctx.Err()) } return m.IdentityAllocator.WaitForInitialSync(ctx) @@ -493,13 +493,13 @@ func (m *CachingIdentityAllocator) WatchRemoteIdentities(remoteName string, back remoteAllocatorBackend, err := kvstoreallocator.NewKVStoreBackend(prefix, m.owner.GetNodeSuffix(), &key.GlobalIdentity{}, backend) if err != nil { - return nil, fmt.Errorf("error setting up remote allocator backend: %s", err) + return nil, fmt.Errorf("error setting up remote allocator backend: %w", err) } remoteAlloc, err := allocator.NewAllocator(&key.GlobalIdentity{}, remoteAllocatorBackend, allocator.WithEvents(m.IdentityAllocator.GetEvents()), allocator.WithoutGC(), allocator.WithoutAutostart()) if err != nil { - return nil, fmt.Errorf("unable to initialize remote Identity Allocator: %s", err) + return nil, fmt.Errorf("unable to initialize remote Identity Allocator: %w", err) } return m.IdentityAllocator.NewRemoteCache(remoteName, remoteAlloc), nil diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/const.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/const.go index bbdb5c510c9..4aa8ac51695 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/const.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/const.go @@ -80,6 +80,10 @@ const ( // to sync the CNP with kube-apiserver. CtrlPrefixPolicyStatus = "sync-cnp-policy-status" + // BatchJobControllerUID is one of the labels that is available on a Job + // https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-labels + BatchJobControllerUID = "batch.kubernetes.io/controller-uid" + // CiliumIdentityAnnotationDeprecated is the previous annotation key used to map to an endpoint's security identity. CiliumIdentityAnnotationDeprecated = "cilium-identity" ) diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go index ca665284350..63bb1b5e1fd 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/clrp_types.go @@ -204,7 +204,7 @@ func (pInfo *PortInfo) SanitizePortInfo(checkNamedPort bool) (uint16, string, lb } else { p, err := strconv.ParseUint(pInfo.Port, 0, 16) if err != nil { - return pInt, pName, protocol, fmt.Errorf("unable to parse port: %v", err) + return pInt, pName, protocol, fmt.Errorf("unable to parse port: %w", err) } if p == 0 { return pInt, pName, protocol, fmt.Errorf("port cannot be 0") diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go index 1dac2c6ec33..fe3d7970aec 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go @@ -5,6 +5,7 @@ package client import ( "context" + "errors" "fmt" "net" "net/http" @@ -16,7 +17,7 @@ import ( "github.com/sirupsen/logrus" apiext_clientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" apiext_fake "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake" - "k8s.io/apimachinery/pkg/api/errors" + k8sErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilnet "k8s.io/apimachinery/pkg/util/net" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -391,13 +392,12 @@ func runHeartbeat(log logrus.FieldLogger, heartBeat func(context.Context) error, // which means the server is overloaded and only for this reason we // will not close all connections. err := heartBeat(ctx) - switch t := err.(type) { - case *errors.StatusError: - if t.ErrStatus.Code != http.StatusTooManyRequests { + if err != nil { + statusError := &k8sErrors.StatusError{} + if !errors.As(err, &statusError) || + statusError.ErrStatus.Code != http.StatusTooManyRequests { done <- err } - default: - done <- err } close(done) }() diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/identitybackend/identity.go b/vendor/github.com/cilium/cilium/pkg/k8s/identitybackend/identity.go index 9386a68eb6c..d3a867d557b 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/identitybackend/identity.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/identitybackend/identity.go @@ -194,7 +194,7 @@ func (c *crdBackend) UpdateKey(ctx context.Context, id idpool.ID, key allocator. if reliablyMissing { // Recreate a missing master key if _, err = c.AllocateID(ctx, id, key); err != nil { - return fmt.Errorf("Unable recreate missing CRD identity %q->%q: %s", key, id, err) + return fmt.Errorf("Unable recreate missing CRD identity %q->%q: %w", key, id, err) } return nil @@ -278,7 +278,7 @@ func (c *crdBackend) Get(ctx context.Context, key allocator.AllocatorKey) (idpoo id, err := strconv.ParseUint(identity.Name, 10, 64) if err != nil { - return idpool.NoID, fmt.Errorf("unable to parse value '%s': %s", identity.Name, err) + return idpool.NoID, fmt.Errorf("unable to parse value '%s': %w", identity.Name, err) } return idpool.ID(id), nil diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go b/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go index 0eac5f4be0e..ade6fc43498 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels/selector.go @@ -651,7 +651,7 @@ func (p *Parser) parse() (internalSelector, error) { case IdentifierToken, DoesNotExistToken: r, err := p.parseRequirement() if err != nil { - return nil, fmt.Errorf("unable to parse requirement: %v", err) + return nil, fmt.Errorf("unable to parse requirement: %w", err) } requirements = append(requirements, *r) t, l := p.consume(Values) diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/util/intstr/intstr.go b/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/util/intstr/intstr.go index ca2f03b6d1d..2f76aa37776 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/util/intstr/intstr.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/util/intstr/intstr.go @@ -147,7 +147,7 @@ func GetScaledValueFromIntOrPercent(intOrPercent *IntOrString, total int, roundU } value, isPercent, err := getIntOrPercentValueSafely(intOrPercent) if err != nil { - return 0, fmt.Errorf("invalid value for IntOrString: %v", err) + return 0, fmt.Errorf("invalid value for IntOrString: %w", err) } if isPercent { if roundUp { @@ -169,7 +169,7 @@ func GetValueFromIntOrPercent(intOrPercent *IntOrString, total int, roundUp bool } value, isPercent, err := getIntOrPercentValue(intOrPercent) if err != nil { - return 0, fmt.Errorf("invalid value for IntOrString: %v", err) + return 0, fmt.Errorf("invalid value for IntOrString: %w", err) } if isPercent { if roundUp { @@ -191,7 +191,7 @@ func getIntOrPercentValue(intOrStr *IntOrString) (int, bool, error) { s := strings.Replace(intOrStr.StrVal, "%", "", -1) v, err := strconv.Atoi(s) if err != nil { - return 0, false, fmt.Errorf("invalid value %q: %v", intOrStr.StrVal, err) + return 0, false, fmt.Errorf("invalid value %q: %w", intOrStr.StrVal, err) } return int(v), true, nil } @@ -213,7 +213,7 @@ func getIntOrPercentValueSafely(intOrStr *IntOrString) (int, bool, error) { } v, err := strconv.Atoi(s) if err != nil { - return 0, false, fmt.Errorf("invalid value %q: %v", intOrStr.StrVal, err) + return 0, false, fmt.Errorf("invalid value %q: %w", intOrStr.StrVal, err) } return int(v), isPercent, nil } diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/version/version.go b/vendor/github.com/cilium/cilium/pkg/k8s/version/version.go index 8d0e13cf828..db2bab99517 100644 --- a/vendor/github.com/cilium/cilium/pkg/k8s/version/version.go +++ b/vendor/github.com/cilium/cilium/pkg/k8s/version/version.go @@ -196,7 +196,7 @@ func endpointSlicesFallbackDiscovery(client kubernetes.Interface) error { // Unknown error, we can't derive whether to enable or disable // EndpointSlices and need to error out. - return fmt.Errorf("unable to validate EndpointSlices support: %s", err) + return fmt.Errorf("unable to validate EndpointSlices support: %w", err) } func leasesFallbackDiscovery(client kubernetes.Interface, apiDiscoveryEnabled bool) error { @@ -229,7 +229,7 @@ func leasesFallbackDiscovery(client kubernetes.Interface, apiDiscoveryEnabled bo // Unknown error, we can't derive whether to enable or disable // LeasesResourceLock and need to error out - return fmt.Errorf("unable to validate LeasesResourceLock support: %s", err) + return fmt.Errorf("unable to validate LeasesResourceLock support: %w", err) } func updateK8sServerVersion(client kubernetes.Interface) error { @@ -258,7 +258,7 @@ func updateK8sServerVersion(client kubernetes.Interface) error { } } - return fmt.Errorf("cannot parse k8s server version from %+v: %s", sv, err) + return fmt.Errorf("cannot parse k8s server version from %+v: %w", sv, err) } // Update retrieves the version of the Kubernetes apiserver and derives the diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/allocator/allocator.go b/vendor/github.com/cilium/cilium/pkg/kvstore/allocator/allocator.go index 4345273bf2b..c9141031d78 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/allocator/allocator.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/allocator/allocator.go @@ -129,7 +129,7 @@ func (k *kvstoreBackend) AllocateID(ctx context.Context, id idpool.ID, key alloc keyEncoded := []byte(k.backend.Encode([]byte(key.GetKey()))) success, err := k.backend.CreateOnly(ctx, keyPath, keyEncoded, false) if err != nil || !success { - return nil, fmt.Errorf("unable to create master key '%s': %s", keyPath, err) + return nil, fmt.Errorf("unable to create master key '%s': %w", keyPath, err) } return key, nil @@ -142,7 +142,7 @@ func (k *kvstoreBackend) AllocateIDIfLocked(ctx context.Context, id idpool.ID, k keyEncoded := []byte(k.backend.Encode([]byte(key.GetKey()))) success, err := k.backend.CreateOnlyIfLocked(ctx, keyPath, keyEncoded, false, lock) if err != nil || !success { - return nil, fmt.Errorf("unable to create master key '%s': %s", keyPath, err) + return nil, fmt.Errorf("unable to create master key '%s': %w", keyPath, err) } return key, nil @@ -152,7 +152,7 @@ func (k *kvstoreBackend) AllocateIDIfLocked(ctx context.Context, id idpool.ID, k func (k *kvstoreBackend) AcquireReference(ctx context.Context, id idpool.ID, key allocator.AllocatorKey, lock kvstore.KVLocker) error { keyString := k.backend.Encode([]byte(key.GetKey())) if err := k.createValueNodeKey(ctx, keyString, id, lock); err != nil { - return fmt.Errorf("unable to create slave key '%s': %s", keyString, err) + return fmt.Errorf("unable to create slave key '%s': %w", keyString, err) } return nil } @@ -163,7 +163,7 @@ func (k *kvstoreBackend) createValueNodeKey(ctx context.Context, key string, new // The key is protected with a TTL/lease and will expire after LeaseTTL valueKey := path.Join(k.valuePrefix, key, k.suffix) if _, err := k.backend.UpdateIfDifferentIfLocked(ctx, valueKey, []byte(newID.String()), true, lock); err != nil { - return fmt.Errorf("unable to create value-node key '%s': %s", valueKey, err) + return fmt.Errorf("unable to create value-node key '%s': %w", valueKey, err) } return nil @@ -290,7 +290,7 @@ func (k *kvstoreBackend) UpdateKey(ctx context.Context, id idpool.ID, key alloca success, err := k.backend.CreateOnly(ctx, keyPath, keyEncoded, false) switch { case err != nil: - return fmt.Errorf("Unable to re-create missing master key \"%s\" -> \"%s\": %s", fieldKey, valueKey, err) + return fmt.Errorf("Unable to re-create missing master key \"%s\" -> \"%s\": %w", fieldKey, valueKey, err) case success: log.WithField(fieldKey, keyPath).Warning("Re-created missing master key") } @@ -305,7 +305,7 @@ func (k *kvstoreBackend) UpdateKey(ctx context.Context, id idpool.ID, key alloca } switch { case err != nil: - return fmt.Errorf("Unable to re-create missing slave key \"%s\" -> \"%s\": %s", fieldKey, valueKey, err) + return fmt.Errorf("Unable to re-create missing slave key \"%s\" -> \"%s\": %w", fieldKey, valueKey, err) case recreated: log.WithField(fieldKey, valueKey).Warning("Re-created missing slave key") } @@ -330,7 +330,7 @@ func (k *kvstoreBackend) UpdateKeyIfLocked(ctx context.Context, id idpool.ID, ke success, err := k.backend.CreateOnlyIfLocked(ctx, keyPath, keyEncoded, false, lock) switch { case err != nil: - return fmt.Errorf("Unable to re-create missing master key \"%s\" -> \"%s\": %s", fieldKey, valueKey, err) + return fmt.Errorf("Unable to re-create missing master key \"%s\" -> \"%s\": %w", fieldKey, valueKey, err) case success: log.WithField(fieldKey, keyPath).Warning("Re-created missing master key") } @@ -346,7 +346,7 @@ func (k *kvstoreBackend) UpdateKeyIfLocked(ctx context.Context, id idpool.ID, ke } switch { case err != nil: - return fmt.Errorf("Unable to re-create missing slave key \"%s\" -> \"%s\": %s", fieldKey, valueKey, err) + return fmt.Errorf("Unable to re-create missing slave key \"%s\" -> \"%s\": %w", fieldKey, valueKey, err) case recreated: log.WithField(fieldKey, valueKey).Warning("Re-created missing slave key") } @@ -384,7 +384,7 @@ func (k *kvstoreBackend) RunLocksGC(ctx context.Context, staleKeysPrevRound map[ // fetch list of all /../locks keys allocated, err := k.backend.ListPrefix(ctx, k.lockPrefix) if err != nil { - return nil, fmt.Errorf("list failed: %s", err) + return nil, fmt.Errorf("list failed: %w", err) } staleKeys := map[string]kvstore.Value{} @@ -433,7 +433,7 @@ func (k *kvstoreBackend) RunGC( // fetch list of all /id/ keys allocated, err := k.backend.ListPrefix(ctx, k.idPrefix) if err != nil { - return nil, nil, fmt.Errorf("list failed: %s", err) + return nil, nil, fmt.Errorf("list failed: %w", err) } totalEntries := len(allocated) diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/cell.go b/vendor/github.com/cilium/cilium/pkg/kvstore/cell.go index 3a7f0e6f281..32b27ad8166 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/cell.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/cell.go @@ -30,10 +30,11 @@ var Cell = func(defaultBackend string) cell.Cell { "KVStore Client", cell.Config(config{ - KVStore: defaultBackend, - KVStoreConnectivityTimeout: defaults.KVstoreConnectivityTimeout, - KVStoreLeaseTTL: defaults.KVstoreLeaseTTL, - KVStorePeriodicSync: defaults.KVstorePeriodicSync, + KVStore: defaultBackend, + KVStoreConnectivityTimeout: defaults.KVstoreConnectivityTimeout, + KVStoreLeaseTTL: defaults.KVstoreLeaseTTL, + KVStorePeriodicSync: defaults.KVstorePeriodicSync, + KVstoreMaxConsecutiveQuorumErrors: defaults.KVstoreMaxConsecutiveQuorumErrors, }), cell.Provide(func(lc cell.Lifecycle, shutdowner hive.Shutdowner, cfg config, opts *ExtraOptions) promise.Promise[BackendOperations] { @@ -50,6 +51,7 @@ var Cell = func(defaultBackend string) cell.Cell { option.Config.KVstoreConnectivityTimeout = cfg.KVStoreConnectivityTimeout option.Config.KVstoreLeaseTTL = cfg.KVStoreLeaseTTL option.Config.KVstorePeriodicSync = cfg.KVStorePeriodicSync + option.Config.KVstoreMaxConsecutiveQuorumErrors = cfg.KVstoreMaxConsecutiveQuorumErrors ctx, cancel := context.WithCancel(context.Background()) var wg sync.WaitGroup @@ -94,11 +96,12 @@ var Cell = func(defaultBackend string) cell.Cell { } type config struct { - KVStore string - KVStoreOpt map[string]string - KVStoreConnectivityTimeout time.Duration - KVStoreLeaseTTL time.Duration - KVStorePeriodicSync time.Duration + KVStore string + KVStoreOpt map[string]string + KVStoreConnectivityTimeout time.Duration + KVStoreLeaseTTL time.Duration + KVStorePeriodicSync time.Duration + KVstoreMaxConsecutiveQuorumErrors uint } func (def config) Flags(flags *pflag.FlagSet) { @@ -116,6 +119,9 @@ func (def config) Flags(flags *pflag.FlagSet) { flags.Duration(option.KVstorePeriodicSync, def.KVStorePeriodicSync, "Periodic KVstore synchronization interval") + + flags.Uint(option.KVstoreMaxConsecutiveQuorumErrorsName, def.KVstoreMaxConsecutiveQuorumErrors, + "Max acceptable kvstore consecutive quorum errors before recreating the etcd connection") } // GlobalUserMgmtClientPromiseCell provides a promise returning the global kvstore client to perform users diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go b/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go index d4fb8bfbe33..287ec5f7d16 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/consul.go @@ -150,12 +150,12 @@ func (c *consulModule) connectConsulClient(ctx context.Context, opts *ExtraOptio if configPathOptSet && configPathOpt.value != "" { b, err := os.ReadFile(configPathOpt.value) if err != nil { - return nil, fmt.Errorf("unable to read consul tls configuration file %s: %s", configPathOpt.value, err) + return nil, fmt.Errorf("unable to read consul tls configuration file %s: %w", configPathOpt.value, err) } yc := consulAPI.TLSConfig{} err = yaml.Unmarshal(b, &yc) if err != nil { - return nil, fmt.Errorf("invalid consul tls configuration in %s: %s", configPathOpt.value, err) + return nil, fmt.Errorf("invalid consul tls configuration in %s: %w", configPathOpt.value, err) } c.config.TLSConfig = yc } @@ -229,7 +229,7 @@ func newConsulClient(ctx context.Context, config *consulAPI.Config, opts *ExtraO wo := &consulAPI.WriteOptions{} lease, _, err := c.Session().Create(entry, wo.WithContext(ctx)) if err != nil { - return nil, fmt.Errorf("unable to create default lease: %s", err) + return nil, fmt.Errorf("unable to create default lease: %w", err) } client := &consulClient{ @@ -295,7 +295,7 @@ func (c *consulClient) LockPath(ctx context.Context, path string) (KVLocker, err select { case <-ctx.Done(): - return nil, fmt.Errorf("lock cancelled via context: %s", ctx.Err()) + return nil, fmt.Errorf("lock cancelled via context: %w", ctx.Err()) default: } } @@ -651,7 +651,7 @@ func (c *consulClient) createOnly(ctx context.Context, key string, value []byte, success, _, err := c.KV().CAS(k, opts.WithContext(ctx)) increaseMetric(key, metricSet, "CreateOnly", duration.EndError(err).Total(), err) if err != nil { - return false, fmt.Errorf("unable to compare-and-swap: %s", err) + return false, fmt.Errorf("unable to compare-and-swap: %w", err) } return success, nil } @@ -666,7 +666,7 @@ func (c *consulClient) createIfExists(ctx context.Context, condKey, key string, l, err := LockPath(ctx, c, condKey) if err != nil { - return fmt.Errorf("unable to lock condKey for CreateIfExists: %s", err) + return fmt.Errorf("unable to lock condKey for CreateIfExists: %w", err) } defer l.Unlock(context.Background()) diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go index a3dbb92019a..12bdd6bd69f 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go @@ -321,12 +321,10 @@ func etcdClientDebugLevel() zapcore.Level { // Hint tries to improve the error message displayed to te user. func Hint(err error) error { - switch err { - case context.DeadlineExceeded: + if errors.Is(err, context.DeadlineExceeded) { return fmt.Errorf("etcd client timeout exceeded") - default: - return err } + return err } type etcdClient struct { @@ -994,7 +992,7 @@ func (e *etcdClient) determineEndpointStatus(ctx context.Context, endpointAddres func (e *etcdClient) statusChecker() { ctx := context.Background() - consecutiveQuorumErrors := 0 + var consecutiveQuorumErrors uint statusTimer, statusTimerDone := inctimer.New() defer statusTimerDone() @@ -1039,7 +1037,7 @@ func (e *etcdClient) statusChecker() { switch { case consecutiveQuorumErrors > option.Config.KVstoreMaxConsecutiveQuorumErrors: - e.latestErrorStatus = fmt.Errorf("quorum check failed %d times in a row: %s", + e.latestErrorStatus = fmt.Errorf("quorum check failed %d times in a row: %w", consecutiveQuorumErrors, quorumError) e.latestStatusSnapshot = e.latestErrorStatus.Error() case len(endpoints) > 0 && ok == 0: diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd_debug.go b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd_debug.go new file mode 100644 index 00000000000..53637336cfc --- /dev/null +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd_debug.go @@ -0,0 +1,400 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright Authors of Cilium + +package kvstore + +import ( + "bytes" + "context" + "crypto/tls" + "crypto/x509" + "encoding/pem" + "errors" + "fmt" + "io" + "net" + "net/url" + "os" + "regexp" + "strings" + + client "go.etcd.io/etcd/client/v3" + "go.uber.org/zap" + "google.golang.org/grpc" + "sigs.k8s.io/yaml" + + "github.com/cilium/cilium/pkg/time" +) + +var etcdVersionRegexp = regexp.MustCompile(`"etcdserver":"(?P.*?)"`) + +// EtcdDbgDialer enables to override the LookupIP and DialContext functions, +// e.g., to support service name to IP address resolution when CoreDNS is not +// the configured DNS server --- for pods running in the host network namespace. +type EtcdDbgDialer interface { + LookupIP(ctx context.Context, hostname string) ([]net.IP, error) + DialContext(ctx context.Context, addr string) (net.Conn, error) +} + +// DefaultEtcdDbgDialer provides a default implementation of the EtcdDbgDialer interface. +type DefaultEtcdDbgDialer struct{} + +func (DefaultEtcdDbgDialer) LookupIP(ctx context.Context, hostname string) ([]net.IP, error) { + return net.DefaultResolver.LookupIP(ctx, "ip", hostname) +} + +func (DefaultEtcdDbgDialer) DialContext(ctx context.Context, addr string) (net.Conn, error) { + return (&net.Dialer{}).DialContext(ctx, "tcp", addr) +} + +// EtcdDbg performs a set of sanity checks concerning the connection to the given +// etcd cluster, and outputs the result in a user-friendly format. +func EtcdDbg(ctx context.Context, cfgfile string, dialer EtcdDbgDialer, w io.Writer) { + iw := newIndentedWriter(w, 0) + + iw.Println("📄 Configuration path: %s", cfgfile) + cfg, err := newConfig(cfgfile) + if err != nil { + iw.Println("❌ Cannot parse etcd configuration: %s", err) + return + } + + iw.NewLine() + if len(cfg.Endpoints) == 0 { + iw.Println("❌ No available endpoints") + } else { + iw.Println("🔌 Endpoints:") + for _, ep := range cfg.Endpoints { + iiw := iw.WithExtraIndent(3) + iiw.Println("- %s", ep) + etcdDbgEndpoint(ctx, ep, cfg.TLS.Clone(), dialer, iiw.WithExtraIndent(2)) + } + } + + iw.NewLine() + iw.Println("🔑 Digital certificates:") + etcdDbgCerts(cfgfile, cfg, iw.WithExtraIndent(3)) + + iw.NewLine() + iw.Println("⚙️ Etcd client:") + iiw := iw.WithExtraIndent(3) + cfg.Context = ctx + cfg.Logger = zap.NewNop() + cfg.DialOptions = append(cfg.DialOptions, grpc.WithBlock(), grpc.WithContextDialer(dialer.DialContext)) + cfg.DialTimeout = 1 * time.Second // The client hangs in case the connection fails, hence set a short timeout. + + cl, err := client.New(*cfg) + if err != nil { + iiw.Println("❌ Failed to establish connection: %s", err) + return + } + defer cl.Close() + + // Try to retrieve the heartbeat key, as a basic authorization check. + // It doesn't really matter whether the heartbeat key exists or not. + out, err := cl.Get(ctx, HeartbeatPath) + if err != nil { + iiw.Println("❌ Failed to retrieve key from etcd: %s", err) + return + } + + iiw.Println("✅ Etcd connection successfully established") + if out.Header != nil { + iiw.Println("ℹ️ Etcd cluster ID: %x", out.Header.GetClusterId()) + } +} + +func etcdDbgEndpoint(ctx context.Context, ep string, tlscfg *tls.Config, dialer EtcdDbgDialer, iw *indentedWriter) { + u, err := url.Parse(ep) + if err != nil { + iw.Println("❌ Cannot parse endpoint: %s", err) + return + } + + // Hostname resolution + hostname := u.Hostname() + if net.ParseIP(hostname) == nil { + ips, err := dialer.LookupIP(ctx, hostname) + if err != nil { + iw.Println("❌ Cannot resolve hostname: %s", err) + } else { + iw.Println("✅ Hostname resolved to: %s", etcdDbgOutputIPs(ips)) + } + } + + // TCP Connection + conn, err := dialer.DialContext(ctx, u.Host) + if err != nil { + iw.Println("❌ Cannot establish TCP connection to %s: %s", u.Host, err) + return + } + + iw.Println("✅ TCP connection successfully established to %s", conn.RemoteAddr()) + if u.Scheme != "https" { + conn.Close() + return + } + + // TLS Connection + if tlscfg.ServerName == "" { + tlscfg.ServerName = hostname + } + + // We use GetClientCertificate rather than Certificates to return an error + // in case the certificate does not match any of the requested CAs. One + // limitation, though, is that the match appears to be performed based on + // the distinguished name only, and it doesn't fail if two CAs have the same + // DN (which is typically the case with the default CA generated by Cilium). + var acceptableCAs [][]byte + tlscfg.GetClientCertificate = func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) { + for _, chain := range tlscfg.Certificates { + if err := cri.SupportsCertificate(&chain); err == nil { + return &chain, nil + } + } + + acceptableCAs = cri.AcceptableCAs + return nil, fmt.Errorf("client certificate is not signed by any acceptable CA") + } + + tconn := tls.Client(conn, tlscfg) + defer tconn.Close() + + err = tconn.HandshakeContext(ctx) + if err != nil { + iw.Println("❌ Cannot establish TLS connection to %s: %s", u.Host, err) + if len(acceptableCAs) > 0 { + // The output is suboptimal being DER-encoded, but there doesn't + // seem to be any easy way to parse it (the utility used by + // ParseCertificate is not exported). Better than nothing though. + var buf bytes.Buffer + for i, ca := range acceptableCAs { + if i != 0 { + buf.WriteString(", ") + } + buf.WriteRune('"') + buf.WriteString(string(ca)) + buf.WriteRune('"') + } + + iw.Println("ℹ️ Acceptable CAs: %s", buf.String()) + } + return + } + + iw.Println("✅ TLS connection successfully established to %s", tconn.RemoteAddr()) + iw.Println("ℹ️ Negotiated TLS version: %s, ciphersuite %s", + tls.VersionName(tconn.ConnectionState().Version), + tls.CipherSuiteName(tconn.ConnectionState().CipherSuite)) + + // With TLS 1.3, the server doesn't acknowledge whether client authentication + // succeeded, and a possible error is returned only when reading some data. + // Hence, let's trigger a request, so that we see if it failed. + tconn.SetDeadline(time.Now().Add(1 * time.Second)) + data := fmt.Sprintf("GET /version HTTP/1.1\r\nHost: %s\r\n\r\n", u.Host) + _, err = tconn.Write([]byte(data)) + if err != nil { + iw.Println("❌ Failed to perform a GET /version request: %s", err) + return + } + + buf := make([]byte, 1000) + _, err = tconn.Read(buf) + if err != nil { + opErr := &net.OpError{} + if errors.As(err, &opErr) && opErr.Op == "remote error" { + iw.Println("❌ TLS client authentication failed: %s", err) + } else { + iw.Println("❌ Failed to retrieve GET /version answer: %s", err) + } + return + } + + matches := etcdVersionRegexp.FindAllStringSubmatch(string(buf), 1) + if len(matches) != 1 { + iw.Println("⚠️ Could not retrieve etcd server version") + return + } + + iw.Println("ℹ️ Etcd server version: %s", matches[0][etcdVersionRegexp.SubexpIndex("version")]) +} + +func etcdDbgCerts(cfgfile string, cfg *client.Config, iw *indentedWriter) { + if cfg.TLS.RootCAs == nil { + iw.Println("⚠️ Root CA unset: using system pool") + } else { + // Retrieve the RootCA path from the configuration, as it appears + // that we cannot introspect cfg.TLS.RootCAs. + certs, err := etcdDbgRetrieveRootCAFile(cfgfile) + if err != nil { + iw.Println("❌ Failed to retrieve Root CA path: %s", err) + } else { + iw.Println("✅ TLS Root CA certificates:") + for _, cert := range certs { + parsed, err := x509.ParseCertificate(cert) + if err != nil { + iw.Println("❌ Failed to parse certificate: %s", err) + continue + } + + etcdDbgOutputCert(parsed, iw.WithExtraIndent(3)) + } + } + } + + if len(cfg.TLS.Certificates) == 0 { + iw.Println("⚠️ No available TLS client certificates") + } else { + iw.Println("✅ TLS client certificates:") + for _, cert := range cfg.TLS.Certificates { + if len(cert.Certificate) == 0 { + iw.Println("❌ The certificate looks invalid") + continue + } + + leaf, err := x509.ParseCertificate(cert.Certificate[0]) + if err != nil { + iw.Println("❌ Failed to parse certificate: %s", err) + continue + } + + iiw := iw.WithExtraIndent(3) + etcdDbgOutputCert(leaf, iiw) + iiw = iiw.WithExtraIndent(2) + + // Print intermediate certificates, if any. + intermediates := x509.NewCertPool() + for _, cert := range cert.Certificate[1:] { + iiw.Println("Intermediates:") + + intermediate, err := x509.ParseCertificate(cert) + if err != nil { + iw.Println("❌ Failed to parse intermediate certificate: %s", err) + continue + } + + etcdDbgOutputCert(intermediate, iiw) + intermediates.AddCert(intermediate) + } + + // Attempt to verify whether the given certificate can be validated + // using the configured root CAs. Although a failure is not necessarily + // an error, as the remote etcd server may be configured with a different + // root CA, it still signals a misconfiguration in most cases. + opts := x509.VerifyOptions{ + Roots: cfg.TLS.RootCAs, + Intermediates: intermediates, + } + + _, err = leaf.Verify(opts) + if err != nil { + iiw.Println("⚠️ Cannot verify certificate with the configured root CAs") + } + } + } + + if cfg.Username != "" { + passwd := "unset" + if cfg.Password != "" { + passwd = "set" + } + + iw.Println("✅ Username set to %s, password is %s", cfg.Username, passwd) + } +} + +func etcdDbgOutputIPs(ips []net.IP) string { + var buf bytes.Buffer + for i, ip := range ips { + if i > 0 { + buf.WriteString(", ") + } + + if i == 4 { + buf.WriteString("...") + break + } + + buf.WriteString(ip.String()) + } + return buf.String() +} + +func etcdDbgRetrieveRootCAFile(cfgfile string) (certs [][]byte, err error) { + var yc yamlConfig + + b, err := os.ReadFile(cfgfile) + if err != nil { + return nil, err + } + + err = yaml.Unmarshal(b, &yc) + if err != nil { + return nil, err + } + + crtfile := yc.TrustedCAfile + if crtfile == "" { + crtfile = yc.CAfile + } + if crtfile == "" { + return nil, errors.New("not provided") + } + + data, err := os.ReadFile(crtfile) + if err != nil { + return nil, err + } + + for { + block, rest := pem.Decode(data) + if block == nil { + if len(certs) == 0 { + return nil, errors.New("no certificate found") + } + + return certs, nil + } + + if block.Type == "CERTIFICATE" { + certs = append(certs, block.Bytes) + } + + data = rest + } +} + +func etcdDbgOutputCert(cert *x509.Certificate, iw *indentedWriter) { + sn := cert.SerialNumber.Text(16) + for i := 2; i < len(sn); i += 3 { + sn = sn[:i] + ":" + sn[i:] + } + + iw.Println("- Serial number: %s", string(sn)) + iw.Println(" Subject: %s", cert.Subject) + iw.Println(" Issuer: %s", cert.Issuer) + iw.Println(" Validity:") + iw.Println(" Not before: %s", cert.NotBefore) + iw.Println(" Not after: %s", cert.NotAfter) +} + +type indentedWriter struct { + w io.Writer + indent []byte +} + +func newIndentedWriter(w io.Writer, indent int) *indentedWriter { + return &indentedWriter{w: w, indent: []byte(strings.Repeat(" ", indent))} +} + +func (iw *indentedWriter) NewLine() { iw.w.Write([]byte("\n")) } + +func (iw *indentedWriter) Println(format string, a ...any) { + iw.w.Write(iw.indent) + fmt.Fprintf(iw.w, format, a...) + iw.NewLine() +} + +func (iw *indentedWriter) WithExtraIndent(indent int) *indentedWriter { + return newIndentedWriter(iw.w, len(iw.indent)+indent) +} diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go b/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go index 5e72ba597e4..c70ee81046b 100644 --- a/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go +++ b/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go @@ -97,7 +97,7 @@ func (pl *pathLocks) lock(ctx context.Context, path string) (id uuid.UUID, err e select { case <-lockTimer.After(time.Duration(10) * time.Millisecond): case <-ctx.Done(): - err = fmt.Errorf("lock was cancelled: %s", ctx.Err()) + err = fmt.Errorf("lock was cancelled: %w", ctx.Err()) return } } @@ -133,7 +133,7 @@ func LockPath(ctx context.Context, backend BackendOperations, path string) (l *L if err != nil { kvstoreLocks.unlock(path, id) Trace("Failed to lock", err, logrus.Fields{fieldKey: path}) - err = fmt.Errorf("error while locking path %s: %s", path, err) + err = fmt.Errorf("error while locking path %s: %w", path, err) return nil, err } diff --git a/vendor/github.com/cilium/cilium/pkg/labels/labels.go b/vendor/github.com/cilium/cilium/pkg/labels/labels.go index 64d3747aeb0..74a7afd32c8 100644 --- a/vendor/github.com/cilium/cilium/pkg/labels/labels.go +++ b/vendor/github.com/cilium/cilium/pkg/labels/labels.go @@ -293,7 +293,7 @@ func (l *Label) UnmarshalJSON(data []byte) error { var aux string if err := json.Unmarshal(data, &aux); err != nil { - return fmt.Errorf("decode of Label as string failed: %+v", err) + return fmt.Errorf("decode of Label as string failed: %w", err) } if aux == "" { diff --git a/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go b/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go index f4810989be3..1416ba904ee 100644 --- a/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go +++ b/vendor/github.com/cilium/cilium/pkg/logging/logfields/logfields.go @@ -184,6 +184,9 @@ const ( // Port is a L4 port Port = "port" + // Ports is a list of L4 ports + Ports = "ports" + // PortName is a k8s ContainerPort Name PortName = "portName" @@ -736,4 +739,7 @@ const ( // State is the state of an individual component (apiserver, kvstore etc) State = "state" + + // EtcdClusterID is the ID of the etcd cluster + EtcdClusterID = "etcdClusterID" ) diff --git a/vendor/github.com/cilium/cilium/pkg/mac/mac.go b/vendor/github.com/cilium/cilium/pkg/mac/mac.go index f846edb4fec..1938964d720 100644 --- a/vendor/github.com/cilium/cilium/pkg/mac/mac.go +++ b/vendor/github.com/cilium/cilium/pkg/mac/mac.go @@ -107,7 +107,7 @@ func (m *MAC) UnmarshalJSON(data []byte) error { func GenerateRandMAC() (MAC, error) { buf := make([]byte, 6) if _, err := rand.Read(buf); err != nil { - return nil, fmt.Errorf("Unable to retrieve 6 rnd bytes: %s", err) + return nil, fmt.Errorf("Unable to retrieve 6 rnd bytes: %w", err) } // Set locally administered addresses bit and reset multicast bit diff --git a/vendor/github.com/cilium/cilium/pkg/maps/lxcmap/lxcmap.go b/vendor/github.com/cilium/cilium/pkg/maps/lxcmap/lxcmap.go index cd20a752555..51261df078a 100644 --- a/vendor/github.com/cilium/cilium/pkg/maps/lxcmap/lxcmap.go +++ b/vendor/github.com/cilium/cilium/pkg/maps/lxcmap/lxcmap.go @@ -85,12 +85,12 @@ func GetBPFKeys(e EndpointFrontend) []*EndpointKey { func GetBPFValue(e EndpointFrontend) (*EndpointInfo, error) { mac, err := e.LXCMac().Uint64() if err != nil { - return nil, fmt.Errorf("invalid LXC MAC: %v", err) + return nil, fmt.Errorf("invalid LXC MAC: %w", err) } nodeMAC, err := e.GetNodeMAC().Uint64() if err != nil { - return nil, fmt.Errorf("invalid node MAC: %v", err) + return nil, fmt.Errorf("invalid node MAC: %w", err) } info := &EndpointInfo{ @@ -213,7 +213,7 @@ func DeleteElement(f EndpointFrontend) []error { var errors []error for _, k := range GetBPFKeys(f) { if err := LXCMap().Delete(k); err != nil { - errors = append(errors, fmt.Errorf("Unable to delete key %v from %s: %s", k, bpf.MapPath(MapName), err)) + errors = append(errors, fmt.Errorf("Unable to delete key %v from %s: %w", k, bpf.MapPath(MapName), err)) } } @@ -232,7 +232,7 @@ func DumpToMap() (map[string]EndpointInfo, error) { } if err := LXCMap().DumpWithCallback(callback); err != nil { - return nil, fmt.Errorf("unable to read BPF endpoint list: %s", err) + return nil, fmt.Errorf("unable to read BPF endpoint list: %w", err) } return m, nil diff --git a/vendor/github.com/cilium/cilium/pkg/monitor/api/drop.go b/vendor/github.com/cilium/cilium/pkg/monitor/api/drop.go index a176545a18f..7d39d5e7556 100644 --- a/vendor/github.com/cilium/cilium/pkg/monitor/api/drop.go +++ b/vendor/github.com/cilium/cilium/pkg/monitor/api/drop.go @@ -98,6 +98,7 @@ var errors = map[uint8]string{ 200: "IGMP subscribed", 201: "Multicast handled", 202: "Host datapath not ready", + 203: "Endpoint policy program not available", } func extendedReason(reason uint8, extError int8) string { diff --git a/vendor/github.com/cilium/cilium/pkg/mountinfo/mountinfo.go b/vendor/github.com/cilium/cilium/pkg/mountinfo/mountinfo.go index 62711a97ce3..54f509054c2 100644 --- a/vendor/github.com/cilium/cilium/pkg/mountinfo/mountinfo.go +++ b/vendor/github.com/cilium/cilium/pkg/mountinfo/mountinfo.go @@ -107,7 +107,7 @@ func parseMountInfoFile(r io.Reader) ([]*MountInfo, error) { func GetMountInfo() ([]*MountInfo, error) { fMounts, err := os.Open(mountInfoFilepath) if err != nil { - return nil, fmt.Errorf("failed to open mount information at %s: %s", mountInfoFilepath, err) + return nil, fmt.Errorf("failed to open mount information at %s: %w", mountInfoFilepath, err) } defer fMounts.Close() diff --git a/vendor/github.com/cilium/cilium/pkg/option/config.go b/vendor/github.com/cilium/cilium/pkg/option/config.go index 758ce9d96a5..08250a8b299 100644 --- a/vendor/github.com/cilium/cilium/pkg/option/config.go +++ b/vendor/github.com/cilium/cilium/pkg/option/config.go @@ -14,6 +14,7 @@ import ( "net/netip" "os" "path/filepath" + "regexp" "runtime" "sort" "strconv" @@ -388,6 +389,10 @@ const ( // to skip netfilter connection tracking on all pod traffic. InstallNoConntrackIptRules = "install-no-conntrack-iptables-rules" + // ContainerIPLocalReservedPorts instructs the Cilium CNI plugin to reserve + // the provided comma-separated list of ports in the container network namespace + ContainerIPLocalReservedPorts = "container-ip-local-reserved-ports" + // IPv6NodeAddr is the IPv6 address of node IPv6NodeAddr = "ipv6-node" @@ -732,6 +737,10 @@ const ( // be necessary on key rotations. EnableIPsecKeyWatcher = "enable-ipsec-key-watcher" + // Enable caching for XfrmState for IPSec. Significantly reduces CPU usage + // in large clusters. + EnableIPSecXfrmStateCaching = "enable-ipsec-xfrm-state-caching" + // IPSecKeyFileName is the name of the option for ipsec key file IPSecKeyFileName = "ipsec-key-file" @@ -1247,6 +1256,12 @@ const ( // is considered timed out ProxyConnectTimeout = "proxy-connect-timeout" + // ProxyXffNumTrustedHopsIngress specifies the number of trusted hops regarding the x-forwarded-for and related HTTP headers for the ingress L7 policy enforcement Envoy listeners. + ProxyXffNumTrustedHopsIngress = "proxy-xff-num-trusted-hops-ingress" + + // ProxyXffNumTrustedHopsEgress specifies the number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. + ProxyXffNumTrustedHopsEgress = "proxy-xff-num-trusted-hops-egress" + // ProxyGID specifies the group ID that has access to unix domain sockets opened by Cilium // agent for proxy configuration and access logging. ProxyGID = "proxy-gid" @@ -1613,6 +1628,12 @@ type DaemonConfig struct { // connection attempt to have timed out. ProxyConnectTimeout int + // ProxyXffNumTrustedHopsIngress defines the number of trusted hops regarding the x-forwarded-for and related HTTP headers for the ingress L7 policy enforcement Envoy listeners. + ProxyXffNumTrustedHopsIngress uint32 + + // ProxyXffNumTrustedHopsEgress defines the number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. + ProxyXffNumTrustedHopsEgress uint32 + // ProxyGID specifies the group ID that has access to unix domain sockets opened by Cilium // agent for proxy configuration and access logging. ProxyGID int @@ -1691,6 +1712,9 @@ type DaemonConfig struct { // be necessary on key rotations. EnableIPsecKeyWatcher bool + // EnableIPSecXfrmStateCaching enables IPSec XfrmState caching. + EnableIPSecXfrmStateCaching bool + // EnableWireguard enables Wireguard encryption EnableWireguard bool @@ -1905,7 +1929,7 @@ type DaemonConfig struct { // KVstoreMaxConsecutiveQuorumErrors is the maximum number of acceptable // kvstore consecutive quorum errors before the agent assumes permanent failure - KVstoreMaxConsecutiveQuorumErrors int + KVstoreMaxConsecutiveQuorumErrors uint // KVstorePeriodicSync is the time interval in which periodic // synchronization with the kvstore occurs @@ -2319,6 +2343,10 @@ type DaemonConfig struct { // InstallNoConntrackIptRules instructs Cilium to install Iptables rules to skip netfilter connection tracking on all pod traffic. InstallNoConntrackIptRules bool + // ContainerIPLocalReservedPorts instructs the Cilium CNI plugin to reserve + // the provided comma-separated list of ports in the container network namespace + ContainerIPLocalReservedPorts string + // EnableCustomCalls enables tail call hooks for user-defined custom // eBPF programs, typically used to collect custom per-endpoint // metrics. @@ -2478,6 +2506,7 @@ var ( EnableK8sNetworkPolicy: defaults.EnableK8sNetworkPolicy, PolicyCIDRMatchMode: defaults.PolicyCIDRMatchMode, MaxConnectedClusters: defaults.MaxConnectedClusters, + EnableEnvoyConfig: defaults.EnableEnvoyConfig, } ) @@ -2795,15 +2824,27 @@ func (c *DaemonConfig) validateHubbleRedact() error { return nil } +func (c *DaemonConfig) validateContainerIPLocalReservedPorts() error { + if c.ContainerIPLocalReservedPorts == "" || c.ContainerIPLocalReservedPorts == defaults.ContainerIPLocalReservedPortsAuto { + return nil + } + + if regexp.MustCompile(`^(\d+(-\d+)?)(,\d+(-\d+)?)*$`).MatchString(c.ContainerIPLocalReservedPorts) { + return nil + } + + return fmt.Errorf("Invalid comma separated list of of ranges for %s option", ContainerIPLocalReservedPorts) +} + // Validate validates the daemon configuration func (c *DaemonConfig) Validate(vp *viper.Viper) error { if err := c.validateIPv6ClusterAllocCIDR(); err != nil { - return fmt.Errorf("unable to parse CIDR value '%s' of option --%s: %s", + return fmt.Errorf("unable to parse CIDR value '%s' of option --%s: %w", c.IPv6ClusterAllocCIDR, IPv6ClusterAllocCIDRName, err) } if err := c.validateIPv6NAT46x64CIDR(); err != nil { - return fmt.Errorf("unable to parse internal CIDR value '%s': %s", + return fmt.Errorf("unable to parse internal CIDR value '%s': %w", c.IPv6NAT46x64CIDR, err) } @@ -2892,6 +2933,10 @@ func (c *DaemonConfig) Validate(vp *viper.Viper) error { return err } + if err := c.validateContainerIPLocalReservedPorts(); err != nil { + return err + } + return nil } @@ -2901,7 +2946,7 @@ func ReadDirConfig(dirName string) (map[string]interface{}, error) { m := map[string]interface{}{} files, err := os.ReadDir(dirName) if err != nil && !os.IsNotExist(err) { - return nil, fmt.Errorf("unable to read configuration directory: %s", err) + return nil, fmt.Errorf("unable to read configuration directory: %w", err) } for _, f := range files { if f.IsDir() { @@ -2942,7 +2987,7 @@ func ReadDirConfig(dirName string) (map[string]interface{}, error) { func MergeConfig(vp *viper.Viper, m map[string]interface{}) error { err := vp.MergeConfigMap(m) if err != nil { - return fmt.Errorf("unable to read merge directory configuration: %s", err) + return fmt.Errorf("unable to read merge directory configuration: %w", err) } return nil } @@ -2974,7 +3019,7 @@ func (c *DaemonConfig) parseExcludedLocalAddresses(s []string) error { for _, ipString := range s { _, ipnet, err := net.ParseCIDR(ipString) if err != nil { - return fmt.Errorf("unable to parse excluded local address %s: %s", ipString, err) + return fmt.Errorf("unable to parse excluded local address %s: %w", ipString, err) } c.ExcludeLocalAddresses = append(c.ExcludeLocalAddresses, ipnet) @@ -3093,7 +3138,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.KVstoreKeepAliveInterval = c.KVstoreLeaseTTL / defaults.KVstoreKeepAliveIntervalFactor c.KVstorePeriodicSync = vp.GetDuration(KVstorePeriodicSync) c.KVstoreConnectivityTimeout = vp.GetDuration(KVstoreConnectivityTimeout) - c.KVstoreMaxConsecutiveQuorumErrors = vp.GetInt(KVstoreMaxConsecutiveQuorumErrorsName) + c.KVstoreMaxConsecutiveQuorumErrors = vp.GetUint(KVstoreMaxConsecutiveQuorumErrorsName) c.IPAllocationTimeout = vp.GetDuration(IPAllocationTimeout) c.LabelPrefixFile = vp.GetString(LabelPrefixFile) c.Labels = vp.GetStringSlice(Labels) @@ -3116,12 +3161,15 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.IPSecKeyFile = vp.GetString(IPSecKeyFileName) c.IPsecKeyRotationDuration = vp.GetDuration(IPsecKeyRotationDuration) c.EnableIPsecKeyWatcher = vp.GetBool(EnableIPsecKeyWatcher) + c.EnableIPSecXfrmStateCaching = vp.GetBool(EnableIPSecXfrmStateCaching) c.MonitorAggregation = vp.GetString(MonitorAggregationName) c.MonitorAggregationInterval = vp.GetDuration(MonitorAggregationInterval) c.MTU = vp.GetInt(MTUName) c.PreAllocateMaps = vp.GetBool(PreAllocateMapsName) c.ProcFs = vp.GetString(ProcFs) c.ProxyConnectTimeout = vp.GetInt(ProxyConnectTimeout) + c.ProxyXffNumTrustedHopsIngress = vp.GetUint32(ProxyXffNumTrustedHopsIngress) + c.ProxyXffNumTrustedHopsEgress = vp.GetUint32(ProxyXffNumTrustedHopsEgress) c.ProxyGID = vp.GetInt(ProxyGID) c.ProxyPrometheusPort = vp.GetInt(ProxyPrometheusPort) c.ProxyMaxRequestsPerConnection = vp.GetInt(ProxyMaxRequestsPerConnection) @@ -3152,6 +3200,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.LoadBalancerRSSv4CIDR = vp.GetString(LoadBalancerRSSv4CIDR) c.LoadBalancerRSSv6CIDR = vp.GetString(LoadBalancerRSSv6CIDR) c.InstallNoConntrackIptRules = vp.GetBool(InstallNoConntrackIptRules) + c.ContainerIPLocalReservedPorts = vp.GetString(ContainerIPLocalReservedPorts) c.EnableCustomCalls = vp.GetBool(EnableCustomCallsName) c.BGPAnnounceLBIP = vp.GetBool(BGPAnnounceLBIP) c.BGPAnnouncePodCIDR = vp.GetBool(BGPAnnouncePodCIDR) @@ -3468,7 +3517,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { dec := json.NewDecoder(strings.NewReader(enc)) var result flowpb.FlowFilter if err := dec.Decode(&result); err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } log.Fatalf("failed to decode hubble-export-allowlist '%v': %s", enc, err) @@ -3480,7 +3529,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { dec := json.NewDecoder(strings.NewReader(enc)) var result flowpb.FlowFilter if err := dec.Decode(&result); err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } log.Fatalf("failed to decode hubble-export-denylist '%v': %s", enc, err) @@ -3614,11 +3663,11 @@ func (c *DaemonConfig) populateNodePortRange(vp *viper.Viper) error { c.NodePortMin, err = strconv.Atoi(nodePortRange[0]) if err != nil { - return fmt.Errorf("Unable to parse min port value for NodePort range: %s", err.Error()) + return fmt.Errorf("Unable to parse min port value for NodePort range: %w", err) } c.NodePortMax, err = strconv.Atoi(nodePortRange[1]) if err != nil { - return fmt.Errorf("Unable to parse max port value for NodePort range: %s", err.Error()) + return fmt.Errorf("Unable to parse max port value for NodePort range: %w", err) } if c.NodePortMax <= c.NodePortMin { return errors.New("NodePort range min port must be smaller than max port") @@ -4315,7 +4364,7 @@ func parseBPFMapEventConfigs(confs BPFEventBufferConfigs, confMap map[string]str for name, confStr := range confMap { conf, err := ParseEventBufferTupleString(confStr) if err != nil { - return fmt.Errorf("unable to parse %s: %s", BPFMapEventBuffers, err) + return fmt.Errorf("unable to parse %s: %w", BPFMapEventBuffers, err) } confs[name] = conf } diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/groups.go b/vendor/github.com/cilium/cilium/pkg/policy/api/groups.go index 9edcab8bab7..fb3174ead0d 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/api/groups.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/api/groups.go @@ -57,7 +57,7 @@ func (group *ToGroups) GetCidrSet(ctx context.Context) ([]CIDRRule, error) { awsAddrs, err := callback(ctx, group) if err != nil { return nil, fmt.Errorf( - "Cannot retrieve data from %s provider: %s", + "Cannot retrieve data from %s provider: %w", AWSProvider, err) } addrs = append(addrs, awsAddrs...) diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go b/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go index 27e18d19694..b2db0b45d03 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go @@ -412,7 +412,7 @@ func (pp *PortProtocol) sanitize() (isZero bool, err error) { } else { p, err := strconv.ParseUint(pp.Port, 0, 16) if err != nil { - return isZero, fmt.Errorf("Unable to parse port: %s", err) + return isZero, fmt.Errorf("Unable to parse port: %w", err) } isZero = p == 0 } @@ -446,7 +446,7 @@ func (c CIDR) sanitize() error { if err != nil { _, err := netip.ParseAddr(strCIDR) if err != nil { - return fmt.Errorf("unable to parse CIDR: %s", err) + return fmt.Errorf("unable to parse CIDR: %w", err) } return nil } @@ -466,7 +466,7 @@ func (c *CIDRRule) sanitize() error { // the logic in api.CIDR.Sanitize(). prefix, err := netip.ParsePrefix(string(c.Cidr)) if err != nil { - return fmt.Errorf("Unable to parse CIDRRule %q: %s", c.Cidr, err) + return fmt.Errorf("Unable to parse CIDRRule %q: %w", c.Cidr, err) } prefixLength := prefix.Bits() diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go b/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go index 5a5cf29be1d..c23aa0d9c2b 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go @@ -345,7 +345,7 @@ func (n *EndpointSelector) ConvertToLabelSelectorRequirementSlice() []slim_metav func (n *EndpointSelector) sanitize() error { errList := validation.ValidateLabelSelector(n.LabelSelector, validation.LabelSelectorValidationOptions{AllowInvalidLabelValueInSelector: false}, nil) if len(errList) > 0 { - return fmt.Errorf("invalid label selector: %s", errList.ToAggregate().Error()) + return fmt.Errorf("invalid label selector: %w", errList.ToAggregate()) } return nil } diff --git a/vendor/github.com/cilium/cilium/pkg/policy/rule.go b/vendor/github.com/cilium/cilium/pkg/policy/rule.go index d5f3101f167..b1e19e640b8 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/rule.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/rule.go @@ -571,22 +571,26 @@ func (r *rule) resolveIngressPolicy( func (r *rule) matches(securityIdentity *identity.Identity) bool { r.metadata.Mutex.Lock() defer r.metadata.Mutex.Unlock() - var ruleMatches bool + isNode := securityIdentity.ID == identity.ReservedIdentityHost if ruleMatches, cached := r.metadata.IdentitySelected[securityIdentity.ID]; cached { return ruleMatches } - isNode := securityIdentity.ID == identity.ReservedIdentityHost + + // Short-circuit if the rule's selector type (node vs. endpoint) does not match the + // identity's type if (r.NodeSelector.LabelSelector != nil) != isNode { r.metadata.IdentitySelected[securityIdentity.ID] = false - return ruleMatches + return false } + // Fall back to costly matching. - if ruleMatches = r.getSelector().Matches(securityIdentity.LabelArray); ruleMatches { - // Update cache so we don't have to do costly matching again. - r.metadata.IdentitySelected[securityIdentity.ID] = true - } else { - r.metadata.IdentitySelected[securityIdentity.ID] = false + ruleMatches := r.getSelector().Matches(securityIdentity.LabelArray) + + // Update cache so we don't have to do costly matching again. + // the local Host identity has mutable labels, so we cannot use the cache + if !isNode { + r.metadata.IdentitySelected[securityIdentity.ID] = ruleMatches } return ruleMatches diff --git a/vendor/github.com/cilium/cilium/pkg/policy/rules.go b/vendor/github.com/cilium/cilium/pkg/policy/rules.go index f5b0a225982..9caa9e88db0 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/rules.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/rules.go @@ -128,7 +128,7 @@ func (rules ruleSlice) updateEndpointsCaches(ep Endpoint) (bool, error) { id := ep.GetID16() securityIdentity, err := ep.GetSecurityIdentity() if err != nil { - return false, fmt.Errorf("cannot update caches in rules for endpoint %d because it is being deleted: %s", id, err) + return false, fmt.Errorf("cannot update caches in rules for endpoint %d because it is being deleted: %w", id, err) } if securityIdentity == nil { diff --git a/vendor/github.com/cilium/cilium/pkg/policy/visibility.go b/vendor/github.com/cilium/cilium/pkg/policy/visibility.go index fd821eca401..b02315f63d8 100644 --- a/vendor/github.com/cilium/cilium/pkg/policy/visibility.go +++ b/vendor/github.com/cilium/cilium/pkg/policy/visibility.go @@ -67,7 +67,7 @@ func NewVisibilityPolicy(anno string) (*VisibilityPolicy, error) { portInt, err := strconv.ParseUint(port, 10, 16) if err != nil { - return nil, fmt.Errorf("unable to parse port: %s", err) + return nil, fmt.Errorf("unable to parse port: %w", err) } // Don't need to validate, regex already did that. diff --git a/vendor/github.com/cilium/cilium/pkg/rate/api_limiter.go b/vendor/github.com/cilium/cilium/pkg/rate/api_limiter.go index 8c34f563fc1..68728f23517 100644 --- a/vendor/github.com/cilium/cilium/pkg/rate/api_limiter.go +++ b/vendor/github.com/cilium/cilium/pkg/rate/api_limiter.go @@ -890,7 +890,7 @@ func (s *APILimiterSet) Wait(ctx context.Context, name string) (LimitedRequest, func parsePositiveInt(value string) (int, error) { switch i64, err := strconv.ParseInt(value, 10, 64); { case err != nil: - return 0, fmt.Errorf("unable to parse positive integer %q: %v", value, err) + return 0, fmt.Errorf("unable to parse positive integer %q: %w", value, err) case i64 < 0: return 0, fmt.Errorf("unable to parse positive integer %q: negative value", value) case i64 > math.MaxInt: diff --git a/vendor/github.com/cilium/cilium/pkg/sysctl/sysctl.go b/vendor/github.com/cilium/cilium/pkg/sysctl/sysctl.go index ea5bee3b031..7ec9bfaca68 100644 --- a/vendor/github.com/cilium/cilium/pkg/sysctl/sysctl.go +++ b/vendor/github.com/cilium/cilium/pkg/sysctl/sysctl.go @@ -95,12 +95,12 @@ func writeSysctl(name string, value string) error { } f, err := os.OpenFile(path, os.O_RDWR, 0644) if err != nil { - return fmt.Errorf("could not open the sysctl file %s: %s", + return fmt.Errorf("could not open the sysctl file %s: %w", path, err) } defer f.Close() if _, err := io.WriteString(f, value); err != nil { - return fmt.Errorf("could not write to the systctl file %s: %s", + return fmt.Errorf("could not write to the systctl file %s: %w", path, err) } return nil @@ -134,7 +134,7 @@ func Read(name string) (string, error) { } val, err := os.ReadFile(path) if err != nil { - return "", fmt.Errorf("Failed to read %s: %s", path, err) + return "", fmt.Errorf("Failed to read %s: %w", path, err) } return strings.TrimRight(string(val), "\n"), nil @@ -164,7 +164,7 @@ func ApplySettings(sysSettings []Setting) error { }).Info("Setting sysctl") if err := Write(s.Name, s.Val); err != nil { if !s.IgnoreErr || errors.Is(err, ErrInvalidSysctlParameter("")) { - return fmt.Errorf("Failed to sysctl -w %s=%s: %s", s.Name, s.Val, err) + return fmt.Errorf("Failed to sysctl -w %s=%s: %w", s.Name, s.Val, err) } warn := "Failed to sysctl -w" diff --git a/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go b/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go index 6b5e34534f1..88474cfa7ec 100644 --- a/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go +++ b/vendor/github.com/cilium/cilium/pkg/versioncheck/check.go @@ -20,7 +20,7 @@ import ( func MustCompile(constraint string) semver.Range { verCheck, err := Compile(constraint) if err != nil { - panic(fmt.Errorf("cannot compile go-version constraint '%s' %s", constraint, err)) + panic(fmt.Errorf("cannot compile go-version constraint '%s': %w", constraint, err)) } return verCheck } @@ -36,7 +36,7 @@ func Compile(constraint string) (semver.Range, error) { func MustVersion(version string) semver.Version { ver, err := Version(version) if err != nil { - panic(fmt.Errorf("cannot compile go-version version '%s' %s", version, err)) + panic(fmt.Errorf("cannot compile go-version version '%s': %w", version, err)) } return ver } diff --git a/vendor/github.com/cilium/cilium/pkg/wireguard/types/types.go b/vendor/github.com/cilium/cilium/pkg/wireguard/types/types.go index a6fb646156a..889e2a45481 100644 --- a/vendor/github.com/cilium/cilium/pkg/wireguard/types/types.go +++ b/vendor/github.com/cilium/cilium/pkg/wireguard/types/types.go @@ -5,6 +5,8 @@ package types const ( + // ListenPort is the port on which the WireGuard tunnel device listens on + ListenPort = 51871 // IfaceName is the name of the WireGuard tunnel device IfaceName = "cilium_wg0" // PrivKeyFilename is the name of the WireGuard private key file diff --git a/vendor/github.com/cilium/dns/shared_client.go b/vendor/github.com/cilium/dns/shared_client.go index 2857044db4d..0b8bbeec769 100644 --- a/vendor/github.com/cilium/dns/shared_client.go +++ b/vendor/github.com/cilium/dns/shared_client.go @@ -227,6 +227,17 @@ func handler(wg *sync.WaitGroup, client *Client, conn *Conn, requests chan reque return } start := time.Now() + + // Check if we already have a request with the same id + // Due to birthday paradox and the fact that ID is uint16 + // it's likely to happen with small number (~200) of concurrent requests + // which would result in goroutine leak as we would never close req.ch + if _, ok := waitingResponses[req.msg.Id]; ok { + req.ch <- sharedClientResponse{nil, 0, fmt.Errorf("duplicate request id %d", req.msg.Id)} + close(req.ch) + continue + } + err := client.SendContext(req.ctx, req.msg, conn, start) if err != nil { req.ch <- sharedClientResponse{nil, 0, err} @@ -280,7 +291,7 @@ func (c *SharedClient) ExchangeSharedContext(ctx context.Context, m *Msg) (r *Ms // This request keeps 'c.requests' open; sending a request may hang indefinitely if // the handler happens to quit at the same time. Use ctx.Done to avoid this. - timeout := c.Client.writeTimeout() + timeout := c.getTimeoutForRequest(c.Client.writeTimeout()) ctx, cancel := context.WithTimeout(ctx, timeout) defer cancel() respCh := make(chan sharedClientResponse) @@ -291,8 +302,13 @@ func (c *SharedClient) ExchangeSharedContext(ctx context.Context, m *Msg) (r *Ms } // Since c.requests is unbuffered, the handler is guaranteed to eventually close 'respCh' - resp := <-respCh - return resp.msg, resp.rtt, resp.err + select { + case resp := <-respCh: + return resp.msg, resp.rtt, resp.err + // This is just fail-safe mechanism in case there is another similar issue + case <-time.After(time.Minute): + return nil, 0, fmt.Errorf("timeout waiting for response") + } } // close closes and waits for the close to finish. diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go index 2b5ff6d5bdb..218ab237965 100644 --- a/vendor/github.com/vishvananda/netlink/addr_linux.go +++ b/vendor/github.com/vishvananda/netlink/addr_linux.go @@ -74,17 +74,19 @@ func (h *Handle) AddrDel(link Link, addr *Addr) error { } func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error { - base := link.Attrs() - if addr.Label != "" && !strings.HasPrefix(addr.Label, base.Name) { - return fmt.Errorf("label must begin with interface name") - } - h.ensureIndex(base) - family := nl.GetIPFamily(addr.IP) - msg := nl.NewIfAddrmsg(family) - msg.Index = uint32(base.Index) msg.Scope = uint8(addr.Scope) + if link == nil { + msg.Index = uint32(addr.LinkIndex) + } else { + base := link.Attrs() + if addr.Label != "" && !strings.HasPrefix(addr.Label, base.Name) { + return fmt.Errorf("label must begin with interface name") + } + h.ensureIndex(base) + msg.Index = uint32(base.Index) + } mask := addr.Mask if addr.Peer != nil { mask = addr.Peer.Mask diff --git a/vendor/github.com/vishvananda/netlink/bridge_linux.go b/vendor/github.com/vishvananda/netlink/bridge_linux.go index 6e1224c47b8..6c340b0ce9a 100644 --- a/vendor/github.com/vishvananda/netlink/bridge_linux.go +++ b/vendor/github.com/vishvananda/netlink/bridge_linux.go @@ -63,7 +63,19 @@ func BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) err // BridgeVlanAdd adds a new vlan filter entry // Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]` func (h *Handle) BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error { - return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, pvid, untagged, self, master) + return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, 0, pvid, untagged, self, master) +} + +// BridgeVlanAddRange adds a new vlan filter entry +// Equivalent to: `bridge vlan add dev DEV vid VID-VIDEND [ pvid ] [ untagged ] [ self ] [ master ]` +func BridgeVlanAddRange(link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { + return pkgHandle.BridgeVlanAddRange(link, vid, vidEnd, pvid, untagged, self, master) +} + +// BridgeVlanAddRange adds a new vlan filter entry +// Equivalent to: `bridge vlan add dev DEV vid VID-VIDEND [ pvid ] [ untagged ] [ self ] [ master ]` +func (h *Handle) BridgeVlanAddRange(link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { + return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, vidEnd, pvid, untagged, self, master) } // BridgeVlanDel adds a new vlan filter entry @@ -75,10 +87,22 @@ func BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) err // BridgeVlanDel adds a new vlan filter entry // Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]` func (h *Handle) BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error { - return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, pvid, untagged, self, master) + return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, 0, pvid, untagged, self, master) } -func (h *Handle) bridgeVlanModify(cmd int, link Link, vid uint16, pvid, untagged, self, master bool) error { +// BridgeVlanDelRange adds a new vlan filter entry +// Equivalent to: `bridge vlan del dev DEV vid VID-VIDEND [ pvid ] [ untagged ] [ self ] [ master ]` +func BridgeVlanDelRange(link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { + return pkgHandle.BridgeVlanDelRange(link, vid, vidEnd, pvid, untagged, self, master) +} + +// BridgeVlanDelRange adds a new vlan filter entry +// Equivalent to: `bridge vlan del dev DEV vid VID-VIDEND [ pvid ] [ untagged ] [ self ] [ master ]` +func (h *Handle) BridgeVlanDelRange(link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { + return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, vidEnd, pvid, untagged, self, master) +} + +func (h *Handle) bridgeVlanModify(cmd int, link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { base := link.Attrs() h.ensureIndex(base) req := h.newNetlinkRequest(cmd, unix.NLM_F_ACK) @@ -105,7 +129,20 @@ func (h *Handle) bridgeVlanModify(cmd int, link Link, vid uint16, pvid, untagged if untagged { vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_UNTAGGED } - br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + + if vidEnd != 0 { + vlanEndInfo := &nl.BridgeVlanInfo{Vid: vidEnd} + vlanEndInfo.Flags = vlanInfo.Flags + + vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_RANGE_BEGIN + br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + + vlanEndInfo.Flags |= nl.BRIDGE_VLAN_INFO_RANGE_END + br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanEndInfo.Serialize()) + } else { + br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + } + req.AddData(br) _, err := req.Execute(unix.NETLINK_ROUTE, 0) return err diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go index 67b92e2297d..eaa77e9c87c 100644 --- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go +++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go @@ -146,6 +146,7 @@ type ConntrackFlow struct { Forward ipTuple Reverse ipTuple Mark uint32 + Zone uint16 TimeStart uint64 TimeStop uint64 TimeOut uint32 @@ -154,7 +155,7 @@ type ConntrackFlow struct { func (s *ConntrackFlow) String() string { // conntrack cmd output: - // udp 17 src=127.0.0.1 dst=127.0.0.1 sport=4001 dport=1234 packets=5 bytes=532 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 sport=1234 dport=4001 packets=10 bytes=1078 mark=0 labels=0x00000000050012ac4202010000000000 + // udp 17 src=127.0.0.1 dst=127.0.0.1 sport=4001 dport=1234 packets=5 bytes=532 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 sport=1234 dport=4001 packets=10 bytes=1078 mark=0 labels=0x00000000050012ac4202010000000000 zone=100 // start=2019-07-26 01:26:21.557800506 +0000 UTC stop=1970-01-01 00:00:00 +0000 UTC timeout=30(sec) start := time.Unix(0, int64(s.TimeStart)) stop := time.Unix(0, int64(s.TimeStop)) @@ -167,6 +168,9 @@ func (s *ConntrackFlow) String() string { if len(s.Labels) > 0 { res += fmt.Sprintf("labels=0x%x ", s.Labels) } + if s.Zone != 0 { + res += fmt.Sprintf("zone=%d ", s.Zone) + } res += fmt.Sprintf("start=%v stop=%v timeout=%d(sec)", start, stop, timeout) return res } @@ -318,6 +322,12 @@ func parseConnectionLabels(r *bytes.Reader) (label []byte) { return } +func parseConnectionZone(r *bytes.Reader) (zone uint16) { + parseBERaw16(r, &zone) + r.Seek(2, seekCurrent) + return +} + func parseRawData(data []byte) *ConntrackFlow { s := &ConntrackFlow{} // First there is the Nfgenmsg header @@ -369,6 +379,8 @@ func parseRawData(data []byte) *ConntrackFlow { s.TimeOut = parseTimeOut(reader) case nl.CTA_STATUS, nl.CTA_USE, nl.CTA_ID: skipNfAttrValue(reader, l) + case nl.CTA_ZONE: + s.Zone = parseConnectionZone(reader) default: skipNfAttrValue(reader, l) } @@ -413,18 +425,18 @@ func parseRawData(data []byte) *ConntrackFlow { type ConntrackFilterType uint8 const ( - ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction - ConntrackOrigDstIP // -orig-dst ip Destination address from original direction - ConntrackReplySrcIP // --reply-src ip Reply Source IP - ConntrackReplyDstIP // --reply-dst ip Reply Destination IP - ConntrackReplyAnyIP // Match source or destination reply IP - ConntrackOrigSrcPort // --orig-port-src port Source port in original direction - ConntrackOrigDstPort // --orig-port-dst port Destination port in original direction - ConntrackMatchLabels // --label label1,label2 Labels used in entry - ConntrackUnmatchLabels // --label label1,label2 Labels not used in entry - ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP - ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP - ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instead ConntrackReplyAnyIP + ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction + ConntrackOrigDstIP // -orig-dst ip Destination address from original direction + ConntrackReplySrcIP // --reply-src ip Reply Source IP + ConntrackReplyDstIP // --reply-dst ip Reply Destination IP + ConntrackReplyAnyIP // Match source or destination reply IP + ConntrackOrigSrcPort // --orig-port-src port Source port in original direction + ConntrackOrigDstPort // --orig-port-dst port Destination port in original direction + ConntrackMatchLabels // --label label1,label2 Labels used in entry + ConntrackUnmatchLabels // --label label1,label2 Labels not used in entry + ConntrackNatSrcIP = ConntrackReplySrcIP // deprecated use instead ConntrackReplySrcIP + ConntrackNatDstIP = ConntrackReplyDstIP // deprecated use instead ConntrackReplyDstIP + ConntrackNatAnyIP = ConntrackReplyAnyIP // deprecated use instead ConntrackReplyAnyIP ) type CustomConntrackFilter interface { @@ -438,6 +450,7 @@ type ConntrackFilter struct { portFilter map[ConntrackFilterType]uint16 protoFilter uint8 labelFilter map[ConntrackFilterType][][]byte + zoneFilter *uint16 } // AddIPNet adds a IP subnet to the conntrack filter @@ -493,14 +506,14 @@ func (f *ConntrackFilter) AddProtocol(proto uint8) error { // AddLabels adds the provided list (zero or more) of labels to the conntrack filter // ConntrackFilterType here can be either: -// 1) ConntrackMatchLabels: This matches every flow that has a label value (len(flow.Labels) > 0) -// against the list of provided labels. If `flow.Labels` contains ALL the provided labels -// it is considered a match. This can be used when you want to match flows that contain -// one or more labels. -// 2) ConntrackUnmatchLabels: This matches every flow that has a label value (len(flow.Labels) > 0) -// against the list of provided labels. If `flow.Labels` does NOT contain ALL the provided labels -// it is considered a match. This can be used when you want to match flows that don't contain -// one or more labels. +// 1. ConntrackMatchLabels: This matches every flow that has a label value (len(flow.Labels) > 0) +// against the list of provided labels. If `flow.Labels` contains ALL the provided labels +// it is considered a match. This can be used when you want to match flows that contain +// one or more labels. +// 2. ConntrackUnmatchLabels: This matches every flow that has a label value (len(flow.Labels) > 0) +// against the list of provided labels. If `flow.Labels` does NOT contain ALL the provided labels +// it is considered a match. This can be used when you want to match flows that don't contain +// one or more labels. func (f *ConntrackFilter) AddLabels(tp ConntrackFilterType, labels [][]byte) error { if len(labels) == 0 { return errors.New("Invalid length for provided labels") @@ -515,10 +528,19 @@ func (f *ConntrackFilter) AddLabels(tp ConntrackFilterType, labels [][]byte) err return nil } +// AddZone adds a zone to the conntrack filter +func (f *ConntrackFilter) AddZone(zone uint16) error { + if f.zoneFilter != nil { + return errors.New("Filter attribute already present") + } + f.zoneFilter = &zone + return nil +} + // MatchConntrackFlow applies the filter to the flow and returns true if the flow matches the filter // false otherwise func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool { - if len(f.ipNetFilter) == 0 && len(f.portFilter) == 0 && f.protoFilter == 0 && len(f.labelFilter) == 0 { + if len(f.ipNetFilter) == 0 && len(f.portFilter) == 0 && f.protoFilter == 0 && len(f.labelFilter) == 0 && f.zoneFilter == nil { // empty filter always not match return false } @@ -529,6 +551,11 @@ func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool { return false } + // Conntrack zone filter + if f.zoneFilter != nil && *f.zoneFilter != flow.Zone { + return false + } + match := true // IP conntrack filter diff --git a/vendor/github.com/vishvananda/netlink/devlink_linux.go b/vendor/github.com/vishvananda/netlink/devlink_linux.go index 358b232c6c5..d98801dbbe5 100644 --- a/vendor/github.com/vishvananda/netlink/devlink_linux.go +++ b/vendor/github.com/vishvananda/netlink/devlink_linux.go @@ -84,6 +84,270 @@ type DevlinkDeviceInfo struct { FwUndi string } +// DevlinkResource represents a device resource +type DevlinkResource struct { + Name string + ID uint64 + Size uint64 + SizeNew uint64 + SizeMin uint64 + SizeMax uint64 + SizeGranularity uint64 + PendingChange bool + Unit uint8 + SizeValid bool + OCCValid bool + OCCSize uint64 + Parent *DevlinkResource + Children []DevlinkResource +} + +// parseAttributes parses provided Netlink Attributes and populates DevlinkResource, returns error if occured +func (dlr *DevlinkResource) parseAttributes(attrs map[uint16]syscall.NetlinkRouteAttr) error { + var attr syscall.NetlinkRouteAttr + var ok bool + + // mandatory attributes + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_ID] + if !ok { + return fmt.Errorf("missing resource id") + } + dlr.ID = native.Uint64(attr.Value) + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_NAME] + if !ok { + return fmt.Errorf("missing resource name") + } + dlr.Name = nl.BytesToString(attr.Value) + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_SIZE] + if !ok { + return fmt.Errorf("missing resource size") + } + dlr.Size = native.Uint64(attr.Value) + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_SIZE_GRAN] + if !ok { + return fmt.Errorf("missing resource size granularity") + } + dlr.SizeGranularity = native.Uint64(attr.Value) + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_UNIT] + if !ok { + return fmt.Errorf("missing resource unit") + } + dlr.Unit = uint8(attr.Value[0]) + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_SIZE_MIN] + if !ok { + return fmt.Errorf("missing resource size min") + } + dlr.SizeMin = native.Uint64(attr.Value) + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_SIZE_MAX] + if !ok { + return fmt.Errorf("missing resource size max") + } + dlr.SizeMax = native.Uint64(attr.Value) + + // optional attributes + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_OCC] + if ok { + dlr.OCCSize = native.Uint64(attr.Value) + dlr.OCCValid = true + } + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_SIZE_VALID] + if ok { + dlr.SizeValid = uint8(attr.Value[0]) != 0 + } + + dlr.SizeNew = dlr.Size + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_SIZE_NEW] + if ok { + dlr.SizeNew = native.Uint64(attr.Value) + } + + dlr.PendingChange = dlr.Size != dlr.SizeNew + + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_LIST] + if ok { + // handle nested resoruces recursively + subResources, err := nl.ParseRouteAttr(attr.Value) + if err != nil { + return err + } + + for _, subresource := range subResources { + resource := DevlinkResource{Parent: dlr} + attrs, err := nl.ParseRouteAttrAsMap(subresource.Value) + if err != nil { + return err + } + err = resource.parseAttributes(attrs) + if err != nil { + return fmt.Errorf("failed to parse child resource, parent:%s. %w", dlr.Name, err) + } + dlr.Children = append(dlr.Children, resource) + } + } + return nil +} + +// DevlinkResources represents all devlink resources of a devlink device +type DevlinkResources struct { + Bus string + Device string + Resources []DevlinkResource +} + +// parseAttributes parses provided Netlink Attributes and populates DevlinkResources, returns error if occured +func (dlrs *DevlinkResources) parseAttributes(attrs map[uint16]syscall.NetlinkRouteAttr) error { + var attr syscall.NetlinkRouteAttr + var ok bool + + // Bus + attr, ok = attrs[nl.DEVLINK_ATTR_BUS_NAME] + if !ok { + return fmt.Errorf("missing bus name") + } + dlrs.Bus = nl.BytesToString(attr.Value) + + // Device + attr, ok = attrs[nl.DEVLINK_ATTR_DEV_NAME] + if !ok { + return fmt.Errorf("missing device name") + } + dlrs.Device = nl.BytesToString(attr.Value) + + // Resource List + attr, ok = attrs[nl.DEVLINK_ATTR_RESOURCE_LIST] + if !ok { + return fmt.Errorf("missing resource list") + } + + resourceAttrs, err := nl.ParseRouteAttr(attr.Value) + if err != nil { + return err + } + + for _, resourceAttr := range resourceAttrs { + resource := DevlinkResource{} + attrs, err := nl.ParseRouteAttrAsMap(resourceAttr.Value) + if err != nil { + return err + } + err = resource.parseAttributes(attrs) + if err != nil { + return fmt.Errorf("failed to parse root resoruces, %w", err) + } + dlrs.Resources = append(dlrs.Resources, resource) + } + + return nil +} + +// DevlinkParam represents parameter of the device +type DevlinkParam struct { + Name string + IsGeneric bool + Type uint8 // possible values are in nl.DEVLINK_PARAM_TYPE_* constants + Values []DevlinkParamValue +} + +// DevlinkParamValue contains values of the parameter +// Data field contains specific type which can be casted by unsing info from the DevlinkParam.Type field +type DevlinkParamValue struct { + rawData []byte + Data interface{} + CMODE uint8 // possible values are in nl.DEVLINK_PARAM_CMODE_* constants +} + +// parseAttributes parses provided Netlink Attributes and populates DevlinkParam, returns error if occured +func (dlp *DevlinkParam) parseAttributes(attrs []syscall.NetlinkRouteAttr) error { + var valuesList [][]syscall.NetlinkRouteAttr + for _, attr := range attrs { + switch attr.Attr.Type { + case nl.DEVLINK_ATTR_PARAM: + nattrs, err := nl.ParseRouteAttr(attr.Value) + if err != nil { + return err + } + for _, nattr := range nattrs { + switch nattr.Attr.Type { + case nl.DEVLINK_ATTR_PARAM_NAME: + dlp.Name = nl.BytesToString(nattr.Value) + case nl.DEVLINK_ATTR_PARAM_GENERIC: + dlp.IsGeneric = true + case nl.DEVLINK_ATTR_PARAM_TYPE: + if len(nattr.Value) == 1 { + dlp.Type = nattr.Value[0] + } + case nl.DEVLINK_ATTR_PARAM_VALUES_LIST: + nnattrs, err := nl.ParseRouteAttr(nattr.Value) + if err != nil { + return err + } + valuesList = append(valuesList, nnattrs) + } + } + } + } + for _, valAttr := range valuesList { + v := DevlinkParamValue{} + if err := v.parseAttributes(valAttr, dlp.Type); err != nil { + return err + } + dlp.Values = append(dlp.Values, v) + } + return nil +} + +func (dlpv *DevlinkParamValue) parseAttributes(attrs []syscall.NetlinkRouteAttr, paramType uint8) error { + for _, attr := range attrs { + nattrs, err := nl.ParseRouteAttr(attr.Value) + if err != nil { + return err + } + var rawData []byte + for _, nattr := range nattrs { + switch nattr.Attr.Type { + case nl.DEVLINK_ATTR_PARAM_VALUE_DATA: + rawData = nattr.Value + case nl.DEVLINK_ATTR_PARAM_VALUE_CMODE: + if len(nattr.Value) == 1 { + dlpv.CMODE = nattr.Value[0] + } + } + } + switch paramType { + case nl.DEVLINK_PARAM_TYPE_U8: + dlpv.Data = uint8(0) + if rawData != nil && len(rawData) == 1 { + dlpv.Data = uint8(rawData[0]) + } + case nl.DEVLINK_PARAM_TYPE_U16: + dlpv.Data = uint16(0) + if rawData != nil { + dlpv.Data = native.Uint16(rawData) + } + case nl.DEVLINK_PARAM_TYPE_U32: + dlpv.Data = uint32(0) + if rawData != nil { + dlpv.Data = native.Uint32(rawData) + } + case nl.DEVLINK_PARAM_TYPE_STRING: + dlpv.Data = "" + if rawData != nil { + dlpv.Data = nl.BytesToString(rawData) + } + case nl.DEVLINK_PARAM_TYPE_BOOL: + dlpv.Data = rawData != nil + } + } + return nil +} + func parseDevLinkDeviceList(msgs [][]byte) ([]*DevlinkDevice, error) { devices := make([]*DevlinkDevice, 0, len(msgs)) for _, m := range msgs { @@ -443,6 +707,173 @@ func (h *Handle) DevLinkGetPortByIndex(Bus string, Device string, PortIndex uint return port, err } +// DevlinkGetDeviceResources returns devlink device resources +func DevlinkGetDeviceResources(bus string, device string) (*DevlinkResources, error) { + return pkgHandle.DevlinkGetDeviceResources(bus, device) +} + +// DevlinkGetDeviceResources returns devlink device resources +func (h *Handle) DevlinkGetDeviceResources(bus string, device string) (*DevlinkResources, error) { + _, req, err := h.createCmdReq(nl.DEVLINK_CMD_RESOURCE_DUMP, bus, device) + if err != nil { + return nil, err + } + + respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + + var resources DevlinkResources + for _, m := range respmsg { + attrs, err := nl.ParseRouteAttrAsMap(m[nl.SizeofGenlmsg:]) + if err != nil { + return nil, err + } + resources.parseAttributes(attrs) + } + + return &resources, nil +} + +// DevlinkGetDeviceParams returns parameters for devlink device +// Equivalent to: `devlink dev param show /` +func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) { + _, req, err := h.createCmdReq(nl.DEVLINK_CMD_PARAM_GET, bus, device) + if err != nil { + return nil, err + } + req.Flags |= unix.NLM_F_DUMP + respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + var params []*DevlinkParam + for _, m := range respmsg { + attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:]) + if err != nil { + return nil, err + } + p := &DevlinkParam{} + if err := p.parseAttributes(attrs); err != nil { + return nil, err + } + params = append(params, p) + } + + return params, nil +} + +// DevlinkGetDeviceParams returns parameters for devlink device +// Equivalent to: `devlink dev param show /` +func DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) { + return pkgHandle.DevlinkGetDeviceParams(bus, device) +} + +// DevlinkGetDeviceParamByName returns specific parameter for devlink device +// Equivalent to: `devlink dev param show / name ` +func (h *Handle) DevlinkGetDeviceParamByName(bus string, device string, param string) (*DevlinkParam, error) { + _, req, err := h.createCmdReq(nl.DEVLINK_CMD_PARAM_GET, bus, device) + if err != nil { + return nil, err + } + req.AddData(nl.NewRtAttr(nl.DEVLINK_ATTR_PARAM_NAME, nl.ZeroTerminated(param))) + respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + if len(respmsg) == 0 { + return nil, fmt.Errorf("unexpected response") + } + attrs, err := nl.ParseRouteAttr(respmsg[0][nl.SizeofGenlmsg:]) + if err != nil { + return nil, err + } + p := &DevlinkParam{} + if err := p.parseAttributes(attrs); err != nil { + return nil, err + } + return p, nil +} + +// DevlinkGetDeviceParamByName returns specific parameter for devlink device +// Equivalent to: `devlink dev param show / name ` +func DevlinkGetDeviceParamByName(bus string, device string, param string) (*DevlinkParam, error) { + return pkgHandle.DevlinkGetDeviceParamByName(bus, device, param) +} + +// DevlinkSetDeviceParam set specific parameter for devlink device +// Equivalent to: `devlink dev param set / name cmode value ` +// cmode argument should contain valid cmode value as uint8, modes are define in nl.DEVLINK_PARAM_CMODE_* constants +// value argument should have one of the following types: uint8, uint16, uint32, string, bool +func (h *Handle) DevlinkSetDeviceParam(bus string, device string, param string, cmode uint8, value interface{}) error { + // retrive the param type + p, err := h.DevlinkGetDeviceParamByName(bus, device, param) + if err != nil { + return fmt.Errorf("failed to get device param: %v", err) + } + paramType := p.Type + + _, req, err := h.createCmdReq(nl.DEVLINK_CMD_PARAM_SET, bus, device) + if err != nil { + return err + } + req.AddData(nl.NewRtAttr(nl.DEVLINK_ATTR_PARAM_TYPE, nl.Uint8Attr(paramType))) + req.AddData(nl.NewRtAttr(nl.DEVLINK_ATTR_PARAM_NAME, nl.ZeroTerminated(param))) + req.AddData(nl.NewRtAttr(nl.DEVLINK_ATTR_PARAM_VALUE_CMODE, nl.Uint8Attr(cmode))) + + var valueAsBytes []byte + switch paramType { + case nl.DEVLINK_PARAM_TYPE_U8: + v, ok := value.(uint8) + if !ok { + return fmt.Errorf("unepected value type required: uint8, actual: %T", value) + } + valueAsBytes = nl.Uint8Attr(v) + case nl.DEVLINK_PARAM_TYPE_U16: + v, ok := value.(uint16) + if !ok { + return fmt.Errorf("unepected value type required: uint16, actual: %T", value) + } + valueAsBytes = nl.Uint16Attr(v) + case nl.DEVLINK_PARAM_TYPE_U32: + v, ok := value.(uint32) + if !ok { + return fmt.Errorf("unepected value type required: uint32, actual: %T", value) + } + valueAsBytes = nl.Uint32Attr(v) + case nl.DEVLINK_PARAM_TYPE_STRING: + v, ok := value.(string) + if !ok { + return fmt.Errorf("unepected value type required: string, actual: %T", value) + } + valueAsBytes = nl.ZeroTerminated(v) + case nl.DEVLINK_PARAM_TYPE_BOOL: + v, ok := value.(bool) + if !ok { + return fmt.Errorf("unepected value type required: bool, actual: %T", value) + } + if v { + valueAsBytes = []byte{} + } + default: + return fmt.Errorf("unsupported parameter type: %d", paramType) + } + if valueAsBytes != nil { + req.AddData(nl.NewRtAttr(nl.DEVLINK_ATTR_PARAM_VALUE_DATA, valueAsBytes)) + } + _, err = req.Execute(unix.NETLINK_GENERIC, 0) + return err +} + +// DevlinkSetDeviceParam set specific parameter for devlink device +// Equivalent to: `devlink dev param set / name cmode value ` +// cmode argument should contain valid cmode value as uint8, modes are define in nl.DEVLINK_PARAM_CMODE_* constants +// value argument should have one of the following types: uint8, uint16, uint32, string, bool +func DevlinkSetDeviceParam(bus string, device string, param string, cmode uint8, value interface{}) error { + return pkgHandle.DevlinkSetDeviceParam(bus, device, param, cmode, value) +} + // DevLinkGetPortByIndex provides a pointer to devlink portand nil error, // otherwise returns an error code. func DevLinkGetPortByIndex(Bus string, Device string, PortIndex uint32) (*DevlinkPort, error) { diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go index 536e26825a3..87cd18f8e41 100644 --- a/vendor/github.com/vishvananda/netlink/filter_linux.go +++ b/vendor/github.com/vishvananda/netlink/filter_linux.go @@ -41,6 +41,7 @@ type U32 struct { RedirIndex int Sel *TcU32Sel Actions []Action + Police *PoliceAction } func (filter *U32) Attrs() *FilterAttrs { @@ -331,6 +332,12 @@ func (h *Handle) filterModify(filter Filter, proto, flags int) error { if filter.Link != 0 { options.AddRtAttr(nl.TCA_U32_LINK, nl.Uint32Attr(filter.Link)) } + if filter.Police != nil { + police := options.AddRtAttr(nl.TCA_U32_POLICE, nil) + if err := encodePolice(police, filter.Police); err != nil { + return err + } + } actionsAttr := options.AddRtAttr(nl.TCA_U32_ACT, nil) // backwards compatibility if filter.RedirIndex != 0 { @@ -952,6 +959,13 @@ func parseU32Data(filter Filter, data []syscall.NetlinkRouteAttr) (bool, error) u32.RedirIndex = int(action.Ifindex) } } + case nl.TCA_U32_POLICE: + var police PoliceAction + adata, _ := nl.ParseRouteAttr(datum.Value) + for _, aattr := range adata { + parsePolice(aattr, &police) + } + u32.Police = &police case nl.TCA_U32_CLASSID: u32.ClassId = native.Uint32(datum.Value) case nl.TCA_U32_DIVISOR: diff --git a/vendor/github.com/vishvananda/netlink/handle_unspecified.go b/vendor/github.com/vishvananda/netlink/handle_unspecified.go index d0966680dc4..3fe03642e5b 100644 --- a/vendor/github.com/vishvananda/netlink/handle_unspecified.go +++ b/vendor/github.com/vishvananda/netlink/handle_unspecified.go @@ -263,6 +263,10 @@ func (h *Handle) RouteAppend(route *Route) error { return ErrNotImplemented } +func (h *Handle) RouteChange(route *Route) error { + return ErrNotImplemented +} + func (h *Handle) RouteDel(route *Route) error { return ErrNotImplemented } diff --git a/vendor/github.com/vishvananda/netlink/inet_diag.go b/vendor/github.com/vishvananda/netlink/inet_diag.go index bee391a8098..a483ee1a1d5 100644 --- a/vendor/github.com/vishvananda/netlink/inet_diag.go +++ b/vendor/github.com/vishvananda/netlink/inet_diag.go @@ -29,3 +29,8 @@ type InetDiagTCPInfoResp struct { TCPInfo *TCPInfo TCPBBRInfo *TCPBBRInfo } + +type InetDiagUDPInfoResp struct { + InetDiagMsg *Socket + Memory *MemInfo +} diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go index e1695916a0a..28780d11845 100644 --- a/vendor/github.com/vishvananda/netlink/link.go +++ b/vendor/github.com/vishvananda/netlink/link.go @@ -33,6 +33,7 @@ type LinkAttrs struct { MasterIndex int // must be the index of a bridge Namespace interface{} // nil | NsPid | NsFd Alias string + AltNames []string Statistics *LinkStatistics Promisc int Allmulti int @@ -54,6 +55,7 @@ type LinkAttrs struct { GROIPv4MaxSize uint32 Vfs []VfInfo // virtual functions available on link Group uint32 + PermHWAddr net.HardwareAddr Slave LinkSlave } @@ -1021,16 +1023,18 @@ func (v *VrfSlave) SlaveType() string { // https://github.com/torvalds/linux/blob/47ec5303d73ea344e84f46660fff693c57641386/drivers/net/geneve.c#L1209-L1223 type Geneve struct { LinkAttrs - ID uint32 // vni - Remote net.IP - Ttl uint8 - Tos uint8 - Dport uint16 - UdpCsum uint8 - UdpZeroCsum6Tx uint8 - UdpZeroCsum6Rx uint8 - Link uint32 - FlowBased bool + ID uint32 // vni + Remote net.IP + Ttl uint8 + Tos uint8 + Dport uint16 + UdpCsum uint8 + UdpZeroCsum6Tx uint8 + UdpZeroCsum6Rx uint8 + Link uint32 + FlowBased bool + InnerProtoInherit bool + Df GeneveDf } func (geneve *Geneve) Attrs() *LinkAttrs { @@ -1041,6 +1045,15 @@ func (geneve *Geneve) Type() string { return "geneve" } +type GeneveDf uint8 + +const ( + GENEVE_DF_UNSET GeneveDf = iota + GENEVE_DF_SET + GENEVE_DF_INHERIT + GENEVE_DF_MAX +) + // Gretap devices must specify LocalIP and RemoteIP on create type Gretap struct { LinkAttrs diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go index 96468c4fab9..505d92d6996 100644 --- a/vendor/github.com/vishvananda/netlink/link_linux.go +++ b/vendor/github.com/vishvananda/netlink/link_linux.go @@ -497,6 +497,58 @@ func (h *Handle) LinkSetAlias(link Link, name string) error { return err } +// LinkAddAltName adds a new alternative name for the link device. +// Equivalent to: `ip link property add $link altname $name` +func LinkAddAltName(link Link, name string) error { + return pkgHandle.LinkAddAltName(link, name) +} + +// LinkAddAltName adds a new alternative name for the link device. +// Equivalent to: `ip link property add $link altname $name` +func (h *Handle) LinkAddAltName(link Link, name string) error { + base := link.Attrs() + h.ensureIndex(base) + req := h.newNetlinkRequest(unix.RTM_NEWLINKPROP, unix.NLM_F_ACK) + + msg := nl.NewIfInfomsg(unix.AF_UNSPEC) + msg.Index = int32(base.Index) + req.AddData(msg) + + data := nl.NewRtAttr(unix.IFLA_PROP_LIST|unix.NLA_F_NESTED, nil) + data.AddRtAttr(unix.IFLA_ALT_IFNAME, []byte(name)) + + req.AddData(data) + + _, err := req.Execute(unix.NETLINK_ROUTE, 0) + return err +} + +// LinkDelAltName delete an alternative name for the link device. +// Equivalent to: `ip link property del $link altname $name` +func LinkDelAltName(link Link, name string) error { + return pkgHandle.LinkDelAltName(link, name) +} + +// LinkDelAltName delete an alternative name for the link device. +// Equivalent to: `ip link property del $link altname $name` +func (h *Handle) LinkDelAltName(link Link, name string) error { + base := link.Attrs() + h.ensureIndex(base) + req := h.newNetlinkRequest(unix.RTM_DELLINKPROP, unix.NLM_F_ACK) + + msg := nl.NewIfInfomsg(unix.AF_UNSPEC) + msg.Index = int32(base.Index) + req.AddData(msg) + + data := nl.NewRtAttr(unix.IFLA_PROP_LIST|unix.NLA_F_NESTED, nil) + data.AddRtAttr(unix.IFLA_ALT_IFNAME, []byte(name)) + + req.AddData(data) + + _, err := req.Execute(unix.NETLINK_ROUTE, 0) + return err +} + // LinkSetHardwareAddr sets the hardware address of the link device. // Equivalent to: `ip link set $link address $hwaddr` func LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error { @@ -996,28 +1048,28 @@ func LinkSetXdpFdWithFlags(link Link, fd, flags int) error { // LinkSetGSOMaxSegs sets the GSO maximum segment count of the link device. // Equivalent to: `ip link set $link gso_max_segs $maxSegs` func LinkSetGSOMaxSegs(link Link, maxSegs int) error { - return pkgHandle.LinkSetGSOMaxSegs(link, maxSegs) + return pkgHandle.LinkSetGSOMaxSegs(link, maxSegs) } // LinkSetGSOMaxSegs sets the GSO maximum segment count of the link device. // Equivalent to: `ip link set $link gso_max_segs $maxSegs` func (h *Handle) LinkSetGSOMaxSegs(link Link, maxSize int) error { - base := link.Attrs() - h.ensureIndex(base) - req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK) + base := link.Attrs() + h.ensureIndex(base) + req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK) - msg := nl.NewIfInfomsg(unix.AF_UNSPEC) - msg.Index = int32(base.Index) - req.AddData(msg) + msg := nl.NewIfInfomsg(unix.AF_UNSPEC) + msg.Index = int32(base.Index) + req.AddData(msg) - b := make([]byte, 4) - native.PutUint32(b, uint32(maxSize)) + b := make([]byte, 4) + native.PutUint32(b, uint32(maxSize)) - data := nl.NewRtAttr(unix.IFLA_GSO_MAX_SEGS, b) - req.AddData(data) + data := nl.NewRtAttr(unix.IFLA_GSO_MAX_SEGS, b) + req.AddData(data) - _, err := req.Execute(unix.NETLINK_ROUTE, 0) - return err + _, err := req.Execute(unix.NETLINK_ROUTE, 0) + return err } // LinkSetGSOMaxSize sets the IPv6 GSO maximum size of the link device. @@ -1770,6 +1822,13 @@ func (h *Handle) linkByNameDump(name string) (Link, error) { if link.Attrs().Name == name { return link, nil } + + // support finding interfaces also via altnames + for _, altName := range link.Attrs().AltNames { + if altName == name { + return link, nil + } + } } return nil, LinkNotFoundError{fmt.Errorf("Link %s not found", name)} } @@ -1808,6 +1867,9 @@ func (h *Handle) LinkByName(name string) (Link, error) { req.AddData(attr) nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(name)) + if len(name) > 15 { + nameData = nl.NewRtAttr(unix.IFLA_ALT_IFNAME, nl.ZeroTerminated(name)) + } req.AddData(nameData) link, err := execGetLink(req) @@ -2136,6 +2198,18 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) { protinfo := parseProtinfo(attrs) base.Protinfo = &protinfo } + case unix.IFLA_PROP_LIST | unix.NLA_F_NESTED: + attrs, err := nl.ParseRouteAttr(attr.Value[:]) + if err != nil { + return nil, err + } + + base.AltNames = []string{} + for _, attr := range attrs { + if attr.Attr.Type == unix.IFLA_ALT_IFNAME { + base.AltNames = append(base.AltNames, nl.BytesToString(attr.Value)) + } + } case unix.IFLA_OPERSTATE: base.OperState = LinkOperState(uint8(attr.Value[0])) case unix.IFLA_PHYS_SWITCH_ID: @@ -2172,6 +2246,13 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) { base.NumRxQueues = int(native.Uint32(attr.Value[0:4])) case unix.IFLA_GROUP: base.Group = native.Uint32(attr.Value[0:4]) + case unix.IFLA_PERM_ADDRESS: + for _, b := range attr.Value { + if b != 0 { + base.PermHWAddr = attr.Value[:] + break + } + } } } @@ -2920,6 +3001,10 @@ func linkFlags(rawFlags uint32) net.Flags { func addGeneveAttrs(geneve *Geneve, linkInfo *nl.RtAttr) { data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil) + if geneve.InnerProtoInherit { + data.AddRtAttr(nl.IFLA_GENEVE_INNER_PROTO_INHERIT, []byte{}) + } + if geneve.FlowBased { geneve.ID = 0 data.AddRtAttr(nl.IFLA_GENEVE_COLLECT_METADATA, []byte{}) @@ -2948,6 +3033,8 @@ func addGeneveAttrs(geneve *Geneve, linkInfo *nl.RtAttr) { if geneve.Tos != 0 { data.AddRtAttr(nl.IFLA_GENEVE_TOS, nl.Uint8Attr(geneve.Tos)) } + + data.AddRtAttr(nl.IFLA_GENEVE_DF, nl.Uint8Attr(uint8(geneve.Df))) } func parseGeneveData(link Link, data []syscall.NetlinkRouteAttr) { @@ -2966,6 +3053,8 @@ func parseGeneveData(link Link, data []syscall.NetlinkRouteAttr) { geneve.Tos = uint8(datum.Value[0]) case nl.IFLA_GENEVE_COLLECT_METADATA: geneve.FlowBased = true + case nl.IFLA_GENEVE_INNER_PROTO_INHERIT: + geneve.InnerProtoInherit = true } } } diff --git a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go index adac048f069..da12c42a560 100644 --- a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go +++ b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go @@ -204,6 +204,10 @@ func RouteAppend(route *Route) error { return ErrNotImplemented } +func RouteChange(route *Route) error { + return ErrNotImplemented +} + func RouteDel(route *Route) error { return ErrNotImplemented } @@ -279,3 +283,7 @@ func NeighDeserialize(m []byte) (*Neigh, error) { func SocketGet(local, remote net.Addr) (*Socket, error) { return nil, ErrNotImplemented } + +func SocketDestroy(local, remote net.Addr) (*Socket, error) { + return nil, ErrNotImplemented +} diff --git a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go index 8659cd1302e..eb3e1c16f7a 100644 --- a/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/conntrack_linux.go @@ -88,6 +88,7 @@ const ( CTA_COUNTERS_REPLY = 10 CTA_USE = 11 CTA_ID = 12 + CTA_ZONE = 18 CTA_TIMESTAMP = 20 CTA_LABELS = 22 ) diff --git a/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go b/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go index 2995da492f6..956367b2957 100644 --- a/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/devlink_linux.go @@ -9,39 +9,56 @@ const ( ) const ( - DEVLINK_CMD_GET = 1 - DEVLINK_CMD_PORT_GET = 5 - DEVLINK_CMD_PORT_SET = 6 - DEVLINK_CMD_PORT_NEW = 7 - DEVLINK_CMD_PORT_DEL = 8 - DEVLINK_CMD_ESWITCH_GET = 29 - DEVLINK_CMD_ESWITCH_SET = 30 - DEVLINK_CMD_INFO_GET = 51 + DEVLINK_CMD_GET = 1 + DEVLINK_CMD_PORT_GET = 5 + DEVLINK_CMD_PORT_SET = 6 + DEVLINK_CMD_PORT_NEW = 7 + DEVLINK_CMD_PORT_DEL = 8 + DEVLINK_CMD_ESWITCH_GET = 29 + DEVLINK_CMD_ESWITCH_SET = 30 + DEVLINK_CMD_RESOURCE_DUMP = 36 + DEVLINK_CMD_PARAM_GET = 38 + DEVLINK_CMD_PARAM_SET = 39 + DEVLINK_CMD_INFO_GET = 51 ) const ( - DEVLINK_ATTR_BUS_NAME = 1 - DEVLINK_ATTR_DEV_NAME = 2 - DEVLINK_ATTR_PORT_INDEX = 3 - DEVLINK_ATTR_PORT_TYPE = 4 - DEVLINK_ATTR_PORT_NETDEV_IFINDEX = 6 - DEVLINK_ATTR_PORT_NETDEV_NAME = 7 - DEVLINK_ATTR_PORT_IBDEV_NAME = 8 - DEVLINK_ATTR_ESWITCH_MODE = 25 - DEVLINK_ATTR_ESWITCH_INLINE_MODE = 26 - DEVLINK_ATTR_ESWITCH_ENCAP_MODE = 62 - DEVLINK_ATTR_PORT_FLAVOUR = 77 - DEVLINK_ATTR_INFO_DRIVER_NAME = 98 - DEVLINK_ATTR_INFO_SERIAL_NUMBER = 99 - DEVLINK_ATTR_INFO_VERSION_FIXED = 100 - DEVLINK_ATTR_INFO_VERSION_RUNNING = 101 - DEVLINK_ATTR_INFO_VERSION_STORED = 102 - DEVLINK_ATTR_INFO_VERSION_NAME = 103 - DEVLINK_ATTR_INFO_VERSION_VALUE = 104 - DEVLINK_ATTR_PORT_PCI_PF_NUMBER = 127 - DEVLINK_ATTR_PORT_FUNCTION = 145 - DEVLINK_ATTR_PORT_CONTROLLER_NUMBER = 150 - DEVLINK_ATTR_PORT_PCI_SF_NUMBER = 164 + DEVLINK_ATTR_BUS_NAME = 1 + DEVLINK_ATTR_DEV_NAME = 2 + DEVLINK_ATTR_PORT_INDEX = 3 + DEVLINK_ATTR_PORT_TYPE = 4 + DEVLINK_ATTR_PORT_NETDEV_IFINDEX = 6 + DEVLINK_ATTR_PORT_NETDEV_NAME = 7 + DEVLINK_ATTR_PORT_IBDEV_NAME = 8 + DEVLINK_ATTR_ESWITCH_MODE = 25 + DEVLINK_ATTR_ESWITCH_INLINE_MODE = 26 + DEVLINK_ATTR_ESWITCH_ENCAP_MODE = 62 + DEVLINK_ATTR_RESOURCE_LIST = 63 /* nested */ + DEVLINK_ATTR_RESOURCE = 64 /* nested */ + DEVLINK_ATTR_RESOURCE_NAME = 65 /* string */ + DEVLINK_ATTR_RESOURCE_ID = 66 /* u64 */ + DEVLINK_ATTR_RESOURCE_SIZE = 67 /* u64 */ + DEVLINK_ATTR_RESOURCE_SIZE_NEW = 68 /* u64 */ + DEVLINK_ATTR_RESOURCE_SIZE_VALID = 69 /* u8 */ + DEVLINK_ATTR_RESOURCE_SIZE_MIN = 70 /* u64 */ + DEVLINK_ATTR_RESOURCE_SIZE_MAX = 71 /* u64 */ + DEVLINK_ATTR_RESOURCE_SIZE_GRAN = 72 /* u64 */ + DEVLINK_ATTR_RESOURCE_UNIT = 73 /* u8 */ + DEVLINK_ATTR_RESOURCE_OCC = 74 /* u64 */ + DEVLINK_ATTR_DPIPE_TABLE_RESOURCE_ID = 75 /* u64 */ + DEVLINK_ATTR_DPIPE_TABLE_RESOURCE_UNITS = 76 /* u64 */ + DEVLINK_ATTR_PORT_FLAVOUR = 77 + DEVLINK_ATTR_INFO_DRIVER_NAME = 98 + DEVLINK_ATTR_INFO_SERIAL_NUMBER = 99 + DEVLINK_ATTR_INFO_VERSION_FIXED = 100 + DEVLINK_ATTR_INFO_VERSION_RUNNING = 101 + DEVLINK_ATTR_INFO_VERSION_STORED = 102 + DEVLINK_ATTR_INFO_VERSION_NAME = 103 + DEVLINK_ATTR_INFO_VERSION_VALUE = 104 + DEVLINK_ATTR_PORT_PCI_PF_NUMBER = 127 + DEVLINK_ATTR_PORT_FUNCTION = 145 + DEVLINK_ATTR_PORT_CONTROLLER_NUMBER = 150 + DEVLINK_ATTR_PORT_PCI_SF_NUMBER = 164 ) const ( @@ -94,3 +111,32 @@ const ( DEVLINK_PORT_FN_OPSTATE_DETACHED = 0 DEVLINK_PORT_FN_OPSTATE_ATTACHED = 1 ) + +const ( + DEVLINK_RESOURCE_UNIT_ENTRY uint8 = 0 +) + +const ( + DEVLINK_ATTR_PARAM = iota + 80 /* nested */ + DEVLINK_ATTR_PARAM_NAME /* string */ + DEVLINK_ATTR_PARAM_GENERIC /* flag */ + DEVLINK_ATTR_PARAM_TYPE /* u8 */ + DEVLINK_ATTR_PARAM_VALUES_LIST /* nested */ + DEVLINK_ATTR_PARAM_VALUE /* nested */ + DEVLINK_ATTR_PARAM_VALUE_DATA /* dynamic */ + DEVLINK_ATTR_PARAM_VALUE_CMODE /* u8 */ +) + +const ( + DEVLINK_PARAM_TYPE_U8 = 1 + DEVLINK_PARAM_TYPE_U16 = 2 + DEVLINK_PARAM_TYPE_U32 = 3 + DEVLINK_PARAM_TYPE_STRING = 5 + DEVLINK_PARAM_TYPE_BOOL = 6 +) + +const ( + DEVLINK_PARAM_CMODE_RUNTIME = iota + DEVLINK_PARAM_CMODE_DRIVERINIT + DEVLINK_PARAM_CMODE_PERMANENT +) diff --git a/vendor/github.com/vishvananda/netlink/nl/ip6tnl_linux.go b/vendor/github.com/vishvananda/netlink/nl/ip6tnl_linux.go new file mode 100644 index 00000000000..d5dd69e0c40 --- /dev/null +++ b/vendor/github.com/vishvananda/netlink/nl/ip6tnl_linux.go @@ -0,0 +1,21 @@ +package nl + +// id's of route attribute from https://elixir.bootlin.com/linux/v5.17.3/source/include/uapi/linux/lwtunnel.h#L38 +// the value's size are specified in https://elixir.bootlin.com/linux/v5.17.3/source/net/ipv4/ip_tunnel_core.c#L928 + +const ( + LWTUNNEL_IP6_UNSPEC = iota + LWTUNNEL_IP6_ID + LWTUNNEL_IP6_DST + LWTUNNEL_IP6_SRC + LWTUNNEL_IP6_HOPLIMIT + LWTUNNEL_IP6_TC + LWTUNNEL_IP6_FLAGS + LWTUNNEL_IP6_PAD // not implemented + LWTUNNEL_IP6_OPTS // not implemented + __LWTUNNEL_IP6_MAX +) + + + + diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go index 6cb118fb5c1..9492c5c73c3 100644 --- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go @@ -227,7 +227,10 @@ const ( IFLA_GENEVE_UDP_ZERO_CSUM6_TX IFLA_GENEVE_UDP_ZERO_CSUM6_RX IFLA_GENEVE_LABEL - IFLA_GENEVE_MAX = IFLA_GENEVE_LABEL + IFLA_GENEVE_TTL_INHERIT + IFLA_GENEVE_DF + IFLA_GENEVE_INNER_PROTO_INHERIT + IFLA_GENEVE_MAX = IFLA_GENEVE_INNER_PROTO_INHERIT ) const ( diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go index e318e099ccd..c0cef5a1947 100644 --- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go @@ -565,6 +565,11 @@ done: } if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR { + // NLMSG_DONE might have no payload, if so assume no error. + if m.Header.Type == unix.NLMSG_DONE && len(m.Data) == 0 { + break done + } + native := NativeEndian() errno := int32(native.Uint32(m.Data[0:4])) if errno == 0 { @@ -789,8 +794,9 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli if nr < unix.NLMSG_HDRLEN { return nil, nil, fmt.Errorf("Got short response from netlink") } - rb2 := make([]byte, nr) - copy(rb2, rb[:nr]) + msgLen := nlmAlignOf(nr) + rb2 := make([]byte, msgLen) + copy(rb2, rb[:msgLen]) nl, err := syscall.ParseNetlinkMessage(rb2) if err != nil { return nil, nil, err @@ -905,6 +911,22 @@ func ParseRouteAttr(b []byte) ([]syscall.NetlinkRouteAttr, error) { return attrs, nil } +// ParseRouteAttrAsMap parses provided buffer that contains raw RtAttrs and returns a map of parsed +// atttributes indexed by attribute type or error if occured. +func ParseRouteAttrAsMap(b []byte) (map[uint16]syscall.NetlinkRouteAttr, error) { + attrMap := make(map[uint16]syscall.NetlinkRouteAttr) + + attrs, err := ParseRouteAttr(b) + if err != nil { + return nil, err + } + + for _, attr := range attrs { + attrMap[attr.Attr.Type] = attr + } + return attrMap, nil +} + func netlinkRouteAttrAndValue(b []byte) (*unix.RtAttr, []byte, int, error) { a := (*unix.RtAttr)(unsafe.Pointer(&b[0])) if int(a.Len) < unix.SizeofRtAttr || int(a.Len) > len(b) { diff --git a/vendor/github.com/vishvananda/netlink/nl/syscall.go b/vendor/github.com/vishvananda/netlink/nl/syscall.go index bdf6ba63957..b5ba039acb3 100644 --- a/vendor/github.com/vishvananda/netlink/nl/syscall.go +++ b/vendor/github.com/vishvananda/netlink/nl/syscall.go @@ -46,6 +46,7 @@ const ( // socket diags related const ( SOCK_DIAG_BY_FAMILY = 20 /* linux.sock_diag.h */ + SOCK_DESTROY = 21 TCPDIAG_NOCOOKIE = 0xFFFFFFFF /* TCPDIAG_NOCOOKIE in net/ipv4/tcp_diag.h*/ ) diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go index e9ce190c777..0720729a900 100644 --- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go @@ -105,6 +105,7 @@ const ( SizeofTcNetemCorr = 0x0c SizeofTcNetemReorder = 0x08 SizeofTcNetemCorrupt = 0x08 + SizeOfTcNetemRate = 0x10 SizeofTcTbfQopt = 2*SizeofTcRateSpec + 0x0c SizeofTcHtbCopt = 2*SizeofTcRateSpec + 0x14 SizeofTcHtbGlob = 0x14 @@ -372,6 +373,26 @@ func (x *TcNetemCorrupt) Serialize() []byte { return (*(*[SizeofTcNetemCorrupt]byte)(unsafe.Pointer(x)))[:] } +// TcNetemRate is a struct that represents the rate of a netem qdisc +type TcNetemRate struct { + Rate uint32 + PacketOverhead int32 + CellSize uint32 + CellOverhead int32 +} + +func (msg *TcNetemRate) Len() int { + return SizeofTcRateSpec +} + +func DeserializeTcNetemRate(b []byte) *TcNetemRate { + return (*TcNetemRate)(unsafe.Pointer(&b[0:SizeofTcRateSpec][0])) +} + +func (msg *TcNetemRate) Serialize() []byte { + return (*(*[SizeOfTcNetemRate]byte)(unsafe.Pointer(msg)))[:] +} + // struct tc_tbf_qopt { // struct tc_ratespec rate; // struct tc_ratespec peakrate; diff --git a/vendor/github.com/vishvananda/netlink/nl/vdpa_linux.go b/vendor/github.com/vishvananda/netlink/nl/vdpa_linux.go new file mode 100644 index 00000000000..f209125df4a --- /dev/null +++ b/vendor/github.com/vishvananda/netlink/nl/vdpa_linux.go @@ -0,0 +1,41 @@ +package nl + +const ( + VDPA_GENL_NAME = "vdpa" + VDPA_GENL_VERSION = 0x1 +) + +const ( + VDPA_CMD_UNSPEC = iota + VDPA_CMD_MGMTDEV_NEW + VDPA_CMD_MGMTDEV_GET /* can dump */ + VDPA_CMD_DEV_NEW + VDPA_CMD_DEV_DEL + VDPA_CMD_DEV_GET /* can dump */ + VDPA_CMD_DEV_CONFIG_GET /* can dump */ + VDPA_CMD_DEV_VSTATS_GET +) + +const ( + VDPA_ATTR_UNSPEC = iota + VDPA_ATTR_MGMTDEV_BUS_NAME + VDPA_ATTR_MGMTDEV_DEV_NAME + VDPA_ATTR_MGMTDEV_SUPPORTED_CLASSES + VDPA_ATTR_DEV_NAME + VDPA_ATTR_DEV_ID + VDPA_ATTR_DEV_VENDOR_ID + VDPA_ATTR_DEV_MAX_VQS + VDPA_ATTR_DEV_MAX_VQ_SIZE + VDPA_ATTR_DEV_MIN_VQ_SIZE + VDPA_ATTR_DEV_NET_CFG_MACADDR + VDPA_ATTR_DEV_NET_STATUS + VDPA_ATTR_DEV_NET_CFG_MAX_VQP + VDPA_ATTR_DEV_NET_CFG_MTU + VDPA_ATTR_DEV_NEGOTIATED_FEATURES + VDPA_ATTR_DEV_MGMTDEV_MAX_VQS + VDPA_ATTR_DEV_SUPPORTED_FEATURES + VDPA_ATTR_DEV_QUEUE_INDEX + VDPA_ATTR_DEV_VENDOR_ATTR_NAME + VDPA_ATTR_DEV_VENDOR_ATTR_VALUE + VDPA_ATTR_DEV_FEATURES +) diff --git a/vendor/github.com/vishvananda/netlink/qdisc.go b/vendor/github.com/vishvananda/netlink/qdisc.go index 00e93b458e7..6f5d6df43b9 100644 --- a/vendor/github.com/vishvananda/netlink/qdisc.go +++ b/vendor/github.com/vishvananda/netlink/qdisc.go @@ -28,6 +28,8 @@ type Qdisc interface { Type() string } +type QdiscStatistics ClassStatistics + // QdiscAttrs represents a netlink qdisc. A qdisc is associated with a link, // has a handle, a parent and a refcnt. The root qdisc of a device should // have parent == HANDLE_ROOT. @@ -37,6 +39,7 @@ type QdiscAttrs struct { Parent uint32 Refcnt uint32 // read only IngressBlock *uint32 + Statistics *QdiscStatistics } func (q QdiscAttrs) String() string { @@ -157,6 +160,7 @@ type NetemQdiscAttrs struct { ReorderCorr float32 // in % CorruptProb float32 // in % CorruptCorr float32 // in % + Rate64 uint64 } func (q NetemQdiscAttrs) String() string { @@ -181,6 +185,7 @@ type Netem struct { ReorderCorr uint32 CorruptProb uint32 CorruptCorr uint32 + Rate64 uint64 } func (netem *Netem) String() string { @@ -217,6 +222,19 @@ func (qdisc *Tbf) Type() string { return "tbf" } +// Clsact is a qdisc for adding filters +type Clsact struct { + QdiscAttrs +} + +func (qdisc *Clsact) Attrs() *QdiscAttrs { + return &qdisc.QdiscAttrs +} + +func (qdisc *Clsact) Type() string { + return "clsact" +} + // Ingress is a qdisc for adding ingress filters type Ingress struct { QdiscAttrs diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go index 123519b6638..3c3780d3d45 100644 --- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go +++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go @@ -17,6 +17,7 @@ func NewNetem(attrs QdiscAttrs, nattrs NetemQdiscAttrs) *Netem { var lossCorr, delayCorr, duplicateCorr uint32 var reorderProb, reorderCorr uint32 var corruptProb, corruptCorr uint32 + var rate64 uint64 latency := nattrs.Latency loss := Percentage2u32(nattrs.Loss) @@ -57,6 +58,7 @@ func NewNetem(attrs QdiscAttrs, nattrs NetemQdiscAttrs) *Netem { corruptProb = Percentage2u32(nattrs.CorruptProb) corruptCorr = Percentage2u32(nattrs.CorruptCorr) + rate64 = nattrs.Rate64 return &Netem{ QdiscAttrs: attrs, @@ -73,6 +75,7 @@ func NewNetem(attrs QdiscAttrs, nattrs NetemQdiscAttrs) *Netem { ReorderCorr: reorderCorr, CorruptProb: corruptProb, CorruptCorr: corruptCorr, + Rate64: rate64, } } @@ -234,6 +237,19 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error { if reorder.Probability > 0 { options.AddRtAttr(nl.TCA_NETEM_REORDER, reorder.Serialize()) } + // Rate + if qdisc.Rate64 > 0 { + rate := nl.TcNetemRate{} + if qdisc.Rate64 >= uint64(1<<32) { + options.AddRtAttr(nl.TCA_NETEM_RATE64, nl.Uint64Attr(qdisc.Rate64)) + rate.Rate = ^uint32(0) + } else { + rate.Rate = uint32(qdisc.Rate64) + } + options.AddRtAttr(nl.TCA_NETEM_RATE, rate.Serialize()) + } + case *Clsact: + options = nil case *Ingress: // ingress filters must use the proper handle if qdisc.Attrs().Parent != HANDLE_INGRESS { @@ -392,6 +408,8 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) { qdisc = &Netem{} case "sfq": qdisc = &Sfq{} + case "clsact": + qdisc = &Clsact{} default: qdisc = &GenericQdisc{QdiscType: qdiscType} } @@ -458,6 +476,18 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) { ingressBlock := new(uint32) *ingressBlock = native.Uint32(attr.Value) base.IngressBlock = ingressBlock + case nl.TCA_STATS: + s, err := parseTcStats(attr.Value) + if err != nil { + return nil, err + } + base.Statistics = (*QdiscStatistics)(s) + case nl.TCA_STATS2: + s, err := parseTcStats2(attr.Value) + if err != nil { + return nil, err + } + base.Statistics = (*QdiscStatistics)(s) } } *qdisc.Attrs() = base @@ -585,6 +615,8 @@ func parseNetemData(qdisc Qdisc, value []byte) error { if err != nil { return err } + var rate *nl.TcNetemRate + var rate64 uint64 for _, datum := range data { switch datum.Attr.Type { case nl.TCA_NETEM_CORR: @@ -600,8 +632,19 @@ func parseNetemData(qdisc Qdisc, value []byte) error { opt := nl.DeserializeTcNetemReorder(datum.Value) netem.ReorderProb = opt.Probability netem.ReorderCorr = opt.Correlation + case nl.TCA_NETEM_RATE: + rate = nl.DeserializeTcNetemRate(datum.Value) + case nl.TCA_NETEM_RATE64: + rate64 = native.Uint64(datum.Value) + } + } + if rate != nil { + netem.Rate64 = uint64(rate.Rate) + if rate64 > 0 { + netem.Rate64 = rate64 } } + return nil } diff --git a/vendor/github.com/vishvananda/netlink/route.go b/vendor/github.com/vishvananda/netlink/route.go index 79cc218ec81..1b4555d5c51 100644 --- a/vendor/github.com/vishvananda/netlink/route.go +++ b/vendor/github.com/vishvananda/netlink/route.go @@ -154,8 +154,15 @@ type flagString struct { } // RouteUpdate is sent when a route changes - type is RTM_NEWROUTE or RTM_DELROUTE + +// NlFlags is only non-zero for RTM_NEWROUTE, the following flags can be set: +// - unix.NLM_F_REPLACE - Replace existing matching config object with this request +// - unix.NLM_F_EXCL - Don't replace the config object if it already exists +// - unix.NLM_F_CREATE - Create config object if it doesn't already exist +// - unix.NLM_F_APPEND - Add to the end of the object list type RouteUpdate struct { - Type uint16 + Type uint16 + NlFlags uint16 Route } diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go index 82982c390be..929738e1171 100644 --- a/vendor/github.com/vishvananda/netlink/route_linux.go +++ b/vendor/github.com/vishvananda/netlink/route_linux.go @@ -589,6 +589,109 @@ func (e *BpfEncap) Equal(x Encap) bool { return true } +// IP6tnlEncap definition +type IP6tnlEncap struct { + ID uint64 + Dst net.IP + Src net.IP + Hoplimit uint8 + TC uint8 + Flags uint16 +} + +func (e *IP6tnlEncap) Type() int { + return nl.LWTUNNEL_ENCAP_IP6 +} + +func (e *IP6tnlEncap) Decode(buf []byte) error { + attrs, err := nl.ParseRouteAttr(buf) + if err != nil { + return err + } + for _, attr := range attrs { + switch attr.Attr.Type { + case nl.LWTUNNEL_IP6_ID: + e.ID = uint64(native.Uint64(attr.Value[0:4])) + case nl.LWTUNNEL_IP6_DST: + e.Dst = net.IP(attr.Value[:]) + case nl.LWTUNNEL_IP6_SRC: + e.Src = net.IP(attr.Value[:]) + case nl.LWTUNNEL_IP6_HOPLIMIT: + e.Hoplimit = attr.Value[0] + case nl.LWTUNNEL_IP6_TC: + // e.TC = attr.Value[0] + err = fmt.Errorf("decoding TC in IP6tnlEncap is not supported") + case nl.LWTUNNEL_IP6_FLAGS: + // e.Flags = uint16(native.Uint16(attr.Value[0:2])) + err = fmt.Errorf("decoding FLAG in IP6tnlEncap is not supported") + case nl.LWTUNNEL_IP6_PAD: + err = fmt.Errorf("decoding PAD in IP6tnlEncap is not supported") + case nl.LWTUNNEL_IP6_OPTS: + err = fmt.Errorf("decoding OPTS in IP6tnlEncap is not supported") + } + } + return err +} + +func (e *IP6tnlEncap) Encode() ([]byte, error) { + + final := []byte{} + + resID := make([]byte, 12) + native.PutUint16(resID, 12) // 2+2+8 + native.PutUint16(resID[2:], nl.LWTUNNEL_IP6_ID) + native.PutUint64(resID[4:], 0) + final = append(final, resID...) + + resDst := make([]byte, 4) + native.PutUint16(resDst, 20) // 2+2+16 + native.PutUint16(resDst[2:], nl.LWTUNNEL_IP6_DST) + resDst = append(resDst, e.Dst...) + final = append(final, resDst...) + + resSrc := make([]byte, 4) + native.PutUint16(resSrc, 20) + native.PutUint16(resSrc[2:], nl.LWTUNNEL_IP6_SRC) + resSrc = append(resSrc, e.Src...) + final = append(final, resSrc...) + + // resTc := make([]byte, 5) + // native.PutUint16(resTc, 5) + // native.PutUint16(resTc[2:], nl.LWTUNNEL_IP6_TC) + // resTc[4] = e.TC + // final = append(final,resTc...) + + resHops := make([]byte, 5) + native.PutUint16(resHops, 5) + native.PutUint16(resHops[2:], nl.LWTUNNEL_IP6_HOPLIMIT) + resHops[4] = e.Hoplimit + final = append(final, resHops...) + + // resFlags := make([]byte, 6) + // native.PutUint16(resFlags, 6) + // native.PutUint16(resFlags[2:], nl.LWTUNNEL_IP6_FLAGS) + // native.PutUint16(resFlags[4:], e.Flags) + // final = append(final,resFlags...) + + return final, nil +} + +func (e *IP6tnlEncap) String() string { + return fmt.Sprintf("id %d src %s dst %s hoplimit %d tc %d flags 0x%.4x", e.ID, e.Src, e.Dst, e.Hoplimit, e.TC, e.Flags) +} + +func (e *IP6tnlEncap) Equal(x Encap) bool { + o, ok := x.(*IP6tnlEncap) + if !ok { + return false + } + + if e.ID != o.ID || e.Flags != o.Flags || e.Hoplimit != o.Hoplimit || e.Src.Equal(o.Src) || e.Dst.Equal(o.Dst) || e.TC != o.TC { + return false + } + return true +} + type Via struct { AddrFamily int Addr net.IP @@ -687,6 +790,21 @@ func (h *Handle) RouteAddEcmp(route *Route) error { return err } +// RouteChange will change an existing route in the system. +// Equivalent to: `ip route change $route` +func RouteChange(route *Route) error { + return pkgHandle.RouteChange(route) +} + +// RouteChange will change an existing route in the system. +// Equivalent to: `ip route change $route` +func (h *Handle) RouteChange(route *Route) error { + flags := unix.NLM_F_REPLACE | unix.NLM_F_ACK + req := h.newNetlinkRequest(unix.RTM_NEWROUTE, flags) + _, err := h.routeHandle(route, req, nl.NewRtMsg()) + return err +} + // RouteReplace will add a route to the system. // Equivalent to: `ip route replace $route` func RouteReplace(route *Route) error { @@ -1030,12 +1148,16 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) var res []Route for _, m := range msgs { msg := nl.DeserializeRtMsg(m) + if family != FAMILY_ALL && msg.Family != uint8(family) { + // Ignore routes not matching requested family + continue + } if msg.Flags&unix.RTM_F_CLONED != 0 { // Ignore cloned routes continue } if msg.Table != unix.RT_TABLE_MAIN { - if filter == nil || filter != nil && filterMask&RT_FILTER_TABLE == 0 { + if filter == nil || filterMask&RT_FILTER_TABLE == 0 { // Ignore non-main tables continue } @@ -1321,6 +1443,7 @@ func deserializeRoute(m []byte) (Route, error) { // RouteGetWithOptions type RouteGetOptions struct { Iif string + IifIndex int Oif string VrfName string SrcAddr net.IP @@ -1372,7 +1495,7 @@ func (h *Handle) RouteGetWithOptions(destination net.IP, options *RouteGetOption if options != nil { if options.VrfName != "" { - link, err := LinkByName(options.VrfName) + link, err := h.LinkByName(options.VrfName) if err != nil { return nil, err } @@ -1382,20 +1505,27 @@ func (h *Handle) RouteGetWithOptions(destination net.IP, options *RouteGetOption req.AddData(nl.NewRtAttr(unix.RTA_OIF, b)) } + iifIndex := 0 if len(options.Iif) > 0 { - link, err := LinkByName(options.Iif) + link, err := h.LinkByName(options.Iif) if err != nil { return nil, err } + iifIndex = link.Attrs().Index + } else if options.IifIndex > 0 { + iifIndex = options.IifIndex + } + + if iifIndex > 0 { b := make([]byte, 4) - native.PutUint32(b, uint32(link.Attrs().Index)) + native.PutUint32(b, uint32(iifIndex)) req.AddData(nl.NewRtAttr(unix.RTA_IIF, b)) } if len(options.Oif) > 0 { - link, err := LinkByName(options.Oif) + link, err := h.LinkByName(options.Oif) if err != nil { return nil, err } @@ -1561,7 +1691,11 @@ func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done < } continue } - ch <- RouteUpdate{Type: m.Header.Type, Route: route} + ch <- RouteUpdate{ + Type: m.Header.Type, + NlFlags: m.Header.Flags & (unix.NLM_F_REPLACE | unix.NLM_F_EXCL | unix.NLM_F_CREATE | unix.NLM_F_APPEND), + Route: route, + } } } }() diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go index 5f4f98d9bdc..e91989251b6 100644 --- a/vendor/github.com/vishvananda/netlink/rule_linux.go +++ b/vendor/github.com/vishvananda/netlink/rule_linux.go @@ -221,6 +221,7 @@ func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ( } rule := NewRule() + rule.Priority = 0 // The default priority from kernel rule.Invert = msg.Flags&FibRuleInvert > 0 rule.Family = int(msg.Family) diff --git a/vendor/github.com/vishvananda/netlink/socket.go b/vendor/github.com/vishvananda/netlink/socket.go index 41aa726245b..ebcf8423bf0 100644 --- a/vendor/github.com/vishvananda/netlink/socket.go +++ b/vendor/github.com/vishvananda/netlink/socket.go @@ -25,3 +25,13 @@ type Socket struct { UID uint32 INode uint32 } + +// UnixSocket represents a netlink unix socket. +type UnixSocket struct { + Type uint8 + Family uint8 + State uint8 + pad uint8 + INode uint32 + Cookie [2]uint32 +} diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go index b881fe496dd..e4b6fa73eaa 100644 --- a/vendor/github.com/vishvananda/netlink/socket_linux.go +++ b/vendor/github.com/vishvananda/netlink/socket_linux.go @@ -11,9 +11,11 @@ import ( ) const ( - sizeofSocketID = 0x30 - sizeofSocketRequest = sizeofSocketID + 0x8 - sizeofSocket = sizeofSocketID + 0x18 + sizeofSocketID = 0x30 + sizeofSocketRequest = sizeofSocketID + 0x8 + sizeofSocket = sizeofSocketID + 0x18 + sizeofUnixSocketRequest = 0x18 // 24 byte + sizeofUnixSocket = 0x10 // 16 byte ) type socketRequest struct { @@ -54,10 +56,8 @@ func (r *socketRequest) Serialize() []byte { copy(b.Next(16), r.ID.Source) copy(b.Next(16), r.ID.Destination) } else { - copy(b.Next(4), r.ID.Source.To4()) - b.Next(12) - copy(b.Next(4), r.ID.Destination.To4()) - b.Next(12) + copy(b.Next(16), r.ID.Source.To4()) + copy(b.Next(16), r.ID.Destination.To4()) } native.PutUint32(b.Next(4), r.ID.Interface) native.PutUint32(b.Next(4), r.ID.Cookie[0]) @@ -67,6 +67,32 @@ func (r *socketRequest) Serialize() []byte { func (r *socketRequest) Len() int { return sizeofSocketRequest } +// According to linux/include/uapi/linux/unix_diag.h +type unixSocketRequest struct { + Family uint8 + Protocol uint8 + pad uint16 + States uint32 + INode uint32 + Show uint32 + Cookie [2]uint32 +} + +func (r *unixSocketRequest) Serialize() []byte { + b := writeBuffer{Bytes: make([]byte, sizeofUnixSocketRequest)} + b.Write(r.Family) + b.Write(r.Protocol) + native.PutUint16(b.Next(2), r.pad) + native.PutUint32(b.Next(4), r.States) + native.PutUint32(b.Next(4), r.INode) + native.PutUint32(b.Next(4), r.Show) + native.PutUint32(b.Next(4), r.Cookie[0]) + native.PutUint32(b.Next(4), r.Cookie[1]) + return b.Bytes +} + +func (r *unixSocketRequest) Len() int { return sizeofUnixSocketRequest } + type readBuffer struct { Bytes []byte pos int @@ -115,22 +141,61 @@ func (s *Socket) deserialize(b []byte) error { return nil } +func (u *UnixSocket) deserialize(b []byte) error { + if len(b) < sizeofUnixSocket { + return fmt.Errorf("unix diag data short read (%d); want %d", len(b), sizeofUnixSocket) + } + rb := readBuffer{Bytes: b} + u.Type = rb.Read() + u.Family = rb.Read() + u.State = rb.Read() + u.pad = rb.Read() + u.INode = native.Uint32(rb.Next(4)) + u.Cookie[0] = native.Uint32(rb.Next(4)) + u.Cookie[1] = native.Uint32(rb.Next(4)) + return nil +} + // SocketGet returns the Socket identified by its local and remote addresses. func SocketGet(local, remote net.Addr) (*Socket, error) { - localTCP, ok := local.(*net.TCPAddr) - if !ok { + var protocol uint8 + var localIP, remoteIP net.IP + var localPort, remotePort uint16 + switch l := local.(type) { + case *net.TCPAddr: + r, ok := remote.(*net.TCPAddr) + if !ok { + return nil, ErrNotImplemented + } + localIP = l.IP + localPort = uint16(l.Port) + remoteIP = r.IP + remotePort = uint16(r.Port) + protocol = unix.IPPROTO_TCP + case *net.UDPAddr: + r, ok := remote.(*net.UDPAddr) + if !ok { + return nil, ErrNotImplemented + } + localIP = l.IP + localPort = uint16(l.Port) + remoteIP = r.IP + remotePort = uint16(r.Port) + protocol = unix.IPPROTO_UDP + default: return nil, ErrNotImplemented } - remoteTCP, ok := remote.(*net.TCPAddr) - if !ok { - return nil, ErrNotImplemented + + var family uint8 + if localIP.To4() != nil && remoteIP.To4() != nil { + family = unix.AF_INET } - localIP := localTCP.IP.To4() - if localIP == nil { - return nil, ErrNotImplemented + + if family == 0 && localIP.To16() != nil && remoteIP.To16() != nil { + family = unix.AF_INET6 } - remoteIP := remoteTCP.IP.To4() - if remoteIP == nil { + + if family == 0 { return nil, ErrNotImplemented } @@ -139,25 +204,30 @@ func SocketGet(local, remote net.Addr) (*Socket, error) { return nil, err } defer s.Close() - req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, 0) + req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) req.AddData(&socketRequest{ - Family: unix.AF_INET, - Protocol: unix.IPPROTO_TCP, + Family: family, + Protocol: protocol, + States: 0xffffffff, ID: SocketID{ - SourcePort: uint16(localTCP.Port), - DestinationPort: uint16(remoteTCP.Port), + SourcePort: localPort, + DestinationPort: remotePort, Source: localIP, Destination: remoteIP, Cookie: [2]uint32{nl.TCPDIAG_NOCOOKIE, nl.TCPDIAG_NOCOOKIE}, }, }) - s.Send(req) + + if err := s.Send(req); err != nil { + return nil, err + } + msgs, from, err := s.Receive() if err != nil { return nil, err } if from.Pid != nl.PidKernel { - return nil, fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel) + return nil, fmt.Errorf("wrong sender portid %d, expected %d", from.Pid, nl.PidKernel) } if len(msgs) == 0 { return nil, errors.New("no message nor error from netlink") @@ -172,10 +242,59 @@ func SocketGet(local, remote net.Addr) (*Socket, error) { return sock, nil } +// SocketDestroy kills the Socket identified by its local and remote addresses. +func SocketDestroy(local, remote net.Addr) error { + localTCP, ok := local.(*net.TCPAddr) + if !ok { + return ErrNotImplemented + } + remoteTCP, ok := remote.(*net.TCPAddr) + if !ok { + return ErrNotImplemented + } + localIP := localTCP.IP.To4() + if localIP == nil { + return ErrNotImplemented + } + remoteIP := remoteTCP.IP.To4() + if remoteIP == nil { + return ErrNotImplemented + } + + s, err := nl.Subscribe(unix.NETLINK_INET_DIAG) + if err != nil { + return err + } + defer s.Close() + req := nl.NewNetlinkRequest(nl.SOCK_DESTROY, unix.NLM_F_ACK) + req.AddData(&socketRequest{ + Family: unix.AF_INET, + Protocol: unix.IPPROTO_TCP, + ID: SocketID{ + SourcePort: uint16(localTCP.Port), + DestinationPort: uint16(remoteTCP.Port), + Source: localIP, + Destination: remoteIP, + Cookie: [2]uint32{nl.TCPDIAG_NOCOOKIE, nl.TCPDIAG_NOCOOKIE}, + }, + }) + return s.Send(req) +} + // SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info. func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) { + // Construct the request + req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) + req.AddData(&socketRequest{ + Family: family, + Protocol: unix.IPPROTO_TCP, + Ext: (1 << (INET_DIAG_VEGASINFO - 1)) | (1 << (INET_DIAG_INFO - 1)), + States: uint32(0xfff), // all states + }) + + // Do the query and parse the result var result []*InetDiagTCPInfoResp - err := socketDiagTCPExecutor(family, func(m syscall.NetlinkMessage) error { + err := socketDiagExecutor(req, func(m syscall.NetlinkMessage) error { sockInfo := &Socket{} if err := sockInfo.deserialize(m.Data); err != nil { return err @@ -201,8 +320,18 @@ func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) { // SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket. func SocketDiagTCP(family uint8) ([]*Socket, error) { + // Construct the request + req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) + req.AddData(&socketRequest{ + Family: family, + Protocol: unix.IPPROTO_TCP, + Ext: (1 << (INET_DIAG_VEGASINFO - 1)) | (1 << (INET_DIAG_INFO - 1)), + States: uint32(0xfff), // all states + }) + + // Do the query and parse the result var result []*Socket - err := socketDiagTCPExecutor(family, func(m syscall.NetlinkMessage) error { + err := socketDiagExecutor(req, func(m syscall.NetlinkMessage) error { sockInfo := &Socket{} if err := sockInfo.deserialize(m.Data); err != nil { return err @@ -216,21 +345,154 @@ func SocketDiagTCP(family uint8) ([]*Socket, error) { return result, nil } -// socketDiagTCPExecutor requests INET_DIAG_INFO for TCP protocol for specified family type. -func socketDiagTCPExecutor(family uint8, receiver func(syscall.NetlinkMessage) error) error { - s, err := nl.Subscribe(unix.NETLINK_INET_DIAG) +// SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info. +func SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) { + // Construct the request + var extensions uint8 + extensions = 1 << (INET_DIAG_VEGASINFO - 1) + extensions |= 1 << (INET_DIAG_INFO - 1) + extensions |= 1 << (INET_DIAG_MEMINFO - 1) + + req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) + req.AddData(&socketRequest{ + Family: family, + Protocol: unix.IPPROTO_UDP, + Ext: extensions, + States: uint32(0xfff), // all states + }) + + // Do the query and parse the result + var result []*InetDiagUDPInfoResp + err := socketDiagExecutor(req, func(m syscall.NetlinkMessage) error { + sockInfo := &Socket{} + if err := sockInfo.deserialize(m.Data); err != nil { + return err + } + attrs, err := nl.ParseRouteAttr(m.Data[sizeofSocket:]) + if err != nil { + return err + } + + res, err := attrsToInetDiagUDPInfoResp(attrs, sockInfo) + if err != nil { + return err + } + + result = append(result, res) + return nil + }) if err != nil { - return err + return nil, err } - defer s.Close() + return result, nil +} +// SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket. +func SocketDiagUDP(family uint8) ([]*Socket, error) { + // Construct the request req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) req.AddData(&socketRequest{ Family: family, - Protocol: unix.IPPROTO_TCP, + Protocol: unix.IPPROTO_UDP, Ext: (1 << (INET_DIAG_VEGASINFO - 1)) | (1 << (INET_DIAG_INFO - 1)), - States: uint32(0xfff), // All TCP states + States: uint32(0xfff), // all states + }) + + // Do the query and parse the result + var result []*Socket + err := socketDiagExecutor(req, func(m syscall.NetlinkMessage) error { + sockInfo := &Socket{} + if err := sockInfo.deserialize(m.Data); err != nil { + return err + } + result = append(result, sockInfo) + return nil + }) + if err != nil { + return nil, err + } + return result, nil +} + +// UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info. +func UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { + // Construct the request + var extensions uint8 + extensions = 1 << UNIX_DIAG_NAME + extensions |= 1 << UNIX_DIAG_PEER + extensions |= 1 << UNIX_DIAG_RQLEN + req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) + req.AddData(&unixSocketRequest{ + Family: unix.AF_UNIX, + States: ^uint32(0), // all states + Show: uint32(extensions), + }) + + var result []*UnixDiagInfoResp + err := socketDiagExecutor(req, func(m syscall.NetlinkMessage) error { + sockInfo := &UnixSocket{} + if err := sockInfo.deserialize(m.Data); err != nil { + return err + } + + // Diagnosis also delivers sockets with AF_INET family, filter those + if sockInfo.Family != unix.AF_UNIX { + return nil + } + + attrs, err := nl.ParseRouteAttr(m.Data[sizeofUnixSocket:]) + if err != nil { + return err + } + + res, err := attrsToUnixDiagInfoResp(attrs, sockInfo) + if err != nil { + return err + } + result = append(result, res) + return nil }) + if err != nil { + return nil, err + } + return result, nil +} + +// UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets. +func UnixSocketDiag() ([]*UnixSocket, error) { + // Construct the request + req := nl.NewNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) + req.AddData(&unixSocketRequest{ + Family: unix.AF_UNIX, + States: ^uint32(0), // all states + }) + + var result []*UnixSocket + err := socketDiagExecutor(req, func(m syscall.NetlinkMessage) error { + sockInfo := &UnixSocket{} + if err := sockInfo.deserialize(m.Data); err != nil { + return err + } + + // Diagnosis also delivers sockets with AF_INET family, filter those + if sockInfo.Family == unix.AF_UNIX { + result = append(result, sockInfo) + } + return nil + }) + if err != nil { + return nil, err + } + return result, nil +} + +// socketDiagExecutor requests diagnoses info from the NETLINK_INET_DIAG socket for the specified request. +func socketDiagExecutor(req *nl.NetlinkRequest, receiver func(syscall.NetlinkMessage) error) error { + s, err := nl.Subscribe(unix.NETLINK_INET_DIAG) + if err != nil { + return err + } + defer s.Close() s.Send(req) loop: @@ -240,7 +502,7 @@ loop: return err } if from.Pid != nl.PidKernel { - return fmt.Errorf("Wrong sender portid %d, expected %d", from.Pid, nl.PidKernel) + return fmt.Errorf("wrong sender portid %d, expected %d", from.Pid, nl.PidKernel) } if len(msgs) == 0 { return errors.New("no message nor error from netlink") @@ -263,29 +525,65 @@ loop: } func attrsToInetDiagTCPInfoResp(attrs []syscall.NetlinkRouteAttr, sockInfo *Socket) (*InetDiagTCPInfoResp, error) { - var tcpInfo *TCPInfo - var tcpBBRInfo *TCPBBRInfo + info := &InetDiagTCPInfoResp{ + InetDiagMsg: sockInfo, + } for _, a := range attrs { - if a.Attr.Type == INET_DIAG_INFO { - tcpInfo = &TCPInfo{} - if err := tcpInfo.deserialize(a.Value); err != nil { + switch a.Attr.Type { + case INET_DIAG_INFO: + info.TCPInfo = &TCPInfo{} + if err := info.TCPInfo.deserialize(a.Value); err != nil { + return nil, err + } + case INET_DIAG_BBRINFO: + info.TCPBBRInfo = &TCPBBRInfo{} + if err := info.TCPBBRInfo.deserialize(a.Value); err != nil { return nil, err } - continue } + } + + return info, nil +} - if a.Attr.Type == INET_DIAG_BBRINFO { - tcpBBRInfo = &TCPBBRInfo{} - if err := tcpBBRInfo.deserialize(a.Value); err != nil { +func attrsToInetDiagUDPInfoResp(attrs []syscall.NetlinkRouteAttr, sockInfo *Socket) (*InetDiagUDPInfoResp, error) { + info := &InetDiagUDPInfoResp{ + InetDiagMsg: sockInfo, + } + for _, a := range attrs { + switch a.Attr.Type { + case INET_DIAG_MEMINFO: + info.Memory = &MemInfo{} + if err := info.Memory.deserialize(a.Value); err != nil { return nil, err } - continue } } - return &InetDiagTCPInfoResp{ - InetDiagMsg: sockInfo, - TCPInfo: tcpInfo, - TCPBBRInfo: tcpBBRInfo, - }, nil + return info, nil +} + +func attrsToUnixDiagInfoResp(attrs []syscall.NetlinkRouteAttr, sockInfo *UnixSocket) (*UnixDiagInfoResp, error) { + info := &UnixDiagInfoResp{ + DiagMsg: sockInfo, + } + for _, a := range attrs { + switch a.Attr.Type { + case UNIX_DIAG_NAME: + name := string(a.Value[:a.Attr.Len]) + info.Name = &name + case UNIX_DIAG_PEER: + peer := native.Uint32(a.Value) + info.Peer = &peer + case UNIX_DIAG_RQLEN: + info.Queue = &QueueInfo{ + RQueue: native.Uint32(a.Value[:4]), + WQueue: native.Uint32(a.Value[4:]), + } + // default: + // fmt.Println("unknown unix attribute type", a.Attr.Type, "with data", a.Value) + } + } + + return info, nil } diff --git a/vendor/github.com/vishvananda/netlink/tcp.go b/vendor/github.com/vishvananda/netlink/tcp.go index 23ca014d43b..43f80a0fca7 100644 --- a/vendor/github.com/vishvananda/netlink/tcp.go +++ b/vendor/github.com/vishvananda/netlink/tcp.go @@ -82,3 +82,11 @@ type TCPBBRInfo struct { BBRPacingGain uint32 BBRCwndGain uint32 } + +// According to https://man7.org/linux/man-pages/man7/sock_diag.7.html +type MemInfo struct { + RMem uint32 + WMem uint32 + FMem uint32 + TMem uint32 +} diff --git a/vendor/github.com/vishvananda/netlink/tcp_linux.go b/vendor/github.com/vishvananda/netlink/tcp_linux.go index 293858738d8..e98036da55b 100644 --- a/vendor/github.com/vishvananda/netlink/tcp_linux.go +++ b/vendor/github.com/vishvananda/netlink/tcp_linux.go @@ -8,6 +8,7 @@ import ( const ( tcpBBRInfoLen = 20 + memInfoLen = 16 ) func checkDeserErr(err error) error { @@ -351,3 +352,17 @@ func (t *TCPBBRInfo) deserialize(b []byte) error { return nil } + +func (m *MemInfo) deserialize(b []byte) error { + if len(b) != memInfoLen { + return errors.New("Invalid length") + } + + rb := bytes.NewBuffer(b) + m.RMem = native.Uint32(rb.Next(4)) + m.WMem = native.Uint32(rb.Next(4)) + m.FMem = native.Uint32(rb.Next(4)) + m.TMem = native.Uint32(rb.Next(4)) + + return nil +} diff --git a/vendor/github.com/vishvananda/netlink/unix_diag.go b/vendor/github.com/vishvananda/netlink/unix_diag.go new file mode 100644 index 00000000000..d81776f36ef --- /dev/null +++ b/vendor/github.com/vishvananda/netlink/unix_diag.go @@ -0,0 +1,27 @@ +package netlink + +// According to linux/include/uapi/linux/unix_diag.h +const ( + UNIX_DIAG_NAME = iota + UNIX_DIAG_VFS + UNIX_DIAG_PEER + UNIX_DIAG_ICONS + UNIX_DIAG_RQLEN + UNIX_DIAG_MEMINFO + UNIX_DIAG_SHUTDOWN + UNIX_DIAG_UID + UNIX_DIAG_MAX +) + +type UnixDiagInfoResp struct { + DiagMsg *UnixSocket + Name *string + Peer *uint32 + Queue *QueueInfo + Shutdown *uint8 +} + +type QueueInfo struct { + RQueue uint32 + WQueue uint32 +} diff --git a/vendor/github.com/vishvananda/netlink/vdpa_linux.go b/vendor/github.com/vishvananda/netlink/vdpa_linux.go new file mode 100644 index 00000000000..7c15986d0f9 --- /dev/null +++ b/vendor/github.com/vishvananda/netlink/vdpa_linux.go @@ -0,0 +1,463 @@ +package netlink + +import ( + "fmt" + "net" + "syscall" + + "golang.org/x/sys/unix" + + "github.com/vishvananda/netlink/nl" +) + +type vdpaDevID struct { + Name string + ID uint32 +} + +// VDPADev contains info about VDPA device +type VDPADev struct { + vdpaDevID + VendorID uint32 + MaxVQS uint32 + MaxVQSize uint16 + MinVQSize uint16 +} + +// VDPADevConfig contains configuration of the VDPA device +type VDPADevConfig struct { + vdpaDevID + Features uint64 + NegotiatedFeatures uint64 + Net VDPADevConfigNet +} + +// VDPADevVStats conatins vStats for the VDPA device +type VDPADevVStats struct { + vdpaDevID + QueueIndex uint32 + Vendor []VDPADevVStatsVendor + NegotiatedFeatures uint64 +} + +// VDPADevVStatsVendor conatins name and value for vendor specific vstat option +type VDPADevVStatsVendor struct { + Name string + Value uint64 +} + +// VDPADevConfigNet conatins status and net config for the VDPA device +type VDPADevConfigNet struct { + Status VDPADevConfigNetStatus + Cfg VDPADevConfigNetCfg +} + +// VDPADevConfigNetStatus contains info about net status +type VDPADevConfigNetStatus struct { + LinkUp bool + Announce bool +} + +// VDPADevConfigNetCfg contains net config for the VDPA device +type VDPADevConfigNetCfg struct { + MACAddr net.HardwareAddr + MaxVQP uint16 + MTU uint16 +} + +// VDPAMGMTDev conatins info about VDPA management device +type VDPAMGMTDev struct { + BusName string + DevName string + SupportedClasses uint64 + SupportedFeatures uint64 + MaxVQS uint32 +} + +// VDPANewDevParams contains parameters for new VDPA device +// use SetBits to configure requried features for the device +// example: +// +// VDPANewDevParams{Features: SetBits(0, VIRTIO_NET_F_MTU, VIRTIO_NET_F_CTRL_MAC_ADDR)} +type VDPANewDevParams struct { + MACAddr net.HardwareAddr + MaxVQP uint16 + MTU uint16 + Features uint64 +} + +// SetBits set provided bits in the uint64 input value +// usage example: +// features := SetBits(0, VIRTIO_NET_F_MTU, VIRTIO_NET_F_CTRL_MAC_ADDR) +func SetBits(input uint64, pos ...int) uint64 { + for _, p := range pos { + input |= 1 << uint64(p) + } + return input +} + +// IsBitSet check if specific bit is set in the uint64 input value +// usage example: +// hasNetClass := IsBitSet(mgmtDev, VIRTIO_ID_NET) +func IsBitSet(input uint64, pos int) bool { + val := input & (1 << uint64(pos)) + return val > 0 +} + +// VDPANewDev adds new VDPA device +// Equivalent to: `vdpa dev add name mgmtdev /mgmtName [params]` +func VDPANewDev(name, mgmtBus, mgmtName string, params VDPANewDevParams) error { + return pkgHandle.VDPANewDev(name, mgmtBus, mgmtName, params) +} + +// VDPADelDev removes VDPA device +// Equivalent to: `vdpa dev del ` +func VDPADelDev(name string) error { + return pkgHandle.VDPADelDev(name) +} + +// VDPAGetDevList returns list of VDPA devices +// Equivalent to: `vdpa dev show` +func VDPAGetDevList() ([]*VDPADev, error) { + return pkgHandle.VDPAGetDevList() +} + +// VDPAGetDevByName returns VDPA device selected by name +// Equivalent to: `vdpa dev show ` +func VDPAGetDevByName(name string) (*VDPADev, error) { + return pkgHandle.VDPAGetDevByName(name) +} + +// VDPAGetDevConfigList returns list of VDPA devices configurations +// Equivalent to: `vdpa dev config show` +func VDPAGetDevConfigList() ([]*VDPADevConfig, error) { + return pkgHandle.VDPAGetDevConfigList() +} + +// VDPAGetDevConfigByName returns VDPA device configuration selected by name +// Equivalent to: `vdpa dev config show ` +func VDPAGetDevConfigByName(name string) (*VDPADevConfig, error) { + return pkgHandle.VDPAGetDevConfigByName(name) +} + +// VDPAGetDevVStats returns vstats for VDPA device +// Equivalent to: `vdpa dev vstats show qidx ` +func VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStats, error) { + return pkgHandle.VDPAGetDevVStats(name, queueIndex) +} + +// VDPAGetMGMTDevList returns list of mgmt devices +// Equivalent to: `vdpa mgmtdev show` +func VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) { + return pkgHandle.VDPAGetMGMTDevList() +} + +// VDPAGetMGMTDevByBusAndName returns mgmt devices selected by bus and name +// Equivalent to: `vdpa mgmtdev show /` +func VDPAGetMGMTDevByBusAndName(bus, name string) (*VDPAMGMTDev, error) { + return pkgHandle.VDPAGetMGMTDevByBusAndName(bus, name) +} + +type vdpaNetlinkMessage []syscall.NetlinkRouteAttr + +func (id *vdpaDevID) parseIDAttribute(attr syscall.NetlinkRouteAttr) { + switch attr.Attr.Type { + case nl.VDPA_ATTR_DEV_NAME: + id.Name = nl.BytesToString(attr.Value) + case nl.VDPA_ATTR_DEV_ID: + id.ID = native.Uint32(attr.Value) + } +} + +func (netStatus *VDPADevConfigNetStatus) parseStatusAttribute(value []byte) { + a := native.Uint16(value) + netStatus.Announce = (a & VIRTIO_NET_S_ANNOUNCE) > 0 + netStatus.LinkUp = (a & VIRTIO_NET_S_LINK_UP) > 0 +} + +func (d *VDPADev) parseAttributes(attrs vdpaNetlinkMessage) { + for _, a := range attrs { + d.parseIDAttribute(a) + switch a.Attr.Type { + case nl.VDPA_ATTR_DEV_VENDOR_ID: + d.VendorID = native.Uint32(a.Value) + case nl.VDPA_ATTR_DEV_MAX_VQS: + d.MaxVQS = native.Uint32(a.Value) + case nl.VDPA_ATTR_DEV_MAX_VQ_SIZE: + d.MaxVQSize = native.Uint16(a.Value) + case nl.VDPA_ATTR_DEV_MIN_VQ_SIZE: + d.MinVQSize = native.Uint16(a.Value) + } + } +} + +func (c *VDPADevConfig) parseAttributes(attrs vdpaNetlinkMessage) { + for _, a := range attrs { + c.parseIDAttribute(a) + switch a.Attr.Type { + case nl.VDPA_ATTR_DEV_NET_CFG_MACADDR: + c.Net.Cfg.MACAddr = a.Value + case nl.VDPA_ATTR_DEV_NET_STATUS: + c.Net.Status.parseStatusAttribute(a.Value) + case nl.VDPA_ATTR_DEV_NET_CFG_MAX_VQP: + c.Net.Cfg.MaxVQP = native.Uint16(a.Value) + case nl.VDPA_ATTR_DEV_NET_CFG_MTU: + c.Net.Cfg.MTU = native.Uint16(a.Value) + case nl.VDPA_ATTR_DEV_FEATURES: + c.Features = native.Uint64(a.Value) + case nl.VDPA_ATTR_DEV_NEGOTIATED_FEATURES: + c.NegotiatedFeatures = native.Uint64(a.Value) + } + } +} + +func (s *VDPADevVStats) parseAttributes(attrs vdpaNetlinkMessage) { + for _, a := range attrs { + s.parseIDAttribute(a) + switch a.Attr.Type { + case nl.VDPA_ATTR_DEV_QUEUE_INDEX: + s.QueueIndex = native.Uint32(a.Value) + case nl.VDPA_ATTR_DEV_VENDOR_ATTR_NAME: + s.Vendor = append(s.Vendor, VDPADevVStatsVendor{Name: nl.BytesToString(a.Value)}) + case nl.VDPA_ATTR_DEV_VENDOR_ATTR_VALUE: + if len(s.Vendor) == 0 { + break + } + s.Vendor[len(s.Vendor)-1].Value = native.Uint64(a.Value) + case nl.VDPA_ATTR_DEV_NEGOTIATED_FEATURES: + s.NegotiatedFeatures = native.Uint64(a.Value) + } + } +} + +func (d *VDPAMGMTDev) parseAttributes(attrs vdpaNetlinkMessage) { + for _, a := range attrs { + switch a.Attr.Type { + case nl.VDPA_ATTR_MGMTDEV_BUS_NAME: + d.BusName = nl.BytesToString(a.Value) + case nl.VDPA_ATTR_MGMTDEV_DEV_NAME: + d.DevName = nl.BytesToString(a.Value) + case nl.VDPA_ATTR_MGMTDEV_SUPPORTED_CLASSES: + d.SupportedClasses = native.Uint64(a.Value) + case nl.VDPA_ATTR_DEV_SUPPORTED_FEATURES: + d.SupportedFeatures = native.Uint64(a.Value) + case nl.VDPA_ATTR_DEV_MGMTDEV_MAX_VQS: + d.MaxVQS = native.Uint32(a.Value) + } + } +} + +func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr) ([]vdpaNetlinkMessage, error) { + f, err := h.GenlFamilyGet(nl.VDPA_GENL_NAME) + if err != nil { + return nil, err + } + req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_ACK|extraFlags) + req.AddData(&nl.Genlmsg{ + Command: command, + Version: nl.VDPA_GENL_VERSION, + }) + for _, a := range attrs { + req.AddData(a) + } + + resp, err := req.Execute(unix.NETLINK_GENERIC, 0) + if err != nil { + return nil, err + } + messages := make([]vdpaNetlinkMessage, 0, len(resp)) + for _, m := range resp { + attrs, err := nl.ParseRouteAttr(m[nl.SizeofGenlmsg:]) + if err != nil { + return nil, err + } + messages = append(messages, attrs) + } + return messages, nil +} + +// dump all devices if dev is nil +func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) { + var extraFlags int + var attrs []*nl.RtAttr + if dev != nil { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_DEV_NAME, nl.ZeroTerminated(*dev))) + } else { + extraFlags = extraFlags | unix.NLM_F_DUMP + } + messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs) + if err != nil { + return nil, err + } + devs := make([]*VDPADev, 0, len(messages)) + for _, m := range messages { + d := &VDPADev{} + d.parseAttributes(m) + devs = append(devs, d) + } + return devs, nil +} + +// dump all devices if dev is nil +func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) { + var extraFlags int + var attrs []*nl.RtAttr + if dev != nil { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_DEV_NAME, nl.ZeroTerminated(*dev))) + } else { + extraFlags = extraFlags | unix.NLM_F_DUMP + } + messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs) + if err != nil { + return nil, err + } + cfgs := make([]*VDPADevConfig, 0, len(messages)) + for _, m := range messages { + cfg := &VDPADevConfig{} + cfg.parseAttributes(m) + cfgs = append(cfgs, cfg) + } + return cfgs, nil +} + +// dump all devices if dev is nil +func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) { + var extraFlags int + var attrs []*nl.RtAttr + if dev != nil { + attrs = append(attrs, + nl.NewRtAttr(nl.VDPA_ATTR_MGMTDEV_DEV_NAME, nl.ZeroTerminated(*dev)), + ) + if bus != nil { + attrs = append(attrs, + nl.NewRtAttr(nl.VDPA_ATTR_MGMTDEV_BUS_NAME, nl.ZeroTerminated(*bus)), + ) + } + } else { + extraFlags = extraFlags | unix.NLM_F_DUMP + } + messages, err := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs) + if err != nil { + return nil, err + } + cfgs := make([]*VDPAMGMTDev, 0, len(messages)) + for _, m := range messages { + cfg := &VDPAMGMTDev{} + cfg.parseAttributes(m) + cfgs = append(cfgs, cfg) + } + return cfgs, nil +} + +// VDPANewDev adds new VDPA device +// Equivalent to: `vdpa dev add name mgmtdev /mgmtName [params]` +func (h *Handle) VDPANewDev(name, mgmtBus, mgmtName string, params VDPANewDevParams) error { + attrs := []*nl.RtAttr{ + nl.NewRtAttr(nl.VDPA_ATTR_DEV_NAME, nl.ZeroTerminated(name)), + nl.NewRtAttr(nl.VDPA_ATTR_MGMTDEV_DEV_NAME, nl.ZeroTerminated(mgmtName)), + } + if mgmtBus != "" { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_MGMTDEV_BUS_NAME, nl.ZeroTerminated(mgmtBus))) + } + if len(params.MACAddr) != 0 { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_DEV_NET_CFG_MACADDR, params.MACAddr)) + } + if params.MaxVQP > 0 { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_DEV_NET_CFG_MAX_VQP, nl.Uint16Attr(params.MaxVQP))) + } + if params.MTU > 0 { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_DEV_NET_CFG_MTU, nl.Uint16Attr(params.MTU))) + } + if params.Features > 0 { + attrs = append(attrs, nl.NewRtAttr(nl.VDPA_ATTR_DEV_FEATURES, nl.Uint64Attr(params.Features))) + } + _, err := h.vdpaRequest(nl.VDPA_CMD_DEV_NEW, 0, attrs) + return err +} + +// VDPADelDev removes VDPA device +// Equivalent to: `vdpa dev del ` +func (h *Handle) VDPADelDev(name string) error { + _, err := h.vdpaRequest(nl.VDPA_CMD_DEV_DEL, 0, []*nl.RtAttr{ + nl.NewRtAttr(nl.VDPA_ATTR_DEV_NAME, nl.ZeroTerminated(name))}) + return err +} + +// VDPAGetDevList returns list of VDPA devices +// Equivalent to: `vdpa dev show` +func (h *Handle) VDPAGetDevList() ([]*VDPADev, error) { + return h.vdpaDevGet(nil) +} + +// VDPAGetDevByName returns VDPA device selected by name +// Equivalent to: `vdpa dev show ` +func (h *Handle) VDPAGetDevByName(name string) (*VDPADev, error) { + devs, err := h.vdpaDevGet(&name) + if err != nil { + return nil, err + } + if len(devs) == 0 { + return nil, fmt.Errorf("device not found") + } + return devs[0], nil +} + +// VDPAGetDevConfigList returns list of VDPA devices configurations +// Equivalent to: `vdpa dev config show` +func (h *Handle) VDPAGetDevConfigList() ([]*VDPADevConfig, error) { + return h.vdpaDevConfigGet(nil) +} + +// VDPAGetDevConfigByName returns VDPA device configuration selected by name +// Equivalent to: `vdpa dev config show ` +func (h *Handle) VDPAGetDevConfigByName(name string) (*VDPADevConfig, error) { + cfgs, err := h.vdpaDevConfigGet(&name) + if err != nil { + return nil, err + } + if len(cfgs) == 0 { + return nil, fmt.Errorf("configuration not found") + } + return cfgs[0], nil +} + +// VDPAGetDevVStats returns vstats for VDPA device +// Equivalent to: `vdpa dev vstats show qidx ` +func (h *Handle) VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStats, error) { + messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_VSTATS_GET, 0, []*nl.RtAttr{ + nl.NewRtAttr(nl.VDPA_ATTR_DEV_NAME, nl.ZeroTerminated(name)), + nl.NewRtAttr(nl.VDPA_ATTR_DEV_QUEUE_INDEX, nl.Uint32Attr(queueIndex)), + }) + if err != nil { + return nil, err + } + if len(messages) == 0 { + return nil, fmt.Errorf("stats not found") + } + stats := &VDPADevVStats{} + stats.parseAttributes(messages[0]) + return stats, nil +} + +// VDPAGetMGMTDevList returns list of mgmt devices +// Equivalent to: `vdpa mgmtdev show` +func (h *Handle) VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) { + return h.vdpaMGMTDevGet(nil, nil) +} + +// VDPAGetMGMTDevByBusAndName returns mgmt devices selected by bus and name +// Equivalent to: `vdpa mgmtdev show /` +func (h *Handle) VDPAGetMGMTDevByBusAndName(bus, name string) (*VDPAMGMTDev, error) { + var busPtr *string + if bus != "" { + busPtr = &bus + } + devs, err := h.vdpaMGMTDevGet(busPtr, &name) + if err != nil { + return nil, err + } + if len(devs) == 0 { + return nil, fmt.Errorf("mgmtdev not found") + } + return devs[0], nil +} diff --git a/vendor/github.com/vishvananda/netlink/virtio.go b/vendor/github.com/vishvananda/netlink/virtio.go new file mode 100644 index 00000000000..78a497bbc3b --- /dev/null +++ b/vendor/github.com/vishvananda/netlink/virtio.go @@ -0,0 +1,132 @@ +package netlink + +// features for virtio net +const ( + VIRTIO_NET_F_CSUM = 0 // Host handles pkts w/ partial csum + VIRTIO_NET_F_GUEST_CSUM = 1 // Guest handles pkts w/ partial csum + VIRTIO_NET_F_CTRL_GUEST_OFFLOADS = 2 // Dynamic offload configuration. + VIRTIO_NET_F_MTU = 3 // Initial MTU advice + VIRTIO_NET_F_MAC = 5 // Host has given MAC address. + VIRTIO_NET_F_GUEST_TSO4 = 7 // Guest can handle TSOv4 in. + VIRTIO_NET_F_GUEST_TSO6 = 8 // Guest can handle TSOv6 in. + VIRTIO_NET_F_GUEST_ECN = 9 // Guest can handle TSO[6] w/ ECN in. + VIRTIO_NET_F_GUEST_UFO = 10 // Guest can handle UFO in. + VIRTIO_NET_F_HOST_TSO4 = 11 // Host can handle TSOv4 in. + VIRTIO_NET_F_HOST_TSO6 = 12 // Host can handle TSOv6 in. + VIRTIO_NET_F_HOST_ECN = 13 // Host can handle TSO[6] w/ ECN in. + VIRTIO_NET_F_HOST_UFO = 14 // Host can handle UFO in. + VIRTIO_NET_F_MRG_RXBUF = 15 // Host can merge receive buffers. + VIRTIO_NET_F_STATUS = 16 // virtio_net_config.status available + VIRTIO_NET_F_CTRL_VQ = 17 // Control channel available + VIRTIO_NET_F_CTRL_RX = 18 // Control channel RX mode support + VIRTIO_NET_F_CTRL_VLAN = 19 // Control channel VLAN filtering + VIRTIO_NET_F_CTRL_RX_EXTRA = 20 // Extra RX mode control support + VIRTIO_NET_F_GUEST_ANNOUNCE = 21 // Guest can announce device on the* network + VIRTIO_NET_F_MQ = 22 // Device supports Receive Flow Steering + VIRTIO_NET_F_CTRL_MAC_ADDR = 23 // Set MAC address + VIRTIO_NET_F_VQ_NOTF_COAL = 52 // Device supports virtqueue notification coalescing + VIRTIO_NET_F_NOTF_COAL = 53 // Device supports notifications coalescing + VIRTIO_NET_F_GUEST_USO4 = 54 // Guest can handle USOv4 in. + VIRTIO_NET_F_GUEST_USO6 = 55 // Guest can handle USOv6 in. + VIRTIO_NET_F_HOST_USO = 56 // Host can handle USO in. + VIRTIO_NET_F_HASH_REPORT = 57 // Supports hash report + VIRTIO_NET_F_GUEST_HDRLEN = 59 // Guest provides the exact hdr_len value. + VIRTIO_NET_F_RSS = 60 // Supports RSS RX steering + VIRTIO_NET_F_RSC_EXT = 61 // extended coalescing info + VIRTIO_NET_F_STANDBY = 62 // Act as standby for another device with the same MAC. + VIRTIO_NET_F_SPEED_DUPLEX = 63 // Device set linkspeed and duplex + VIRTIO_NET_F_GSO = 6 // Host handles pkts any GSO type +) + +// virtio net status +const ( + VIRTIO_NET_S_LINK_UP = 1 // Link is up + VIRTIO_NET_S_ANNOUNCE = 2 // Announcement is needed +) + +// virtio config +const ( + // Do we get callbacks when the ring is completely used, even if we've + // suppressed them? + VIRTIO_F_NOTIFY_ON_EMPTY = 24 + // Can the device handle any descriptor layout? + VIRTIO_F_ANY_LAYOUT = 27 + // v1.0 compliant + VIRTIO_F_VERSION_1 = 32 + // If clear - device has the platform DMA (e.g. IOMMU) bypass quirk feature. + // If set - use platform DMA tools to access the memory. + // Note the reverse polarity (compared to most other features), + // this is for compatibility with legacy systems. + VIRTIO_F_ACCESS_PLATFORM = 33 + // Legacy name for VIRTIO_F_ACCESS_PLATFORM (for compatibility with old userspace) + VIRTIO_F_IOMMU_PLATFORM = VIRTIO_F_ACCESS_PLATFORM + // This feature indicates support for the packed virtqueue layout. + VIRTIO_F_RING_PACKED = 34 + // Inorder feature indicates that all buffers are used by the device + // in the same order in which they have been made available. + VIRTIO_F_IN_ORDER = 35 + // This feature indicates that memory accesses by the driver and the + // device are ordered in a way described by the platform. + VIRTIO_F_ORDER_PLATFORM = 36 + // Does the device support Single Root I/O Virtualization? + VIRTIO_F_SR_IOV = 37 + // This feature indicates that the driver passes extra data (besides + // identifying the virtqueue) in its device notifications. + VIRTIO_F_NOTIFICATION_DATA = 38 + // This feature indicates that the driver uses the data provided by the device + // as a virtqueue identifier in available buffer notifications. + VIRTIO_F_NOTIF_CONFIG_DATA = 39 + // This feature indicates that the driver can reset a queue individually. + VIRTIO_F_RING_RESET = 40 +) + +// virtio device ids +const ( + VIRTIO_ID_NET = 1 // virtio net + VIRTIO_ID_BLOCK = 2 // virtio block + VIRTIO_ID_CONSOLE = 3 // virtio console + VIRTIO_ID_RNG = 4 // virtio rng + VIRTIO_ID_BALLOON = 5 // virtio balloon + VIRTIO_ID_IOMEM = 6 // virtio ioMemory + VIRTIO_ID_RPMSG = 7 // virtio remote processor messaging + VIRTIO_ID_SCSI = 8 // virtio scsi + VIRTIO_ID_9P = 9 // 9p virtio console + VIRTIO_ID_MAC80211_WLAN = 10 // virtio WLAN MAC + VIRTIO_ID_RPROC_SERIAL = 11 // virtio remoteproc serial link + VIRTIO_ID_CAIF = 12 // Virtio caif + VIRTIO_ID_MEMORY_BALLOON = 13 // virtio memory balloon + VIRTIO_ID_GPU = 16 // virtio GPU + VIRTIO_ID_CLOCK = 17 // virtio clock/timer + VIRTIO_ID_INPUT = 18 // virtio input + VIRTIO_ID_VSOCK = 19 // virtio vsock transport + VIRTIO_ID_CRYPTO = 20 // virtio crypto + VIRTIO_ID_SIGNAL_DIST = 21 // virtio signal distribution device + VIRTIO_ID_PSTORE = 22 // virtio pstore device + VIRTIO_ID_IOMMU = 23 // virtio IOMMU + VIRTIO_ID_MEM = 24 // virtio mem + VIRTIO_ID_SOUND = 25 // virtio sound + VIRTIO_ID_FS = 26 // virtio filesystem + VIRTIO_ID_PMEM = 27 // virtio pmem + VIRTIO_ID_RPMB = 28 // virtio rpmb + VIRTIO_ID_MAC80211_HWSIM = 29 // virtio mac80211-hwsim + VIRTIO_ID_VIDEO_ENCODER = 30 // virtio video encoder + VIRTIO_ID_VIDEO_DECODER = 31 // virtio video decoder + VIRTIO_ID_SCMI = 32 // virtio SCMI + VIRTIO_ID_NITRO_SEC_MOD = 33 // virtio nitro secure module + VIRTIO_ID_I2C_ADAPTER = 34 // virtio i2c adapter + VIRTIO_ID_WATCHDOG = 35 // virtio watchdog + VIRTIO_ID_CAN = 36 // virtio can + VIRTIO_ID_DMABUF = 37 // virtio dmabuf + VIRTIO_ID_PARAM_SERV = 38 // virtio parameter server + VIRTIO_ID_AUDIO_POLICY = 39 // virtio audio policy + VIRTIO_ID_BT = 40 // virtio bluetooth + VIRTIO_ID_GPIO = 41 // virtio gpio + // Virtio Transitional IDs + VIRTIO_TRANS_ID_NET = 0x1000 // transitional virtio net + VIRTIO_TRANS_ID_BLOCK = 0x1001 // transitional virtio block + VIRTIO_TRANS_ID_BALLOON = 0x1002 // transitional virtio balloon + VIRTIO_TRANS_ID_CONSOLE = 0x1003 // transitional virtio console + VIRTIO_TRANS_ID_SCSI = 0x1004 // transitional virtio SCSI + VIRTIO_TRANS_ID_RNG = 0x1005 // transitional virtio rng + VIRTIO_TRANS_ID_9P = 0x1009 // transitional virtio 9p console +) diff --git a/vendor/modules.txt b/vendor/modules.txt index 3fb28ccc6ff..6e2deab2da5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -33,7 +33,7 @@ github.com/bombsimon/logrusr/v4 # github.com/cespare/xxhash/v2 v2.2.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/cilium/cilium v1.15.4 +# github.com/cilium/cilium v1.15.6 ## explicit; go 1.21.0 github.com/cilium/cilium/api/v1/client github.com/cilium/cilium/api/v1/client/bgp @@ -207,7 +207,7 @@ github.com/cilium/cilium/pkg/u8proto github.com/cilium/cilium/pkg/version github.com/cilium/cilium/pkg/versioncheck github.com/cilium/cilium/pkg/wireguard/types -# github.com/cilium/dns v1.1.51-0.20231120140355-729345173dc3 +# github.com/cilium/dns v1.1.51-0.20240416134107-d47d0dd702a1 ## explicit; go 1.18 github.com/cilium/dns # github.com/cilium/ebpf v0.15.0 @@ -792,7 +792,7 @@ github.com/tklauser/go-sysconf # github.com/tklauser/numcpus v0.6.0 ## explicit; go 1.13 github.com/tklauser/numcpus -# github.com/vishvananda/netlink v1.2.1-beta.2.0.20231127184239-0ced8385386a +# github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21 ## explicit; go 1.12 github.com/vishvananda/netlink github.com/vishvananda/netlink/nl