Sync fork with upstream #4
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: chengzhycn <[email protected]>
Signed-off-by: chengzhycn <[email protected]>
This PR adds support for filtering flows based on conntrack labels. It adds two filters `ConntrackMatchLabels` && `ConntackUnmatchLabels` through which user can provide a list of labels as type "bytes" which will then be compared to flow.Labels to see if any matches were found. ConntrackMatchLabels: Every label passed should be contained in flow.Labels for a match to be true ConntrackUmmatchLabels: Every label passed should not be contained in the flow.Labels for a match to be true Signed-off-by: Surya Seetharaman <[email protected]>
This option allows performing FIB lookups for a particular firewall mark. It is equivalent to iproute2's 'ip route get mark' option.
- changes: 1. set userTmpl.Family to correct family 2. add Selector to XfrmState which is corresponding to XfrmUsersaInfo.Sel - update *XfrmAddress.ToIPNet method to support 0.0.0.0/0 and ::/0 correctly - update xfrmStateFromXfrmUsersaInfo to get XfrmState.Selector - extend TestXfrmStateAddGetDel for v6ov4 and v4ov6 cases
This feature could not be tested with virtual interfaces that's why unit-tests aren't added into this change.
This patch implements both tc and filter chains. We also need to align tc filter delition implementation with iprote2 to delete filters withichain by passing additional bits during filter deletion call.
Add support for ip rules' FRA_PROTOCOL attribute and also check for it when testing rules. The default ip rule protocol is RTPROT_UNSPEC (0) so we set the attribute only when it is >0. Signed-off-by: Nikolay Aleksandrov <[email protected]>
This pr allows to change the default vlan on a bridge. It is currently set to 1 by default. A value of 0 means no default vlan. Signed-off-by: Marcelo Guerrero Viveros <[email protected]>
Signed-off-by: Li Chun <[email protected]>
Add two new methods to allow setting GSO and GRO max size attributes only. They make it much easier to enable IPv4 BIG TCP [0]. The equivalent iproute2 commands are: $ ip link set $link gso_ipv4_max_size $maxSize $ ip link set $link gro_ipv4_max_size $maxSize Also add tests for them. We already do support the IPv6 counterpart via 543bb1c ("link: add LinkSetGSOMaxSize and LinkSetGROMaxSize"). [0] https://lore.kernel.org/netdev/[email protected]/ Signed-off-by: Daniel Borkmann <[email protected]>
This is a read-only netlink attribute which has been added in 5.19 kernel. This is useful to query in order to probe if a given driver supports IPv6 BIG TCP. [0] https://lore.kernel.org/netdev/[email protected]/ Signed-off-by: Daniel Borkmann <[email protected]>
Commit 2b00839 ("link: add LinkSetGSOIPv4MaxSize and LinkSetGROIPv4MaxSize") introduced the use of these constants, but they were added only recently to the golang.org/x/sys/unix package. Update its version in go.mod and use the pre-defined constants instead of duplicating them. Signed-off-by: Tobias Klauser <[email protected]>
Support `ip route get fibmatch` equivalent with RouteGetWithOptions by adding FIBMatch flag to RouteGetOptions. Signed-off-by: Yutaro Hayakawa <[email protected]>
Use a tagged relase rather than an intermediate version.
Ip6tnl devices support IFLA_IPTUN_COLLECT_METADATA (collect_md/external mode). This commit adds support for this and a respective test. Signed-off-by: Robin Gögge <[email protected]>
IFLA_IPTUN_COLLECT_METADATA is a "flag" netlink attribute, and shouldn't have any payload. This also needs to be considered when parsing netlink messages for Iptun. This fixes Iptun link, by crafting and parsing messages accordingly and adds a test. Signed-off-by: Robin Gögge <[email protected]>
This is the equivalent of: bridge link set dev <foo> isolated on|off Add more bridge port netlink attributes Imported from include/uapi/linux/if_link.h in Linux v6.3. Signed-off-by: Robin Jarry <[email protected]>
This allows for ip link set $link gso_max_segs $maxSegs type operations.
The IFLA_GENEVE_COLLECT_METADATA netlink attribute shouldn't have any a payload. For Geneve devices also other attributes can be set next to FlowBased, however the VNI needs to be 0. This commit also adds a test for creating a Geneve device in FlowBased mode. Signed-off-by: Robin Gögge <[email protected]>
This allows users to get and set the vlan protocol on a vf Signed-off-by: Marcelo Guerrero <[email protected]>
Sometimes with `ListExisting` enabled and enough interfaces configured, netlink will try to send more data than the buffer can hold and the caller will get back ENOBUFS. Thus, it's useful to be able to configure the netlink buffer size.
When there are a large number of existing results for the link, neighbor, and address subscribe functions with ListExisting are likely to fail with ENOBUFS. This takes the AddrSubscribeOptions ReceiveBufferSize, already applied to LinkSubscribeOptions, and applies it to NeighSubscribeOptions and RouteSubscribeOptions. The ReceiveTimeout option was also added to each. Added a SetReceiveBufferSize to the nl_linux socket API. The existing addr_linux subscribe function was modified so instead of setting the ReceiveBufferSize on the netlink pkghandle, it is set on the socket associated with the subscription. The new implementations also only change the receive buffer size on the socket. Lastly, a new ReceiveBufferForceSize option was applied to all four of the modified Subscribe functions.
this PR adds support for setting neigh_suppress attribute to a member port of a bridge
daveset
force-pushed
the
sync-fork-with-upstream
branch
from
348e0e3 to
a4fcbb7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.