From 3848cae7aef11e84c167811ab8598f06527a1f60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 03:27:01 +0000 Subject: [PATCH] build(deps): bump github.com/cilium/cilium in /backend Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.17.0 to 1.17.2. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.17.2/CHANGELOG.md) - [Commits](https://github.com/cilium/cilium/compare/1.17.0...1.17.2) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- backend/go.mod | 6 +-- backend/go.sum | 12 ++--- .../vendor/github.com/cilium/cilium/AUTHORS | 14 +++++- .../cilium/cilium/api/v1/flow/flow.pb.go | 14 +++--- .../cilium/api/v1/observer/observer.pb.go | 14 +++--- .../cilium/cilium/api/v1/relay/relay.pb.go | 14 +++--- .../cilium/cilium/pkg/defaults/defaults.go | 7 +++ .../pkg/k8s/apis/cilium.io/utils/utils.go | 8 ++- .../cilium/cilium/pkg/option/config.go | 8 +++ .../github.com/cilium/statedb/part/txn.go | 41 +++++++++++++--- .../vishvananda/netlink/addr_linux.go | 15 +++--- .../vishvananda/netlink/conntrack_linux.go | 23 ++++++--- .../github.com/vishvananda/netlink/filter.go | 29 +++++++++++ .../vishvananda/netlink/filter_linux.go | 49 ++++++++++++++++++- .../github.com/vishvananda/netlink/link.go | 2 + .../vishvananda/netlink/link_linux.go | 10 +++- .../netlink/nl/parse_attr_linux.go | 2 +- .../vishvananda/netlink/nl/tc_linux.go | 40 ++++++++++++++- .../vishvananda/netlink/socket_linux.go | 2 +- backend/vendor/modules.txt | 6 +-- 20 files changed, 252 insertions(+), 64 deletions(-) diff --git a/backend/go.mod b/backend/go.mod index 95d4e7868..66eb51f81 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -3,7 +3,7 @@ module github.com/cilium/hubble-ui/backend go 1.23.5 require ( - github.com/cilium/cilium v1.17.0 + github.com/cilium/cilium v1.17.2 github.com/google/gops v0.3.28 github.com/grpc-ecosystem/grpc-gateway v1.16.0 github.com/julienschmidt/httprouter v1.3.0 @@ -27,7 +27,7 @@ require ( github.com/cilium/ebpf v0.17.1 // indirect github.com/cilium/hive v0.0.0-20250206110837-3a9e5694e24a // indirect github.com/cilium/proxy v0.0.0-20250211021819-e85e926b0fa4 // indirect - github.com/cilium/statedb v0.3.5 // indirect + github.com/cilium/statedb v0.3.6 // indirect github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect @@ -86,7 +86,7 @@ require ( github.com/spf13/viper v1.19.0 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 // indirect + github.com/vishvananda/netlink v1.3.1-0.20250221194427-0af32151e72b // indirect github.com/vishvananda/netns v0.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect go.mongodb.org/mongo-driver v1.17.2 // indirect diff --git a/backend/go.sum b/backend/go.sum index 49aca49e7..faf8c0dfd 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -19,16 +19,16 @@ github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMr github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cilium/cilium v1.17.0 h1:WeR71cqrGN0nvn0QEzerGYHiKAYhs77QaXeOUU7UQUI= -github.com/cilium/cilium v1.17.0/go.mod h1:RPlqqedvumcC6VKrDI0fsJ+O1NWWFXQo1Fx3BhtnjFQ= +github.com/cilium/cilium v1.17.2 h1:hMahLKho06pzcAk8X+Co7jXhhwrj79rkTsy5FFehr8Q= +github.com/cilium/cilium v1.17.2/go.mod h1:BMwiENNHcSrSsx59fmzyu9V5pBKzav8bWawiA2PcA7U= github.com/cilium/ebpf v0.17.1 h1:G8mzU81R2JA1nE5/8SRubzqvBMmAmri2VL8BIZPWvV0= github.com/cilium/ebpf v0.17.1/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= github.com/cilium/hive v0.0.0-20250206110837-3a9e5694e24a h1:DwaztYsKPNCHMCsfaSp8+ul29m2TxyV69TLxcIyBHAA= github.com/cilium/hive v0.0.0-20250206110837-3a9e5694e24a/go.mod h1:pI2GJ1n3SLKIQVFrKF7W6A6gb6BQkZ+3Hp4PAEo5SuI= github.com/cilium/proxy v0.0.0-20250211021819-e85e926b0fa4 h1:uyqYfVR95wP8EtdUZcUqylRfMT7NmiI4WyQtFOdUl6o= github.com/cilium/proxy v0.0.0-20250211021819-e85e926b0fa4/go.mod h1:WcTUEfsCIVY9uvjRLUvl0G+G7RiK5BfOVdg/LknXMpk= -github.com/cilium/statedb v0.3.5 h1:/lN7noYjC+JP6+fII7dhUNRS2FuLrlE0CtNOtuBtI9c= -github.com/cilium/statedb v0.3.5/go.mod h1:n2lNVxi8vz5Up1Y1rRD++aQP2izQA932fUwTkedKSV0= +github.com/cilium/statedb v0.3.6 h1:dGwzZTJgVWlnG7io0Wl0XsI7ULsz2TbNqH8Ag+dP6is= +github.com/cilium/statedb v0.3.6/go.mod h1:n2lNVxi8vz5Up1Y1rRD++aQP2izQA932fUwTkedKSV0= github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 h1:f+CgYUy2YyZ2EX31QSqf3vwFiJJQSAMIQLn4d3QQYno= github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744/go.mod h1:/e83AwqvNKpyg4n3C41qmnmj1x2G9DwzI+jb7GkF4lI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= @@ -232,8 +232,8 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 h1:9fkQcQYvtTr9ayFXuMfDMVuDt4+BYG9FwsGLnrBde0M= -github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= +github.com/vishvananda/netlink v1.3.1-0.20250221194427-0af32151e72b h1:hYWtmuzlR0jpWu+ljWfPMi7oNiZ9x/D3GbBqgZTOhyI= +github.com/vishvananda/netlink v1.3.1-0.20250221194427-0af32151e72b/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= diff --git a/backend/vendor/github.com/cilium/cilium/AUTHORS b/backend/vendor/github.com/cilium/cilium/AUTHORS index ab4d345a1..7d3b23c5f 100644 --- a/backend/vendor/github.com/cilium/cilium/AUTHORS +++ b/backend/vendor/github.com/cilium/cilium/AUTHORS @@ -92,6 +92,7 @@ Archer Wu archerwu9425@icloud.com Ardika Bagus me@ardikabs.com Arika Chen eaglesora@gmail.com Arkadiusz Kaliwoda (akaliwod) akaliwod@cisco.com +Arlan Lloyd arlanlloyd@gmail.com Arnaud Meukam ameukam@gmail.com Arseniy Belorukov a.belorukov@team.bumble.com Artem Tokarev enjoy1288@gmail.com @@ -169,6 +170,7 @@ Chris Bannister c.bannister@gmail.com Chris Tarazi chris@isovalent.com Christian Hörtnagl christian2@univie.ac.at Christian Hüning christian.huening@finleap.com +Christian Mergenthaler christian.mergenthaler@firebolt.io Christine Chen christine.chen@datadoghq.com Christine Kim xtineskim@gmail.com Christophe Jauffret christophe.jauffret@nutanix.com @@ -235,6 +237,7 @@ David Wolffberg 1350533+wolffberg@users.noreply.github.c Dawn lx1960753013@gmail.com dddddai dddwq@foxmail.com Dean 22192242+saintdle@users.noreply.github.com +Dee Kryvenko dee@selfcloud.tech Deepesha Burse deepesha.3007@gmail.com Deepesh Pathak deepshpathak@gmail.com Denis GERMAIN dgermain@deezer.com @@ -266,6 +269,7 @@ Donia Chaiehloudj donia.cld@isovalent.com Donnie McMahan jmcmaha1@gmail.com Dorde Lapcevic dordel@google.com Duffie Cooley dcooley@isovalent.com +Dustin Specker dustin.specker@goteleport.com dwalker-sabiogroup 100362969+dwalker-sabiogroup@users.noreply.github.com Dylan Reimerink dylan.reimerink@isovalent.com egoust ustinov16@gmail.com @@ -405,6 +409,7 @@ Jean-Benoit Paux 9682558+jbpaux@users.noreply.github.com Jean Raby jean@raby.sh Jed Salazar jedsalazar@gmail.com Jef Spaleta jspaleta@gmail.com +Jeremy Bopp jeremy@bopp.net Jerry J. Muzsik jerrymuzsik@icloud.com Jesse Haka haka.jesse@gmail.com Jess Frazelle acidburn@microsoft.com @@ -466,6 +471,7 @@ Jun Chen answer1991.chen@gmail.com Junli Ou oujunli306@gmail.com Jussi Maki jussi@isovalent.com Jussi Mäki jussi.maki@isovalent.com +justin0u0 mail@justin0u0.com kachi-bits 76791974+kachi-bits@users.noreply.github.com Kaczyniec kaczynska@google.com kahirokunn okinakahiro@gmail.com @@ -536,6 +542,7 @@ Maciej Skrocki maciejskrocki@google.com Madhu Challa madhu@cilium.io Madhusudan.C.S madhusudancs@gmail.com Mahadev Panchal mahadev.panchal@benisontech.com +Mahdi Ben Zinouba benzinoubamahdi@gmail.com MaiReo sawako.saki@gmail.com Mais mai.saleh@siemens.com Maksym Lushpenko iviakciivi@gmail.com @@ -660,6 +667,7 @@ Nitish Malhotra nitishm@microsoft.com Nitish Tiwari nitish@parseable.io Noel Georgi git@frezbo.dev nrnrk noriki6t@gmail.com +nueavv nuguni@kakao.com nuwa nuwa@yannis.codes nxyt lolnoxy@gmail.com Odin Ugedal ougedal@palantir.com @@ -757,9 +765,10 @@ Richard Lavoie richard.lavoie@logmein.com Richard Tweed RichardoC@users.noreply.github.com Ricky Ho horicky78@gmail.com Rio Kierkels riokierkels@gmail.com +Ritwik Ranjan ritwikranjan@microsoft.com Robin Elfrink robin@15augustus.nl Robin Gögge r.goegge@gmail.com -Robin Hahling robin.hahling@gw-computing.net +Robin Hahling code@hahling.ch Rob Scott robertjscott@google.com Rocky Chen 40374064+rockc2020@users.noreply.github.com Rodrigo Chacon rochacon@gmail.com @@ -884,6 +893,7 @@ Tobias Kohlbau tobias@kohlbau.de Tobias Mose mosetobias@gmail.com Tomas Leypold tomas@leypold.cz Tom Hadlaw tom.hadlaw@isovalent.com +Tommaso Pozzetti tommypozzetti@hotmail.it Tommo Cowling 952241+tlcowling@users.noreply.github.com Tomoki Sugiura tomoki-sugiura@cybozu.co.jp Tomoya Fujita Tomoya.Fujita@sony.com @@ -953,12 +963,14 @@ xinwenqiang xinwenqiang@bytedance.com Xinyuan Zhang zhangxinyuan@google.com yanggang gang.yang@daocloud.io yanhongchang yanhongchang@100tal.com +Yannik Messerli yannik.messerli@gmail.com Yann ILAS yann.ilas@gmail.com Yash Shetty yashshetty@google.com Ye Sijun junnplus@gmail.com Yiannis Yiakoumis yiannis@selfienetworks.com Yingnan Zhang 342144303@qq.com yogesh1801 yogeshsingla481@gmail.com +Yohan Belléguic yohan.belleguic@arkea.com Yongkun Gui ygui@google.com Yosh de Vos yosh@elzorro.nl youhonglian honglian.you@daocloud.io diff --git a/backend/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go b/backend/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go index 8038657a7..7bec8314e 100644 --- a/backend/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go +++ b/backend/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.3 +// protoc-gen-go v1.36.5 // protoc v5.29.3 // source: flow/flow.proto @@ -17,6 +17,7 @@ import ( wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -4881,7 +4882,7 @@ func (x *FlowFilter_Experimental) GetCelExpression() []string { var File_flow_flow_proto protoreflect.FileDescriptor -var file_flow_flow_proto_rawDesc = []byte{ +var file_flow_flow_proto_rawDesc = string([]byte{ 0x0a, 0x0f, 0x66, 0x6c, 0x6f, 0x77, 0x2f, 0x66, 0x6c, 0x6f, 0x77, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, @@ -5793,16 +5794,16 @@ var file_flow_flow_proto_rawDesc = []byte{ 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x66, 0x6c, 0x6f, 0x77, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +}) var ( file_flow_flow_proto_rawDescOnce sync.Once - file_flow_flow_proto_rawDescData = file_flow_flow_proto_rawDesc + file_flow_flow_proto_rawDescData []byte ) func file_flow_flow_proto_rawDescGZIP() []byte { file_flow_flow_proto_rawDescOnce.Do(func() { - file_flow_flow_proto_rawDescData = protoimpl.X.CompressGZIP(file_flow_flow_proto_rawDescData) + file_flow_flow_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_flow_flow_proto_rawDesc), len(file_flow_flow_proto_rawDesc))) }) return file_flow_flow_proto_rawDescData } @@ -5984,7 +5985,7 @@ func file_flow_flow_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_flow_flow_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_flow_flow_proto_rawDesc), len(file_flow_flow_proto_rawDesc)), NumEnums: 15, NumMessages: 39, NumExtensions: 0, @@ -5996,7 +5997,6 @@ func file_flow_flow_proto_init() { MessageInfos: file_flow_flow_proto_msgTypes, }.Build() File_flow_flow_proto = out.File - file_flow_flow_proto_rawDesc = nil file_flow_flow_proto_goTypes = nil file_flow_flow_proto_depIdxs = nil } diff --git a/backend/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go b/backend/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go index d2bd54a84..698a809e9 100644 --- a/backend/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go +++ b/backend/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.3 +// protoc-gen-go v1.36.5 // protoc v5.29.3 // source: observer/observer.proto @@ -20,6 +20,7 @@ import ( wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -1725,7 +1726,7 @@ func (x *GetFlowsRequest_Experimental) GetFieldMask() *fieldmaskpb.FieldMask { var File_observer_observer_proto protoreflect.FileDescriptor -var file_observer_observer_proto_rawDesc = []byte{ +var file_observer_observer_proto_rawDesc = string([]byte{ 0x0a, 0x17, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, @@ -1955,16 +1956,16 @@ var file_observer_observer_proto_rawDesc = []byte{ 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x50, 0x04, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +}) var ( file_observer_observer_proto_rawDescOnce sync.Once - file_observer_observer_proto_rawDescData = file_observer_observer_proto_rawDesc + file_observer_observer_proto_rawDescData []byte ) func file_observer_observer_proto_rawDescGZIP() []byte { file_observer_observer_proto_rawDescOnce.Do(func() { - file_observer_observer_proto_rawDescData = protoimpl.X.CompressGZIP(file_observer_observer_proto_rawDescData) + file_observer_observer_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_observer_observer_proto_rawDesc), len(file_observer_observer_proto_rawDesc))) }) return file_observer_observer_proto_rawDescData } @@ -2073,7 +2074,7 @@ func file_observer_observer_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_observer_observer_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_observer_observer_proto_rawDesc), len(file_observer_observer_proto_rawDesc)), NumEnums: 0, NumMessages: 17, NumExtensions: 0, @@ -2084,7 +2085,6 @@ func file_observer_observer_proto_init() { MessageInfos: file_observer_observer_proto_msgTypes, }.Build() File_observer_observer_proto = out.File - file_observer_observer_proto_rawDesc = nil file_observer_observer_proto_goTypes = nil file_observer_observer_proto_depIdxs = nil } diff --git a/backend/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go b/backend/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go index abf656c07..3af74c961 100644 --- a/backend/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go +++ b/backend/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.3 +// protoc-gen-go v1.36.5 // protoc v5.29.3 // source: relay/relay.proto @@ -14,6 +14,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -157,7 +158,7 @@ func (x *NodeStatusEvent) GetMessage() string { var File_relay_relay_proto protoreflect.FileDescriptor -var file_relay_relay_proto_rawDesc = []byte{ +var file_relay_relay_proto_rawDesc = string([]byte{ 0x0a, 0x11, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x2f, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x22, 0x7f, 0x0a, 0x0f, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x33, 0x0a, @@ -178,16 +179,16 @@ var file_relay_relay_proto_rawDesc = []byte{ 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +}) var ( file_relay_relay_proto_rawDescOnce sync.Once - file_relay_relay_proto_rawDescData = file_relay_relay_proto_rawDesc + file_relay_relay_proto_rawDescData []byte ) func file_relay_relay_proto_rawDescGZIP() []byte { file_relay_relay_proto_rawDescOnce.Do(func() { - file_relay_relay_proto_rawDescData = protoimpl.X.CompressGZIP(file_relay_relay_proto_rawDescData) + file_relay_relay_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_relay_relay_proto_rawDesc), len(file_relay_relay_proto_rawDesc))) }) return file_relay_relay_proto_rawDescData } @@ -216,7 +217,7 @@ func file_relay_relay_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_relay_relay_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_relay_relay_proto_rawDesc), len(file_relay_relay_proto_rawDesc)), NumEnums: 1, NumMessages: 1, NumExtensions: 0, @@ -228,7 +229,6 @@ func file_relay_relay_proto_init() { MessageInfos: file_relay_relay_proto_msgTypes, }.Build() File_relay_relay_proto = out.File - file_relay_relay_proto_rawDesc = nil file_relay_relay_proto_goTypes = nil file_relay_relay_proto_depIdxs = nil } diff --git a/backend/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go b/backend/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go index e8032c231..6f67475ca 100644 --- a/backend/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go +++ b/backend/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go @@ -518,6 +518,10 @@ const ( // TunnelProtocol is the default tunneling protocol TunnelProtocol = "vxlan" + // TunnelSourcePortRange specifies the default tunnel source port range. Both + // zero means that we rely on the kernel driver defaults. + TunnelSourcePortRange = "0-0" + // ServiceNoBackendResponse is the default response for services without backends ServiceNoBackendResponse = "reject" @@ -559,6 +563,9 @@ const ( // EnableNodeSelectorLabels is the default value for option.EnableNodeSelectorLabels EnableNodeSelectorLabels = false + // BPFDistributedLRU enables per-CPU distributed backend memory + BPFDistributedLRU = false + // BPFEventsDropEnabled controls whether the Cilium datapath exposes "drop" events to Cilium monitor and Hubble. BPFEventsDropEnabled = true diff --git a/backend/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go b/backend/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go index b88ddedad..90227aa00 100644 --- a/backend/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go +++ b/backend/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go @@ -120,7 +120,9 @@ func parseToCiliumIngressCommonRule(namespace string, es api.EndpointSelector, i if ing.FromNodes != nil { retRule.FromNodes = make([]api.EndpointSelector, len(ing.FromNodes)) for j, node := range ing.FromNodes { - retRule.FromNodes[j] = api.NewESFromK8sLabelSelector("", node.LabelSelector) + es = api.NewESFromK8sLabelSelector("", node.LabelSelector) + es.AddMatchExpression(labels.LabelSourceReservedKeyPrefix+labels.IDNameRemoteNode, slim_metav1.LabelSelectorOpExists, []string{}) + retRule.FromNodes[j] = es } } @@ -239,7 +241,9 @@ func parseToCiliumEgressCommonRule(namespace string, es api.EndpointSelector, eg if egr.ToNodes != nil { retRule.ToNodes = make([]api.EndpointSelector, len(egr.ToNodes)) for j, node := range egr.ToNodes { - retRule.ToNodes[j] = api.NewESFromK8sLabelSelector("", node.LabelSelector) + es = api.NewESFromK8sLabelSelector("", node.LabelSelector) + es.AddMatchExpression(labels.LabelSourceReservedKeyPrefix+labels.IDNameRemoteNode, slim_metav1.LabelSelectorOpExists, []string{}) + retRule.ToNodes[j] = es } } diff --git a/backend/vendor/github.com/cilium/cilium/pkg/option/config.go b/backend/vendor/github.com/cilium/cilium/pkg/option/config.go index 8d76f8a41..9d2a64e5e 100644 --- a/backend/vendor/github.com/cilium/cilium/pkg/option/config.go +++ b/backend/vendor/github.com/cilium/cilium/pkg/option/config.go @@ -93,6 +93,9 @@ const ( // discovery. EnableL2NeighDiscovery = "enable-l2-neigh-discovery" + // BPFDistributedLRU enables per-CPU distributed backend memory + BPFDistributedLRU = "bpf-distributed-lru" + // BPFRoot is the Path to BPF filesystem BPFRoot = "bpf-root" @@ -2182,6 +2185,9 @@ type DaemonConfig struct { BPFMapEventBuffersValidator func(val string) (string, error) `json:"-"` bpfMapEventConfigs BPFEventBufferConfigs + // BPFDistributedLRU enables per-CPU distributed backend memory + BPFDistributedLRU bool + // BPFEventsDropEnabled controls whether the Cilium datapath exposes "drop" events to Cilium monitor and Hubble. BPFEventsDropEnabled bool @@ -2304,6 +2310,7 @@ var ( PolicyCIDRMatchMode: defaults.PolicyCIDRMatchMode, MaxConnectedClusters: defaults.MaxConnectedClusters, + BPFDistributedLRU: defaults.BPFDistributedLRU, BPFEventsDropEnabled: defaults.BPFEventsDropEnabled, BPFEventsPolicyVerdictEnabled: defaults.BPFEventsPolicyVerdictEnabled, BPFEventsTraceEnabled: defaults.BPFEventsTraceEnabled, @@ -2972,6 +2979,7 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) { c.EnablePMTUDiscovery = vp.GetBool(EnablePMTUDiscovery) c.IPv6NAT46x64CIDR = defaults.IPv6NAT46x64CIDR c.IPAMCiliumNodeUpdateRate = vp.GetDuration(IPAMCiliumNodeUpdateRate) + c.BPFDistributedLRU = vp.GetBool(BPFDistributedLRU) c.BPFEventsDropEnabled = vp.GetBool(BPFEventsDropEnabled) c.BPFEventsPolicyVerdictEnabled = vp.GetBool(BPFEventsPolicyVerdictEnabled) c.BPFEventsTraceEnabled = vp.GetBool(BPFEventsTraceEnabled) diff --git a/backend/vendor/github.com/cilium/statedb/part/txn.go b/backend/vendor/github.com/cilium/statedb/part/txn.go index 943ab23aa..cc417cd23 100644 --- a/backend/vendor/github.com/cilium/statedb/part/txn.go +++ b/backend/vendor/github.com/cilium/statedb/part/txn.go @@ -49,7 +49,15 @@ func (txn *Txn[T]) Clone() *Txn[T] { // Insert or update the tree with the given key and value. // Returns the old value if it exists. func (txn *Txn[T]) Insert(key []byte, value T) (old T, hadOld bool) { - old, hadOld, txn.root = txn.insert(txn.root, key, value) + old, hadOld, _ = txn.InsertWatch(key, value) + return +} + +// Insert or update the tree with the given key and value. +// Returns the old value if it exists and a watch channel that closes when the +// key changes again. +func (txn *Txn[T]) InsertWatch(key []byte, value T) (old T, hadOld bool, watch <-chan struct{}) { + old, hadOld, watch, txn.root = txn.insert(txn.root, key, value) if !hadOld { txn.size++ } @@ -61,7 +69,17 @@ func (txn *Txn[T]) Insert(key []byte, value T) (old T, hadOld bool) { // caller to not mutate the value in-place and to return a clone. // Returns the old value if it exists. func (txn *Txn[T]) Modify(key []byte, mod func(T) T) (old T, hadOld bool) { - old, hadOld, txn.root = txn.modify(txn.root, key, mod) + old, hadOld, _ = txn.ModifyWatch(key, mod) + return +} + +// Modify a value in the tree. If the key does not exist the modify +// function is called with the zero value for T. It is up to the +// caller to not mutate the value in-place and to return a clone. +// Returns the old value if it exists and a watch channel that closes +// when the key changes again. +func (txn *Txn[T]) ModifyWatch(key []byte, mod func(T) T) (old T, hadOld bool, watch <-chan struct{}) { + old, hadOld, watch, txn.root = txn.modify(txn.root, key, mod) if !hadOld { txn.size++ } @@ -166,11 +184,11 @@ func (txn *Txn[T]) cloneNode(n *header[T]) *header[T] { return n } -func (txn *Txn[T]) insert(root *header[T], key []byte, value T) (oldValue T, hadOld bool, newRoot *header[T]) { +func (txn *Txn[T]) insert(root *header[T], key []byte, value T) (oldValue T, hadOld bool, watch <-chan struct{}, newRoot *header[T]) { return txn.modify(root, key, func(_ T) T { return value }) } -func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue T, hadOld bool, newRoot *header[T]) { +func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue T, hadOld bool, watch <-chan struct{}, newRoot *header[T]) { fullKey := key this := root @@ -212,8 +230,10 @@ func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue this = txn.cloneNode(this) } var zero T - this.insert(idx, newLeaf(txn.opts, key, fullKey, mod(zero)).self()) + leaf := newLeaf(txn.opts, key, fullKey, mod(zero)) + this.insert(idx, leaf.self()) *thisp = this + watch = leaf.watch return } @@ -237,7 +257,9 @@ func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue hadOld = true this = txn.cloneNode(this) *thisp = this - this.getLeaf().value = mod(oldValue) + leaf := this.getLeaf() + leaf.value = mod(oldValue) + watch = leaf.watch } else { // Partially matching prefix. newNode := &node4[T]{ @@ -253,6 +275,7 @@ func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue key = key[len(common):] var zero T newLeaf := newLeaf(txn.opts, key, fullKey, mod(zero)) + watch = newLeaf.watch // Insert the two leaves into the node we created. If one has // a key that is a subset of the other, then we can insert them @@ -298,11 +321,14 @@ func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue hadOld = true leaf = txn.cloneNode(leaf.self()).getLeaf() leaf.value = mod(oldValue) + watch = leaf.watch this.setLeaf(leaf) } else { // Set the leaf var zero T - this.setLeaf(newLeaf(txn.opts, this.prefix, fullKey, mod(zero))) + leaf := newLeaf(txn.opts, this.prefix, fullKey, mod(zero)) + watch = leaf.watch + this.setLeaf(leaf) } default: @@ -316,6 +342,7 @@ func (txn *Txn[T]) modify(root *header[T], key []byte, mod func(T) T) (oldValue var zero T newLeaf := newLeaf(txn.opts, key, fullKey, mod(zero)) + watch = newLeaf.watch newNode := &node4[T]{ header: header[T]{prefix: common}, } diff --git a/backend/vendor/github.com/vishvananda/netlink/addr_linux.go b/backend/vendor/github.com/vishvananda/netlink/addr_linux.go index 9b49baf97..01c2306cb 100644 --- a/backend/vendor/github.com/vishvananda/netlink/addr_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/addr_linux.go @@ -18,6 +18,7 @@ import ( // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func AddrAdd(link Link, addr *Addr) error { return pkgHandle.AddrAdd(link, addr) } @@ -28,6 +29,7 @@ func AddrAdd(link Link, addr *Addr) error { // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func (h *Handle) AddrAdd(link Link, addr *Addr) error { req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK) return h.addrHandle(link, addr, req) @@ -39,6 +41,7 @@ func (h *Handle) AddrAdd(link Link, addr *Addr) error { // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func AddrReplace(link Link, addr *Addr) error { return pkgHandle.AddrReplace(link, addr) } @@ -49,6 +52,7 @@ func AddrReplace(link Link, addr *Addr) error { // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func (h *Handle) AddrReplace(link Link, addr *Addr) error { req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_REPLACE|unix.NLM_F_ACK) return h.addrHandle(link, addr, req) @@ -57,18 +61,13 @@ func (h *Handle) AddrReplace(link Link, addr *Addr) error { // AddrDel will delete an IP address from a link device. // // Equivalent to: `ip addr del $addr dev $link` -// -// If `addr` is an IPv4 address and the broadcast address is not given, it -// will be automatically computed based on the IP mask if /30 or larger. func AddrDel(link Link, addr *Addr) error { return pkgHandle.AddrDel(link, addr) } // AddrDel will delete an IP address from a link device. -// Equivalent to: `ip addr del $addr dev $link` // -// If `addr` is an IPv4 address and the broadcast address is not given, it -// will be automatically computed based on the IP mask if /30 or larger. +// Equivalent to: `ip addr del $addr dev $link` func (h *Handle) AddrDel(link Link, addr *Addr) error { req := h.newNetlinkRequest(unix.RTM_DELADDR, unix.NLM_F_ACK) return h.addrHandle(link, addr, req) @@ -142,6 +141,10 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error addr.Broadcast = calcBroadcast } + if net.IPv4zero.Equal(addr.Broadcast) { + addr.Broadcast = nil + } + if addr.Broadcast != nil { req.AddData(nl.NewRtAttr(unix.IFA_BROADCAST, addr.Broadcast)) } diff --git a/backend/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/backend/vendor/github.com/vishvananda/netlink/conntrack_linux.go index 69c5eca03..b3d354d75 100644 --- a/backend/vendor/github.com/vishvananda/netlink/conntrack_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/conntrack_linux.go @@ -5,8 +5,8 @@ import ( "encoding/binary" "errors" "fmt" + "io/fs" "net" - "strings" "time" "github.com/vishvananda/netlink/nl" @@ -159,13 +159,19 @@ func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFami // ConntrackDeleteFilters deletes entries on the specified table matching any of the specified filters using the netlink handle passed // conntrack -D [table] parameters Delete conntrack or expectation func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters ...CustomConntrackFilter) (uint, error) { + var finalErr error res, err := h.dumpConntrackTable(table, family) if err != nil { - return 0, err + if !errors.Is(err, ErrDumpInterrupted) { + return 0, err + } + // This allows us to at least do a best effort to try to clean the + // entries matching the filter. + finalErr = err } + var totalFilterErrors int var matched uint - var errMsgs []string for _, dataRaw := range res { flow := parseRawData(dataRaw) for _, filter := range filters { @@ -173,19 +179,20 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK) // skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already req2.AddRawData(dataRaw[4:]) - if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err == nil { + if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err == nil || errors.Is(err, fs.ErrNotExist) { matched++ // flow is already deleted, no need to match on other filters and continue to the next flow. break + } else { + totalFilterErrors++ } - errMsgs = append(errMsgs, fmt.Sprintf("failed to delete conntrack flow '%s': %s", flow.String(), err.Error())) } } } - if len(errMsgs) > 0 { - return matched, fmt.Errorf(strings.Join(errMsgs, "; ")) + if totalFilterErrors > 0 { + finalErr = errors.Join(finalErr, fmt.Errorf("failed to delete %d conntrack flows with %d filters", totalFilterErrors, len(filters))) } - return matched, nil + return matched, finalErr } func (h *Handle) newConntrackRequest(table ConntrackTableType, family InetFamily, operation, flags int) *nl.NetlinkRequest { diff --git a/backend/vendor/github.com/vishvananda/netlink/filter.go b/backend/vendor/github.com/vishvananda/netlink/filter.go index 84e1ca7a4..a722e0a27 100644 --- a/backend/vendor/github.com/vishvananda/netlink/filter.go +++ b/backend/vendor/github.com/vishvananda/netlink/filter.go @@ -231,6 +231,35 @@ func NewCsumAction() *CsumAction { } } +type VlanAct int8 + +type VlanAction struct { + ActionAttrs + Action VlanAct + VlanID uint16 +} + +const ( + TCA_VLAN_ACT_POP VlanAct = 1 + TCA_VLAN_ACT_PUSH VlanAct = 2 +) + +func (action *VlanAction) Type() string { + return "vlan" +} + +func (action *VlanAction) Attrs() *ActionAttrs { + return &action.ActionAttrs +} + +func NewVlanAction() *VlanAction { + return &VlanAction{ + ActionAttrs: ActionAttrs{ + Action: TC_ACT_PIPE, + }, + } +} + type MirredAct uint8 func (a MirredAct) String() string { diff --git a/backend/vendor/github.com/vishvananda/netlink/filter_linux.go b/backend/vendor/github.com/vishvananda/netlink/filter_linux.go index 19306612e..404e50d52 100644 --- a/backend/vendor/github.com/vishvananda/netlink/filter_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/filter_linux.go @@ -65,6 +65,9 @@ type Flower struct { EncSrcIPMask net.IPMask EncDestPort uint16 EncKeyId uint32 + SrcMac net.HardwareAddr + DestMac net.HardwareAddr + VlanId uint16 SkipHw bool SkipSw bool IPProto *nl.IPProto @@ -135,6 +138,15 @@ func (filter *Flower) encode(parent *nl.RtAttr) error { if filter.EncKeyId != 0 { parent.AddRtAttr(nl.TCA_FLOWER_KEY_ENC_KEY_ID, htonl(filter.EncKeyId)) } + if filter.SrcMac != nil { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_ETH_SRC, filter.SrcMac) + } + if filter.DestMac != nil { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_ETH_DST, filter.DestMac) + } + if filter.VlanId != 0 { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_VLAN_ID, nl.Uint16Attr(filter.VlanId)) + } if filter.IPProto != nil { ipproto := *filter.IPProto parent.AddRtAttr(nl.TCA_FLOWER_KEY_IP_PROTO, ipproto.Serialize()) @@ -201,6 +213,13 @@ func (filter *Flower) decode(data []syscall.NetlinkRouteAttr) error { filter.EncDestPort = ntohs(datum.Value) case nl.TCA_FLOWER_KEY_ENC_KEY_ID: filter.EncKeyId = ntohl(datum.Value) + case nl.TCA_FLOWER_KEY_ETH_SRC: + filter.SrcMac = datum.Value + case nl.TCA_FLOWER_KEY_ETH_DST: + filter.DestMac = datum.Value + case nl.TCA_FLOWER_KEY_VLAN_ID: + filter.VlanId = native.Uint16(datum.Value[0:2]) + filter.EthType = unix.ETH_P_8021Q case nl.TCA_FLOWER_KEY_IP_PROTO: val := new(nl.IPProto) *val = nl.IPProto(datum.Value[0]) @@ -622,6 +641,22 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error { } toTcGen(action.Attrs(), &mirred.TcGen) aopts.AddRtAttr(nl.TCA_MIRRED_PARMS, mirred.Serialize()) + case *VlanAction: + table := attr.AddRtAttr(tabIndex, nil) + tabIndex++ + table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("vlan")) + aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil) + vlan := nl.TcVlan{ + Action: int32(action.Action), + } + toTcGen(action.Attrs(), &vlan.TcGen) + aopts.AddRtAttr(nl.TCA_VLAN_PARMS, vlan.Serialize()) + if action.Action == TCA_VLAN_ACT_PUSH && action.VlanID == 0 { + return fmt.Errorf("vlan id is required for push action") + } + if action.VlanID != 0 { + aopts.AddRtAttr(nl.TCA_VLAN_PUSH_VLAN_ID, nl.Uint16Attr(action.VlanID)) + } case *TunnelKeyAction: table := attr.AddRtAttr(tabIndex, nil) tabIndex++ @@ -792,6 +827,8 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) { action = &CsumAction{} case "gact": action = &GenericAction{} + case "vlan": + action = &VlanAction{} case "tunnel_key": action = &TunnelKeyAction{} case "skbedit": @@ -822,7 +859,17 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) { tcTs := nl.DeserializeTcf(adatum.Value) actionTimestamp = toTimeStamp(tcTs) } - + case "vlan": + switch adatum.Attr.Type { + case nl.TCA_VLAN_PARMS: + vlan := *nl.DeserializeTcVlan(adatum.Value) + action.(*VlanAction).ActionAttrs = ActionAttrs{} + toAttrs(&vlan.TcGen, action.Attrs()) + action.(*VlanAction).Action = VlanAct(vlan.Action) + case nl.TCA_VLAN_PUSH_VLAN_ID: + vlanId := native.Uint16(adatum.Value[0:2]) + action.(*VlanAction).VlanID = vlanId + } case "tunnel_key": switch adatum.Attr.Type { case nl.TCA_TUNNEL_KEY_PARMS: diff --git a/backend/vendor/github.com/vishvananda/netlink/link.go b/backend/vendor/github.com/vishvananda/netlink/link.go index e09a6cfe5..cccf5d792 100644 --- a/backend/vendor/github.com/vishvananda/netlink/link.go +++ b/backend/vendor/github.com/vishvananda/netlink/link.go @@ -56,6 +56,8 @@ type LinkAttrs struct { Vfs []VfInfo // virtual functions available on link Group uint32 PermHWAddr net.HardwareAddr + ParentDev string + ParentDevBus string Slave LinkSlave } diff --git a/backend/vendor/github.com/vishvananda/netlink/link_linux.go b/backend/vendor/github.com/vishvananda/netlink/link_linux.go index 52491c580..14dea5966 100644 --- a/backend/vendor/github.com/vishvananda/netlink/link_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/link_linux.go @@ -2263,6 +2263,10 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) { break } } + case unix.IFLA_PARENT_DEV_NAME: + base.ParentDev = string(attr.Value[:len(attr.Value)-1]) + case unix.IFLA_PARENT_DEV_BUS_NAME: + base.ParentDevBus = string(attr.Value[:len(attr.Value)-1]) } } @@ -2817,7 +2821,7 @@ func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) { case nl.IFLA_VXLAN_PORT_RANGE: buf := bytes.NewBuffer(datum.Value[0:4]) var pr vxlanPortRange - if binary.Read(buf, binary.BigEndian, &pr) != nil { + if binary.Read(buf, binary.BigEndian, &pr) == nil { vxlan.PortLow = int(pr.Lo) vxlan.PortHigh = int(pr.Hi) } @@ -3041,7 +3045,6 @@ func parseMacvlanData(link Link, data []syscall.NetlinkRouteAttr) { } } -// copied from pkg/net_linux.go func linkFlags(rawFlags uint32) net.Flags { var f net.Flags if rawFlags&unix.IFF_UP != 0 { @@ -3059,6 +3062,9 @@ func linkFlags(rawFlags uint32) net.Flags { if rawFlags&unix.IFF_MULTICAST != 0 { f |= net.FlagMulticast } + if rawFlags&unix.IFF_RUNNING != 0 { + f |= net.FlagRunning + } return f } diff --git a/backend/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go b/backend/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go index 7f49125cf..8ee0428db 100644 --- a/backend/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go @@ -17,7 +17,7 @@ func ParseAttributes(data []byte) <-chan Attribute { go func() { i := 0 - for i+4 < len(data) { + for i+4 <= len(data) { length := int(native.Uint16(data[i : i+2])) attrType := native.Uint16(data[i+2 : i+4]) diff --git a/backend/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/backend/vendor/github.com/vishvananda/netlink/nl/tc_linux.go index 0720729a9..b8f500792 100644 --- a/backend/vendor/github.com/vishvananda/netlink/nl/tc_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/nl/tc_linux.go @@ -115,6 +115,7 @@ const ( SizeofTcConnmark = SizeofTcGen + 0x04 SizeofTcCsum = SizeofTcGen + 0x04 SizeofTcMirred = SizeofTcGen + 0x08 + SizeofTcVlan = SizeofTcGen + 0x04 SizeofTcTunnelKey = SizeofTcGen + 0x04 SizeofTcSkbEdit = SizeofTcGen SizeofTcPolice = 2*SizeofTcRateSpec + 0x20 @@ -816,6 +817,41 @@ func (x *TcMirred) Serialize() []byte { return (*(*[SizeofTcMirred]byte)(unsafe.Pointer(x)))[:] } +const ( + TCA_VLAN_UNSPEC = iota + TCA_VLAN_TM + TCA_VLAN_PARMS + TCA_VLAN_PUSH_VLAN_ID + TCA_VLAN_PUSH_VLAN_PROTOCOL + TCA_VLAN_PAD + TCA_VLAN_PUSH_VLAN_PRIORITY + TCA_VLAN_PUSH_ETH_DST + TCA_VLAN_PUSH_ETH_SRC + TCA_VLAN_MAX +) + +//struct tc_vlan { +// tc_gen; +// int v_action; +//}; + +type TcVlan struct { + TcGen + Action int32 +} + +func (msg *TcVlan) Len() int { + return SizeofTcVlan +} + +func DeserializeTcVlan(b []byte) *TcVlan { + return (*TcVlan)(unsafe.Pointer(&b[0:SizeofTcVlan][0])) +} + +func (x *TcVlan) Serialize() []byte { + return (*(*[SizeofTcVlan]byte)(unsafe.Pointer(x)))[:] +} + const ( TCA_TUNNEL_KEY_UNSPEC = iota TCA_TUNNEL_KEY_TM @@ -1239,8 +1275,8 @@ const ( ) // /* TCA_PEDIT_KEY_EX_HDR_TYPE_NETWROK is a special case for legacy users. It -// * means no specific header type - offset is relative to the network layer -// */ +// - means no specific header type - offset is relative to the network layer +// */ type PeditHeaderType uint16 const ( diff --git a/backend/vendor/github.com/vishvananda/netlink/socket_linux.go b/backend/vendor/github.com/vishvananda/netlink/socket_linux.go index 82891bc2e..ebda532a8 100644 --- a/backend/vendor/github.com/vishvananda/netlink/socket_linux.go +++ b/backend/vendor/github.com/vishvananda/netlink/socket_linux.go @@ -500,7 +500,7 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { var attrs []syscall.NetlinkRouteAttr var err error - if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil { + if attrs, err = nl.ParseRouteAttr(msg[sizeofUnixSocket:]); err != nil { return false } diff --git a/backend/vendor/modules.txt b/backend/vendor/modules.txt index e15fa9174..60c9f9599 100644 --- a/backend/vendor/modules.txt +++ b/backend/vendor/modules.txt @@ -16,7 +16,7 @@ github.com/blang/semver/v4 # github.com/cespare/xxhash/v2 v2.3.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/cilium/cilium v1.17.0 +# github.com/cilium/cilium v1.17.2 ## explicit; go 1.23.0 github.com/cilium/cilium/api/v1/client github.com/cilium/cilium/api/v1/client/bgp @@ -135,7 +135,7 @@ github.com/cilium/hive/script/internal/diff # github.com/cilium/proxy v0.0.0-20250211021819-e85e926b0fa4 ## explicit; go 1.23 github.com/cilium/proxy/pkg/policy/api/kafka -# github.com/cilium/statedb v0.3.5 +# github.com/cilium/statedb v0.3.6 ## explicit; go 1.23 github.com/cilium/statedb/index github.com/cilium/statedb/part @@ -434,7 +434,7 @@ github.com/stoewer/go-strcase # github.com/subosito/gotenv v1.6.0 ## explicit; go 1.18 github.com/subosito/gotenv -# github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 +# github.com/vishvananda/netlink v1.3.1-0.20250221194427-0af32151e72b ## explicit; go 1.12 github.com/vishvananda/netlink github.com/vishvananda/netlink/nl