Add support for the expires option of ip route

1. fix rule test failed when rule add slow.

disable broadcast if broadcast is set to net.IPv4zero

remove comments about broadcast when deleting address

remove another comment about broadcast auto calculation

.github/workflows: Bump CI Go version to v1.22

Update the Go version we test against to Go v1.22 which is currently the
oldest version still receiving security updates.

Signed-off-by: Dylan Reimerink <[email protected]>

1. filter match support vlanId and srcMac, dstMac.
2. filter action support vlan pop/push.

link_linux: Add deserialization of `IFF_RUNNING` flag

Add deserialization of the `IFF_RUNNING` link flag which translates to
`net.FlagRunning`.

Signed-off-by: Dylan Reimerink <[email protected]>

Preserve results when NLM_F_DUMP_INTR is set

Similar to #1018, but for
ConntrackDeleteFilters()

Relates to kubernetes/kubernetes#129562

Add IFLA_PARENT_DEV_NAME / IFLA_PARENT_DEV_BUS_NAME to links

These attributes are supported since kernel v5.14 (see [1]). Here's
what iproute2 shows:

```
$ ip -d link show eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    ... parentbus virtio parentdev virtio0
```

[1]: torvalds/linux@00e77ed

Signed-off-by: Albin Kerouanton <[email protected]>

conntrack: prevent potential memory leak

Currently, the ConntrackDeleteFilters captures all flow entries
it fails to delete and reports them as errors. This behavior
can potentially lead to memory leaks in high-traffic systems,
where thousands of conntrack flow entries are cleared in a single
batch. With this commit, instead of returning all the un-deleted
flow entries, we now return a single error message for all of them.

Signed-off-by: Daman Arora <[email protected]>

Fix parsing 4-bytes attribute

What if the data length of attribute is 4? The attribute will be ignored,
because `i+4 < len(data)`.

Signed-off-by: Leon Hwang <[email protected]>

fix: Use correct offset for unix socket diagnosis

Signed-off-by: Sven Rebhan <[email protected]>

vxlan: Fix parseVxlanData for source port range

binary.Read() != nil check means error case, so the vxlan.Port{Low,High}
are never populated. Fix the check.

Signed-off-by: Daniel Borkmann <[email protected]>

netkit: Allow setting MAC address in L2 mode

Signed-off-by: Jordan Rife <[email protected]>

Add support for MTU Lock

When adding a route with "mtu lock <mtu>" path MTU discovery (PMTUD)
will not be tried and packets will be sent without DF bit set. Upon
receiving an ICMP needs frag due to PMTUD, the kernel will not install a
cached route and lower the MTU.

Signed-off-by: Tim Rozet <[email protected]>

pedit: Fix EncodeActions to add TcGen for pedit action

TcGen was missing in pedit action and the kernel cannont correctly process pedit action.

Signed-off-by: Chen Tang <[email protected]>

go.mod: github.com/vishvananda/netns v0.0.5

- Adding file path for nerdctl and finch

full diff: vishvananda/netns@v0.0.4...v0.0.5

Signed-off-by: Sebastiaan van Stijn <[email protected]>

Add `OifIndex` option for `RouteGetWithOptions`

The `RouteGetWithOptions` function currently has a `Oif` option which
gets translated from link name to link index via a `LinkByName` call.
This adds unnecessary overhead when the link index is already known.

This commit adds a new `OifIndex` option to `RouteGetWithOptions` which
can be specified instead of `Oif` to skip the internal link index
translation.

Signed-off-by: Dylan Reimerink <[email protected]>

Support "sample" filter action

This change adds support for packet sampling using "psample" kernel
module.

Added PCPU and SA fields to XfrmState

Add support for ARP/ND Timestamps when retriving neighbors

On Linux, Netlink provides NDA_CACHEINFO which carries timestamps about
when ARP/ND was updated, used, and confirmed.

Expose these fields in the Neigh type

tuntap: parse additional netlink attributes for flags and queues

Signed-off-by: Ivan Tsvetkov <[email protected]>

tuntap: add support for dynamically managing multi-queue FDs

Introduce AddQueues and RemoveQueues methods for attaching and detaching
queue file descriptors to an existing TUN/TAP interface in multi-queue mode.
This enables controlled testing of disabled queues and fine-grained queue
management without relying on interface recreation.

Signed-off-by: Ivan Tsvetkov <[email protected]>

add SRv6 support for END.DT4

fix: add missing CLOEXEC flag

Some calls were already using it, some were not, but fix the remaining
ones.

Without this flag, the file descriptor would to the child process after
fork/exec.

Signed-off-by: Andrey Smirnov <[email protected]>

tests: Improve address unit test infrastructure

Signed-off-by: [email protected] <[email protected]>

addr_linux: don't require label to be prefixed with interface name

This requirement limits the usefulness of labels (given the total label
length can only be 15 characters).

Signed-off-by: Julian Wiedmann <[email protected]>

feat: add IFLA_INET6_ADDR_GEN_MODE support

geneve: Support setting/getting source port range

Add support for geneve feature to specify source port range, see
kernel commits:

- e1f95b1992b8 ("geneve: Allow users to specify source port range")
- 5a41a00cd5d5 ("geneve, specs: Add port range to rt_link specification")

This is exactly equivalent on what is done in case of vxlan today.

Signed-off-by: Daniel Borkmann <[email protected]>

feat: add support for RtoMin lock

veth: allow configuring peer attributes beyond namespace and address

Signed-off-by: Gwendolyn <[email protected]>

qdisc: fix wrong type info of tc_sfq_qopt

Mimic `ipset` C code for determining correct default ipset revision

Signed-off-by: Benjamin Leggett <[email protected]>

bugfix: parse ipv4 src/dst error

rdma: support rdma metrics: resource and statistic

Signed-off-by: bingshen.wbs <[email protected]>

feat: add vlanid - tunnelid mapping support

filter: add classid and port range support for flower

vlan: add support for flags and qos maps

Signed-off-by: Gwendolyn <[email protected]>

Add support for the `expires` option of `ip route`

Author: jrife

route.go

@@ -45,7 +45,18 @@ type Encap interface {
 	Equal(Encap) bool
 }
 
-// Protocol describe what was the originator of the route
+type RouteCacheInfo struct {
+	Users   uint32
+	Age     uint32
+	Expires int32
+	Error   uint32
+	Used    uint32
+	Id      uint32
+	Ts      uint32
+	Tsage   uint32
+}
+
+//Protocol describe what was the originator of the route
 type RouteProtocol int
 
 // Route represents a netlink route.
@@ -87,6 +98,8 @@ type Route struct {
 	QuickACK         int
 	Congctl          string
 	FastOpenNoCookie int
+	Expires          int
+	CacheInfo        *RouteCacheInfo
 }
 
 func (r Route) String() string {
@@ -117,6 +130,9 @@ func (r Route) String() string {
 	elems = append(elems, fmt.Sprintf("Flags: %s", r.ListFlags()))
 	elems = append(elems, fmt.Sprintf("Table: %d", r.Table))
 	elems = append(elems, fmt.Sprintf("Realm: %d", r.Realm))
+	if r.Expires != 0 {
+		elems = append(elems, fmt.Sprintf("Expires: %dsec", r.Expires))
+	}
 	return fmt.Sprintf("{%s}", strings.Join(elems, " "))
 }
 

route_linux.go

@@ -1086,6 +1086,12 @@ func (h *Handle) prepareRouteReq(route *Route, req *nl.NetlinkRequest, msg *nl.R
 		msg.Type = uint8(route.Type)
 	}
 
+	if route.Expires > 0 {
+		b := make([]byte, 4)
+		native.PutUint32(b, uint32(route.Expires))
+		rtAttrs = append(rtAttrs, nl.NewRtAttr(unix.RTA_EXPIRES, b))
+	}
+
 	var metrics []*nl.RtAttr
 	if route.MTU > 0 {
 		b := nl.Uint32Attr(uint32(route.MTU))
@@ -1320,6 +1326,25 @@ func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uin
 	return executeErr
 }
 
+// deserializeRouteCacheInfo decodes a RTA_CACHEINFO attribute into a RouteCacheInfo struct
+func deserializeRouteCacheInfo(b []byte) (*RouteCacheInfo, error) {
+	if len(b) != 32 {
+		return nil, unix.EINVAL
+	}
+
+	e := nl.NativeEndian()
+	return &RouteCacheInfo{
+		e.Uint32(b),
+		e.Uint32(b[4:]),
+		int32(e.Uint32(b[8:])),
+		e.Uint32(b[12:]),
+		e.Uint32(b[16:]),
+		e.Uint32(b[20:]),
+		e.Uint32(b[24:]),
+		e.Uint32(b[28:]),
+	}, nil
+}
+
 // deserializeRoute decodes a binary netlink message into a Route struct
 func deserializeRoute(m []byte) (Route, error) {
 	msg := nl.DeserializeRtMsg(m)
@@ -1363,6 +1388,12 @@ func deserializeRoute(m []byte) (Route, error) {
 			route.ILinkIndex = int(native.Uint32(attr.Value[0:4]))
 		case unix.RTA_PRIORITY:
 			route.Priority = int(native.Uint32(attr.Value[0:4]))
+		case unix.RTA_CACHEINFO:
+			route.CacheInfo, err = deserializeRouteCacheInfo(attr.Value)
+			if err != nil {
+				return route, err
+			}
+			route.Expires = int(route.CacheInfo.Expires) / 100
 		case unix.RTA_FLOW:
 			route.Realm = int(native.Uint32(attr.Value[0:4]))
 		case unix.RTA_TABLE:

route_test.go

@@ -192,7 +192,7 @@ func TestRoute6AddDel(t *testing.T) {
 		IP:   net.ParseIP("2001:db8::0"),
 		Mask: net.CIDRMask(64, 128),
 	}
-	route := Route{LinkIndex: link.Attrs().Index, Dst: dst}
+	route := Route{LinkIndex: link.Attrs().Index, Dst: dst, Expires: 10}
 	if err := RouteAdd(&route); err != nil {
 		t.Fatal(err)
 	}
@@ -204,6 +204,25 @@ func TestRoute6AddDel(t *testing.T) {
 		t.Fatal("Route not added properly")
 	}
 
+	// route expiry is supported by kernel 4.4+
+	k, m, err := KernelVersion()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if k > 4 || (k == 4 && m > 4) {
+		foundExpires := false
+		for _, route := range routes {
+			if route.Dst.IP.Equal(dst.IP) {
+				if route.Expires > 0 && route.Expires <= 10 {
+					foundExpires = true
+				}
+			}
+		}
+		if !foundExpires {
+			t.Fatal("Route 'expires' not set")
+		}
+	}
+
 	dstIP := net.ParseIP("2001:db8::1")
 	routeToDstIP, err := RouteGet(dstIP)
 	if err != nil {