mirror of
https://github.com/rancher/plugins.git
synced 2025-09-17 09:44:15 +00:00
Adrian Moisey
committed by
Casey Callendrello
Casey Callendrello
parent
35831f3d23
commit
dcf43557ef
43
vendor/github.com/vishvananda/netlink/conntrack_linux.go
generated
vendored
43
vendor/github.com/vishvananda/netlink/conntrack_linux.go
generated
vendored
@@ -5,6 +5,7 @@ import (
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"net"
|
||||
"time"
|
||||
|
||||
@@ -44,6 +45,9 @@ type InetFamily uint8
|
||||
|
||||
// ConntrackTableList returns the flow list of a table of a specific family
|
||||
// conntrack -L [table] [options] List conntrack or expectation table
|
||||
//
|
||||
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
|
||||
// or incomplete.
|
||||
func ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) {
|
||||
return pkgHandle.ConntrackTableList(table, family)
|
||||
}
|
||||
@@ -70,7 +74,7 @@ func ConntrackUpdate(table ConntrackTableType, family InetFamily, flow *Conntrac
|
||||
// ConntrackDeleteFilter deletes entries on the specified table on the base of the filter
|
||||
// conntrack -D [table] parameters Delete conntrack or expectation
|
||||
//
|
||||
// Deprecated: use [ConntrackDeleteFilter] instead.
|
||||
// Deprecated: use [ConntrackDeleteFilters] instead.
|
||||
func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error) {
|
||||
return pkgHandle.ConntrackDeleteFilters(table, family, filter)
|
||||
}
|
||||
@@ -83,10 +87,13 @@ func ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters
|
||||
|
||||
// ConntrackTableList returns the flow list of a table of a specific family using the netlink handle passed
|
||||
// conntrack -L [table] [options] List conntrack or expectation table
|
||||
//
|
||||
// If the returned error is [ErrDumpInterrupted], results may be inconsistent
|
||||
// or incomplete.
|
||||
func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) {
|
||||
res, err := h.dumpConntrackTable(table, family)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
res, executeErr := h.dumpConntrackTable(table, family)
|
||||
if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
|
||||
return nil, executeErr
|
||||
}
|
||||
|
||||
// Deserialize all the flows
|
||||
@@ -95,7 +102,7 @@ func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily)
|
||||
result = append(result, parseRawData(dataRaw))
|
||||
}
|
||||
|
||||
return result, nil
|
||||
return result, executeErr
|
||||
}
|
||||
|
||||
// ConntrackTableFlush flushes all the flows of a specified table using the netlink handle passed
|
||||
@@ -152,11 +159,18 @@ func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFami
|
||||
// ConntrackDeleteFilters deletes entries on the specified table matching any of the specified filters using the netlink handle passed
|
||||
// conntrack -D [table] parameters Delete conntrack or expectation
|
||||
func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters ...CustomConntrackFilter) (uint, error) {
|
||||
var finalErr error
|
||||
res, err := h.dumpConntrackTable(table, family)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
if !errors.Is(err, ErrDumpInterrupted) {
|
||||
return 0, err
|
||||
}
|
||||
// This allows us to at least do a best effort to try to clean the
|
||||
// entries matching the filter.
|
||||
finalErr = err
|
||||
}
|
||||
|
||||
var totalFilterErrors int
|
||||
var matched uint
|
||||
for _, dataRaw := range res {
|
||||
flow := parseRawData(dataRaw)
|
||||
@@ -165,15 +179,20 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam
|
||||
req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK)
|
||||
// skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already
|
||||
req2.AddRawData(dataRaw[4:])
|
||||
req2.Execute(unix.NETLINK_NETFILTER, 0)
|
||||
matched++
|
||||
// flow is already deleted, no need to match on other filters and continue to the next flow.
|
||||
break
|
||||
if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err == nil || errors.Is(err, fs.ErrNotExist) {
|
||||
matched++
|
||||
// flow is already deleted, no need to match on other filters and continue to the next flow.
|
||||
break
|
||||
} else {
|
||||
totalFilterErrors++
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return matched, nil
|
||||
if totalFilterErrors > 0 {
|
||||
finalErr = errors.Join(finalErr, fmt.Errorf("failed to delete %d conntrack flows with %d filters", totalFilterErrors, len(filters)))
|
||||
}
|
||||
return matched, finalErr
|
||||
}
|
||||
|
||||
func (h *Handle) newConntrackRequest(table ConntrackTableType, family InetFamily, operation, flags int) *nl.NetlinkRequest {
|
||||
|
||||
Reference in New Issue
Block a user