Add the following devlink port attributes:
PortNumber: the physical port number
PfNumber: the PF number
VfNumber: the VF number (index)
SfNumber: the SF number (index)
ControllerNumber: the controller number
External: if set, indicates external controller
Signed-off-by: adrianc <adrianc@nvidia.com>
The SEG6 route test was failing on newer kernels:
* Using loopback (`lo`) for SRv6 inline routes no longer preserves the
`encap seg6` attribute. Switched to a dummy device (`dummy0`) to ensure
SRv6 routes are accepted.
* Removed the artificial `::` SID from the inline segment list, which
caused the kernel to drop the SRH.
* Added cleanup to delete the dummy device after the test.
* Updated route checks to use `RouteListFiltered` with `RT_FILTER_OIF|RT_FILTER_DST`
since modern kernels add extra auto-routes (e.g., fe80::/64), which broke
the naive `len(routes) == 1` assertion.
These changes make `TestSEG6RouteAddDel` stable across recent kernels while
still validating both INLINE (IPv6) and ENCAP (IPv4) SRv6 routes.
This change ensures that the necessary netfilter hooks are in place for
conntrack tests to run reliably. Previously, the tests would fail in
environments where the host's firewall was not configured to accept
conntrack traffic.
This change introduces a new function, `ensureCtHooksInThisNS`, that
uses `iptables` or `nftables` to install the necessary hooks. This
function is called from `nsCreateAndEnter`, so all tests that use this
function will have a properly configured netns.
This change also removes the `CI` environment variable check from the
tests, as they are now expected to pass in CI environments.
The TestLinkXdp test was observed to be flaky in CI environments.
The failure occurred because the test expects the second call to
LinkSetXdpFdWithFlags with the XDP_FLAGS_UPDATE_IF_NOEXIST flag
to fail with EBUSY, indicating that an XDP program is already
attached.
Due to a race condition, the kernel had not always completed the
attachment from the first LinkSetXdpFd call before the second call
was made. This caused the second call to succeed (returning a nil
error) when it should have failed. The test logic correctly
interpreted this unexpected success as a failure, but logged the
nil error, leading to confusing output.
This commit resolves the flakiness by introducing a retry loop
with a short delay. The test now attempts the second call multiple
times, giving the kernel sufficient time to update the link's XDP
state. This ensures that the test reliably checks for the EBUSY
error as intended.
- Added IP6tnlEncap processing
- Added proper IP6tnlEncap.ID assignment
- Enabled handling of IP6tnlEncap.TC and IP6tnlEncap.FLAGS for serialization support
IFLA_NETKIT_HEADROOM and IFLA_NETKIT_TAILROOM attributes were added to
upstream kernel 6.14, allowing Netkit devices to be configured with
appropriate headroom/tailroom space to accommodate additional headers,
packet length changes and so forth.
Signed-off-by: Alasdair McWilliam <alasdair.mcwilliam@isovalent.com>
Refactors test setup and teardown logic to use `t.Cleanup` instead
of `defer`. This ensures that cleanup functions are correctly scoped
to each subtest's lifecycle, improving test isolation and reliability.
The `setUpNetlinkTest` helper function is also improved to correctly
save and restore the original network namespace, ensuring that tests
do not leak state.
To support this, a `Close()` method that returns an error is added to
the `Handle` struct, allowing for proper cleanup of underlying netlink
sockets. The test helpers are updated to use this new method,
preventing resource leaks between tests.
Additionally, a bug in the `netns` tests is fixed where a large
namespace ID could overflow a 32-bit integer, causing spurious
failures on some systems.
Refactors the TestRuleListFiltered test to run each subtest in its
own network namespace. This prevents state leakage between subtests,
resolving intermittent test failures caused by rules created in one
test interfering with subsequent tests.
The test logic for verifying all rules is also simplified by moving
the rule listing into the setup phase for that specific test case,
removing conditional logic from the main test loop.
Fixes: #1108
Introduces a configuration flag to disable Virtual Function polling,
providing users with control over polling behavior for performance
optimization scenarios.
Fixes: #1097
Signed-off-by: pasteley <ceasebeing@gmail.com>
Skip TestSocketXDPGetInfo rather than failing it when the user lacks
permissions to create AF_XDP sockets.
This allows to run the full test suite as an unprivileged user again.
When `func (h *Handle) filterModify(...)` handles an `U32` filter, it also corrects the endiannes for the `Mask` and `Val` in the filter's `Sel.Keys`. For this it creates a new Keys slice and copies the values from the old one. This new slice is created with an incorrect size, likely the intention was to specify its capacity, but instead the size is specified.
The old code happens to work correctly in practice when the number of keys is a power of 2. Otherwise empty (match all) keys are added to the end to make the number a power of 2.
This commit fixes the issue. It was well tested, here's an excerpt:
- Create a U32 filter with 5 Keys. The content of keys is irrelevant, only the number matters.
- Print the filter back with `tc filter show ...`.
The old behaviour:
```
filter parent ffff: protocol all pref 49150 u32 chain 0 fh 800::601 order 1537 key ht 800 bkt 0 *flowid :1 not_in_hw
match 40000000/60000000 at 0
match 07010723/ffffffff at 24
match 07450767/ffffffff at 28
match 07890733/ffffffff at 32
match 07420801/ffe00000 at 36
match 00000000/00000000 at 0
match 00000000/00000000 at 0
match 00000000/00000000 at 0
```
The last 3 entries were added by netlink.
New behaviour:
```
filter parent ffff: protocol all pref 49150 u32 chain 0 fh 800::801 order 2049 key ht 800 bkt 0 flowid :1 not_in_hw
match 60000000/f0000000 at 0
match 07010723/ffffffff at 24
match 07450767/ffffffff at 28
match 07890733/ffffffff at 32
match 07400000/ffe00000 at 36
```
Add support for geneve feature to specify source port range, see
kernel commits:
- e1f95b1992b8 ("geneve: Allow users to specify source port range")
- 5a41a00cd5d5 ("geneve, specs: Add port range to rt_link specification")
This is exactly equivalent on what is done in case of vxlan today.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This requirement limits the usefulness of labels (given the total label
length can only be 15 characters).
Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
Some calls were already using it, some were not, but fix the remaining
ones.
Without this flag, the file descriptor would to the child process after
fork/exec.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Introduce AddQueues and RemoveQueues methods for attaching and detaching
queue file descriptors to an existing TUN/TAP interface in multi-queue mode.
This enables controlled testing of disabled queues and fine-grained queue
management without relying on interface recreation.
Signed-off-by: Ivan Tsvetkov <ivanfromearth@gmail.com>
On Linux, Netlink provides NDA_CACHEINFO which carries timestamps about
when ARP/ND was updated, used, and confirmed.
Expose these fields in the Neigh type
The `RouteGetWithOptions` function currently has a `Oif` option which
gets translated from link name to link index via a `LinkByName` call.
This adds unnecessary overhead when the link index is already known.
This commit adds a new `OifIndex` option to `RouteGetWithOptions` which
can be specified instead of `Oif` to skip the internal link index
translation.
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
