Refactors test setup and teardown logic to use `t.Cleanup` instead
of `defer`. This ensures that cleanup functions are correctly scoped
to each subtest's lifecycle, improving test isolation and reliability.
The `setUpNetlinkTest` helper function is also improved to correctly
save and restore the original network namespace, ensuring that tests
do not leak state.
To support this, a `Close()` method that returns an error is added to
the `Handle` struct, allowing for proper cleanup of underlying netlink
sockets. The test helpers are updated to use this new method,
preventing resource leaks between tests.
Additionally, a bug in the `netns` tests is fixed where a large
namespace ID could overflow a 32-bit integer, causing spurious
failures on some systems.
ConntrackDeleteFilters enables users to delete flow entries
that match any of the specified filters. This allows users
to delete multiple flow entries with a single dump table call.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
- Also refactored setUpNetlinkTestWithKModule function to reduce redundant NS's created and checks made.
- Add conntrack protoinfo TCP support + groundwork for other protocols.
- Tests to cover the above.
This PR adds support for filtering flows
based on conntrack labels. It adds two
filters `ConntrackMatchLabels` &&
`ConntackUnmatchLabels` through which user can
provide a list of labels as type "bytes" which
will then be compared to flow.Labels to see if
any matches were found.
ConntrackMatchLabels: Every label passed should
be contained in flow.Labels for a match to be true
ConntrackUmmatchLabels: Every label passed should
not be contained in the flow.Labels for a match to
be true
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Add a new method to the ConntrackFilter to be able to
filter conntrack entries by Layer 4 protocol and source
and destination port.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
Today the filter implementation implements
only ip matching for src,dst,reply src,reply dst.
Updating the comments on the filter to reflect that
more clearly and deprecate confusing constants
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Removed extra pointer not needed in AddIP
Updated tests
Removed the use of io.SeekCurrent and defined it as a const
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Added tests for:
Table FLUSH
Table GET
Table DELETE with filter
Filter match
Use a simple UDP client to create flows into the conntrack for testing purpose
Each test will run in a separate network namespace so can run in parallel
Added kernel module dependencies into the travis file
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
