go.mod github.com/Microsoft/hcsshim v0.8.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor/github.com/Microsoft/hcsshim/hcn/hcn.go

@@ -3,11 +3,10 @@
 package hcn
 
 import (
-	"encoding/json"
 	"fmt"
 	"syscall"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 )
 
 //go:generate go run ../mksyscall_windows.go -output zsyscall_windows.go hcn.go
@@ -55,11 +54,14 @@ import (
 //sys hcnDeleteLoadBalancer(id *_guid, result **uint16) (hr error) = computenetwork.HcnDeleteLoadBalancer?
 //sys hcnCloseLoadBalancer(loadBalancer hcnLoadBalancer) (hr error) = computenetwork.HcnCloseLoadBalancer?
 
-// Service
-//sys hcnOpenService(service *hcnService, result **uint16) (hr error) = computenetwork.HcnOpenService?
-//sys hcnRegisterServiceCallback(service hcnService, callback int32, context int32, callbackHandle *hcnCallbackHandle) (hr error) = computenetwork.HcnRegisterServiceCallback?
-//sys hcnUnregisterServiceCallback(callbackHandle hcnCallbackHandle) (hr error) = computenetwork.HcnUnregisterServiceCallback?
-//sys hcnCloseService(service hcnService) (hr error) = computenetwork.HcnCloseService?
+// SDN Routes
+//sys hcnEnumerateRoutes(query string, routes **uint16, result **uint16) (hr error) = computenetwork.HcnEnumerateSdnRoutes?
+//sys hcnCreateRoute(id *_guid, settings string, route *hcnRoute, result **uint16) (hr error) = computenetwork.HcnCreateSdnRoute?
+//sys hcnOpenRoute(id *_guid, route *hcnRoute, result **uint16) (hr error) = computenetwork.HcnOpenSdnRoute?
+//sys hcnModifyRoute(route hcnRoute, settings string, result **uint16) (hr error) = computenetwork.HcnModifySdnRoute?
+//sys hcnQueryRouteProperties(route hcnRoute, query string, properties **uint16, result **uint16) (hr error) = computenetwork.HcnQuerySdnRouteProperties?
+//sys hcnDeleteRoute(id *_guid, result **uint16) (hr error) = computenetwork.HcnDeleteSdnRoute?
+//sys hcnCloseRoute(route hcnRoute) (hr error) = computenetwork.HcnCloseSdnRoute?
 
 type _guid = guid.GUID
 
@@ -67,8 +69,7 @@ type hcnNetwork syscall.Handle
 type hcnEndpoint syscall.Handle
 type hcnNamespace syscall.Handle
 type hcnLoadBalancer syscall.Handle
-type hcnService syscall.Handle
-type hcnCallbackHandle syscall.Handle
+type hcnRoute syscall.Handle
 
 // SchemaVersion for HCN Objects/Queries.
 type SchemaVersion = Version // hcnglobals.go
@@ -91,6 +92,20 @@ type HostComputeQuery struct {
 	Filter        string                `json:",omitempty"`
 }
 
+type ExtraParams struct {
+	Resources        interface{} `json:",omitempty"`
+	SharedContainers interface{} `json:",omitempty"`
+	LayeredOn        string      `json:",omitempty"`
+	SwitchGuid       string      `json:",omitempty"`
+	UtilityVM        string      `json:",omitempty"`
+	VirtualMachine   string      `json:",omitempty"`
+}
+
+type Health struct {
+	Data  interface{} `json:",omitempty"`
+	Extra ExtraParams `json:",omitempty"`
+}
+
 // defaultQuery generates HCN Query.
 // Passed into get/enumerate calls to filter results.
 func defaultQuery() HostComputeQuery {
@@ -104,15 +119,6 @@ func defaultQuery() HostComputeQuery {
 	return query
 }
 
-func defaultQueryJson() string {
-	query := defaultQuery()
-	queryJson, err := json.Marshal(query)
-	if err != nil {
-		return ""
-	}
-	return string(queryJson)
-}
-
 // PlatformDoesNotSupportError happens when users are attempting to use a newer shim on an older OS
 func platformDoesNotSupportError(featureName string) error {
 	return fmt.Errorf("Platform does not support feature %s", featureName)
@@ -161,6 +167,78 @@ func DSRSupported() error {
 	return platformDoesNotSupportError("Direct Server Return (DSR)")
 }
 
+// Slash32EndpointPrefixesSupported returns an error if the HCN version does not support configuring endpoints with /32 prefixes.
+func Slash32EndpointPrefixesSupported() error {
+	supported := GetSupportedFeatures()
+	if supported.Slash32EndpointPrefixes {
+		return nil
+	}
+	return platformDoesNotSupportError("Slash 32 Endpoint prefixes")
+}
+
+// AclSupportForProtocol252Supported returns an error if the HCN version does not support HNS ACL Policies to support protocol 252 for VXLAN.
+func AclSupportForProtocol252Supported() error {
+	supported := GetSupportedFeatures()
+	if supported.AclSupportForProtocol252 {
+		return nil
+	}
+	return platformDoesNotSupportError("HNS ACL Policies to support protocol 252 for VXLAN")
+}
+
+// SessionAffinitySupported returns an error if the HCN version does not support Session Affinity.
+func SessionAffinitySupported() error {
+	supported := GetSupportedFeatures()
+	if supported.SessionAffinity {
+		return nil
+	}
+	return platformDoesNotSupportError("Session Affinity")
+}
+
+// IPv6DualStackSupported returns an error if the HCN version does not support IPv6DualStack.
+func IPv6DualStackSupported() error {
+	supported := GetSupportedFeatures()
+	if supported.IPv6DualStack {
+		return nil
+	}
+	return platformDoesNotSupportError("IPv6 DualStack")
+}
+
+//L4proxySupported returns an error if the HCN verison does not support L4Proxy
+func L4proxyPolicySupported() error {
+	supported := GetSupportedFeatures()
+	if supported.L4Proxy {
+		return nil
+	}
+	return platformDoesNotSupportError("L4ProxyPolicy")
+}
+
+// L4WfpProxySupported returns an error if the HCN verison does not support L4WfpProxy
+func L4WfpProxyPolicySupported() error {
+	supported := GetSupportedFeatures()
+	if supported.L4WfpProxy {
+		return nil
+	}
+	return platformDoesNotSupportError("L4WfpProxyPolicy")
+}
+
+// SetPolicySupported returns an error if the HCN version does not support SetPolicy.
+func SetPolicySupported() error {
+	supported := GetSupportedFeatures()
+	if supported.SetPolicy {
+		return nil
+	}
+	return platformDoesNotSupportError("SetPolicy")
+}
+
+// VxlanPortSupported returns an error if the HCN version does not support configuring the VXLAN TCP port.
+func VxlanPortSupported() error {
+	supported := GetSupportedFeatures()
+	if supported.VxlanPort {
+		return nil
+	}
+	return platformDoesNotSupportError("VXLAN port configuration")
+}
+
 // RequestType are the different operations performed to settings.
 // Used to update the settings of Endpoint/Namespace objects.
 type RequestType string

vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go

@@ -2,8 +2,9 @@ package hcn
 
 import (
 	"encoding/json"
+	"errors"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/sirupsen/logrus"
 )
@@ -121,7 +122,10 @@ func enumerateEndpoints(query string) ([]HostComputeEndpoint, error) {
 }
 
 func createEndpoint(networkId string, endpointSettings string) (*HostComputeEndpoint, error) {
-	networkGuid := guid.FromString(networkId)
+	networkGuid, err := guid.FromString(networkId)
+	if err != nil {
+		return nil, errInvalidNetworkID
+	}
 	// Open network.
 	var networkHandle hcnNetwork
 	var resultBuffer *uint16
@@ -167,7 +171,10 @@ func createEndpoint(networkId string, endpointSettings string) (*HostComputeEndp
 }
 
 func modifyEndpoint(endpointId string, settings string) (*HostComputeEndpoint, error) {
-	endpointGuid := guid.FromString(endpointId)
+	endpointGuid, err := guid.FromString(endpointId)
+	if err != nil {
+		return nil, errInvalidEndpointID
+	}
 	// Open endpoint
 	var (
 		endpointHandle   hcnEndpoint
@@ -208,7 +215,10 @@ func modifyEndpoint(endpointId string, settings string) (*HostComputeEndpoint, e
 }
 
 func deleteEndpoint(endpointId string) error {
-	endpointGuid := guid.FromString(endpointId)
+	endpointGuid, err := guid.FromString(endpointId)
+	if err != nil {
+		return errInvalidEndpointID
+	}
 	var resultBuffer *uint16
 	hr := hcnDeleteEndpoint(&endpointGuid, &resultBuffer)
 	if err := checkForErrors("hcnDeleteEndpoint", hr, resultBuffer); err != nil {
@@ -299,6 +309,10 @@ func GetEndpointByName(endpointName string) (*HostComputeEndpoint, error) {
 func (endpoint *HostComputeEndpoint) Create() (*HostComputeEndpoint, error) {
 	logrus.Debugf("hcn::HostComputeEndpoint::Create id=%s", endpoint.Id)
 
+	if endpoint.HostComputeNamespace != "" {
+		return nil, errors.New("endpoint create error, endpoint json HostComputeNamespace is read only and should not be set")
+	}
+
 	jsonString, err := json.Marshal(endpoint)
 	if err != nil {
 		return nil, err
@@ -339,7 +353,7 @@ func ModifyEndpointSettings(endpointId string, request *ModifyEndpointSettingReq
 }
 
 // ApplyPolicy applies a Policy (ex: ACL) on the Endpoint.
-func (endpoint *HostComputeEndpoint) ApplyPolicy(endpointPolicy PolicyEndpointRequest) error {
+func (endpoint *HostComputeEndpoint) ApplyPolicy(requestType RequestType, endpointPolicy PolicyEndpointRequest) error {
 	logrus.Debugf("hcn::HostComputeEndpoint::ApplyPolicy id=%s", endpoint.Id)
 
 	settingsJson, err := json.Marshal(endpointPolicy)
@@ -348,7 +362,7 @@ func (endpoint *HostComputeEndpoint) ApplyPolicy(endpointPolicy PolicyEndpointRe
 	}
 	requestMessage := &ModifyEndpointSettingRequest{
 		ResourceType: EndpointResourceTypePolicy,
-		RequestType:  RequestTypeUpdate,
+		RequestType:  requestType,
 		Settings:     settingsJson,
 	}
 

vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go

@@ -3,13 +3,23 @@
 package hcn
 
 import (
+	"errors"
 	"fmt"
 
+	"github.com/Microsoft/hcsshim/internal/hcs"
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/sirupsen/logrus"
 )
 
+var (
+	errInvalidNetworkID      = errors.New("invalid network ID")
+	errInvalidEndpointID     = errors.New("invalid endpoint ID")
+	errInvalidNamespaceID    = errors.New("invalid namespace ID")
+	errInvalidLoadBalancerID = errors.New("invalid load balancer ID")
+	errInvalidRouteID        = errors.New("invalid route ID")
+)
+
 func checkForErrors(methodName string, hr error, resultBuffer *uint16) error {
 	errorFound := false
 
@@ -26,7 +36,7 @@ func checkForErrors(methodName string, hr error, resultBuffer *uint16) error {
 	}
 
 	if errorFound {
-		returnError := hcserror.New(hr, methodName, result)
+		returnError := new(hr, methodName, result)
 		logrus.Debugf(returnError.Error()) // HCN errors logged for debugging.
 		return returnError
 	}
@@ -34,6 +44,52 @@ func checkForErrors(methodName string, hr error, resultBuffer *uint16) error {
 	return nil
 }
 
+type ErrorCode uint32
+
+// For common errors, define the error as it is in windows, so we can quickly determine it later
+const (
+	ERROR_NOT_FOUND                     = 0x490
+	HCN_E_PORT_ALREADY_EXISTS ErrorCode = 0x803b0013
+)
+
+type HcnError struct {
+	*hcserror.HcsError
+	code ErrorCode
+}
+
+func (e *HcnError) Error() string {
+	return e.HcsError.Error()
+}
+
+func CheckErrorWithCode(err error, code ErrorCode) bool {
+	hcnError, ok := err.(*HcnError)
+	if ok {
+		return hcnError.code == code
+	}
+	return false
+}
+
+func IsElementNotFoundError(err error) bool {
+	return CheckErrorWithCode(err, ERROR_NOT_FOUND)
+}
+
+func IsPortAlreadyExistsError(err error) bool {
+	return CheckErrorWithCode(err, HCN_E_PORT_ALREADY_EXISTS)
+}
+
+func new(hr error, title string, rest string) error {
+	err := &HcnError{}
+	hcsError := hcserror.New(hr, title, rest)
+	err.HcsError = hcsError.(*hcserror.HcsError)
+	err.code = ErrorCode(hcserror.Win32FromError(hr))
+	return err
+}
+
+//
+// Note that the below errors are not errors returned by hcn itself
+// we wish to seperate them as they are shim usage error
+//
+
 // NetworkNotFoundError results from a failed seach for a network by Id or Name
 type NetworkNotFoundError struct {
 	NetworkName string
@@ -41,10 +97,10 @@ type NetworkNotFoundError struct {
 }
 
 func (e NetworkNotFoundError) Error() string {
-	if e.NetworkName == "" {
-		return fmt.Sprintf("Network Name %s not found", e.NetworkName)
+	if e.NetworkName != "" {
+		return fmt.Sprintf("Network name %q not found", e.NetworkName)
 	}
-	return fmt.Sprintf("Network Id %s not found", e.NetworkID)
+	return fmt.Sprintf("Network ID %q not found", e.NetworkID)
 }
 
 // EndpointNotFoundError results from a failed seach for an endpoint by Id or Name
@@ -54,10 +110,10 @@ type EndpointNotFoundError struct {
 }
 
 func (e EndpointNotFoundError) Error() string {
-	if e.EndpointName == "" {
-		return fmt.Sprintf("Endpoint Name %s not found", e.EndpointName)
+	if e.EndpointName != "" {
+		return fmt.Sprintf("Endpoint name %q not found", e.EndpointName)
 	}
-	return fmt.Sprintf("Endpoint Id %s not found", e.EndpointID)
+	return fmt.Sprintf("Endpoint ID %q not found", e.EndpointID)
 }
 
 // NamespaceNotFoundError results from a failed seach for a namsepace by Id
@@ -66,7 +122,7 @@ type NamespaceNotFoundError struct {
 }
 
 func (e NamespaceNotFoundError) Error() string {
-	return fmt.Sprintf("Namespace %s not found", e.NamespaceID)
+	return fmt.Sprintf("Namespace ID %q not found", e.NamespaceID)
 }
 
 // LoadBalancerNotFoundError results from a failed seach for a loadbalancer by Id
@@ -75,13 +131,22 @@ type LoadBalancerNotFoundError struct {
 }
 
 func (e LoadBalancerNotFoundError) Error() string {
-	return fmt.Sprintf("LoadBalancer %s not found", e.LoadBalancerId)
+	return fmt.Sprintf("LoadBalancer %q not found", e.LoadBalancerId)
+}
+
+// RouteNotFoundError results from a failed seach for a route by Id
+type RouteNotFoundError struct {
+	RouteId string
+}
+
+func (e RouteNotFoundError) Error() string {
+	return fmt.Sprintf("SDN Route %q not found", e.RouteId)
 }
 
 // IsNotFoundError returns a boolean indicating whether the error was caused by
 // a resource not being found.
 func IsNotFoundError(err error) bool {
-	switch err.(type) {
+	switch pe := err.(type) {
 	case NetworkNotFoundError:
 		return true
 	case EndpointNotFoundError:
@@ -90,6 +155,10 @@ func IsNotFoundError(err error) bool {
 		return true
 	case LoadBalancerNotFoundError:
 		return true
+	case RouteNotFoundError:
+		return true
+	case *hcserror.HcsError:
+		return pe.Err == hcs.ErrElementNotFound
 	}
 	return false
 }

vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go

@@ -3,6 +3,7 @@ package hcn
 import (
 	"encoding/json"
 	"fmt"
+	"math"
 
 	"github.com/Microsoft/hcsshim/internal/hcserror"
 	"github.com/Microsoft/hcsshim/internal/interop"
@@ -20,17 +21,59 @@ type Version struct {
 	Minor int `json:"Minor"`
 }
 
+type VersionRange struct {
+	MinVersion Version
+	MaxVersion Version
+}
+
+type VersionRanges []VersionRange
+
 var (
 	// HNSVersion1803 added ACL functionality.
-	HNSVersion1803 = Version{Major: 7, Minor: 2}
+	HNSVersion1803 = VersionRanges{VersionRange{MinVersion: Version{Major: 7, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
 	// V2ApiSupport allows the use of V2 Api calls and V2 Schema.
-	V2ApiSupport = Version{Major: 9, Minor: 1}
+	V2ApiSupport = VersionRanges{VersionRange{MinVersion: Version{Major: 9, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
 	// Remote Subnet allows for Remote Subnet policies on Overlay networks
-	RemoteSubnetVersion = Version{Major: 9, Minor: 2}
+	RemoteSubnetVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 9, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
 	// A Host Route policy allows for local container to local host communication Overlay networks
-	HostRouteVersion = Version{Major: 9, Minor: 2}
-	// HNS 10.2 allows for Direct Server Return for loadbalancing
-	DSRVersion = Version{Major: 10, Minor: 2}
+	HostRouteVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 9, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
+	// HNS 9.3 through 10.0 (not included), and 10.2+ allows for Direct Server Return for loadbalancing
+	DSRVersion = VersionRanges{
+		VersionRange{MinVersion: Version{Major: 9, Minor: 3}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 10, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
+	}
+	// HNS 9.3 through 10.0 (not included) and, 10.4+ provide support for configuring endpoints with /32 prefixes
+	Slash32EndpointPrefixesVersion = VersionRanges{
+		VersionRange{MinVersion: Version{Major: 9, Minor: 3}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 10, Minor: 4}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
+	}
+	// HNS 9.3 through 10.0 (not included) and, 10.4+ allow for HNS ACL Policies to support protocol 252 for VXLAN
+	AclSupportForProtocol252Version = VersionRanges{
+		VersionRange{MinVersion: Version{Major: 11, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
+	}
+	// HNS 12.0 allows for session affinity for loadbalancing
+	SessionAffinityVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 12, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
+	// HNS 10.5 through 11 (not included) and 12.0+ supports Ipv6 dual stack.
+	IPv6DualStackVersion = VersionRanges{
+		VersionRange{MinVersion: Version{Major: 10, Minor: 5}, MaxVersion: Version{Major: 10, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 12, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
+	}
+	// HNS 13.0 allows for Set Policy support
+	SetPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
+	// HNS 10.3 allows for VXLAN ports
+	VxlanPortVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 10, Minor: 3}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
+
+	//HNS 9.5 through 10.0(not included), 10.5 through 11.0(not included), 11.11 through 12.0(not included), 12.1 through 13.0(not included), 13.1+ allows for Network L4Proxy Policy support
+	L4ProxyPolicyVersion = VersionRanges{
+		VersionRange{MinVersion: Version{Major: 9, Minor: 5}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 10, Minor: 5}, MaxVersion: Version{Major: 10, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 11, Minor: 11}, MaxVersion: Version{Major: 11, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 12, Minor: 1}, MaxVersion: Version{Major: 12, Minor: math.MaxInt32}},
+		VersionRange{MinVersion: Version{Major: 13, Minor: 1}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
+	}
+
+	//HNS 13.2 allows for L4WfpProxy Policy support
+	L4WfpProxyPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
 )
 
 // GetGlobals returns the global properties of the HCN Service.

vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go

@@ -3,17 +3,18 @@ package hcn
 import (
 	"encoding/json"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/sirupsen/logrus"
 )
 
 // LoadBalancerPortMapping is associated with HostComputeLoadBalancer
 type LoadBalancerPortMapping struct {
-	Protocol     uint32                       `json:",omitempty"` // EX: TCP = 6, UDP = 17
-	InternalPort uint16                       `json:",omitempty"`
-	ExternalPort uint16                       `json:",omitempty"`
-	Flags        LoadBalancerPortMappingFlags `json:",omitempty"`
+	Protocol         uint32                       `json:",omitempty"` // EX: TCP = 6, UDP = 17
+	InternalPort     uint16                       `json:",omitempty"`
+	ExternalPort     uint16                       `json:",omitempty"`
+	DistributionType LoadBalancerDistribution     `json:",omitempty"` // EX: Distribute per connection = 0, distribute traffic of the same protocol per client IP = 1, distribute per client IP = 2
+	Flags            LoadBalancerPortMappingFlags `json:",omitempty"`
 }
 
 // HostComputeLoadBalancer represents software load balancer.
@@ -53,6 +54,18 @@ var (
 	LoadBalancerPortMappingFlagsPreserveDIP LoadBalancerPortMappingFlags = 8
 )
 
+// LoadBalancerDistribution specifies how the loadbalancer distributes traffic.
+type LoadBalancerDistribution uint32
+
+var (
+	// LoadBalancerDistributionNone is the default and loadbalances each connection to the same pod.
+	LoadBalancerDistributionNone LoadBalancerDistribution
+	// LoadBalancerDistributionSourceIPProtocol loadbalances all traffic of the same protocol from a client IP to the same pod.
+	LoadBalancerDistributionSourceIPProtocol LoadBalancerDistribution = 1
+	// LoadBalancerDistributionSourceIP loadbalances all traffic from a client IP to the same pod.
+	LoadBalancerDistributionSourceIP LoadBalancerDistribution = 2
+)
+
 func getLoadBalancer(loadBalancerGuid guid.GUID, query string) (*HostComputeLoadBalancer, error) {
 	// Open loadBalancer.
 	var (
@@ -147,49 +160,11 @@ func createLoadBalancer(settings string) (*HostComputeLoadBalancer, error) {
 	return &outputLoadBalancer, nil
 }
 
-func modifyLoadBalancer(loadBalancerId string, settings string) (*HostComputeLoadBalancer, error) {
-	loadBalancerGuid := guid.FromString(loadBalancerId)
-	// Open loadBalancer.
-	var (
-		loadBalancerHandle hcnLoadBalancer
-		resultBuffer       *uint16
-		propertiesBuffer   *uint16
-	)
-	hr := hcnOpenLoadBalancer(&loadBalancerGuid, &loadBalancerHandle, &resultBuffer)
-	if err := checkForErrors("hcnOpenLoadBalancer", hr, resultBuffer); err != nil {
-		return nil, err
-	}
-	// Modify loadBalancer.
-	hr = hcnModifyLoadBalancer(loadBalancerHandle, settings, &resultBuffer)
-	if err := checkForErrors("hcnModifyLoadBalancer", hr, resultBuffer); err != nil {
-		return nil, err
-	}
-	// Query loadBalancer.
-	hcnQuery := defaultQuery()
-	query, err := json.Marshal(hcnQuery)
-	if err != nil {
-		return nil, err
-	}
-	hr = hcnQueryLoadBalancerProperties(loadBalancerHandle, string(query), &propertiesBuffer, &resultBuffer)
-	if err := checkForErrors("hcnQueryLoadBalancerProperties", hr, resultBuffer); err != nil {
-		return nil, err
-	}
-	properties := interop.ConvertAndFreeCoTaskMemString(propertiesBuffer)
-	// Close loadBalancer.
-	hr = hcnCloseLoadBalancer(loadBalancerHandle)
-	if err := checkForErrors("hcnCloseLoadBalancer", hr, nil); err != nil {
-		return nil, err
-	}
-	// Convert output to LoadBalancer
-	var outputLoadBalancer HostComputeLoadBalancer
-	if err := json.Unmarshal([]byte(properties), &outputLoadBalancer); err != nil {
-		return nil, err
-	}
-	return &outputLoadBalancer, nil
-}
-
 func deleteLoadBalancer(loadBalancerId string) error {
-	loadBalancerGuid := guid.FromString(loadBalancerId)
+	loadBalancerGuid, err := guid.FromString(loadBalancerId)
+	if err != nil {
+		return errInvalidLoadBalancerID
+	}
 	var resultBuffer *uint16
 	hr := hcnDeleteLoadBalancer(&loadBalancerGuid, &resultBuffer)
 	if err := checkForErrors("hcnDeleteLoadBalancer", hr, resultBuffer); err != nil {

vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go

@@ -5,8 +5,8 @@ import (
 	"os"
 	"syscall"
 
+	"github.com/Microsoft/go-winio/pkg/guid"
 	icni "github.com/Microsoft/hcsshim/internal/cni"
-	"github.com/Microsoft/hcsshim/internal/guid"
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/Microsoft/hcsshim/internal/regstate"
 	"github.com/Microsoft/hcsshim/internal/runhcs"
@@ -165,7 +165,10 @@ func createNamespace(settings string) (*HostComputeNamespace, error) {
 }
 
 func modifyNamespace(namespaceId string, settings string) (*HostComputeNamespace, error) {
-	namespaceGuid := guid.FromString(namespaceId)
+	namespaceGuid, err := guid.FromString(namespaceId)
+	if err != nil {
+		return nil, errInvalidNamespaceID
+	}
 	// Open namespace.
 	var (
 		namespaceHandle  hcnNamespace
@@ -206,7 +209,10 @@ func modifyNamespace(namespaceId string, settings string) (*HostComputeNamespace
 }
 
 func deleteNamespace(namespaceId string) error {
-	namespaceGuid := guid.FromString(namespaceId)
+	namespaceGuid, err := guid.FromString(namespaceId)
+	if err != nil {
+		return errInvalidNamespaceID
+	}
 	var resultBuffer *uint16
 	hr := hcnDeleteNamespace(&namespaceGuid, &resultBuffer)
 	if err := checkForErrors("hcnDeleteNamespace", hr, resultBuffer); err != nil {
@@ -241,7 +247,23 @@ func ListNamespacesQuery(query HostComputeQuery) ([]HostComputeNamespace, error)
 
 // GetNamespaceByID returns the Namespace specified by Id.
 func GetNamespaceByID(namespaceId string) (*HostComputeNamespace, error) {
-	return getNamespace(guid.FromString(namespaceId), defaultQueryJson())
+	hcnQuery := defaultQuery()
+	mapA := map[string]string{"ID": namespaceId}
+	filter, err := json.Marshal(mapA)
+	if err != nil {
+		return nil, err
+	}
+	hcnQuery.Filter = string(filter)
+
+	namespaces, err := ListNamespacesQuery(hcnQuery)
+	if err != nil {
+		return nil, err
+	}
+	if len(namespaces) == 0 {
+		return nil, NamespaceNotFoundError{NamespaceID: namespaceId}
+	}
+
+	return &namespaces[0], err
 }
 
 // GetNamespaceEndpointIds returns the endpoints of the Namespace specified by Id.
@@ -356,7 +378,7 @@ func (namespace *HostComputeNamespace) Sync() error {
 		// The shim is likey gone. Simply ignore the sync as if it didn't exist.
 		if perr, ok := err.(*os.PathError); ok && perr.Err == syscall.ERROR_FILE_NOT_FOUND {
 			// Remove the reg key there is no point to try again
-			cfg.Remove()
+			_ = cfg.Remove()
 			return nil
 		}
 		f := map[string]interface{}{

vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go

@@ -2,27 +2,28 @@ package hcn
 
 import (
 	"encoding/json"
+	"errors"
 
-	"github.com/Microsoft/hcsshim/internal/guid"
+	"github.com/Microsoft/go-winio/pkg/guid"
 	"github.com/Microsoft/hcsshim/internal/interop"
 	"github.com/sirupsen/logrus"
 )
 
-// Route is assoicated with a subnet.
+// Route is associated with a subnet.
 type Route struct {
 	NextHop           string `json:",omitempty"`
 	DestinationPrefix string `json:",omitempty"`
 	Metric            uint16 `json:",omitempty"`
 }
 
-// Subnet is assoicated with a Ipam.
+// Subnet is associated with a Ipam.
 type Subnet struct {
 	IpAddressPrefix string            `json:",omitempty"`
 	Policies        []json.RawMessage `json:",omitempty"`
 	Routes          []Route           `json:",omitempty"`
 }
 
-// Ipam (Internet Protocol Addres Management) is assoicated with a network
+// Ipam (Internet Protocol Address Management) is associated with a network
 // and represents the address space(s) of a network.
 type Ipam struct {
 	Type    string   `json:",omitempty"` // Ex: Static, DHCP
@@ -35,12 +36,12 @@ type MacRange struct {
 	EndMacAddress   string `json:",omitempty"`
 }
 
-// MacPool is assoicated with a network and represents pool of MacRanges.
+// MacPool is associated with a network and represents pool of MacRanges.
 type MacPool struct {
 	Ranges []MacRange `json:",omitempty"`
 }
 
-// Dns (Domain Name System is associated with a network.
+// Dns (Domain Name System is associated with a network).
 type Dns struct {
 	Domain     string   `json:",omitempty"`
 	Search     []string `json:",omitempty"`
@@ -81,6 +82,7 @@ type HostComputeNetwork struct {
 	Dns           Dns             `json:",omitempty"`
 	Ipams         []Ipam          `json:",omitempty"`
 	Flags         NetworkFlags    `json:",omitempty"` // 0: None
+	Health        Health          `json:",omitempty"`
 	SchemaVersion SchemaVersion   `json:",omitempty"`
 }
 
@@ -132,6 +134,12 @@ func getNetwork(networkGuid guid.GUID, query string) (*HostComputeNetwork, error
 	}
 	// Convert output to HostComputeNetwork
 	var outputNetwork HostComputeNetwork
+
+	// If HNS sets the network type to NAT (i.e. '0' in HNS.Schema.Network.NetworkMode),
+	// the value will be omitted from the JSON blob. We therefore need to initialize NAT here before
+	// unmarshaling the JSON blob.
+	outputNetwork.Type = NAT
+
 	if err := json.Unmarshal([]byte(properties), &outputNetwork); err != nil {
 		return nil, err
 	}
@@ -196,6 +204,12 @@ func createNetwork(settings string) (*HostComputeNetwork, error) {
 	}
 	// Convert output to HostComputeNetwork
 	var outputNetwork HostComputeNetwork
+
+	// If HNS sets the network type to NAT (i.e. '0' in HNS.Schema.Network.NetworkMode),
+	// the value will be omitted from the JSON blob. We therefore need to initialize NAT here before
+	// unmarshaling the JSON blob.
+	outputNetwork.Type = NAT
+
 	if err := json.Unmarshal([]byte(properties), &outputNetwork); err != nil {
 		return nil, err
 	}
@@ -203,7 +217,10 @@ func createNetwork(settings string) (*HostComputeNetwork, error) {
 }
 
 func modifyNetwork(networkId string, settings string) (*HostComputeNetwork, error) {
-	networkGuid := guid.FromString(networkId)
+	networkGuid, err := guid.FromString(networkId)
+	if err != nil {
+		return nil, errInvalidNetworkID
+	}
 	// Open Network
 	var (
 		networkHandle    hcnNetwork
@@ -237,6 +254,12 @@ func modifyNetwork(networkId string, settings string) (*HostComputeNetwork, erro
 	}
 	// Convert output to HostComputeNetwork
 	var outputNetwork HostComputeNetwork
+
+	// If HNS sets the network type to NAT (i.e. '0' in HNS.Schema.Network.NetworkMode),
+	// the value will be omitted from the JSON blob. We therefore need to initialize NAT here before
+	// unmarshaling the JSON blob.
+	outputNetwork.Type = NAT
+
 	if err := json.Unmarshal([]byte(properties), &outputNetwork); err != nil {
 		return nil, err
 	}
@@ -244,7 +267,10 @@ func modifyNetwork(networkId string, settings string) (*HostComputeNetwork, erro
 }
 
 func deleteNetwork(networkId string) error {
-	networkGuid := guid.FromString(networkId)
+	networkGuid, err := guid.FromString(networkId)
+	if err != nil {
+		return errInvalidNetworkID
+	}
 	var resultBuffer *uint16
 	hr := hcnDeleteNetwork(&networkGuid, &resultBuffer)
 	if err := checkForErrors("hcnDeleteNetwork", hr, resultBuffer); err != nil {
@@ -320,6 +346,24 @@ func GetNetworkByName(networkName string) (*HostComputeNetwork, error) {
 // Create Network.
 func (network *HostComputeNetwork) Create() (*HostComputeNetwork, error) {
 	logrus.Debugf("hcn::HostComputeNetwork::Create id=%s", network.Id)
+	for _, ipam := range network.Ipams {
+		for _, subnet := range ipam.Subnets {
+			if subnet.IpAddressPrefix != "" {
+				hasDefault := false
+				for _, route := range subnet.Routes {
+					if route.NextHop == "" {
+						return nil, errors.New("network create error, subnet has address prefix but no gateway specified")
+					}
+					if route.DestinationPrefix == "0.0.0.0/0" || route.DestinationPrefix == "::/0" {
+						hasDefault = true
+					}
+				}
+				if !hasDefault {
+					return nil, errors.New("network create error, no default gateway")
+				}
+			}
+		}
+	}
 
 	jsonString, err := json.Marshal(network)
 	if err != nil {

vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go

@@ -1,6 +1,8 @@
 package hcn
 
-import "encoding/json"
+import (
+	"encoding/json"
+)
 
 // EndpointPolicyType are the potential Policies that apply to Endpoints.
 type EndpointPolicyType string
@@ -14,8 +16,10 @@ const (
 	OutBoundNAT   EndpointPolicyType = "OutBoundNAT"
 	SDNRoute      EndpointPolicyType = "SDNRoute"
 	L4Proxy       EndpointPolicyType = "L4Proxy"
+	L4WFPPROXY    EndpointPolicyType = "L4WFPPROXY"
 	PortName      EndpointPolicyType = "PortName"
 	EncapOverhead EndpointPolicyType = "EncapOverhead"
+	IOV           EndpointPolicyType = "Iov"
 	// Endpoint and Network have InterfaceConstraint and ProviderAddress
 	NetworkProviderAddress     EndpointPolicyType = "ProviderAddress"
 	NetworkInterfaceConstraint EndpointPolicyType = "InterfaceConstraint"
@@ -40,7 +44,11 @@ const (
 	InterfaceConstraint NetworkPolicyType = "InterfaceConstraint"
 	ProviderAddress     NetworkPolicyType = "ProviderAddress"
 	RemoteSubnetRoute   NetworkPolicyType = "RemoteSubnetRoute"
+	VxlanPort           NetworkPolicyType = "VxlanPort"
 	HostRoute           NetworkPolicyType = "HostRoute"
+	SetPolicy           NetworkPolicyType = "SetPolicy"
+	NetworkL4Proxy      NetworkPolicyType = "L4Proxy"
+	LayerConstraint     NetworkPolicyType = "LayerConstraint"
 )
 
 // NetworkPolicy is a collection of Policy settings for a Network.
@@ -64,14 +72,18 @@ type SubnetPolicy struct {
 	Settings json.RawMessage  `json:",omitempty"`
 }
 
+// NatFlags are flags for portmappings.
+type NatFlags uint32
+
 /// Endpoint Policy objects
 
 // PortMappingPolicySetting defines Port Mapping (NAT)
 type PortMappingPolicySetting struct {
-	Protocol     uint32 `json:",omitempty"` // EX: TCP = 6, UDP = 17
-	InternalPort uint16 `json:",omitempty"`
-	ExternalPort uint16 `json:",omitempty"`
-	VIP          string `json:",omitempty"`
+	Protocol     uint32   `json:",omitempty"` // EX: TCP = 6, UDP = 17
+	InternalPort uint16   `json:",omitempty"`
+	ExternalPort uint16   `json:",omitempty"`
+	VIP          string   `json:",omitempty"`
+	Flags        NatFlags `json:",omitempty"`
 }
 
 // ActionType associated with ACLs. Value is either Allow or Block.
@@ -120,8 +132,9 @@ type QosPolicySetting struct {
 
 // OutboundNatPolicySetting sets outbound Network Address Translation on an Endpoint.
 type OutboundNatPolicySetting struct {
-	VirtualIP  string   `json:",omitempty"`
-	Exceptions []string `json:",omitempty"`
+	VirtualIP    string   `json:",omitempty"`
+	Exceptions   []string `json:",omitempty"`
+	Destinations []string `json:",omitempty"`
 }
 
 // SDNRoutePolicySetting sets SDN Route on an Endpoint.
@@ -131,14 +144,22 @@ type SDNRoutePolicySetting struct {
 	NeedEncap         bool   `json:",omitempty"`
 }
 
-// L4ProxyPolicySetting sets Layer-4 Proxy on an endpoint.
-type L4ProxyPolicySetting struct {
-	IP            string   `json:",omitempty"`
-	Port          string   `json:",omitempty"`
-	Protocol      uint32   `json:",omitempty"` // EX: TCP = 6, UDP = 17
-	ExceptionList []string `json:",omitempty"`
-	Destination   string   `json:","`
-	OutboundNat   bool     `json:",omitempty"`
+// FiveTuple is nested in L4ProxyPolicySetting  for WFP support.
+type FiveTuple struct {
+	Protocols       string `json:",omitempty"`
+	LocalAddresses  string `json:",omitempty"`
+	RemoteAddresses string `json:",omitempty"`
+	LocalPorts      string `json:",omitempty"`
+	RemotePorts     string `json:",omitempty"`
+	Priority        uint16 `json:",omitempty"`
+}
+
+// L4WfpProxyPolicySetting sets Layer-4 Proxy on an endpoint.
+type L4WfpProxyPolicySetting struct {
+	InboundProxyPort  string    `json:",omitempty"`
+	OutboundProxyPort string    `json:",omitempty"`
+	FilterTuple       FiveTuple `json:",omitempty"`
+	UserSID           string    `json:",omitempty"`
 }
 
 // PortnameEndpointPolicySetting sets the port name for an endpoint.
@@ -151,6 +172,13 @@ type EncapOverheadEndpointPolicySetting struct {
 	Overhead uint16 `json:",omitempty"`
 }
 
+// IovPolicySetting sets the Iov settings for an endpoint.
+type IovPolicySetting struct {
+	IovOffloadWeight    uint32 `json:",omitempty"`
+	QueuePairsRequested uint32 `json:",omitempty"`
+	InterruptModeration uint32 `json:",omitempty"`
+}
+
 /// Endpoint and Network Policy objects
 
 // ProviderAddressEndpointPolicySetting sets the PA for an endpoint.
@@ -196,6 +224,10 @@ type AutomaticDNSNetworkPolicySetting struct {
 	Enable bool `json:",omitempty"`
 }
 
+type LayerConstraintNetworkPolicySetting struct {
+	LayerId string `json:",omitempty"`
+}
+
 /// Subnet Policy objects
 
 // VlanPolicySetting isolates a subnet with VLAN tagging.
@@ -215,3 +247,45 @@ type RemoteSubnetRoutePolicySetting struct {
 	ProviderAddress             string
 	DistributedRouterMacAddress string
 }
+
+// SetPolicyTypes associated with SetPolicy. Value is IPSET.
+type SetPolicyType string
+
+const (
+	SetPolicyTypeIpSet SetPolicyType = "IPSET"
+)
+
+// SetPolicySetting creates IPSets on network
+type SetPolicySetting struct {
+	Id     string
+	Name   string
+	Type   SetPolicyType
+	Values string
+}
+
+// VxlanPortPolicySetting allows configuring the VXLAN TCP port
+type VxlanPortPolicySetting struct {
+	Port uint16
+}
+
+// ProtocolType associated with L4ProxyPolicy
+type ProtocolType uint32
+
+const (
+	ProtocolTypeUnknown ProtocolType = 0
+	ProtocolTypeICMPv4  ProtocolType = 1
+	ProtocolTypeIGMP    ProtocolType = 2
+	ProtocolTypeTCP     ProtocolType = 6
+	ProtocolTypeUDP     ProtocolType = 17
+	ProtocolTypeICMPv6  ProtocolType = 58
+)
+
+//L4ProxyPolicySetting applies proxy policy on network/endpoint
+type L4ProxyPolicySetting struct {
+	IP          string       `json:",omitempty"`
+	Port        string       `json:",omitempty"`
+	Protocol    ProtocolType `json:",omitempty"`
+	Exceptions  []string     `json:",omitempty"`
+	Destination string
+	OutboundNAT bool `json:",omitempty"`
+}

vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go

@@ -0,0 +1,266 @@
+package hcn
+
+import (
+	"encoding/json"
+	"errors"
+
+	"github.com/Microsoft/go-winio/pkg/guid"
+	"github.com/Microsoft/hcsshim/internal/interop"
+	"github.com/sirupsen/logrus"
+)
+
+// HostComputeRoute represents SDN routes.
+type HostComputeRoute struct {
+	ID                   string                  `json:"ID,omitempty"`
+	HostComputeEndpoints []string                `json:",omitempty"`
+	Setting              []SDNRoutePolicySetting `json:",omitempty"`
+	SchemaVersion        SchemaVersion           `json:",omitempty"`
+}
+
+// ListRoutes makes a call to list all available routes.
+func ListRoutes() ([]HostComputeRoute, error) {
+	hcnQuery := defaultQuery()
+	routes, err := ListRoutesQuery(hcnQuery)
+	if err != nil {
+		return nil, err
+	}
+	return routes, nil
+}
+
+// ListRoutesQuery makes a call to query the list of available routes.
+func ListRoutesQuery(query HostComputeQuery) ([]HostComputeRoute, error) {
+	queryJSON, err := json.Marshal(query)
+	if err != nil {
+		return nil, err
+	}
+
+	routes, err := enumerateRoutes(string(queryJSON))
+	if err != nil {
+		return nil, err
+	}
+	return routes, nil
+}
+
+// GetRouteByID returns the route specified by Id.
+func GetRouteByID(routeID string) (*HostComputeRoute, error) {
+	hcnQuery := defaultQuery()
+	mapA := map[string]string{"ID": routeID}
+	filter, err := json.Marshal(mapA)
+	if err != nil {
+		return nil, err
+	}
+	hcnQuery.Filter = string(filter)
+
+	routes, err := ListRoutesQuery(hcnQuery)
+	if err != nil {
+		return nil, err
+	}
+	if len(routes) == 0 {
+		return nil, RouteNotFoundError{RouteId: routeID}
+	}
+	return &routes[0], err
+}
+
+// Create Route.
+func (route *HostComputeRoute) Create() (*HostComputeRoute, error) {
+	logrus.Debugf("hcn::HostComputeRoute::Create id=%s", route.ID)
+
+	jsonString, err := json.Marshal(route)
+	if err != nil {
+		return nil, err
+	}
+
+	logrus.Debugf("hcn::HostComputeRoute::Create JSON: %s", jsonString)
+	route, hcnErr := createRoute(string(jsonString))
+	if hcnErr != nil {
+		return nil, hcnErr
+	}
+	return route, nil
+}
+
+// Delete Route.
+func (route *HostComputeRoute) Delete() error {
+	logrus.Debugf("hcn::HostComputeRoute::Delete id=%s", route.ID)
+
+	existingRoute, _ := GetRouteByID(route.ID)
+
+	if existingRoute != nil {
+		if err := deleteRoute(route.ID); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// AddEndpoint add an endpoint to a route
+// Since HCNRoute doesn't implement modify functionality, add operation is essentially delete and add
+func (route *HostComputeRoute) AddEndpoint(endpoint *HostComputeEndpoint) (*HostComputeRoute, error) {
+	logrus.Debugf("hcn::HostComputeRoute::AddEndpoint route=%s endpoint=%s", route.ID, endpoint.Id)
+
+	err := route.Delete()
+	if err != nil {
+		return nil, err
+	}
+
+	// Add Endpoint to the Existing List
+	route.HostComputeEndpoints = append(route.HostComputeEndpoints, endpoint.Id)
+
+	return route.Create()
+}
+
+// RemoveEndpoint removes an endpoint from a route
+// Since HCNRoute doesn't implement modify functionality, remove operation is essentially delete and add
+func (route *HostComputeRoute) RemoveEndpoint(endpoint *HostComputeEndpoint) (*HostComputeRoute, error) {
+	logrus.Debugf("hcn::HostComputeRoute::RemoveEndpoint route=%s endpoint=%s", route.ID, endpoint.Id)
+
+	err := route.Delete()
+	if err != nil {
+		return nil, err
+	}
+
+	// Create a list of all the endpoints besides the one being removed
+	i := 0
+	for index, endpointReference := range route.HostComputeEndpoints {
+		if endpointReference == endpoint.Id {
+			i = index
+			break
+		}
+	}
+
+	route.HostComputeEndpoints = append(route.HostComputeEndpoints[0:i], route.HostComputeEndpoints[i+1:]...)
+	return route.Create()
+}
+
+// AddRoute for the specified endpoints and SDN Route setting
+func AddRoute(endpoints []HostComputeEndpoint, destinationPrefix string, nextHop string, needEncapsulation bool) (*HostComputeRoute, error) {
+	logrus.Debugf("hcn::HostComputeRoute::AddRoute endpointId=%v, destinationPrefix=%v, nextHop=%v, needEncapsulation=%v", endpoints, destinationPrefix, nextHop, needEncapsulation)
+
+	if len(endpoints) <= 0 {
+		return nil, errors.New("Missing endpoints")
+	}
+
+	route := &HostComputeRoute{
+		SchemaVersion: V2SchemaVersion(),
+		Setting: []SDNRoutePolicySetting{
+			{
+				DestinationPrefix: destinationPrefix,
+				NextHop:           nextHop,
+				NeedEncap:         needEncapsulation,
+			},
+		},
+	}
+
+	for _, endpoint := range endpoints {
+		route.HostComputeEndpoints = append(route.HostComputeEndpoints, endpoint.Id)
+	}
+
+	return route.Create()
+}
+
+func enumerateRoutes(query string) ([]HostComputeRoute, error) {
+	// Enumerate all routes Guids
+	var (
+		resultBuffer *uint16
+		routeBuffer  *uint16
+	)
+	hr := hcnEnumerateRoutes(query, &routeBuffer, &resultBuffer)
+	if err := checkForErrors("hcnEnumerateRoutes", hr, resultBuffer); err != nil {
+		return nil, err
+	}
+
+	routes := interop.ConvertAndFreeCoTaskMemString(routeBuffer)
+	var routeIds []guid.GUID
+	if err := json.Unmarshal([]byte(routes), &routeIds); err != nil {
+		return nil, err
+	}
+
+	var outputRoutes []HostComputeRoute
+	for _, routeGUID := range routeIds {
+		route, err := getRoute(routeGUID, query)
+		if err != nil {
+			return nil, err
+		}
+		outputRoutes = append(outputRoutes, *route)
+	}
+	return outputRoutes, nil
+}
+
+func getRoute(routeGUID guid.GUID, query string) (*HostComputeRoute, error) {
+	// Open routes.
+	var (
+		routeHandle      hcnRoute
+		resultBuffer     *uint16
+		propertiesBuffer *uint16
+	)
+	hr := hcnOpenRoute(&routeGUID, &routeHandle, &resultBuffer)
+	if err := checkForErrors("hcnOpenRoute", hr, resultBuffer); err != nil {
+		return nil, err
+	}
+	// Query routes.
+	hr = hcnQueryRouteProperties(routeHandle, query, &propertiesBuffer, &resultBuffer)
+	if err := checkForErrors("hcnQueryRouteProperties", hr, resultBuffer); err != nil {
+		return nil, err
+	}
+	properties := interop.ConvertAndFreeCoTaskMemString(propertiesBuffer)
+	// Close routes.
+	hr = hcnCloseRoute(routeHandle)
+	if err := checkForErrors("hcnCloseRoute", hr, nil); err != nil {
+		return nil, err
+	}
+	// Convert output to HostComputeRoute
+	var outputRoute HostComputeRoute
+	if err := json.Unmarshal([]byte(properties), &outputRoute); err != nil {
+		return nil, err
+	}
+	return &outputRoute, nil
+}
+
+func createRoute(settings string) (*HostComputeRoute, error) {
+	// Create new route.
+	var (
+		routeHandle      hcnRoute
+		resultBuffer     *uint16
+		propertiesBuffer *uint16
+	)
+	routeGUID := guid.GUID{}
+	hr := hcnCreateRoute(&routeGUID, settings, &routeHandle, &resultBuffer)
+	if err := checkForErrors("hcnCreateRoute", hr, resultBuffer); err != nil {
+		return nil, err
+	}
+	// Query route.
+	hcnQuery := defaultQuery()
+	query, err := json.Marshal(hcnQuery)
+	if err != nil {
+		return nil, err
+	}
+	hr = hcnQueryRouteProperties(routeHandle, string(query), &propertiesBuffer, &resultBuffer)
+	if err := checkForErrors("hcnQueryRouteProperties", hr, resultBuffer); err != nil {
+		return nil, err
+	}
+	properties := interop.ConvertAndFreeCoTaskMemString(propertiesBuffer)
+	// Close Route.
+	hr = hcnCloseRoute(routeHandle)
+	if err := checkForErrors("hcnCloseRoute", hr, nil); err != nil {
+		return nil, err
+	}
+	// Convert output to HostComputeRoute
+	var outputRoute HostComputeRoute
+	if err := json.Unmarshal([]byte(properties), &outputRoute); err != nil {
+		return nil, err
+	}
+	return &outputRoute, nil
+}
+
+func deleteRoute(routeID string) error {
+	routeGUID, err := guid.FromString(routeID)
+	if err != nil {
+		return errInvalidRouteID
+	}
+	var resultBuffer *uint16
+	hr := hcnDeleteRoute(&routeGUID, &resultBuffer)
+	if err := checkForErrors("hcnDeleteRoute", hr, resultBuffer); err != nil {
+		return err
+	}
+	return nil
+}

vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go

@@ -6,11 +6,19 @@ import (
 
 // SupportedFeatures are the features provided by the Service.
 type SupportedFeatures struct {
-	Acl          AclFeatures `json:"ACL"`
-	Api          ApiSupport  `json:"API"`
-	RemoteSubnet bool        `json:"RemoteSubnet"`
-	HostRoute    bool        `json:"HostRoute"`
-	DSR          bool        `json:"DSR"`
+	Acl                      AclFeatures `json:"ACL"`
+	Api                      ApiSupport  `json:"API"`
+	RemoteSubnet             bool        `json:"RemoteSubnet"`
+	HostRoute                bool        `json:"HostRoute"`
+	DSR                      bool        `json:"DSR"`
+	Slash32EndpointPrefixes  bool        `json:"Slash32EndpointPrefixes"`
+	AclSupportForProtocol252 bool        `json:"AclSupportForProtocol252"`
+	SessionAffinity          bool        `json:"SessionAffinity"`
+	IPv6DualStack            bool        `json:"IPv6DualStack"`
+	SetPolicy                bool        `json:"SetPolicy"`
+	VxlanPort                bool        `json:"VxlanPort"`
+	L4Proxy                  bool        `json:"L4Proxy"`    // network policy that applies VFP rules to all endpoints on the network to redirect traffic
+	L4WfpProxy               bool        `json:"L4WfpProxy"` // endpoint policy that applies WFP filters to redirect traffic to/from that endpoint
 }
 
 // AclFeatures are the supported ACL possibilities.
@@ -53,18 +61,43 @@ func GetSupportedFeatures() SupportedFeatures {
 	features.RemoteSubnet = isFeatureSupported(globals.Version, RemoteSubnetVersion)
 	features.HostRoute = isFeatureSupported(globals.Version, HostRouteVersion)
 	features.DSR = isFeatureSupported(globals.Version, DSRVersion)
+	features.Slash32EndpointPrefixes = isFeatureSupported(globals.Version, Slash32EndpointPrefixesVersion)
+	features.AclSupportForProtocol252 = isFeatureSupported(globals.Version, AclSupportForProtocol252Version)
+	features.SessionAffinity = isFeatureSupported(globals.Version, SessionAffinityVersion)
+	features.IPv6DualStack = isFeatureSupported(globals.Version, IPv6DualStackVersion)
+	features.SetPolicy = isFeatureSupported(globals.Version, SetPolicyVersion)
+	features.VxlanPort = isFeatureSupported(globals.Version, VxlanPortVersion)
+	features.L4Proxy = isFeatureSupported(globals.Version, L4ProxyPolicyVersion)
+	features.L4WfpProxy = isFeatureSupported(globals.Version, L4WfpProxyPolicyVersion)
 
 	return features
 }
 
-func isFeatureSupported(currentVersion Version, minVersionSupported Version) bool {
-	if currentVersion.Major < minVersionSupported.Major {
+func isFeatureSupported(currentVersion Version, versionsSupported VersionRanges) bool {
+	isFeatureSupported := false
+
+	for _, versionRange := range versionsSupported {
+		isFeatureSupported = isFeatureSupported || isFeatureInRange(currentVersion, versionRange)
+	}
+
+	return isFeatureSupported
+}
+
+func isFeatureInRange(currentVersion Version, versionRange VersionRange) bool {
+	if currentVersion.Major < versionRange.MinVersion.Major {
+		logrus.Infof("currentVersion.Major < versionRange.MinVersion.Major: %v, %v", currentVersion.Major, versionRange.MinVersion.Major)
 		return false
 	}
-	if currentVersion.Major > minVersionSupported.Major {
-		return true
+	if currentVersion.Major > versionRange.MaxVersion.Major {
+		logrus.Infof("currentVersion.Major > versionRange.MaxVersion.Major: %v, %v", currentVersion.Major, versionRange.MaxVersion.Major)
+		return false
 	}
-	if currentVersion.Minor < minVersionSupported.Minor {
+	if currentVersion.Major == versionRange.MinVersion.Major && currentVersion.Minor < versionRange.MinVersion.Minor {
+		logrus.Infof("currentVersion.Minor < versionRange.MinVersion.Major: %v, %v", currentVersion.Minor, versionRange.MinVersion.Minor)
+		return false
+	}
+	if currentVersion.Major == versionRange.MaxVersion.Major && currentVersion.Minor > versionRange.MaxVersion.Minor {
+		logrus.Infof("currentVersion.Minor > versionRange.MaxVersion.Major: %v, %v", currentVersion.Minor, versionRange.MaxVersion.Minor)
 		return false
 	}
 	return true

vendor/github.com/Microsoft/hcsshim/hcn/zsyscall_windows.go

@@ -71,10 +71,13 @@ var (
 	procHcnQueryLoadBalancerProperties = modcomputenetwork.NewProc("HcnQueryLoadBalancerProperties")
 	procHcnDeleteLoadBalancer          = modcomputenetwork.NewProc("HcnDeleteLoadBalancer")
 	procHcnCloseLoadBalancer           = modcomputenetwork.NewProc("HcnCloseLoadBalancer")
-	procHcnOpenService                 = modcomputenetwork.NewProc("HcnOpenService")
-	procHcnRegisterServiceCallback     = modcomputenetwork.NewProc("HcnRegisterServiceCallback")
-	procHcnUnregisterServiceCallback   = modcomputenetwork.NewProc("HcnUnregisterServiceCallback")
-	procHcnCloseService                = modcomputenetwork.NewProc("HcnCloseService")
+	procHcnEnumerateSdnRoutes          = modcomputenetwork.NewProc("HcnEnumerateSdnRoutes")
+	procHcnCreateSdnRoute              = modcomputenetwork.NewProc("HcnCreateSdnRoute")
+	procHcnOpenSdnRoute                = modcomputenetwork.NewProc("HcnOpenSdnRoute")
+	procHcnModifySdnRoute              = modcomputenetwork.NewProc("HcnModifySdnRoute")
+	procHcnQuerySdnRouteProperties     = modcomputenetwork.NewProc("HcnQuerySdnRouteProperties")
+	procHcnDeleteSdnRoute              = modcomputenetwork.NewProc("HcnDeleteSdnRoute")
+	procHcnCloseSdnRoute               = modcomputenetwork.NewProc("HcnCloseSdnRoute")
 )
 
 func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
@@ -657,11 +660,20 @@ func hcnCloseLoadBalancer(loadBalancer hcnLoadBalancer) (hr error) {
 	return
 }
 
-func hcnOpenService(service *hcnService, result **uint16) (hr error) {
-	if hr = procHcnOpenService.Find(); hr != nil {
+func hcnEnumerateRoutes(query string, routes **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(query)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnOpenService.Addr(), 2, uintptr(unsafe.Pointer(service)), uintptr(unsafe.Pointer(result)), 0)
+	return _hcnEnumerateRoutes(_p0, routes, result)
+}
+
+func _hcnEnumerateRoutes(query *uint16, routes **uint16, result **uint16) (hr error) {
+	if hr = procHcnEnumerateSdnRoutes.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcnEnumerateSdnRoutes.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(routes)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -671,11 +683,20 @@ func hcnOpenService(service *hcnService, result **uint16) (hr error) {
 	return
 }
 
-func hcnRegisterServiceCallback(service hcnService, callback int32, context int32, callbackHandle *hcnCallbackHandle) (hr error) {
-	if hr = procHcnRegisterServiceCallback.Find(); hr != nil {
+func hcnCreateRoute(id *_guid, settings string, route *hcnRoute, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcnRegisterServiceCallback.Addr(), 4, uintptr(service), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
+	return _hcnCreateRoute(id, _p0, route, result)
+}
+
+func _hcnCreateRoute(id *_guid, settings *uint16, route *hcnRoute, result **uint16) (hr error) {
+	if hr = procHcnCreateSdnRoute.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcnCreateSdnRoute.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(route)), uintptr(unsafe.Pointer(result)), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -685,11 +706,11 @@ func hcnRegisterServiceCallback(service hcnService, callback int32, context int3
 	return
 }
 
-func hcnUnregisterServiceCallback(callbackHandle hcnCallbackHandle) (hr error) {
-	if hr = procHcnUnregisterServiceCallback.Find(); hr != nil {
+func hcnOpenRoute(id *_guid, route *hcnRoute, result **uint16) (hr error) {
+	if hr = procHcnOpenSdnRoute.Find(); hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnUnregisterServiceCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
+	r0, _, _ := syscall.Syscall(procHcnOpenSdnRoute.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(route)), uintptr(unsafe.Pointer(result)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@@ -699,11 +720,71 @@ func hcnUnregisterServiceCallback(callbackHandle hcnCallbackHandle) (hr error) {
 	return
 }
 
-func hcnCloseService(service hcnService) (hr error) {
-	if hr = procHcnCloseService.Find(); hr != nil {
+func hcnModifyRoute(route hcnRoute, settings string, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(settings)
+	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcnCloseService.Addr(), 1, uintptr(service), 0, 0)
+	return _hcnModifyRoute(route, _p0, result)
+}
+
+func _hcnModifyRoute(route hcnRoute, settings *uint16, result **uint16) (hr error) {
+	if hr = procHcnModifySdnRoute.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcnModifySdnRoute.Addr(), 3, uintptr(route), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcnQueryRouteProperties(route hcnRoute, query string, properties **uint16, result **uint16) (hr error) {
+	var _p0 *uint16
+	_p0, hr = syscall.UTF16PtrFromString(query)
+	if hr != nil {
+		return
+	}
+	return _hcnQueryRouteProperties(route, _p0, properties, result)
+}
+
+func _hcnQueryRouteProperties(route hcnRoute, query *uint16, properties **uint16, result **uint16) (hr error) {
+	if hr = procHcnQuerySdnRouteProperties.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall6(procHcnQuerySdnRouteProperties.Addr(), 4, uintptr(route), uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcnDeleteRoute(id *_guid, result **uint16) (hr error) {
+	if hr = procHcnDeleteSdnRoute.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcnDeleteSdnRoute.Addr(), 2, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(result)), 0)
+	if int32(r0) < 0 {
+		if r0&0x1fff0000 == 0x00070000 {
+			r0 &= 0xffff
+		}
+		hr = syscall.Errno(r0)
+	}
+	return
+}
+
+func hcnCloseRoute(route hcnRoute) (hr error) {
+	if hr = procHcnCloseSdnRoute.Find(); hr != nil {
+		return
+	}
+	r0, _, _ := syscall.Syscall(procHcnCloseSdnRoute.Addr(), 1, uintptr(route), 0, 0)
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff