* Use of Table ID in IPAM
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
* SBR: option to pass the table id
Using the option to set the table number in the SBR meta plugin will
create a policy route for each IP added for the interface returned by
the main plugin.
Unlike the default behavior, the routes will not be moved to the table.
The default behavior of the SBR plugin is kept if the table id is not set.
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
---------
Signed-off-by: Lionel Jouin <lionel.jouin@est.tech>
even if json unmarshalling in golang with the standard libs is case unsensitive regarding the keys
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
what changed:
we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf)
to a classful qdisc (htb).
subnets are to be provided in config or runtimeconfig just like other parameters
unit and integration tests were also adapted in consequence
unrelated changes:
test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation
(the ones actually checking the effectiveness of the traffic control)
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
current route filter uses RT_FILTER_IIF in conjunction with LinkIndex.
This combination is ignored by netlink, rendering the filter
ineffective
Signed-off-by: Poh Chiat Koh <poh@inter.link>
On a recent Fedora Rawhide, dbus-daemon-1.14.8-1 prints a string
prefixed by 'unix:path' instead of the expected 'unix:abstract', thereby
failing the test. Allowing this alternate prefix fixes the test, so for
communication with the daemon it is not relevant.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Just attempt to delete the known rules referring to the custom chain,
then flush and delete it. If the latter succeeds, no referencing rules
are left and the job is done.
If the final flush'n'delete fails, fall back to the referencing rule
search which is slow with large rulesets.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Starting with v0.5.0, go-iptables exports a fast ChainExists() which
does not rely upon listing all chains and searching the results but
probes chain existence by listing its first rule. This should make a
significant difference in rulesets with thousands of chains.
Signed-off-by: Phil Sutter <psutter@redhat.com>
Up until now, if previous plugin assigned routes to interface, movement of
this interface to new VRF cause routes to be deleted.
This patch adds funtionality to VRF plugin to save the routes before
interface is assgined to VRF, and then re-apply all saved routes to new VRF.
Signed-off-by: Artur Korzeniewski <artur.korzeniewski@travelping.com>
This commit updates the import of ginkgo to v2 in
all of the tests.
Signed-off-by: liornoy <lnoy@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
GitHub Actions recently updated ubuntu-latest to 22.04 [1], which now
defaults to nfttables (rather than iptables-legacy) [2]. The portmap
tests in this project are written with the expectation that expected
error message for one test is in the iptables-legacy format.
This commit updates the check to make it work for both the
iptables-legecy and iptables-nftables variants.
References:
[1]: 4aba37bd3b
[2]: https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-22-04-lts
Signed-off-by: Emily Shepherd <emily@redcoat.dev>
This commit changes the order of substituting sysctl path to first handle
. to / change, before substituting the interface name.
This is needed as vlan interfaces have a . in the name, which should not
be changed.
Signed-off-by: mmirecki <mmirecki@redhat.com>
