3fefb86a94
* netns: remove iproute2 dependency This commit introduces a breaking change to rtnetlink.NetNS. The existing netns implementation had a few problems. It assumed that network namespaces have names, that they would always be pinned to /var/run/netns, and that numeric/integer references are pid references. This made the NetNS type unusable for referring to existing netns by fd, such as ones created by other libraries, or by opening procfs entries directly as demonstrated in the new testutils.NetNS() function. The forced dependency on the `ip` CLI tool also wasn't reasonable for a pure-Go library. Using the old implementation in a scratch/distroless container would quickly run into roadblocks. This commit also removes the functionality of creating and pinning new netns. There are plenty of options out in the Go ecosystem for that, and providing your own is only a few lines of code. Signed-off-by: Timo Beckers <timo@incline.eu> * test: remove calls to unix.Setrlimit() in favor of rlimit.RemoveMemlock() ebpf-go provides this out of the box and skips setting the rlimit on kernels that support bpf memory cgroup accounting. Signed-off-by: Timo Beckers <timo@incline.eu> * neigh: fix flaky tests, add State field to Neigh entry The flaky tests that were documented in the code are expected. Use the State field to discard entries that can't reasonably be considered in tests. Signed-off-by: Timo Beckers <timo@incline.eu> * neigh: fix race in Conn.Neighbours When running tests locally, I would frequently hit "too many/little matches, expected 1, actual 0" due to other tests creating and deleting interfaces in the common host netns used by all tests. Neigh entries that fail the interface lookup can't have their Interface fields populated and should be dropped from the result since the interface is no longer there to begin with. Signed-off-by: Timo Beckers <timo@incline.eu> * xdp: refactor test suite to use test helpers and netns-driven tests While running the test suite for testing netns-related changes, I noticed some of the xdp tests started failing because they wanted to create a dummy interface in the host network namespace. Avoid the complexity of managing dummy interfaces altogether by running all tests within their own netns and use the existing lo device that's present by default. Signed-off-by: Timo Beckers <timo@incline.eu> * xdp,netkit: remove duplicate kernelMinReq in favor of testutils.SkipOnOldKernel There were two implementations of this, so move them to common testutils. Signed-off-by: Timo Beckers <timo@incline.eu> --------- Signed-off-by: Timo Beckers <timo@incline.eu>
rtnetlink 
Package rtnetlink allows the kernel's routing tables to be read and
altered. Network routes, IP addresses, Link parameters, Neighbor setups,
Queueing disciplines, Traffic classes and Packet classifiers may all be
controlled. It is based on netlink messages.
A convenient, high-level API wrapper is available using package
rtnl.
The base rtnetlink library explicitly only exposes a limited low-level API to
rtnetlink. It is not the intention (nor wish) to create an iproute2
replacement.
Debugging and netlink errors
Unfortunately the errors generated by the kernels netlink interface are not very great.
When in doubt about your message structure it can always be useful to
look at the message send by iproute2 using strace -f -esendmsg /bin/ip
or similar.
Another (and possibly even more flexible) way would be using nlmon and
wireshark. nlmod is a special kernel module which allows you to
capture all netlink (not just rtnetlink) traffic inside the kernel. Be
aware that this might be overwhelming on a system with a lot of netlink
traffic.
# modprobe nlmon
# ip link add type nlmon
# ip link set nlmon0 up
At this point use wireshark or tcpdump on the nlmon0 interface to view all netlink traffic.
Have a look at the examples for common uses of rtnetlink.
If you have any questions or you'd like some guidance, please join us on
Gophers Slack in the #networking
channel!