diff --git a/felix/routerule/route_rule_test.go b/felix/routerule/route_rule_test.go index e4cfb0dada2..9caffb034a0 100644 --- a/felix/routerule/route_rule_test.go +++ b/felix/routerule/route_rule_test.go @@ -26,6 +26,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/vishvananda/netlink" "golang.org/x/sys/unix" + "k8s.io/utils/ptr" "github.com/projectcalico/calico/felix/logutils" . "github.com/projectcalico/calico/felix/routerule" @@ -152,7 +153,7 @@ var _ = Describe("RouteRules", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.0.1/32"), Mark: 0x100, - Mask: 0x100, + Mask: ptr.To[uint32](0x100), Table: 1, Invert: true, Goto: -1, @@ -172,7 +173,7 @@ var _ = Describe("RouteRules", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.0.2/32"), Mark: 0x200, - Mask: 0x200, + Mask: ptr.To[uint32](0x200), Table: 10, Invert: false, Goto: -1, @@ -188,7 +189,7 @@ var _ = Describe("RouteRules", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.0.1/32"), Mark: 0x800, - Mask: 0x800, + Mask: ptr.To[uint32](0x800), Table: 90, Invert: true, Goto: -1, @@ -220,7 +221,7 @@ var _ = Describe("RouteRules", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.0.3/32"), Mark: 0x400, - Mask: 0x400, + Mask: ptr.To[uint32](0x400), Table: 250, Goto: -1, Flow: -1, @@ -265,7 +266,7 @@ var _ = Describe("RouteRules", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.0.2/32"), Mark: 0x200, - Mask: 0x200, + Mask: ptr.To[uint32](0x200), Table: 250, Goto: -1, Flow: -1, @@ -352,7 +353,7 @@ var _ = Describe("RouteRules", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.0.3/32"), Mark: 0x400, - Mask: 0x400, + Mask: ptr.To[uint32](0x400), Table: 250, Goto: -1, Flow: -1, diff --git a/felix/routerule/rule_lib.go b/felix/routerule/rule_lib.go index 7c88d1cd787..0adfdd4784b 100644 --- a/felix/routerule/rule_lib.go +++ b/felix/routerule/rule_lib.go @@ -20,6 +20,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/vishvananda/netlink" "golang.org/x/sys/unix" + "k8s.io/utils/ptr" "github.com/projectcalico/calico/felix/ip" ) @@ -55,7 +56,7 @@ func (r *Rule) LogCxt() *log.Entry { "priority": r.nlRule.Priority, "invert": r.nlRule.Invert, "Mark": r.nlRule.Mark, - "Mask": r.nlRule.Mask, + "Mask": ptr.Deref(r.nlRule.Mask, uint32(0)), "src": src, "Table": r.nlRule.Table, }) @@ -72,8 +73,8 @@ func (r *Rule) markMatchesWithMask(mark, mask uint32) *Rule { if mark&mask != mark { logCxt.Panic("Bug: mark is not contained in mask") } - r.nlRule.Mask = int(mask) - r.nlRule.Mark = int(mark) + r.nlRule.Mask = ptr.To(mask) + r.nlRule.Mark = mark return r } @@ -122,7 +123,7 @@ func RulesMatchSrcFWMark(r, p *Rule) bool { (r.nlRule.Family == p.nlRule.Family) && (r.nlRule.Invert == p.nlRule.Invert) && (r.nlRule.Mark == p.nlRule.Mark) && - (r.nlRule.Mask == p.nlRule.Mask) && + ptr.Equal(r.nlRule.Mask, p.nlRule.Mask) && ip.IPNetsEqual(r.nlRule.Src, p.nlRule.Src) } diff --git a/felix/routerule/rule_lib_test.go b/felix/routerule/rule_lib_test.go index c3cce4771af..af3e92c6fab 100644 --- a/felix/routerule/rule_lib_test.go +++ b/felix/routerule/rule_lib_test.go @@ -19,6 +19,7 @@ import ( . "github.com/onsi/gomega" "github.com/vishvananda/netlink" "golang.org/x/sys/unix" + "k8s.io/utils/ptr" . "github.com/projectcalico/calico/felix/routerule" ) @@ -43,8 +44,8 @@ var _ = Describe("RouteRule Rule build cases", func() { }) It("should construct rule with correct value", func() { ip := mustParseCIDR("10.0.1.0/26") - Expect(NewRule(4, 100).MatchFWMark(0x400).NetLinkRule().Mark).To(Equal(0x400)) - Expect(NewRule(4, 100).MatchFWMark(0x400).NetLinkRule().Mask).To(Equal(0x400)) + Expect(NewRule(4, 100).MatchFWMark(0x400).NetLinkRule().Mark).To(Equal(uint32(0x400))) + Expect(*NewRule(4, 100).MatchFWMark(0x400).NetLinkRule().Mask).To(Equal(uint32(0x400))) Expect(NewRule(4, 100).Not().NetLinkRule().Invert).To(Equal(true)) Expect(NewRule(4, 100).GoToTable(10).NetLinkRule().Table).To(Equal(10)) Expect(NewRule(4, 100).MatchSrcAddress(*ip).NetLinkRule().Src.String()).To(Equal("10.0.1.0/26")) @@ -60,7 +61,7 @@ var _ = Describe("RouteRule Rule build cases", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.1.0/26"), Mark: 0x400, - Mask: 0x400, + Mask: ptr.To[uint32](0x400), Table: 10, Invert: true, Goto: -1, @@ -83,7 +84,7 @@ var _ = Describe("RouteRule Rule match cases", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.1.0/26"), Mark: 0x400, - Mask: 0x400, + Mask: ptr.To[uint32](0x400), Table: 10, Invert: true, Goto: -1, @@ -97,7 +98,7 @@ var _ = Describe("RouteRule Rule match cases", func() { Family: unix.AF_INET, Src: mustParseCIDR("10.0.1.0/26"), Mark: 0x400, - Mask: 0x400, + Mask: ptr.To[uint32](0x400), Table: 20, Invert: true, Goto: 0, diff --git a/felix/wireguard/wireguard_test.go b/felix/wireguard/wireguard_test.go index dff91641327..ba40fee55ab 100644 --- a/felix/wireguard/wireguard_test.go +++ b/felix/wireguard/wireguard_test.go @@ -27,6 +27,7 @@ import ( "github.com/vishvananda/netlink" "golang.org/x/sys/unix" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" + "k8s.io/utils/ptr" "github.com/projectcalico/calico/felix/environment" "github.com/projectcalico/calico/felix/ifacemonitor" @@ -49,7 +50,7 @@ var ( FelixRouteProtocol = netlink.RouteProtocol(syscall.RTPROT_BOOT) tableIndex = 99 rulePriority = 98 - firewallMark = 10 + firewallMark = uint32(10) listeningPort = 1000 listeningPortV6 = 2000 mtu = 2000 @@ -251,7 +252,7 @@ func describeEnableTests(enableV4, enableV6 bool) { EnabledV6: enableV6, ListeningPort: listeningPort, ListeningPortV6: listeningPortV6, - FirewallMark: firewallMark, + FirewallMark: int(firewallMark), RoutingRulePriority: rulePriority, RoutingTableIndex: tableIndex, InterfaceName: ifaceName, @@ -290,7 +291,7 @@ func describeEnableTests(enableV4, enableV6 bool) { rule.Table = tableIndex rule.Invert = true rule.Mark = firewallMark - rule.Mask = firewallMark + rule.Mask = ptr.To(firewallMark) } if enableV6 { @@ -317,7 +318,7 @@ func describeEnableTests(enableV4, enableV6 bool) { ruleV6.Table = tableIndex ruleV6.Invert = true ruleV6.Mark = firewallMark - ruleV6.Mask = firewallMark + ruleV6.Mask = ptr.To(firewallMark) } }) @@ -811,7 +812,7 @@ func describeEnableTests(enableV4, enableV6 bool) { badrule.Priority = rulePriority + 1 badrule.Table = tableIndex badrule.Mark = 0 - badrule.Mask = firewallMark + badrule.Mask = ptr.To(firewallMark) err := rrDataplane.RuleDel(rule) Expect(err).ToNot(HaveOccurred()) @@ -836,7 +837,7 @@ func describeEnableTests(enableV4, enableV6 bool) { badruleV6.Priority = rulePriority + 1 badruleV6.Table = tableIndex badruleV6.Mark = 0 - badruleV6.Mask = firewallMark + badruleV6.Mask = ptr.To(firewallMark) err := rrDataplaneV6.RuleDel(ruleV6) Expect(err).ToNot(HaveOccurred()) @@ -1252,27 +1253,27 @@ func describeEnableTests(enableV4, enableV6 bool) { if enableV4 { link.WireguardPeers = wgPeers link.WireguardListenPort = listeningPort + 1 - link.WireguardFirewallMark = firewallMark + 1 + link.WireguardFirewallMark = int(firewallMark) + 1 link.LinkAttrs.MTU = mtu + 1 wg.QueueResync() err := wg.Apply() Expect(err).NotTo(HaveOccurred()) Expect(link.WireguardListenPort).To(Equal(listeningPort)) - Expect(link.WireguardFirewallMark).To(Equal(firewallMark)) + Expect(link.WireguardFirewallMark).To(Equal(int(firewallMark))) Expect(link.WireguardPeers).To(HaveLen(0)) } if enableV6 { linkV6.WireguardPeers = wgPeers linkV6.WireguardListenPort = listeningPortV6 + 1 - linkV6.WireguardFirewallMark = firewallMark + 1 + linkV6.WireguardFirewallMark = int(firewallMark) + 1 linkV6.LinkAttrs.MTU = mtu + 1 wgV6.QueueResync() err := wgV6.Apply() Expect(err).NotTo(HaveOccurred()) Expect(linkV6.WireguardListenPort).To(Equal(listeningPortV6)) - Expect(linkV6.WireguardFirewallMark).To(Equal(firewallMark)) + Expect(linkV6.WireguardFirewallMark).To(Equal(int(firewallMark))) Expect(linkV6.WireguardPeers).To(HaveLen(0)) } }) diff --git a/go.mod b/go.mod index a65fe82262f..116716da252 100644 --- a/go.mod +++ b/go.mod @@ -75,7 +75,7 @@ require ( github.com/tchap/go-patricia/v2 v2.3.1 github.com/termie/go-shutil v0.0.0-20140729215957-bcacb06fecae github.com/urfave/cli/v2 v2.27.5 - github.com/vishvananda/netlink v1.2.1-beta.2.0.20240703200800-b54f85093f4a + github.com/vishvananda/netlink v1.3.0 go.etcd.io/etcd/api/v3 v3.5.17 go.etcd.io/etcd/client/pkg/v3 v3.5.17 go.etcd.io/etcd/client/v2 v2.305.17 diff --git a/go.sum b/go.sum index 13ca639f249..9d2668abb46 100644 --- a/go.sum +++ b/go.sum @@ -662,9 +662,8 @@ github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w= github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= -github.com/vishvananda/netlink v1.2.1-beta.2.0.20240703200800-b54f85093f4a h1:n9iF7t9sLw43CwPLvPZkCfsFEGvoR2A63W8OEjuQqJ4= -github.com/vishvananda/netlink v1.2.1-beta.2.0.20240703200800-b54f85093f4a/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk= +github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= @@ -798,7 +797,6 @@ golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -812,6 +810,7 @@ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=