Merge pull request #44829 from thaJeztah/23.0_backport_update_ipvs

[23.0 backport] vendor: github.com/moby/ipvs v1.1.0

vendor.mod

@@ -50,7 +50,7 @@ require (
 	github.com/miekg/dns v1.1.43
 	github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
 	github.com/moby/buildkit v0.10.6
-	github.com/moby/ipvs v1.0.2
+	github.com/moby/ipvs v1.1.0
 	github.com/moby/locker v1.0.1
 	github.com/moby/patternmatcher v0.5.0
 	github.com/moby/pubsub v1.0.0
@@ -79,7 +79,7 @@ require (
 	github.com/tonistiigi/go-archvariant v1.0.0
 	github.com/vbatts/tar-split v0.11.2
 	github.com/vishvananda/netlink v1.2.1-beta.2
-	github.com/vishvananda/netns v0.0.1
+	github.com/vishvananda/netns v0.0.2
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/net v0.4.0
 	golang.org/x/sync v0.1.0

vendor.sum

@@ -785,8 +785,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
 github.com/moby/buildkit v0.10.6 h1:DJlEuLIgnu34HQKF4n9Eg6q2YqQVC0eOpMb4p2eRS2w=
 github.com/moby/buildkit v0.10.6/go.mod h1:tQuuyTWtOb9D+RE425cwOCUkX0/oZ+5iBZ+uWpWQ9bU=
-github.com/moby/ipvs v1.0.2 h1:NSbzuRTvfneftLU3VwPU5QuA6NZ0IUmqq9+VHcQxqHw=
-github.com/moby/ipvs v1.0.2/go.mod h1:2pngiyseZbIKXNv7hsKj3O9UEz30c53MT9005gt2hxQ=
+github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ=
+github.com/moby/ipvs v1.1.0/go.mod h1:4VJMWuf098bsUMmZEiD4Tjk/O7mOn3l1PTD3s4OoYAs=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
@@ -1071,8 +1071,8 @@ github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmF
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vishvananda/netns v0.0.1 h1:JDkWS7Axy5ziNM3svylLhpSgqjPDb+BgVUbXoDo+iPw=
-github.com/vishvananda/netns v0.0.1/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vishvananda/netns v0.0.2 h1:Cn05BRLm+iRP/DZxyVSsfVyrzgjDbwHwkVt38qvXnNI=
+github.com/vishvananda/netns v0.0.2/go.mod h1:yitZXdAVI+yPFSb4QUe+VW3vOVl4PZPNcBgbPxAtJxw=
 github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
 github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1473,6 +1473,7 @@ golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=

vendor/github.com/moby/ipvs/.golangci.yml

@@ -0,0 +1,8 @@
+linters:
+  disable-all: true
+  enable:
+    - gofmt
+    - govet
+    - ineffassign
+    - misspell
+    - revive

vendor/github.com/moby/ipvs/LICENSE

@@ -1,4 +1,5 @@
-Apache License
+
+                                 Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
 
@@ -178,7 +179,7 @@ Apache License
    APPENDIX: How to apply the Apache License to your work.
 
       To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
+      boilerplate notice, with the fields enclosed by brackets "[]"
       replaced with your own identifying information. (Don't include
       the brackets!)  The text should be enclosed in the appropriate
       comment syntax for the file format. We also recommend that a
@@ -186,7 +187,7 @@ Apache License
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -199,4 +200,3 @@ Apache License
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-

vendor/github.com/moby/ipvs/README.md

@@ -31,4 +31,5 @@ func main() {
 Want to hack on ipvs? [Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md) apply.
 
 ## Copyright and license
-Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
+
+Copyright 2015 Docker, inc. Code released under the [Apache 2.0 license](LICENSE).

vendor/github.com/moby/ipvs/constants_linux.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package ipvs
 
 const (

vendor/github.com/moby/ipvs/ipvs_linux.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package ipvs
 
 import (
@@ -181,7 +179,6 @@ func (i *Handle) GetDestinations(s *Service) ([]*Destination, error) {
 
 // GetService gets details of a specific IPVS services, useful in updating statisics etc.,
 func (i *Handle) GetService(s *Service) (*Service, error) {
-
 	res, err := i.doGetServicesCmd(s)
 	if err != nil {
 		return nil, err

vendor/github.com/moby/ipvs/netlink_linux.go

@@ -1,5 +1,3 @@
-// +build linux
-
 package ipvs
 
 import (
@@ -124,8 +122,8 @@ func (i *Handle) doCmdwithResponse(s *Service, d *Destination, cmd uint8) ([][]b
 	req.Seq = atomic.AddUint32(&i.seq, 1)
 
 	if s == nil {
-		req.Flags |= syscall.NLM_F_DUMP                    //Flag to dump all messages
-		req.AddData(nl.NewRtAttr(ipvsCmdAttrService, nil)) //Add a dummy attribute
+		req.Flags |= syscall.NLM_F_DUMP                    // Flag to dump all messages
+		req.AddData(nl.NewRtAttr(ipvsCmdAttrService, nil)) // Add a dummy attribute
 	} else {
 		req.AddData(fillService(s))
 	}
@@ -134,7 +132,6 @@ func (i *Handle) doCmdwithResponse(s *Service, d *Destination, cmd uint8) ([][]b
 		if cmd == ipvsCmdGetDest {
 			req.Flags |= syscall.NLM_F_DUMP
 		}
-
 	} else {
 		req.AddData(fillDestination(d))
 	}
@@ -259,7 +256,6 @@ done:
 }
 
 func parseIP(ip []byte, family uint16) (net.IP, error) {
-
 	var resIP net.IP
 
 	switch family {
@@ -276,7 +272,6 @@ func parseIP(ip []byte, family uint16) (net.IP, error) {
 
 // parseStats
 func assembleStats(msg []byte) (SvcStats, error) {
-
 	var s SvcStats
 
 	attrs, err := nl.ParseRouteAttr(msg)
@@ -314,7 +309,6 @@ func assembleStats(msg []byte) (SvcStats, error) {
 
 // assembleService assembles a services back from a hain of netlink attributes
 func assembleService(attrs []syscall.NetlinkRouteAttr) (*Service, error) {
-
 	var s Service
 	var addressBytes []byte
 
@@ -366,10 +360,9 @@ func assembleService(attrs []syscall.NetlinkRouteAttr) (*Service, error) {
 
 // parseService given a ipvs netlink response this function will respond with a valid service entry, an error otherwise
 func (i *Handle) parseService(msg []byte) (*Service, error) {
-
 	var s *Service
 
-	//Remove General header for this message and parse the NetLink message
+	// Remove General header for this message and parse the NetLink message
 	hdr := deserializeGenlMsg(msg)
 	NetLinkAttrs, err := nl.ParseRouteAttr(msg[hdr.Len():])
 	if err != nil {
@@ -379,13 +372,13 @@ func (i *Handle) parseService(msg []byte) (*Service, error) {
 		return nil, fmt.Errorf("error no valid netlink message found while parsing service record")
 	}
 
-	//Now Parse and get IPVS related attributes messages packed in this message.
+	// Now Parse and get IPVS related attributes messages packed in this message.
 	ipvsAttrs, err := nl.ParseRouteAttr(NetLinkAttrs[0].Value)
 	if err != nil {
 		return nil, err
 	}
 
-	//Assemble all the IPVS related attribute messages and create a service record
+	// Assemble all the IPVS related attribute messages and create a service record
 	s, err = assembleService(ipvsAttrs)
 	if err != nil {
 		return nil, err
@@ -422,7 +415,6 @@ func (i *Handle) doCmdWithoutAttr(cmd uint8) ([][]byte, error) {
 }
 
 func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error) {
-
 	var d Destination
 	var addressBytes []byte
 
@@ -486,9 +478,12 @@ func assembleDestination(attrs []syscall.NetlinkRouteAttr) (*Destination, error)
 
 // getIPFamily parses the IP family based on raw data from netlink.
 // For AF_INET, netlink will set the first 4 bytes with trailing zeros
-//   10.0.0.1 -> [10 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0]
+//
+//	10.0.0.1 -> [10 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0]
+//
 // For AF_INET6, the full 16 byte array is used:
-//   2001:db8:3c4d:15::1a00 -> [32 1 13 184 60 77 0 21 0 0 0 0 0 0 26 0]
+//
+//	2001:db8:3c4d:15::1a00 -> [32 1 13 184 60 77 0 21 0 0 0 0 0 0 26 0]
 func getIPFamily(address []byte) (uint16, error) {
 	if len(address) == 4 {
 		return syscall.AF_INET, nil
@@ -519,7 +514,7 @@ func isZeros(b []byte) bool {
 func (i *Handle) parseDestination(msg []byte) (*Destination, error) {
 	var dst *Destination
 
-	//Remove General header for this message
+	// Remove General header for this message
 	hdr := deserializeGenlMsg(msg)
 	NetLinkAttrs, err := nl.ParseRouteAttr(msg[hdr.Len():])
 	if err != nil {
@@ -529,13 +524,13 @@ func (i *Handle) parseDestination(msg []byte) (*Destination, error) {
 		return nil, fmt.Errorf("error no valid netlink message found while parsing destination record")
 	}
 
-	//Now Parse and get IPVS related attributes messages packed in this message.
+	// Now Parse and get IPVS related attributes messages packed in this message.
 	ipvsAttrs, err := nl.ParseRouteAttr(NetLinkAttrs[0].Value)
 	if err != nil {
 		return nil, err
 	}
 
-	//Assemble netlink attributes and create a Destination record
+	// Assemble netlink attributes and create a Destination record
 	dst, err = assembleDestination(ipvsAttrs)
 	if err != nil {
 		return nil, err
@@ -546,7 +541,6 @@ func (i *Handle) parseDestination(msg []byte) (*Destination, error) {
 
 // doGetDestinationsCmd a wrapper function to be used by GetDestinations and GetDestination(d) apis
 func (i *Handle) doGetDestinationsCmd(s *Service, d *Destination) ([]*Destination, error) {
-
 	var res []*Destination
 
 	msgs, err := i.doCmdwithResponse(s, d, ipvsCmdGetDest)
@@ -568,7 +562,7 @@ func (i *Handle) doGetDestinationsCmd(s *Service, d *Destination) ([]*Destinatio
 func (i *Handle) parseConfig(msg []byte) (*Config, error) {
 	var c Config
 
-	//Remove General header for this message
+	// Remove General header for this message
 	hdr := deserializeGenlMsg(msg)
 	attrs, err := nl.ParseRouteAttr(msg[hdr.Len():])
 	if err != nil {

vendor/github.com/vishvananda/netns/README.md

@@ -23,6 +23,7 @@ import (
     "fmt"
     "net"
     "runtime"
+
     "github.com/vishvananda/netns"
 )
 

vendor/github.com/vishvananda/netns/doc.go

@@ -0,0 +1,9 @@
+// Package netns allows ultra-simple network namespace handling. NsHandles
+// can be retrieved and set. Note that the current namespace is thread
+// local so actions that set and reset namespaces should use LockOSThread
+// to make sure the namespace doesn't change due to a goroutine switch.
+// It is best to close NsHandles when you are done with them. This can be
+// accomplished via a `defer ns.Close()` on the handle. Changing namespaces
+// requires elevated privileges, so in most cases this code needs to be run
+// as root.
+package netns

vendor/github.com/vishvananda/netns/netns_linux.go

@@ -1,6 +1,3 @@
-//go:build linux && go1.10
-// +build linux,go1.10
-
 package netns
 
 import (
@@ -17,15 +14,16 @@ import (
 
 // Deprecated: use golang.org/x/sys/unix pkg instead.
 const (
-	CLONE_NEWUTS  = 0x04000000   /* New utsname group? */
-	CLONE_NEWIPC  = 0x08000000   /* New ipcs */
-	CLONE_NEWUSER = 0x10000000   /* New user namespace */
-	CLONE_NEWPID  = 0x20000000   /* New pid namespace */
-	CLONE_NEWNET  = 0x40000000   /* New network namespace */
-	CLONE_IO      = 0x80000000   /* Get io context */
-	bindMountPath = "/run/netns" /* Bind mount path for named netns */
+	CLONE_NEWUTS  = unix.CLONE_NEWUTS  /* New utsname group? */
+	CLONE_NEWIPC  = unix.CLONE_NEWIPC  /* New ipcs */
+	CLONE_NEWUSER = unix.CLONE_NEWUSER /* New user namespace */
+	CLONE_NEWPID  = unix.CLONE_NEWPID  /* New pid namespace */
+	CLONE_NEWNET  = unix.CLONE_NEWNET  /* New network namespace */
+	CLONE_IO      = unix.CLONE_IO      /* Get io context */
 )
 
+const bindMountPath = "/run/netns" /* Bind mount path for named netns */
+
 // Setns sets namespace using golang.org/x/sys/unix.Setns.
 //
 // Deprecated: Use golang.org/x/sys/unix.Setns instead.
@@ -36,13 +34,13 @@ func Setns(ns NsHandle, nstype int) (err error) {
 // Set sets the current network namespace to the namespace represented
 // by NsHandle.
 func Set(ns NsHandle) (err error) {
-	return Setns(ns, CLONE_NEWNET)
+	return unix.Setns(int(ns), unix.CLONE_NEWNET)
 }
 
 // New creates a new network namespace, sets it as current and returns
 // a handle to it.
 func New() (ns NsHandle, err error) {
-	if err := unix.Unshare(CLONE_NEWNET); err != nil {
+	if err := unix.Unshare(unix.CLONE_NEWNET); err != nil {
 		return -1, err
 	}
 	return Get()
@@ -67,6 +65,7 @@ func NewNamed(name string) (NsHandle, error) {
 
 	f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444)
 	if err != nil {
+		newNs.Close()
 		return None(), err
 	}
 	f.Close()
@@ -74,6 +73,7 @@ func NewNamed(name string) (NsHandle, error) {
 	nsPath := fmt.Sprintf("/proc/%d/task/%d/ns/net", os.Getpid(), unix.Gettid())
 	err = unix.Mount(nsPath, namedPath, "bind", unix.MS_BIND, "")
 	if err != nil {
+		newNs.Close()
 		return None(), err
 	}
 
@@ -110,7 +110,7 @@ func GetFromPath(path string) (NsHandle, error) {
 // GetFromName gets a handle to a named network namespace such as one
 // created by `ip netns add`.
 func GetFromName(name string) (NsHandle, error) {
-	return GetFromPath(fmt.Sprintf("/var/run/netns/%s", name))
+	return GetFromPath(filepath.Join(bindMountPath, name))
 }
 
 // GetFromPid gets a handle to the network namespace of a given pid.

vendor/github.com/vishvananda/netns/netns_others.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package netns
@@ -10,6 +11,10 @@ var (
 	ErrNotImplemented = errors.New("not implemented")
 )
 
+// Setns sets namespace using golang.org/x/sys/unix.Setns on Linux. It
+// is not implemented on other platforms.
+//
+// Deprecated: Use golang.org/x/sys/unix.Setns instead.
 func Setns(ns NsHandle, nstype int) (err error) {
 	return ErrNotImplemented
 }

vendor/github.com/vishvananda/netns/nshandle_linux.go

@@ -1,11 +1,3 @@
-// Package netns allows ultra-simple network namespace handling. NsHandles
-// can be retrieved and set. Note that the current namespace is thread
-// local so actions that set and reset namespaces should use LockOSThread
-// to make sure the namespace doesn't change due to a goroutine switch.
-// It is best to close NsHandles when you are done with them. This can be
-// accomplished via a `defer ns.Close()` on the handle. Changing namespaces
-// requires elevated privileges, so in most cases this code needs to be run
-// as root.
 package netns
 
 import (
@@ -71,7 +63,7 @@ func (ns *NsHandle) Close() error {
 	if err := unix.Close(int(*ns)); err != nil {
 		return err
 	}
-	(*ns) = -1
+	*ns = -1
 	return nil
 }
 

vendor/github.com/vishvananda/netns/nshandle_others.go

@@ -0,0 +1,45 @@
+//go:build !linux
+// +build !linux
+
+package netns
+
+// NsHandle is a handle to a network namespace. It can only be used on Linux,
+// but provides stub methods on other platforms.
+type NsHandle int
+
+// Equal determines if two network handles refer to the same network
+// namespace. It is only implemented on Linux.
+func (ns NsHandle) Equal(_ NsHandle) bool {
+	return false
+}
+
+// String shows the file descriptor number and its dev and inode.
+// It is only implemented on Linux, and returns "NS(none)" on other
+// platforms.
+func (ns NsHandle) String() string {
+	return "NS(None)"
+}
+
+// UniqueId returns a string which uniquely identifies the namespace
+// associated with the network handle. It is only implemented on Linux,
+// and returns "NS(none)" on other platforms.
+func (ns NsHandle) UniqueId() string {
+	return "NS(none)"
+}
+
+// IsOpen returns true if Close() has not been called. It is only implemented
+// on Linux and always returns false on other platforms.
+func (ns NsHandle) IsOpen() bool {
+	return false
+}
+
+// Close closes the NsHandle and resets its file descriptor to -1.
+// It is only implemented on Linux.
+func (ns *NsHandle) Close() error {
+	return nil
+}
+
+// None gets an empty (closed) NsHandle.
+func None() NsHandle {
+	return NsHandle(-1)
+}

vendor/modules.txt

@@ -600,8 +600,8 @@ github.com/moby/buildkit/util/urlutil
 github.com/moby/buildkit/util/winlayers
 github.com/moby/buildkit/version
 github.com/moby/buildkit/worker
-# github.com/moby/ipvs v1.0.2
-## explicit; go 1.13
+# github.com/moby/ipvs v1.1.0
+## explicit; go 1.17
 github.com/moby/ipvs
 # github.com/moby/locker v1.0.1
 ## explicit; go 1.13
@@ -797,7 +797,7 @@ github.com/vbatts/tar-split/tar/storage
 ## explicit; go 1.12
 github.com/vishvananda/netlink
 github.com/vishvananda/netlink/nl
-# github.com/vishvananda/netns v0.0.1
+# github.com/vishvananda/netns v0.0.2
 ## explicit; go 1.12
 github.com/vishvananda/netns
 # go.etcd.io/bbolt v1.3.6