From 886eb4c937f8056fde984d29a3477f5cc075e549 Mon Sep 17 00:00:00 2001 From: thediveo Date: Fri, 22 Mar 2024 12:45:41 +0100 Subject: [PATCH 01/14] feat: render cul-de-sac "external" wire for dummy nifs Signed-off-by: thediveo --- .../src/components/breadboard/Breadboard.tsx | 7 ++++++ webui/src/components/wiring/Wiring.tsx | 23 ++++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/webui/src/components/breadboard/Breadboard.tsx b/webui/src/components/breadboard/Breadboard.tsx index a55f771..0d4df05 100644 --- a/webui/src/components/breadboard/Breadboard.tsx +++ b/webui/src/components/breadboard/Breadboard.tsx @@ -232,6 +232,13 @@ const extractWiring = ( nif2Id: domIdBase + nifId(nif.underlay!), } as Wire) break; + case 'dummy': + wires.set(nif, { + kind: nif.kind, + operStateDown: nif.operstate === OperationalState.Down, + nif1Id: domIdBase + nifId(nif), + } as Wire) + break; } })) return [...wires.values()] diff --git a/webui/src/components/wiring/Wiring.tsx b/webui/src/components/wiring/Wiring.tsx index f6218fb..71d1352 100644 --- a/webui/src/components/wiring/Wiring.tsx +++ b/webui/src/components/wiring/Wiring.tsx @@ -366,6 +366,8 @@ const ExternallyFacingWire = ( const down = ew.operStateDown ? 'down' : '' const relation = relationClassNameFromIds(domIdBase, ew.nifElement.id) + + const kind = ew.kind || 'external' return [ ] @@ -444,6 +446,13 @@ const WireArea = styled('svg')(({ theme }) => ({ fill: `${theme.palette.wire.down} !important`, }, + '& .dummy-marker': { + fill: theme.palette.wire.external, + }, + '& .dummy-marker-down': { + fill: `${theme.palette.wire.down} !important`, + }, + '& .macvlan-marker': { fill: theme.palette.wire.maclvan, }, @@ -479,6 +488,13 @@ const externalMarker = +const culdesacMarker = + + + const macvlanMarker = Date: Fri, 22 Mar 2024 14:30:37 +0100 Subject: [PATCH 02/14] fix: VxLAN nifs gone missing when enslaved under as bridge Signed-off-by: thediveo --- webui/src/components/niftree/NifTree.tsx | 51 +++++++++++++------ .../src/components/relatednif/RelatedNif.tsx | 19 ++++++- webui/src/models/gw/model.ts | 6 ++- 3 files changed, 57 insertions(+), 19 deletions(-) diff --git a/webui/src/components/niftree/NifTree.tsx b/webui/src/components/niftree/NifTree.tsx index 98f700d..7536213 100644 --- a/webui/src/components/niftree/NifTree.tsx +++ b/webui/src/components/niftree/NifTree.tsx @@ -80,7 +80,7 @@ const InfoButton = styled(IconButton)(() => ({ interface SubordinateNifsProps { - /** network namespace object with interfaces. */ + /** network interface object to render the subordinate interfaces for. */ nif: NetworkInterface /** if `true`, then hides MAC layer addresses. */ filterMAC?: boolean @@ -107,8 +107,18 @@ interface SubordinateNifsProps { * interface, then renders a list of "subordinate" network interfaces. If the * specified network interface doesn't have subordinate interfaces, then this * component renders nothing. + * + * For each subordinate nif rendered, we also show a related nif, unless the + * specific related nif has to be skipped (avoiding circles back to the + * specific superordinate nif). */ -const SubordinateNifs = ({ nif, filterMAC, families, onNavigation, onContaineeNavigation }: SubordinateNifsProps) => { +const SubordinateNifs = ({ + nif, + filterMAC, + families, + onNavigation, + onContaineeNavigation, +}: SubordinateNifsProps) => { const setNifInfo = useNifInfoModal() const subnifs = (nif.slaves || []) @@ -122,23 +132,25 @@ const SubordinateNifs = ({ nif, filterMAC, families, onNavigation, onContaineeNa } } + return (subnifs.length > 0 && - {subnifs.map(nif => { - const othernif = nif.macvlan || nif.underlay || nif.pf + {subnifs.map(subnif => { + const brport = !!subnif.master && subnif.master.kind === 'bridge' + const othernif = subnif.macvlan || subnif.underlay || subnif.pf return
{othernif && <> ····· } handleNavigation(nif)} + onClick={() => handleNavigation(subnif)} families={families} /> @@ -146,26 +158,35 @@ const SubordinateNifs = ({ nif, filterMAC, families, onNavigation, onContaineeNa size="small" onClick={(event: React.MouseEvent) => { event.stopPropagation() - if (setNifInfo) setNifInfo(nif) + if (setNifInfo) setNifInfo(subnif) }}> - {nif.master && + {subnif.master && } - {othernif && nif.netns !== othernif.netns && + {othernif && subnif.netns !== othernif.netns && }
+ {brport && <> + {/* optionally: TAP/TUN details */} + {subnif.tuntapDetails && } + + {/* optionally: VXLAN details */} + {subnif.vxlanDetails && } + } + @@ -203,7 +224,7 @@ export interface NifTreeProps { /** * Component `NifTree` renders the network interfaces belonging to a specific - * network namespace as a tree-like hierarchy. Here, top-level network + * network namespace in a tree-like hierarchy. Here, top-level network * interfaces are all interfaces which are not "enslaved"(\*) into a bridge. * The network interfaces are sorted (on all levels) according to their names. * diff --git a/webui/src/components/relatednif/RelatedNif.tsx b/webui/src/components/relatednif/RelatedNif.tsx index 1b68bf8..eb47ea8 100644 --- a/webui/src/components/relatednif/RelatedNif.tsx +++ b/webui/src/components/relatednif/RelatedNif.tsx @@ -21,6 +21,14 @@ export interface RelatedNifProps { * determined for suitable (A)s. */ nif: NetworkInterface + /** + * optional network interface object to which we should not relate back; + * this breaks funny locking cycles especially on VxLAN interfaces enslaved + * to a bridge and at the same time enslaved to their master underlay + * interface: don't relate back to the master when we're not shown + * subordinate to a bridge. + */ + unrelatedNif?: NetworkInterface /** * the IP address family/families to show (filter *through*, as opposed to * filtering *out*). If left undefined, then it defaults to showing both @@ -75,7 +83,14 @@ export interface RelatedNifProps { * * All other kinds of network interfaces don't render any related interfaces. */ -export const RelatedNif = ({ nif, families, onNavigation, onContaineeNavigation, className }: RelatedNifProps) => { +export const RelatedNif = ({ + nif, + unrelatedNif, + families, + onNavigation, + onContaineeNavigation, + className, +}: RelatedNifProps) => { let othernif: NetworkInterface | undefined switch (nif.sriovrole) { case SRIOVRole.VF: @@ -113,7 +128,7 @@ export const RelatedNif = ({ nif, families, onNavigation, onContaineeNavigation, } } - if (!othernif) { + if (!othernif || othernif === unrelatedNif) { return <> } return ( diff --git a/webui/src/models/gw/model.ts b/webui/src/models/gw/model.ts index 07fe9f5..861b094 100644 --- a/webui/src/models/gw/model.ts +++ b/webui/src/models/gw/model.ts @@ -274,9 +274,11 @@ export const fromjson = (jsondata: JSONObject) => { if (jnif.slaves) { // Nota bene: while the discovery service classifies VXLAN // overlays as slaves, we now sort it out; instead, we are - // maintaining a dedicated overlay list. + // maintaining a dedicated overlay list. However, if this is a + // bridge then we must preserve the slave relationship, and not + // confuse it with the underlay relationship. nif.slaves = (jnif.slaves as JSONObject[]).map(nif => nifmap[nif.idref as string]) - .filter(slave => !slave.vxlanDetails) + .filter(slave => !slave.vxlanDetails || nif.kind === 'bridge') } jnif.pf && (nif.pf = nifmap[(jnif.pf as JSONObject).idref as string]) jnif.master && (nif.master = nifmap[(jnif.master as JSONObject).idref as string]) From 27696e34e459566eae271d7fc631509629d6e660 Mon Sep 17 00:00:00 2001 From: thediveo Date: Thu, 18 Apr 2024 20:36:03 +0200 Subject: [PATCH 03/14] feat: plugin-based port forwarding discovery, kube-proxy support Signed-off-by: thediveo --- network/netns_forwardedport.go | 22 ++-- network/portfwd/all/all.go | 10 ++ network/portfwd/all/doc.go | 4 + network/portfwd/doc.go | 5 + network/portfwd/docker/docker.go | 45 +++++++ network/portfwd/kubeproxy/kubeproxy.go | 165 +++++++++++++++++++++++++ network/portfwd/portfwd.go | 17 +++ 7 files changed, 255 insertions(+), 13 deletions(-) create mode 100644 network/portfwd/all/all.go create mode 100644 network/portfwd/all/doc.go create mode 100644 network/portfwd/doc.go create mode 100644 network/portfwd/docker/docker.go create mode 100644 network/portfwd/kubeproxy/kubeproxy.go create mode 100644 network/portfwd/portfwd.go diff --git a/network/netns_forwardedport.go b/network/netns_forwardedport.go index 03d62a9..be0904e 100644 --- a/network/netns_forwardedport.go +++ b/network/netns_forwardedport.go @@ -9,6 +9,9 @@ import ( "syscall" "github.com/google/nftables" + "github.com/siemens/ghostwire/v2/network/portfwd" + _ "github.com/siemens/ghostwire/v2/network/portfwd/all" + "github.com/thediveo/go-plugger/v3" "github.com/thediveo/lxkns/log" "github.com/thediveo/lxkns/model" "github.com/thediveo/nufftables" @@ -75,20 +78,13 @@ func (n *NetworkNamespace) discoverForwardedPortsOfFamily(conn *nftables.Conn, f family, err.Error()) return nil } - nattable := iptables.Table("nat", family) - if nattable == nil { - return nil - } forwardedPorts := []ForwardedPort{} - for _, chain := range nattable.ChainsByName { - for _, rule := range chain.Rules { - fp := portfinder.ForwardedPort(rule) - if fp == nil { - continue - } - log.Debugf("discovered %s", fp) + for _, portForwardings := range plugger.Group[portfwd.PortForwardings]().Symbols() { + fwdports := portForwardings(iptables, family) + for _, fwdp := range fwdports { + log.Debugf("discovered %s", fwdp) var proto Protocol - switch fp.Protocol { + switch fwdp.Protocol { case "tcp": proto = syscall.IPPROTO_TCP case "udp": @@ -97,7 +93,7 @@ func (n *NetworkNamespace) discoverForwardedPortsOfFamily(conn *nftables.Conn, f proto = syscall.IPPROTO_SCTP } forwardedPorts = append(forwardedPorts, ForwardedPort{ - ForwardedPortRange: *fp, + ForwardedPortRange: *fwdp, Protocol: proto, }) } diff --git a/network/portfwd/all/all.go b/network/portfwd/all/all.go new file mode 100644 index 0000000..cb95d43 --- /dev/null +++ b/network/portfwd/all/all.go @@ -0,0 +1,10 @@ +// (c) Siemens AG 2024 +// +// SPDX-License-Identifier: MIT + +package all + +import ( + _ "github.com/siemens/ghostwire/v2/network/portfwd/docker" // activate port fwd detection for Docker + _ "github.com/siemens/ghostwire/v2/network/portfwd/kubeproxy" // activate port fwd detection for kube-proxy +) diff --git a/network/portfwd/all/doc.go b/network/portfwd/all/doc.go new file mode 100644 index 0000000..2561196 --- /dev/null +++ b/network/portfwd/all/doc.go @@ -0,0 +1,4 @@ +/* +Package all pulls in all Gostwire port forwarding detectors (plugins). +*/ +package all diff --git a/network/portfwd/doc.go b/network/portfwd/doc.go new file mode 100644 index 0000000..e176242 --- /dev/null +++ b/network/portfwd/doc.go @@ -0,0 +1,5 @@ +/* +Package portfwd defines a plugin interface for detecting forwarded ports from +nftables. +*/ +package portfwd diff --git a/network/portfwd/docker/docker.go b/network/portfwd/docker/docker.go new file mode 100644 index 0000000..84afb46 --- /dev/null +++ b/network/portfwd/docker/docker.go @@ -0,0 +1,45 @@ +// (c) Siemens AG 2024 +// +// SPDX-License-Identifier: MIT + +package docker + +import ( + "github.com/siemens/ghostwire/v2/network/portfwd" + "github.com/thediveo/go-plugger/v3" + "github.com/thediveo/lxkns/log" + "github.com/thediveo/nufftables" + "github.com/thediveo/nufftables/portfinder" +) + +// Register this PortForwardings plugin. +func init() { + plugger.Group[portfwd.PortForwardings]().Register( + PortForwardings, plugger.WithPlugin("docker")) +} + +// PortForwardings discovers Docker's forwarded ports from the “nat” table(s) +// (only for IPv4 and IPv6 respectively). +func PortForwardings(tables nufftables.TableMap, family nufftables.TableFamily) []*portfinder.ForwardedPortRange { + switch family { + case nufftables.TableFamilyIPv4, nufftables.TableFamilyIPv6: + default: + return nil + } + nattable := tables.Table("nat", family) + if nattable == nil { + return nil + } + forwardedPorts := []*portfinder.ForwardedPortRange{} + for _, chain := range nattable.ChainsByName { + for _, rule := range chain.Rules { + fp := portfinder.ForwardedPort(rule) + if fp == nil { + continue + } + log.Debugf("discovered %s", fp) + forwardedPorts = append(forwardedPorts, fp) + } + } + return forwardedPorts +} diff --git a/network/portfwd/kubeproxy/kubeproxy.go b/network/portfwd/kubeproxy/kubeproxy.go new file mode 100644 index 0000000..daf7b02 --- /dev/null +++ b/network/portfwd/kubeproxy/kubeproxy.go @@ -0,0 +1,165 @@ +// (c) Siemens AG 2024 +// +// SPDX-License-Identifier: MIT + +package docker + +import ( + "bytes" + "net" + "strings" + + "github.com/google/nftables/expr" + "github.com/google/nftables/xt" + "github.com/siemens/ghostwire/v2/network/portfwd" + "github.com/thediveo/go-plugger/v3" + "github.com/thediveo/nufftables" + "github.com/thediveo/nufftables/portfinder" + "golang.org/x/sys/unix" +) + +const ( + kubeServicesChain = "KUBE-SERVICES" + kubeServiceChainPrefix = "KUBE-SVC-" + kubeSeparationChainPrefix = "KUBE-SEP-" +) + +// Register this PortForwardings plugin. +func init() { + plugger.Group[portfwd.PortForwardings]().Register( + PortForwardings, plugger.WithPlugin("kubeproxy")) +} + +// PortForwardings discovers kube-proxy's forwarded (virtual service address) +// ports from the “nat” table(s) (only for IPv4 and IPv6 respectively). +func PortForwardings(tables nufftables.TableMap, family nufftables.TableFamily) []*portfinder.ForwardedPortRange { + switch family { + case nufftables.TableFamilyIPv4, nufftables.TableFamilyIPv6: + default: + return nil + } + nattable := tables.Table("nat", family) + if nattable == nil { + return nil + } + forwardedPorts := []*portfinder.ForwardedPortRange{} + kubeServices := nattable.ChainsByName[kubeServicesChain] + if kubeServices == nil { + return nil + } + + for _, svcRules := range kubeServices.Rules { + ip, proto, port, comment, svcChainName := service(svcRules.Exprs) + if svcChainName == "" { + continue + } + _ = comment // TODO: upstream nufftables + for _, sepChain := range separations(nattable.ChainsByName[svcChainName]) { + sc := nattable.ChainsByName[sepChain] + if sc == nil { + continue + } + for _, rule := range sc.Rules { + _, target := nufftables.OfTypeFunc(rule.Exprs, isDNAT) + if target == nil { + continue + } + nr := target.Info.(*xt.NatRange2) + forwardedPorts = append(forwardedPorts, &portfinder.ForwardedPortRange{ + Protocol: proto, + IP: ip, + PortMin: port, + PortMax: port, + ForwardIP: net.IP(nr.MinIP), + ForwardPortMin: nr.MinPort, + }) + } + } + } + + return forwardedPorts +} + +func isDNAT(target *expr.Target) bool { + if target.Name != "DNAT" { + return false + } + _, ok := target.Info.(*xt.NatRange2) + return ok +} + +func separations(chain *nufftables.Chain) (chains []string) { + if chain == nil { + return + } + for _, rule := range chain.Rules { + _, verdict := nufftables.OfTypeFunc(rule.Exprs, isSepVerdict) + if verdict == nil { + continue + } + chains = append(chains, verdict.Chain) + } + return +} + +func isSepVerdict(verdict *expr.Verdict) bool { + return verdict.Kind == -3 && strings.HasPrefix(verdict.Chain, kubeSeparationChainPrefix) +} + +func service( + exprs nufftables.Expressions, +) ( + ip net.IP, protocol string, port uint16, comment string, chain string, +) { + exprs, svcproto := nufftables.OfTypeFunc(exprs, isIPProtoTcpUdp) + exprs, svcip := nufftables.OfTypeFunc(exprs, isIP) + exprs, svccomment := nufftables.OfTypeFunc(exprs, isComment) + exprs, svcport := nufftables.OfTypeFunc(exprs, isServicePort) + exprs, svcchain := nufftables.OfTypeFunc(exprs, isServiceChain) + if exprs == nil { + return nil, "", 0, "", "" + } + + ip = net.IP(svcip.Data) + switch svcproto.Data[0] { + case unix.IPPROTO_TCP: + protocol = "tcp" + case unix.IPPROTO_UDP: + protocol = "udp" + } + port = uint16(svcport.Data[0])<<8 + uint16(svcport.Data[1]) + comment = string(bytes.TrimRight([]byte(*svccomment.Info.(*xt.Unknown)), "\x00")) + chain = svcchain.Chain + return +} + +func isIPProtoTcpUdp(cmp *expr.Cmp) bool { + if len(cmp.Data) != 1 { + return false + } + switch cmp.Data[0] { + case unix.IPPROTO_TCP, unix.IPPROTO_UDP: + return true + } + return false +} + +func isIP(cmp *expr.Cmp) bool { + switch len(cmp.Data) { + case 4, 16: + return true + } + return false +} + +func isComment(match *expr.Match) bool { + return match.Name == "comment" +} + +func isServicePort(cmp *expr.Cmp) bool { + return len(cmp.Data) == 2 +} + +func isServiceChain(verdict *expr.Verdict) bool { + return verdict.Kind == -3 && strings.HasPrefix(verdict.Chain, kubeServiceChainPrefix) +} diff --git a/network/portfwd/portfwd.go b/network/portfwd/portfwd.go new file mode 100644 index 0000000..2491358 --- /dev/null +++ b/network/portfwd/portfwd.go @@ -0,0 +1,17 @@ +// (c) Siemens AG 2024 +// +// SPDX-License-Identifier: MIT + +package portfwd + +import ( + "github.com/thediveo/nufftables" + "github.com/thediveo/nufftables/portfinder" +) + +// Portwardings returns forwarded ports discovered from the table map of a +// single specific table family passed to it. +type PortForwardings func( + tables nufftables.TableMap, + family nufftables.TableFamily, +) []*portfinder.ForwardedPortRange From 089696df0e251301e1b381c1f455b4c252b511a0 Mon Sep 17 00:00:00 2001 From: thediveo Date: Sat, 20 Apr 2024 18:18:13 +0200 Subject: [PATCH 04/14] fix: broken veth peer chasing when locating the netns for a destination IP Signed-off-by: thediveo --- network/netns_forwardedport.go | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/network/netns_forwardedport.go b/network/netns_forwardedport.go index be0904e..0254a86 100644 --- a/network/netns_forwardedport.go +++ b/network/netns_forwardedport.go @@ -10,7 +10,7 @@ import ( "github.com/google/nftables" "github.com/siemens/ghostwire/v2/network/portfwd" - _ "github.com/siemens/ghostwire/v2/network/portfwd/all" + _ "github.com/siemens/ghostwire/v2/network/portfwd/all" // activate all port forwarding detectors. "github.com/thediveo/go-plugger/v3" "github.com/thediveo/lxkns/log" "github.com/thediveo/lxkns/model" @@ -211,9 +211,9 @@ func (n *NetworkNamespace) WhereIs(destIP net.IP) (*NetworkNamespace, Interface) if bestRoute.DestinationPrefixLen < 0 { return nil, nil } - // ...otherweise since we didn't have a direct hit on one of our network - // interfaces, now see through network interface we are leaving this network - // namespace and where this will lead us to? + // ...otherwise since we didn't have a direct destination hit on one of our + // network interfaces, now see through the network interface we are leaving + // this network namespace and where this will lead us to? ip := destIP if bestRoute.NextHop != nil && !bestRoute.NextHop.IsUnspecified() { ip = bestRoute.NextHop @@ -233,10 +233,14 @@ func (n *NetworkNamespace) WhereIs(destIP net.IP) (*NetworkNamespace, Interface) // It's a directly connected VETH, for what that is worth. The other // VETH end must be either the next hop or the ultimate destination, // otherwise we know it's a complete and utter miss. - peer, ok := bestRoute.Nif.(Veth) + veth, ok := bestRoute.Nif.(Veth) if !ok { return nil, nil } + peer := veth.Veth().Peer + if peer == nil { + return nil, nil + } if !peer.Nif().HasAddress(ip) { return nil, nil } From da105f812eb69764bb1426544d439c0717aec56e Mon Sep 17 00:00:00 2001 From: thediveo Date: Sat, 20 Apr 2024 18:30:19 +0200 Subject: [PATCH 05/14] fix: missing error check when duplicating another process's fd Signed-off-by: thediveo --- network/netns_tuntap.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/network/netns_tuntap.go b/network/netns_tuntap.go index de87e08..425d070 100644 --- a/network/netns_tuntap.go +++ b/network/netns_tuntap.go @@ -97,6 +97,9 @@ func discoverProcessors(allprocs model.ProcessTable) []tuntapProcessor { continue } taptunFd, err := unix.PidfdGetfd(pidfd, int(fd), 0) + if err != nil { + continue + } netnsFd, err := getTapNetdevNetnsFd(taptunFd) unix.Close(taptunFd) if err != nil { From 6647b2b1623dce82e3a52ad3114fea120a99d466 Mon Sep 17 00:00:00 2001 From: thediveo Date: Sat, 20 Apr 2024 18:30:52 +0200 Subject: [PATCH 06/14] chore: vuln deps upgrades Signed-off-by: thediveo --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 873fbe2..6aeb825 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/thediveo/whalewatcher v0.11.2 github.com/vishvananda/netlink v1.2.1-beta.2.0.20240223175432-6ab7f5a3765c golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 - golang.org/x/sys v0.17.0 + golang.org/x/sys v0.18.0 golang.org/x/text v0.14.0 sigs.k8s.io/kind v0.22.0 ) @@ -129,13 +129,13 @@ require ( go.opentelemetry.io/otel/metric v1.22.0 // indirect go.opentelemetry.io/otel/trace v1.22.0 // indirect golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/sync v0.6.0 // indirect golang.org/x/tools v0.18.0 // indirect google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect google.golang.org/grpc v1.62.0 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools v2.2.0+incompatible // indirect diff --git a/go.sum b/go.sum index 45aa1b1..5612aa4 100644 --- a/go.sum +++ b/go.sum @@ -455,8 +455,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -510,8 +510,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -569,8 +569,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 751e3a406009d3f54172420a50886300a36afab6 Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 11:24:49 +0200 Subject: [PATCH 07/14] chore: deps Signed-off-by: thediveo --- go.mod | 61 ++++++++-------- go.sum | 220 +++++++++++++++++---------------------------------------- 2 files changed, 97 insertions(+), 184 deletions(-) diff --git a/go.mod b/go.mod index 6aeb825..5e67355 100644 --- a/go.mod +++ b/go.mod @@ -5,18 +5,18 @@ go 1.21 replace github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.12 require ( - github.com/cenkalti/backoff/v4 v4.2.1 - github.com/containernetworking/cni v1.1.2 - github.com/docker/docker v25.0.3+incompatible + github.com/cenkalti/backoff/v4 v4.3.0 + github.com/containernetworking/cni v1.2.0 + github.com/docker/docker v26.0.2+incompatible github.com/dustinkirkland/golang-petname v0.0.0-20231002161417-6a283f1aaaf2 - github.com/getkin/kin-openapi v0.123.0 - github.com/google/nftables v0.1.0 + github.com/getkin/kin-openapi v0.124.0 + github.com/google/nftables v0.2.1-0.20240422065334-aa8348f7904c github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.1 github.com/jinzhu/copier v0.4.0 - github.com/ohler55/ojg v1.21.3 - github.com/onsi/ginkgo/v2 v2.15.0 - github.com/onsi/gomega v1.31.1 + github.com/ohler55/ojg v1.21.5 + github.com/onsi/ginkgo/v2 v2.17.1 + github.com/onsi/gomega v1.33.0 github.com/ory/dockertest v3.3.5+incompatible github.com/ory/dockertest/v3 v3.10.0 github.com/siemens/ieddata v1.0.0 @@ -28,20 +28,20 @@ require ( github.com/thediveo/fdooze v0.3.1 github.com/thediveo/go-plugger/v3 v3.1.0 github.com/thediveo/ioctl v0.9.3 - github.com/thediveo/lxkns v0.32.4 + github.com/thediveo/lxkns v0.33.1 github.com/thediveo/namspill v0.1.6 - github.com/thediveo/netdb v1.1.0 - github.com/thediveo/notwork v1.4.1 - github.com/thediveo/nufftables v0.8.0 + github.com/thediveo/netdb v1.1.2 + github.com/thediveo/notwork v1.5.0 + github.com/thediveo/nufftables v0.9.0 github.com/thediveo/osrelease v1.0.2 github.com/thediveo/procfsroot v1.0.1 github.com/thediveo/spaserve v1.0.2 github.com/thediveo/success v1.0.2 github.com/thediveo/testbasher v1.0.8 - github.com/thediveo/whalewatcher v0.11.2 + github.com/thediveo/whalewatcher v0.11.3 github.com/vishvananda/netlink v1.2.1-beta.2.0.20240223175432-6ab7f5a3765c - golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 - golang.org/x/sys v0.18.0 + golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f + golang.org/x/sys v0.19.0 golang.org/x/text v0.14.0 sigs.k8s.io/kind v0.22.0 ) @@ -52,6 +52,7 @@ require ( github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/BurntSushi/toml v1.3.2 // indirect + github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect @@ -59,14 +60,14 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/containerd/cgroups v1.1.0 // indirect - github.com/containerd/containerd v1.7.13 // indirect + github.com/containerd/containerd v1.7.14 // indirect github.com/containerd/continuity v0.4.3 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/containerd/ttrpc v1.2.2 // indirect + github.com/containerd/ttrpc v1.2.3 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/distribution/reference v0.5.0 // indirect - github.com/docker/cli v25.0.3+incompatible // indirect + github.com/docker/cli v25.0.4+incompatible // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-units v0.5.0 // indirect @@ -82,7 +83,7 @@ require ( github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect @@ -93,15 +94,16 @@ require ( github.com/invopop/yaml v0.2.0 // indirect github.com/jmoiron/sqlx v1.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect - github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect + github.com/josharian/native v1.1.0 // indirect github.com/klauspost/compress v1.17.5 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/mattn/go-sqlite3 v1.14.17 // indirect - github.com/mdlayher/netlink v1.4.2 // indirect - github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb // indirect + github.com/mdlayher/netlink v1.7.2 // indirect + github.com/mdlayher/socket v0.5.0 // indirect github.com/miekg/dns v1.1.55 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/sys/mountinfo v0.7.1 // indirect github.com/moby/sys/sequential v0.5.0 // indirect @@ -119,7 +121,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/thediveo/go-mntinfo v1.0.2 // indirect - github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect + github.com/vishvananda/netns v0.0.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect @@ -128,18 +130,17 @@ require ( go.opentelemetry.io/otel v1.22.0 // indirect go.opentelemetry.io/otel/metric v1.22.0 // indirect go.opentelemetry.io/otel/trace v1.22.0 // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/tools v0.18.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/tools v0.20.0 // indirect google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect - google.golang.org/grpc v1.62.0 // indirect + google.golang.org/grpc v1.62.1 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools v2.2.0+incompatible // indirect - honnef.co/go/tools v0.2.2 // indirect - k8s.io/cri-api v0.29.2 // indirect + k8s.io/cri-api v0.29.3 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 5612aa4..aaca2ab 100644 --- a/go.sum +++ b/go.sum @@ -8,10 +8,11 @@ github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2/go.mod github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= @@ -26,34 +27,29 @@ github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x0 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= -github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.13 h1:wPYKIeGMN8vaggSKuV1X0wZulpMz4CrgEsZdaCyB6Is= -github.com/containerd/containerd v1.7.13/go.mod h1:zT3up6yTRfEUa6+GsITYIJNgSVL9NQ4x4h1RPzk0Wu4= +github.com/containerd/containerd v1.7.14 h1:H/XLzbnGuenZEGK+v0RkwTdv2u1QFAruMe5N0GNPJwA= +github.com/containerd/containerd v1.7.14/go.mod h1:YMC9Qt5yzNqXx/fO4j/5yYVIHXSRrlB3H7sxkUTvspg= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs= -github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= +github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0= +github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= -github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= +github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= +github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= @@ -63,10 +59,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v25.0.3+incompatible h1:KLeNs7zws74oFuVhgZQ5ONGZiXUUdgsdy6/EsX/6284= -github.com/docker/cli v25.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/docker v25.0.3+incompatible h1:D5fy/lYmY7bvZa0XTZ5/UJPljor41F+vdyJG5luQLfQ= -github.com/docker/docker v25.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/cli v25.0.4+incompatible h1:DatRkJ+nrFoYL2HZUzjM5Z5sAmcA5XGp+AW0oEw2+cA= +github.com/docker/cli v25.0.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker v26.0.2+incompatible h1:yGVmKUFGgcxA6PXWAokO0sQL22BrQ67cgVjko8tGdXE= +github.com/docker/docker v26.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= @@ -83,7 +79,6 @@ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= @@ -92,8 +87,8 @@ github.com/gammazero/deque v0.2.1 h1:qSdsbG6pgp6nL7A0+K/B7s12mcCY/5l5SIUpMOl+dC0 github.com/gammazero/deque v0.2.1/go.mod h1:LFroj8x4cMYCukHJDbxFCkT+r9AndaJnFMuZDV34tuU= github.com/gammazero/workerpool v1.1.3 h1:WixN4xzukFoN0XSeXF6puqEqFTl2mECI9S6W44HWy9Q= github.com/gammazero/workerpool v1.1.3/go.mod h1:wPjyBLDbyKnUn2XwwyD3EEwo9dHutia9/fwNmSHWACc= -github.com/getkin/kin-openapi v0.123.0 h1:zIik0mRwFNLyvtXK274Q6ut+dPh6nlxBp0x7mNrPhs8= -github.com/getkin/kin-openapi v0.123.0/go.mod h1:wb1aSZA/iWmorQP9KTAS/phLj/t17B5jT7+fS8ed9NM= +github.com/getkin/kin-openapi v0.124.0 h1:VSFNMB9C9rTKBnQ/fpyDU8ytMTr4dWI9QovSKj9kz/M= +github.com/getkin/kin-openapi v0.124.0/go.mod h1:wb1aSZA/iWmorQP9KTAS/phLj/t17B5jT7+fS8ed9NM= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -122,7 +117,6 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4er github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -133,24 +127,20 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/nftables v0.1.0 h1:T6lS4qudrMufcNIZ8wSRrL+iuwhsKxpN+zFLxhUWOqk= -github.com/google/nftables v0.1.0/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/nftables v0.2.1-0.20240422065334-aa8348f7904c h1:XJHEjE/d9/F9Sp6hvRCfh6Sl4WtCoKx7JJI2z1trH/Y= +github.com/google/nftables v0.2.1-0.20240422065334-aa8348f7904c/go.mod h1:Fo/xFnOxWlRQtnHdNi46KbIjufTDzbKhtghpWrmsSUg= github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= @@ -170,7 +160,6 @@ github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -183,23 +172,12 @@ github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA= -github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= -github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= -github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= -github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok= -github.com/jsimonetti/rtnetlink v0.0.0-20201216134343-bde56ed16391/go.mod h1:cR77jAZG3Y3bsb8hF6fHJbFoyFukLFOkQ98S0pQz3xw= -github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c53zj6Eex712ROyh8WI0ihysb5j2ROyV42iNogmAs= -github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA= -github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U= -github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo= -github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ= -github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs= +github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= +github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.5 h1:d4vBd+7CHydUqpFBgUEKkSdtSugf9YFmSkvUYPquI5E= github.com/klauspost/compress v1.17.5/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -215,33 +193,18 @@ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APP github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0= github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo= -github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8= -github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE= -github.com/mdlayher/genetlink v1.0.0 h1:OoHN1OdyEIkScEmRgxLEe2M9U8ClMytqA5niynLtfj0= -github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc= -github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA= -github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M= -github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY= -github.com/mdlayher/netlink v1.1.1/go.mod h1:WTYpFb/WTvlRJAyKhZL5/uy69TDDpHHu2VZmb2XgV7o= -github.com/mdlayher/netlink v1.2.0/go.mod h1:kwVW1io0AZy9A1E2YYgaD4Cj+C+GPkU6klXCMzIJ9p8= -github.com/mdlayher/netlink v1.2.1/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= -github.com/mdlayher/netlink v1.2.2-0.20210123213345-5cc92139ae3e/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= -github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuriDdoPSWys= -github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8= -github.com/mdlayher/netlink v1.4.1/go.mod h1:e4/KuJ+s8UhfUpO9z00/fDZZmhSrs+oxyqAS9cNgn6Q= -github.com/mdlayher/netlink v1.4.2 h1:3sbnJWe/LETovA7yRZIX3f9McVOWV3OySH6iIBxiFfI= -github.com/mdlayher/netlink v1.4.2/go.mod h1:13VaingaArGUTUxFLf/iEovKxXji32JAtF858jZYEug= -github.com/mdlayher/socket v0.0.0-20210307095302-262dc9984e00/go.mod h1:GAFlyu4/XV68LkQKYzKhIo/WW7j3Zi0YRAz/BOoanUc= -github.com/mdlayher/socket v0.0.0-20211007213009-516dcbdf0267/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g= -github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb h1:2dC7L10LmTqlyMVzFJ00qM25lqESg9Z4u3GuEXN5iHY= -github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g= +github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= +github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= +github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI= +github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI= github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/buildkit v0.12.5 h1:RNHH1l3HDhYyZafr5EgstEu8aGNCwyfvMtrQDtjH9T0= github.com/moby/buildkit v0.12.5/go.mod h1:YGwjA2loqyiYfZeEo8FtI7z4x5XponAaIWsWcSjWwso= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= @@ -264,21 +227,19 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/ohler55/ojg v1.21.3 h1:0smW0EKpyPBBIpTKhM+UbCDeQFbR0oEUxym+rFv2Y/8= -github.com/ohler55/ojg v1.21.3/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o= +github.com/ohler55/ojg v1.21.5 h1:Wfok9bfUImPFe3v6W61+Kz0j3fcjBt0NDVIpOtHAczQ= +github.com/ohler55/ojg v1.21.5/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= +github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -304,9 +265,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= -github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= +github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= +github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -318,7 +278,6 @@ github.com/siemens/mobydig v1.0.0 h1:kOZ0QYwXGxAuhT+A3Dz1QGoaovxyywVvwEvLC9yETkc github.com/siemens/mobydig v1.0.0/go.mod h1:TtROWS4S7mfaAFUGmbhaZ9jnUFsdfLWYnLPTi+44g4Q= github.com/siemens/turtlefinder v1.1.3 h1:I4dk9zSptQOQ6dBIkgpeTjJZa0IXkaTHtZbePvhlVrY= github.com/siemens/turtlefinder v1.1.3/go.mod h1:WsMiAAehMo6oMdsY6UZYqjTFMJVoLY3f2jUVvmVlunk= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= @@ -331,7 +290,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -351,18 +309,18 @@ github.com/thediveo/go-plugger/v3 v3.1.0 h1:aqtzFkP7gBU/MlL/TyMOTY0MUYixebZn8JVh github.com/thediveo/go-plugger/v3 v3.1.0/go.mod h1:bED6ehF6GQUW9NDDgJG6QS/GL1J8L8hT3RUI7GTtAWo= github.com/thediveo/ioctl v0.9.3 h1:DCxyUUY15z/Zezz+wf2nlbVf3yFh0nvfM7i7KnfgG8s= github.com/thediveo/ioctl v0.9.3/go.mod h1:Ro3WW0UuPDh1QByEwNb/alva3ODM+GbRlb80u/LZU9o= -github.com/thediveo/lxkns v0.32.4 h1:WX1AOjZBxqrDu62e1bycZzWc8s12Eqyea8YpC1kA5dQ= -github.com/thediveo/lxkns v0.32.4/go.mod h1:PeLloyoRrelm4epdJ+6UCFwHrT7ha9w5QhLIpGA9QT8= +github.com/thediveo/lxkns v0.33.1 h1:TJyTD0ZtHqBcr0SzM8OQ8mpXZzMzPEWUkLDl6Ylmjl4= +github.com/thediveo/lxkns v0.33.1/go.mod h1:Mm31fCR45TSNACb0/H4aE92sP6VS5hURowtoew+Jn7M= github.com/thediveo/morbyd v0.10.0 h1:WWcJUSEfuRJSh9xzXDmQdjE2susZygwnOf1dO3AbB1s= github.com/thediveo/morbyd v0.10.0/go.mod h1:vMmifCTGup37clahfCDEOdzwCpC+Si5iIaRmsDhY4y0= github.com/thediveo/namspill v0.1.6 h1:eD8puqhwIkBS78vrzJtY46eurHX0o6JIAqzgkRmMLl0= github.com/thediveo/namspill v0.1.6/go.mod h1:oRhr6rRg9z5pHuHckecgP4l9qN4YECZ22TtGs9Ma51E= -github.com/thediveo/netdb v1.1.0 h1:oO9nZ9zoO2p5Ps61WJR5VPtt2yxKMneYBfI8ZsutYSU= -github.com/thediveo/netdb v1.1.0/go.mod h1:yr3xaPR82VKhHg30BtJuYktFzZBjsWkEhPadHVYCOmo= -github.com/thediveo/notwork v1.4.1 h1:TqaqfF1TCvkO9XaVr4j45Cs6LSPSAzgJ1WMrGH3cYE8= -github.com/thediveo/notwork v1.4.1/go.mod h1:gTCu1PXZktfp4zr42fgOfX9hcyHSabrB/rCCJNRQZAo= -github.com/thediveo/nufftables v0.8.0 h1:9xRtR0D8rCzp6D5k5qMy019v7zHCWvufoaFLz857pT8= -github.com/thediveo/nufftables v0.8.0/go.mod h1:gnlGJOB6WJkx5MokgzBlnUxdPVFo488aTJGyQMpeVhQ= +github.com/thediveo/netdb v1.1.2 h1:XdLx/YJPutxrSkPYtmCAIY5sgAvxtkS1Tz+Z0UX2I+U= +github.com/thediveo/netdb v1.1.2/go.mod h1:KJczM//7VIIiovQO1qDooHvM8+0pt6RdRt3rVDZxEGM= +github.com/thediveo/notwork v1.5.0 h1:CcZoDrlT3DnNA4579nnuQ0BxiTACDnlieBv9fh+rQ7w= +github.com/thediveo/notwork v1.5.0/go.mod h1:gTCu1PXZktfp4zr42fgOfX9hcyHSabrB/rCCJNRQZAo= +github.com/thediveo/nufftables v0.9.0 h1:jR97CBDgSlFxaZgJ3NKvJQuzN+xV2KMwGP/2tQAubs4= +github.com/thediveo/nufftables v0.9.0/go.mod h1:6zbStYgb9O4A/bmvJpLLnoVzxt7gACWpo6nuID43U18= github.com/thediveo/once v0.9.1 h1:gk/8dYOto5cVEBH0LK1vYyOFH9OvugcZ12e+UnJpmTo= github.com/thediveo/once v0.9.1/go.mod h1:LC0fkZJHR95DuZwiVX8BOKf+QbgCtlyvz5uWnTwR8QI= github.com/thediveo/osrelease v1.0.2 h1:FGbfAbF/hhnBbLqTbB8Wy+4c2ws7xpK8CyKgejBui+Q= @@ -375,15 +333,15 @@ github.com/thediveo/success v1.0.2 h1:w+r3RbSjLmd7oiNnlCblfGqItcsaShcuAorRVh/+0x github.com/thediveo/success v1.0.2/go.mod h1:hdPJB77k70w764lh8uLUZgNhgeTl3DYeZ4d4bwMO2CU= github.com/thediveo/testbasher v1.0.8 h1:5V02Jx+XxnXWAS3V0a5buDH2XKP7bacy34nEL8AW2qk= github.com/thediveo/testbasher v1.0.8/go.mod h1:yzGD+ZTFcf/3dsV2F8uVWnYAg4uL1XUxk41itie66Ko= -github.com/thediveo/whalewatcher v0.11.2 h1:ehqBq36by0zTHCNB3//yZLrdBjyF4WSCoGA6/lhY5Zs= -github.com/thediveo/whalewatcher v0.11.2/go.mod h1:g1BprYJgSyXMrQtEuim503w1wWAHmOnF+27lLJE+MiI= +github.com/thediveo/whalewatcher v0.11.3 h1:znBAX/fcn9wPN4x05ALMfgpnboX34+NVyc6uO08pGXo= +github.com/thediveo/whalewatcher v0.11.3/go.mod h1:KNFbgboC9dPnD72ytmRVMI9uml3UGhoTw2Q43hqNSA0= github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0= github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY= github.com/vishvananda/netlink v1.2.1-beta.2.0.20240223175432-6ab7f5a3765c h1:sjsaSqCU4YC/jQ0hOqU8yGFaCBkPr5VOrys5oFQ9yyM= github.com/vishvananda/netlink v1.2.1-beta.2.0.20240223175432-6ab7f5a3765c/go.mod h1:whJevzBpTrid75eZy99s3DqCmy05NfibNaF2Ol5Ox5A= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA= -github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= +github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -393,7 +351,6 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= @@ -418,17 +375,15 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= -golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -436,82 +391,46 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -529,10 +448,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -541,7 +458,6 @@ google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9Ywl google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= @@ -553,10 +469,9 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -589,15 +504,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= +gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo= +gotest.tools/v3 v3.3.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= -honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk= -honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY= -k8s.io/cri-api v0.29.2 h1:LLSeWVC3h1nVMpV9vHiE+mO3spDYmz/C0GvxH6p6tkg= -k8s.io/cri-api v0.29.2/go.mod h1:9fQTFm+wi4FLyqrkVUoMJiUB3mE74XrVvHz8uFY/sSw= +k8s.io/cri-api v0.29.3 h1:ppKSui+hhTJW774Mou6x+/ealmzt2jmTM0vsEQVWrjI= +k8s.io/cri-api v0.29.3/go.mod h1:3X7EnhsNaQnCweGhQCJwKNHlH7wHEYuKQ19bRvXMoJY= sigs.k8s.io/kind v0.22.0 h1:z/+yr/azoOfzsfooqRsPw1wjJlqT/ukXP0ShkHwNlsI= sigs.k8s.io/kind v0.22.0/go.mod h1:aBlbxg08cauDgZ612shr017/rZwqd7AS563FvpWKPVs= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From 9f5a16cc9e6d8c962f487b88f6ea1dedbe6d2785 Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 11:25:21 +0200 Subject: [PATCH 08/14] chore: refactor, add unit tests Signed-off-by: thediveo --- network/portfwd/kubeproxy/kubeproxy.go | 95 ++++++++----- network/portfwd/kubeproxy/kubeproxy_test.go | 148 ++++++++++++++++++++ network/portfwd/kubeproxy/package_test.go | 24 ++++ 3 files changed, 233 insertions(+), 34 deletions(-) create mode 100644 network/portfwd/kubeproxy/kubeproxy_test.go create mode 100644 network/portfwd/kubeproxy/package_test.go diff --git a/network/portfwd/kubeproxy/kubeproxy.go b/network/portfwd/kubeproxy/kubeproxy.go index daf7b02..c30bfa0 100644 --- a/network/portfwd/kubeproxy/kubeproxy.go +++ b/network/portfwd/kubeproxy/kubeproxy.go @@ -2,10 +2,9 @@ // // SPDX-License-Identifier: MIT -package docker +package kubeproxy import ( - "bytes" "net" "strings" @@ -49,7 +48,7 @@ func PortForwardings(tables nufftables.TableMap, family nufftables.TableFamily) } for _, svcRules := range kubeServices.Rules { - ip, proto, port, comment, svcChainName := service(svcRules.Exprs) + ip, proto, port, comment, svcChainName := virtualServiceDetails(svcRules.Exprs) if svcChainName == "" { continue } @@ -80,6 +79,8 @@ func PortForwardings(tables nufftables.TableMap, family nufftables.TableFamily) return forwardedPorts } +// isDNAT returns true, if the passed nft Target expression is a DNAT target +// expression, otherwise false. func isDNAT(target *expr.Target) bool { if target.Name != "DNAT" { return false @@ -88,6 +89,8 @@ func isDNAT(target *expr.Target) bool { return ok } +// separations returns a list of service separation chain names, given a +// specific service chain. func separations(chain *nufftables.Chain) (chains []string) { if chain == nil { return @@ -106,60 +109,84 @@ func isSepVerdict(verdict *expr.Verdict) bool { return verdict.Kind == -3 && strings.HasPrefix(verdict.Chain, kubeSeparationChainPrefix) } -func service( +// virtualServiceDetails extracts service details (such as service IP address +// and port, et cetera) from the specified nft expressions. In case of any +// errors, it returns zero values. +func virtualServiceDetails( exprs nufftables.Expressions, ) ( ip net.IP, protocol string, port uint16, comment string, chain string, ) { - exprs, svcproto := nufftables.OfTypeFunc(exprs, isIPProtoTcpUdp) - exprs, svcip := nufftables.OfTypeFunc(exprs, isIP) - exprs, svccomment := nufftables.OfTypeFunc(exprs, isComment) - exprs, svcport := nufftables.OfTypeFunc(exprs, isServicePort) - exprs, svcchain := nufftables.OfTypeFunc(exprs, isServiceChain) + // Try to glance the needed information from the expressions we were given; + // if there is any problem, then we will end up with nil remaining + // expressions as our warning signal. + exprs, protocol = nufftables.OfTypeTransformed(exprs, getTcpUdp) + exprs, ip = nufftables.OfTypeTransformed(exprs, getIPv46) + exprs, comment = nufftables.OfTypeTransformed(exprs, getComment) + exprs, port = nufftables.OfTypeTransformed(exprs, getPort) + exprs, chain = nufftables.OfTypeTransformed(exprs, getJumpVerdictChain) if exprs == nil { return nil, "", 0, "", "" } - - ip = net.IP(svcip.Data) - switch svcproto.Data[0] { - case unix.IPPROTO_TCP: - protocol = "tcp" - case unix.IPPROTO_UDP: - protocol = "udp" - } - port = uint16(svcport.Data[0])<<8 + uint16(svcport.Data[1]) - comment = string(bytes.TrimRight([]byte(*svccomment.Info.(*xt.Unknown)), "\x00")) - chain = svcchain.Chain return } -func isIPProtoTcpUdp(cmp *expr.Cmp) bool { +// getTcpUdp returns the transport protocol name enclosed in a Cmp expression +// for TCP and UDP, otherwise false. +func getTcpUdp(cmp *expr.Cmp) (string, bool) { if len(cmp.Data) != 1 { - return false + return "", false } switch cmp.Data[0] { - case unix.IPPROTO_TCP, unix.IPPROTO_UDP: - return true + case unix.IPPROTO_TCP: + return "tcp", true + case unix.IPPROTO_UDP: + return "udp", true } - return false + return "", false } -func isIP(cmp *expr.Cmp) bool { +// getIPv46 returns the IPv4 or IPv6 address enclosed in a Cmp expression, +// otherwise false. +func getIPv46(cmp *expr.Cmp) (net.IP, bool) { switch len(cmp.Data) { case 4, 16: - return true + return net.IP(cmp.Data), true } - return false + return nil, false } -func isComment(match *expr.Match) bool { - return match.Name == "comment" +// getComment returns the comment enclosed in a “comment” Match expression, or +// otherwise false if the passed Match expression isn't a comment. Ah, turtles +// all the way down. +// +// Use with [nufftables.OfTypeTransformed]. +func getComment(match *expr.Match) (string, bool) { + if match.Name != "comment" { + return "", false + } + info, ok := match.Info.(*xt.Comment) + if !ok { + return "", false + } + return string(*info), true } -func isServicePort(cmp *expr.Cmp) bool { - return len(cmp.Data) == 2 +// getPort returns the port number from a Cmp expression; otherwise, returns +// false. +func getPort(cmp *expr.Cmp) (uint16, bool) { + if len(cmp.Data) != 2 { + return 0, false + } + // network order + return uint16(cmp.Data[0])<<8 + uint16(cmp.Data[1]), true } -func isServiceChain(verdict *expr.Verdict) bool { - return verdict.Kind == -3 && strings.HasPrefix(verdict.Chain, kubeServiceChainPrefix) +// getJumpVerdictChain returns the chain name for a service as given in a jump +// verdict. +func getJumpVerdictChain(verdict *expr.Verdict) (string, bool) { + if verdict.Kind != expr.VerdictJump || !strings.HasPrefix(verdict.Chain, kubeServiceChainPrefix) { + return "", false + } + return verdict.Chain, true } diff --git a/network/portfwd/kubeproxy/kubeproxy_test.go b/network/portfwd/kubeproxy/kubeproxy_test.go new file mode 100644 index 0000000..f0dd23c --- /dev/null +++ b/network/portfwd/kubeproxy/kubeproxy_test.go @@ -0,0 +1,148 @@ +// (c) Siemens AG 2024 +// +// SPDX-License-Identifier: MIT + +package kubeproxy + +import ( + "net" + + "github.com/google/nftables/expr" + "github.com/google/nftables/xt" + "golang.org/x/sys/unix" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +var _ = Describe("kube-proxy port forwarding", func() { + + Context("transport protocol", func() { + + It("ignores Cmp expressions with other data", func() { + proto, ok := getTcpUdp(&expr.Cmp{}) + Expect(ok).To(BeFalse()) + Expect(proto).To(BeZero()) + + proto, ok = getTcpUdp(&expr.Cmp{Data: []byte{1, 2, 3}}) + Expect(ok).To(BeFalse()) + Expect(proto).To(BeZero()) + + proto, ok = getTcpUdp(&expr.Cmp{Data: []byte{0}}) + Expect(ok).To(BeFalse()) + Expect(proto).To(BeZero()) + }) + + It("returns port", func() { + port, ok := getTcpUdp(&expr.Cmp{Data: []byte{unix.IPPROTO_TCP}}) + Expect(ok).To(BeTrue()) + Expect(port).To(Equal("tcp")) + + port, ok = getTcpUdp(&expr.Cmp{Data: []byte{unix.IPPROTO_UDP}}) + Expect(ok).To(BeTrue()) + Expect(port).To(Equal("udp")) + }) + + }) + + Context("IP addresses", func() { + + It("ignores Cmp expressions with other data", func() { + ip, ok := getIPv46(&expr.Cmp{}) + Expect(ok).To(BeFalse()) + Expect(ip).To(BeZero()) + + ip, ok = getIPv46(&expr.Cmp{Data: []byte{1, 2, 3}}) + Expect(ok).To(BeFalse()) + Expect(ip).To(BeZero()) + }) + + It("returns port", func() { + ip, ok := getIPv46(&expr.Cmp{Data: []byte(net.ParseIP("fe80::dead:beef"))}) + Expect(ok).To(BeTrue()) + Expect(ip).To(Equal(net.ParseIP("fe80::dead:beef"))) + }) + + }) + + Context("ports", func() { + + It("ignores Cmp expressions with other data", func() { + port, ok := getPort(&expr.Cmp{}) + Expect(ok).To(BeFalse()) + Expect(port).To(BeZero()) + + port, ok = getPort(&expr.Cmp{Data: []byte{1, 2, 3}}) + Expect(ok).To(BeFalse()) + Expect(port).To(BeZero()) + }) + + It("returns port", func() { + port, ok := getPort(&expr.Cmp{Data: []byte{1, 2}}) + Expect(ok).To(BeTrue()) + Expect(port).To(Equal(uint16(0x0102))) + }) + + }) + + Context("jump verdicts", func() { + + It("ignores non-service jump targets other verdicts", func() { + chain, ok := getJumpVerdictChain(&expr.Verdict{}) + Expect(ok).To(BeFalse()) + Expect(chain).To(BeEmpty()) + + chain, ok = getJumpVerdictChain(&expr.Verdict{ + Kind: expr.VerdictContinue, + Chain: "foobar", + }) + Expect(ok).To(BeFalse()) + Expect(chain).To(BeEmpty()) + + chain, ok = getJumpVerdictChain(&expr.Verdict{ + Kind: expr.VerdictJump, + Chain: "hellorld", + }) + Expect(ok).To(BeFalse()) + Expect(chain).To(BeEmpty()) + }) + + It("returns the service target chain name", func() { + chain, ok := getJumpVerdictChain(&expr.Verdict{ + Kind: expr.VerdictJump, + Chain: "KUBE-SVC-HELLORLD", + }) + Expect(ok).To(BeTrue()) + Expect(chain).NotTo(BeEmpty()) + + }) + + }) + + Context("comment expressions", func() { + + It("ignores non-comment Match expressions", func() { + comment, ok := getComment(&expr.Match{}) + Expect(ok).To(BeFalse()) + Expect(comment).To(BeEmpty()) + + comment, ok = getComment(&expr.Match{ + Name: "comment", + }) + Expect(ok).To(BeFalse()) + Expect(comment).To(BeEmpty()) + }) + + It("returns comments", func() { + xtc := xt.Comment("Hellorld!") + comment, ok := getComment(&expr.Match{ + Name: "comment", + Info: &xtc, + }) + Expect(ok).To(BeTrue()) + Expect(comment).To(Equal("Hellorld!")) + }) + + }) + +}) diff --git a/network/portfwd/kubeproxy/package_test.go b/network/portfwd/kubeproxy/package_test.go new file mode 100644 index 0000000..d721659 --- /dev/null +++ b/network/portfwd/kubeproxy/package_test.go @@ -0,0 +1,24 @@ +// (c) Siemens AG 2024 +// +// SPDX-License-Identifier: MIT + +package kubeproxy + +import ( + "runtime" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func init() { + // avoid M0 ending up wedged as it was used during a throw-away namespace + // switch, but as M0 is special it cannot be killed. + runtime.LockOSThread() +} + +func TestGostwireNetwork(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "ghostwire/network/kubeproxy package") +} From 765f977c42f1d7cebfe0eabaadbab45f65600aa7 Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 13:55:59 +0200 Subject: [PATCH 09/14] test: more kube-proxy tests Signed-off-by: thediveo --- gostwire.code-workspace | 1 - network/portfwd/kubeproxy/kubeproxy.go | 51 ++-- network/portfwd/kubeproxy/kubeproxy_test.go | 289 +++++++++++++++++++- 3 files changed, 311 insertions(+), 30 deletions(-) diff --git a/gostwire.code-workspace b/gostwire.code-workspace index 3cdece6..20412bb 100644 --- a/gostwire.code-workspace +++ b/gostwire.code-workspace @@ -6,7 +6,6 @@ ], "settings": { "go.buildTags": "matchers,pprof,kind", - "go.testFlags": ["-exec", "${workspaceFolder}/scripts/sudo-askpass.sh"], "go.lintTool": "golangci-lint", "go.lintFlags": [ "--build-tags=matchers,pprof,kind" diff --git a/network/portfwd/kubeproxy/kubeproxy.go b/network/portfwd/kubeproxy/kubeproxy.go index c30bfa0..55094c8 100644 --- a/network/portfwd/kubeproxy/kubeproxy.go +++ b/network/portfwd/kubeproxy/kubeproxy.go @@ -53,24 +53,23 @@ func PortForwardings(tables nufftables.TableMap, family nufftables.TableFamily) continue } _ = comment // TODO: upstream nufftables - for _, sepChain := range separations(nattable.ChainsByName[svcChainName]) { + for _, sepChain := range serviceProviderChains(nattable.ChainsByName[svcChainName]) { sc := nattable.ChainsByName[sepChain] if sc == nil { continue } for _, rule := range sc.Rules { - _, target := nufftables.OfTypeFunc(rule.Exprs, isDNAT) - if target == nil { + _, dnat := nufftables.OfTypeTransformed(rule.Exprs, getDNAT) + if dnat == nil { continue } - nr := target.Info.(*xt.NatRange2) forwardedPorts = append(forwardedPorts, &portfinder.ForwardedPortRange{ Protocol: proto, IP: ip, PortMin: port, PortMax: port, - ForwardIP: net.IP(nr.MinIP), - ForwardPortMin: nr.MinPort, + ForwardIP: net.IP(dnat.MinIP), + ForwardPortMin: dnat.MinPort, }) } } @@ -79,34 +78,38 @@ func PortForwardings(tables nufftables.TableMap, family nufftables.TableFamily) return forwardedPorts } -// isDNAT returns true, if the passed nft Target expression is a DNAT target -// expression, otherwise false. -func isDNAT(target *expr.Target) bool { +// getDNAT returns the DNAT target expression, otherwise false. +func getDNAT(target *expr.Target) (*xt.NatRange2, bool) { if target.Name != "DNAT" { - return false + return nil, false } - _, ok := target.Info.(*xt.NatRange2) - return ok + nr, ok := target.Info.(*xt.NatRange2) + return nr, ok } -// separations returns a list of service separation chain names, given a -// specific service chain. -func separations(chain *nufftables.Chain) (chains []string) { +// serviceProviderChains returns a list of service separation chain names, given +// a specific service chain. +func serviceProviderChains(chain *nufftables.Chain) (chains []string) { if chain == nil { return } for _, rule := range chain.Rules { - _, verdict := nufftables.OfTypeFunc(rule.Exprs, isSepVerdict) - if verdict == nil { + _, chainName := nufftables.OfTypeTransformed(rule.Exprs, getJumpVerdictSeparationChain) + if chainName == "" { continue } - chains = append(chains, verdict.Chain) + chains = append(chains, chainName) } return } -func isSepVerdict(verdict *expr.Verdict) bool { - return verdict.Kind == -3 && strings.HasPrefix(verdict.Chain, kubeSeparationChainPrefix) +// getJumpVerdictSeparationChain returns the chain name for a service separation +// as given in a jump verdict. +func getJumpVerdictSeparationChain(verdict *expr.Verdict) (string, bool) { + if verdict.Kind != expr.VerdictJump || !strings.HasPrefix(verdict.Chain, kubeSeparationChainPrefix) { + return "", false + } + return verdict.Chain, true } // virtualServiceDetails extracts service details (such as service IP address @@ -124,7 +127,7 @@ func virtualServiceDetails( exprs, ip = nufftables.OfTypeTransformed(exprs, getIPv46) exprs, comment = nufftables.OfTypeTransformed(exprs, getComment) exprs, port = nufftables.OfTypeTransformed(exprs, getPort) - exprs, chain = nufftables.OfTypeTransformed(exprs, getJumpVerdictChain) + exprs, chain = nufftables.OfTypeTransformed(exprs, getJumpVerdictServiceChain) if exprs == nil { return nil, "", 0, "", "" } @@ -182,9 +185,9 @@ func getPort(cmp *expr.Cmp) (uint16, bool) { return uint16(cmp.Data[0])<<8 + uint16(cmp.Data[1]), true } -// getJumpVerdictChain returns the chain name for a service as given in a jump -// verdict. -func getJumpVerdictChain(verdict *expr.Verdict) (string, bool) { +// getJumpVerdictServiceChain returns the chain name for a service as given in a +// jump verdict. +func getJumpVerdictServiceChain(verdict *expr.Verdict) (string, bool) { if verdict.Kind != expr.VerdictJump || !strings.HasPrefix(verdict.Chain, kubeServiceChainPrefix) { return "", false } diff --git a/network/portfwd/kubeproxy/kubeproxy_test.go b/network/portfwd/kubeproxy/kubeproxy_test.go index f0dd23c..c7f989a 100644 --- a/network/portfwd/kubeproxy/kubeproxy_test.go +++ b/network/portfwd/kubeproxy/kubeproxy_test.go @@ -7,8 +7,11 @@ package kubeproxy import ( "net" + "github.com/google/nftables" "github.com/google/nftables/expr" "github.com/google/nftables/xt" + "github.com/thediveo/nufftables" + "github.com/thediveo/nufftables/portfinder" "golang.org/x/sys/unix" . "github.com/onsi/ginkgo/v2" @@ -17,6 +20,248 @@ import ( var _ = Describe("kube-proxy port forwarding", func() { + Context("detecting forwarded kube-proxy ports", func() { + + It("doesn't crash", func() { + Expect(PortForwardings(nufftables.TableMap{}, nufftables.TableFamilyINet)) + Expect(PortForwardings(nil, nufftables.TableFamilyIPv4)) + Expect(PortForwardings(nufftables.TableMap{ + nufftables.TableKey{Name: "nat", Family: nufftables.TableFamilyIPv4}: &nufftables.Table{}, + }, nufftables.TableFamilyIPv4)) + Expect(PortForwardings(nufftables.TableMap{ + nufftables.TableKey{Name: "nat", Family: nufftables.TableFamilyIPv4}: &nufftables.Table{ + ChainsByName: map[string]*nufftables.Chain{ + kubeServicesChain: { + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: nil, + }, + }, + }, + }, + }, + }, + }, nufftables.TableFamilyIPv4)) + }) + + It("detects forwarded ports", func() { + comment := xt.Comment("foo") + tables := nufftables.TableMap{ + {Name: "nat", Family: nufftables.TableFamilyIPv4}: &nufftables.Table{ + ChainsByName: map[string]*nufftables.Chain{ + kubeServicesChain: { + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Cmp{ + Data: []byte{unix.IPPROTO_TCP}, + }, + &expr.Cmp{ + Data: net.ParseIP("1.2.3.4"), + }, + &expr.Match{ + Name: "comment", + Info: &comment, + }, + &expr.Cmp{ + Data: []byte{1, 2}, + }, + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeServiceChainPrefix + "HELLORLD", + }, + }, + }, + }, + }, + }, + kubeServiceChainPrefix + "HELLORLD": { + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeSeparationChainPrefix + "FOO", + }, + }, + }, + }, + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeSeparationChainPrefix + "BAR", + }, + }, + }, + }, + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeSeparationChainPrefix + "BAZ", + }, + }, + }, + }, + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeSeparationChainPrefix + "BAZZZZ", + }, + }, + }, + }, + }, + }, + kubeSeparationChainPrefix + "FOO": { + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Target{ + Name: "DNAT", + Info: &xt.NatRange2{ + NatRange: xt.NatRange{ + MinIP: net.ParseIP("10.20.30.40"), + MinPort: 123, + }, + }, + }, + }, + }, + }, + }, + }, + kubeSeparationChainPrefix + "BAR": { + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Target{ + Name: "DNAT", + Info: &xt.NatRange2{ + NatRange: xt.NatRange{ + MinIP: net.ParseIP("10.20.30.44"), + MinPort: 123, + }, + }, + }, + }, + }, + }, + }, + }, + kubeSeparationChainPrefix + "BAZ": { + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Target{}, + }, + }, + }, + }, + }, + }, + }, + } + portfwds := PortForwardings(tables, nufftables.TableFamilyIPv4) + Expect(portfwds).To(ConsistOf( + &portfinder.ForwardedPortRange{ + Protocol: "tcp", + IP: net.ParseIP("1.2.3.4"), + PortMin: 0x0102, + PortMax: 0x0102, + ForwardIP: net.ParseIP("10.20.30.40"), + ForwardPortMin: 123, + }, + &portfinder.ForwardedPortRange{ + Protocol: "tcp", + IP: net.ParseIP("1.2.3.4"), + PortMin: 0x0102, + PortMax: 0x0102, + ForwardIP: net.ParseIP("10.20.30.44"), + ForwardPortMin: 123, + }, + )) + }) + + }) + + It("matches DNAT target expressions", func() { + dnat, ok := getDNAT(&expr.Target{Name: "hellorld"}) + Expect(ok).To(BeFalse()) + Expect(dnat).To(BeNil()) + + dnat, ok = getDNAT(&expr.Target{Name: "DNAT"}) + Expect(ok).To(BeFalse()) + Expect(dnat).To(BeNil()) + + dnat, ok = getDNAT(&expr.Target{ + Name: "DNAT", + Info: &xt.NatRange2{ + BasePort: 42, + }, + }) + Expect(ok).To(BeTrue()) + Expect(dnat).NotTo(BeNil()) + Expect(dnat.BasePort).To(Equal(uint16(42))) + }) + + Context("service provider chains", func() { + + It("returns nothing for non-existing chain", func() { + Expect(serviceProviderChains(nil)).To(BeNil()) + }) + + It("returns separated service provider chains", func() { + chains := serviceProviderChains(&nufftables.Chain{ + Rules: []nufftables.Rule{ + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Bitwise{}, + }, + }, + }, + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeSeparationChainPrefix + "HELLORLD", + }, + }, + }, + }, + { + Rule: &nftables.Rule{ + Exprs: []expr.Any{ + &expr.Verdict{ + Kind: expr.VerdictJump, + Chain: kubeSeparationChainPrefix + "GOODBYE", + }, + }, + }, + }, + }, + }) + Expect(chains).To(ConsistOf( + kubeSeparationChainPrefix+"HELLORLD", + kubeSeparationChainPrefix+"GOODBYE", + )) + }) + + }) + Context("transport protocol", func() { It("ignores Cmp expressions with other data", func() { @@ -85,21 +330,21 @@ var _ = Describe("kube-proxy port forwarding", func() { }) - Context("jump verdicts", func() { + Context("service jump verdicts", func() { It("ignores non-service jump targets other verdicts", func() { - chain, ok := getJumpVerdictChain(&expr.Verdict{}) + chain, ok := getJumpVerdictServiceChain(&expr.Verdict{}) Expect(ok).To(BeFalse()) Expect(chain).To(BeEmpty()) - chain, ok = getJumpVerdictChain(&expr.Verdict{ + chain, ok = getJumpVerdictServiceChain(&expr.Verdict{ Kind: expr.VerdictContinue, Chain: "foobar", }) Expect(ok).To(BeFalse()) Expect(chain).To(BeEmpty()) - chain, ok = getJumpVerdictChain(&expr.Verdict{ + chain, ok = getJumpVerdictServiceChain(&expr.Verdict{ Kind: expr.VerdictJump, Chain: "hellorld", }) @@ -108,7 +353,7 @@ var _ = Describe("kube-proxy port forwarding", func() { }) It("returns the service target chain name", func() { - chain, ok := getJumpVerdictChain(&expr.Verdict{ + chain, ok := getJumpVerdictServiceChain(&expr.Verdict{ Kind: expr.VerdictJump, Chain: "KUBE-SVC-HELLORLD", }) @@ -119,6 +364,40 @@ var _ = Describe("kube-proxy port forwarding", func() { }) + Context("separation jump verdicts", func() { + + It("ignores non-separation jump targets other verdicts", func() { + chain, ok := getJumpVerdictSeparationChain(&expr.Verdict{}) + Expect(ok).To(BeFalse()) + Expect(chain).To(BeEmpty()) + + chain, ok = getJumpVerdictSeparationChain(&expr.Verdict{ + Kind: expr.VerdictContinue, + Chain: "foobar", + }) + Expect(ok).To(BeFalse()) + Expect(chain).To(BeEmpty()) + + chain, ok = getJumpVerdictSeparationChain(&expr.Verdict{ + Kind: expr.VerdictJump, + Chain: "hellorld", + }) + Expect(ok).To(BeFalse()) + Expect(chain).To(BeEmpty()) + }) + + It("returns the service target chain name", func() { + chain, ok := getJumpVerdictSeparationChain(&expr.Verdict{ + Kind: expr.VerdictJump, + Chain: "KUBE-SEP-HELLORLD", + }) + Expect(ok).To(BeTrue()) + Expect(chain).NotTo(BeEmpty()) + + }) + + }) + Context("comment expressions", func() { It("ignores non-comment Match expressions", func() { From 563c94ec6052e14eea37d6a64dbf7dd27ab65a06 Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 16:58:49 +0200 Subject: [PATCH 10/14] doc: add package doc Signed-off-by: thediveo --- network/portfwd/docker/doc.go | 5 +++++ network/portfwd/kubeproxy/doc.go | 5 +++++ 2 files changed, 10 insertions(+) create mode 100644 network/portfwd/docker/doc.go create mode 100644 network/portfwd/kubeproxy/doc.go diff --git a/network/portfwd/docker/doc.go b/network/portfwd/docker/doc.go new file mode 100644 index 0000000..2d00996 --- /dev/null +++ b/network/portfwd/docker/doc.go @@ -0,0 +1,5 @@ +/* +Package docker implements port forwarding detection for iptables (nft) rules +managed by the Docker daemon. +*/ +package docker diff --git a/network/portfwd/kubeproxy/doc.go b/network/portfwd/kubeproxy/doc.go new file mode 100644 index 0000000..e65a326 --- /dev/null +++ b/network/portfwd/kubeproxy/doc.go @@ -0,0 +1,5 @@ +/* +Package kubeproxy implements port forwarding detection for iptables (nft) rules +managed by Kubernete's kube-proxy. +*/ +package kubeproxy From 35dba1b5ad1ea0f71e9a01383a6ea3ffca57d28d Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 17:00:06 +0200 Subject: [PATCH 11/14] chore: bump up deps Signed-off-by: thediveo --- go.mod | 6 +++--- go.sum | 24 ++++++++++-------------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 5e67355..4d76941 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/ory/dockertest v3.3.5+incompatible github.com/ory/dockertest/v3 v3.10.0 github.com/siemens/ieddata v1.0.0 - github.com/siemens/mobydig v1.0.0 + github.com/siemens/mobydig v1.1.0 github.com/siemens/turtlefinder v1.1.3 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 @@ -79,7 +79,6 @@ require ( github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect github.com/go-openapi/swag v0.22.8 // indirect - github.com/go-ping/ping v1.1.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -101,7 +100,7 @@ require ( github.com/mattn/go-sqlite3 v1.14.17 // indirect github.com/mdlayher/netlink v1.7.2 // indirect github.com/mdlayher/socket v0.5.0 // indirect - github.com/miekg/dns v1.1.55 // indirect + github.com/miekg/dns v1.1.59 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect @@ -119,6 +118,7 @@ require ( github.com/pelletier/go-toml v1.9.5 // indirect github.com/perimeterx/marshmallow v1.1.5 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus-community/pro-bing v0.4.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/thediveo/go-mntinfo v1.0.2 // indirect github.com/vishvananda/netns v0.0.4 // indirect diff --git a/go.sum b/go.sum index aaca2ab..61ccb2e 100644 --- a/go.sum +++ b/go.sum @@ -98,8 +98,6 @@ github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbX github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= github.com/go-openapi/swag v0.22.8 h1:/9RjDSQ0vbFR+NyjGMkFTsA1IA0fmhKSThmfGZjicbw= github.com/go-openapi/swag v0.22.8/go.mod h1:6QT22icPLEqAM/z/TChgb4WAveCHF92+2gF0CNjHpPI= -github.com/go-ping/ping v1.1.0 h1:3MCGhVX4fyEUuhsfwPrsEdQw6xspHkv5zHsiSoDFZYw= -github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc= github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= @@ -148,7 +146,6 @@ github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= @@ -197,8 +194,8 @@ github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/ github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI= github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/buildkit v0.12.5 h1:RNHH1l3HDhYyZafr5EgstEu8aGNCwyfvMtrQDtjH9T0= @@ -264,9 +261,11 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus-community/pro-bing v0.4.0 h1:YMbv+i08gQz97OZZBwLyvmmQEEzyfyrrjEaAchdy3R4= +github.com/prometheus-community/pro-bing v0.4.0/go.mod h1:b7wRYZtCcPmt4Sz319BykUU241rWLe1VFXyiyWK/dH4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= -github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= +github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= +github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -274,8 +273,8 @@ github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/siemens/ieddata v1.0.0 h1:jS4w5G/XBZ28s48IQfFmocNYkXrTQvMVzCgaWKSXqmg= github.com/siemens/ieddata v1.0.0/go.mod h1:klA6Gx4K55NrSp8re+rZb7XuCIL8vI5jWgRYfoghiE4= -github.com/siemens/mobydig v1.0.0 h1:kOZ0QYwXGxAuhT+A3Dz1QGoaovxyywVvwEvLC9yETkc= -github.com/siemens/mobydig v1.0.0/go.mod h1:TtROWS4S7mfaAFUGmbhaZ9jnUFsdfLWYnLPTi+44g4Q= +github.com/siemens/mobydig v1.1.0 h1:tVC6FC6qpEBLVXKdrNmARi/NMIwwd1GNsP04hPrLa94= +github.com/siemens/mobydig v1.1.0/go.mod h1:qzNHYMaD9EOWb5QAAUzackdh/7awG3o78DUeA4hi1EE= github.com/siemens/turtlefinder v1.1.3 h1:I4dk9zSptQOQ6dBIkgpeTjJZa0IXkaTHtZbePvhlVrY= github.com/siemens/turtlefinder v1.1.3/go.mod h1:WsMiAAehMo6oMdsY6UZYqjTFMJVoLY3f2jUVvmVlunk= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= @@ -395,7 +394,6 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= @@ -405,7 +403,6 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -420,7 +417,6 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -504,8 +500,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo= -gotest.tools/v3 v3.3.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A= +gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= +gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/cri-api v0.29.3 h1:ppKSui+hhTJW774Mou6x+/ealmzt2jmTM0vsEQVWrjI= From bc89cc637dab13304ac7d13f3a7688d5a7979dc1 Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 20:09:42 +0200 Subject: [PATCH 12/14] doc: update coverage information Signed-off-by: thediveo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9844c2d..19467d8 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ ![goroutines](https://img.shields.io/badge/go%20routines-not%20leaking-success) ![file descriptors](https://img.shields.io/badge/file%20descriptors-not%20leaking-success) [![Go Report Card](https://goreportcard.com/badge/github.com/siemens/ghostwire/v2)](https://goreportcard.com/report/github.com/siemens/ghostwire/v2) -![Coverage](https://img.shields.io/badge/Coverage-72.6%25-yellow) +![Coverage](https://img.shields.io/badge/Coverage-77.4%25-yellow) **G(h)ostwire** discovers the virtual (or not) network configuration inside _Linux_ hosts – and can be deployed as a REST service or consumed as a Go From a678e1b6619ec559f92b9904efcd19a80ff64bc7 Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 20:10:29 +0200 Subject: [PATCH 13/14] ci: bump up Go version in image build Signed-off-by: thediveo --- deployments/gostwire/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/gostwire/Dockerfile b/deployments/gostwire/Dockerfile index 88077f2..89ce580 100644 --- a/deployments/gostwire/Dockerfile +++ b/deployments/gostwire/Dockerfile @@ -10,7 +10,7 @@ # image versions. ARG ALPINE_VERSION=3.19 ARG ALPINE_PATCH=1 -ARG GO_VERSION=1.21.7 +ARG GO_VERSION=1.22.2 ARG NODE_VERSION=21 # Go build settings From fd8221cb66ce1b0b95ed7f765b9fd6b2b6822ccd Mon Sep 17 00:00:00 2001 From: thediveo Date: Mon, 22 Apr 2024 20:21:11 +0200 Subject: [PATCH 14/14] doc: maintenance Signed-off-by: thediveo --- docs/architecture.md | 11 ++++++----- docs/introduction.md | 9 ++++++--- docs/terminology.md | 7 ++++--- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/docs/architecture.md b/docs/architecture.md index dbc2d24..93a42b9 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -159,11 +159,12 @@ container engine, such as the engine's `ID`, `Type` and `API` endpoint path. ## Turtle Finder -Gostwire's unique `turtlefinder.TurtleFinder` auto-detects container engines in -the process tree and then continously watches their container workload in the -background. Additionally, the hierarchy of container engines is detected, such -as when operating a container engine inside a container in case of [Kubernetes -in Docker (KinD)](https://github.com/kubernetes-sigs/kind). +Gostwire leverages the [turtlefinder](https://github.com/siemens/turtlefinder) +package to auto-detect container engines in the process tree and then +continously watching their container workload in the background. Additionally, +the hierarchy of container engines is detected, such as when operating a +container engine inside a container in case of [Kubernetes in Docker +(KinD)](https://github.com/kubernetes-sigs/kind). The `TurtleFinder` implements the lxkns interface `containerizer.Containerizer` with the logic to auto-detect container engine processes and then querying their diff --git a/docs/introduction.md b/docs/introduction.md index 6e30e62..afd99a4 100644 --- a/docs/introduction.md +++ b/docs/introduction.md @@ -49,6 +49,9 @@ highly recommend at least kernel version 5.6 or later. ## Name and Mascot The name "G(h)ostwire" sprang from the view of virtual (VETH) wires somehow -belonging to the (\*cough\*, _ethereal_) world of ghosts. As a nod to the -implementation language our mascot is a Go Gopher under a fake Ghost (Specte) -blanket. +belonging to the (*_cough_*, +[ethereal](https://www.wireshark.org/news/20060607.html)) world of ghosts. As a +nod to the implementation language our mascot is a Go Gopher under a fake Ghost +(Specte) blanket. [Spectre +v1](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)) might have +been influential, too. diff --git a/docs/terminology.md b/docs/terminology.md index 02e3e38..f4cd2fc 100644 --- a/docs/terminology.md +++ b/docs/terminology.md @@ -27,6 +27,7 @@ The engine detection bases on daemon process names. #### Detector -A Gostwire plugin that detects if a given process is a particular container -engine and then contacts its API for discovering the containers this particular -engine manages. The Detector plugin group name is `"turtlefinders"`. +A [turtlefinder](https://github.com/siemens/turtlefinder) plugin that detects if +a given process is a particular container engine and then contacts its API for +discovering the containers this particular engine manages. The Detector plugin +group name is `"turtlefinders"`.