github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vendor: bump hcsshim to v0.8.22

Browse Source 
This tag of hcsshim brings in a couple welcome features/improvements. One being
exposing a way to query for hns endpoint statistics (Packets received/sent etc.).
This tag also contains some optimizations for querying whether a certain HCN feature
is supported, which is a common workflow in kube-proxy on Windows. The first result
from querying HCN is now cached so further calls can skip the hcn query as well as the
version range parsing that was performed. This also gets rid of some redundant logs
that used to hit everytime the version range parsing occurred.

The Go-winio dep bump, and all of the ctrd deps are transitive only. Nothing new is needed/intended
to be used.

Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This commit is contained in:
Daniel Canter
2021-09-09 13:11:57 -07:00
parent 669de4b957
commit 3eef755b3b
218 changed files with 5334 additions and 2398 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
vendor/github.com/Microsoft/hcsshim/hcn/hcn.go generated vendored
View File

@@ -64,12 +64,6 @@ import (
//sys hcnDeleteRoute(id *_guid, result **uint16) (hr error) = computenetwork.HcnDeleteSdnRoute?
//sys hcnCloseRoute(route hcnRoute) (hr error) = computenetwork.HcnCloseSdnRoute?
// Service
//sys hcnOpenService(service *hcnService, result **uint16) (hr error) = computenetwork.HcnOpenService?
//sys hcnRegisterServiceCallback(service hcnService, callback int32, context int32, callbackHandle *hcnCallbackHandle) (hr error) = computenetwork.HcnRegisterServiceCallback?
//sys hcnUnregisterServiceCallback(callbackHandle hcnCallbackHandle) (hr error) = computenetwork.HcnUnregisterServiceCallback?
//sys hcnCloseService(service hcnService) (hr error) = computenetwork.HcnCloseService?
type _guid = guid.GUID
type hcnNetwork syscall.Handle
@@ -77,8 +71,6 @@ type hcnEndpoint syscall.Handle
type hcnNamespace syscall.Handle
type hcnLoadBalancer syscall.Handle
type hcnRoute syscall.Handle
type hcnService syscall.Handle
type hcnCallbackHandle syscall.Handle
// SchemaVersion for HCN Objects/Queries.
type SchemaVersion = Version // hcnglobals.go
@@ -101,6 +93,20 @@ type HostComputeQuery struct {
Filter string `json:",omitempty"`
}
type ExtraParams struct {
Resources json.RawMessage `json:",omitempty"`
SharedContainers json.RawMessage `json:",omitempty"`
LayeredOn string `json:",omitempty"`
SwitchGuid string `json:",omitempty"`
UtilityVM string `json:",omitempty"`
VirtualMachine string `json:",omitempty"`
}
type Health struct {
Data interface{} `json:",omitempty"`
Extra ExtraParams `json:",omitempty"`
}
// defaultQuery generates HCN Query.
// Passed into get/enumerate calls to filter results.
func defaultQuery() HostComputeQuery {
@@ -114,15 +120,6 @@ func defaultQuery() HostComputeQuery {
return query
}
func defaultQueryJson() string {
query := defaultQuery()
queryJson, err := json.Marshal(query)
if err != nil {
return ""
}
return string(queryJson)
}
// PlatformDoesNotSupportError happens when users are attempting to use a newer shim on an older OS
func platformDoesNotSupportError(featureName string) error {
return fmt.Errorf("Platform does not support feature %s", featureName)
@@ -130,7 +127,10 @@ func platformDoesNotSupportError(featureName string) error {
// V2ApiSupported returns an error if the HCN version does not support the V2 Apis.
func V2ApiSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.Api.V2 {
return nil
}
@@ -146,7 +146,10 @@ func V2SchemaVersion() SchemaVersion {
// RemoteSubnetSupported returns an error if the HCN version does not support Remote Subnet policies.
func RemoteSubnetSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.RemoteSubnet {
return nil
}
@@ -155,7 +158,10 @@ func RemoteSubnetSupported() error {
// HostRouteSupported returns an error if the HCN version does not support Host Route policies.
func HostRouteSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.HostRoute {
return nil
}
@@ -164,7 +170,10 @@ func HostRouteSupported() error {
// DSRSupported returns an error if the HCN version does not support Direct Server Return.
func DSRSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.DSR {
return nil
}
@@ -173,7 +182,10 @@ func DSRSupported() error {
// Slash32EndpointPrefixesSupported returns an error if the HCN version does not support configuring endpoints with /32 prefixes.
func Slash32EndpointPrefixesSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.Slash32EndpointPrefixes {
return nil
}
@@ -182,7 +194,10 @@ func Slash32EndpointPrefixesSupported() error {
// AclSupportForProtocol252Supported returns an error if the HCN version does not support HNS ACL Policies to support protocol 252 for VXLAN.
func AclSupportForProtocol252Supported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.AclSupportForProtocol252 {
return nil
}
@@ -191,7 +206,10 @@ func AclSupportForProtocol252Supported() error {
// SessionAffinitySupported returns an error if the HCN version does not support Session Affinity.
func SessionAffinitySupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.SessionAffinity {
return nil
}
@@ -200,16 +218,46 @@ func SessionAffinitySupported() error {
// IPv6DualStackSupported returns an error if the HCN version does not support IPv6DualStack.
func IPv6DualStackSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.IPv6DualStack {
return nil
}
return platformDoesNotSupportError("IPv6 DualStack")
}
//L4proxySupported returns an error if the HCN verison does not support L4Proxy
func L4proxyPolicySupported() error {
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.L4Proxy {
return nil
}
return platformDoesNotSupportError("L4ProxyPolicy")
}
// L4WfpProxySupported returns an error if the HCN verison does not support L4WfpProxy
func L4WfpProxyPolicySupported() error {
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.L4WfpProxy {
return nil
}
return platformDoesNotSupportError("L4WfpProxyPolicy")
}
// SetPolicySupported returns an error if the HCN version does not support SetPolicy.
func SetPolicySupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.SetPolicy {
return nil
}
@@ -218,13 +266,28 @@ func SetPolicySupported() error {
// VxlanPortSupported returns an error if the HCN version does not support configuring the VXLAN TCP port.
func VxlanPortSupported() error {
supported := GetSupportedFeatures()
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.VxlanPort {
return nil
}
return platformDoesNotSupportError("VXLAN port configuration")
}
// TierAclPolicySupported returns an error if the HCN version does not support configuring the TierAcl.
func TierAclPolicySupported() error {
supported, err := GetCachedSupportedFeatures()
if err != nil {
return err
}
if supported.TierAcl {
return nil
}
return platformDoesNotSupportError("TierAcl")
}
// RequestType are the different operations performed to settings.
// Used to update the settings of Endpoint/Namespace objects.
type RequestType string

8
vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go generated vendored
View File

@@ -37,6 +37,7 @@ type HostComputeEndpoint struct {
Routes []Route `json:",omitempty"`
MacAddress string `json:",omitempty"`
Flags EndpointFlags `json:",omitempty"`
Health Health `json:",omitempty"`
SchemaVersion SchemaVersion `json:",omitempty"`
}
@@ -58,6 +59,13 @@ type ModifyEndpointSettingRequest struct {
Settings json.RawMessage `json:",omitempty"`
}
// VmEndpointRequest creates a switch port with identifier `PortId`.
type VmEndpointRequest struct {
PortId guid.GUID `json:",omitempty"`
VirtualNicName string `json:",omitempty"`
VirtualMachineId guid.GUID `json:",omitempty"`
}
type PolicyEndpointRequest struct {
Policies []EndpointPolicy `json:",omitempty"`
}

23
vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go generated vendored
View File

@@ -49,20 +49,33 @@ var (
}
// HNS 9.3 through 10.0 (not included) and, 10.4+ allow for HNS ACL Policies to support protocol 252 for VXLAN
AclSupportForProtocol252Version = VersionRanges{
VersionRange{MinVersion: Version{Major: 9, Minor: 3}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 10, Minor: 4}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 11, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
}
// HNS 12.0 allows for session affinity for loadbalancing
SessionAffinityVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 12, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
// HNS 10.5 through 11 (not included) and 12.0+ supports Ipv6 dual stack.
// HNS 11.10+ supports Ipv6 dual stack.
IPv6DualStackVersion = VersionRanges{
VersionRange{MinVersion: Version{Major: 10, Minor: 5}, MaxVersion: Version{Major: 10, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 12, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 11, Minor: 10}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
}
// HNS 13.0 allows for Set Policy support
SetPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
// HNS 10.3 allows for VXLAN ports
VxlanPortVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 10, Minor: 3}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
//HNS 9.5 through 10.0(not included), 10.5 through 11.0(not included), 11.11 through 12.0(not included), 12.1 through 13.0(not included), 13.1+ allows for Network L4Proxy Policy support
L4ProxyPolicyVersion = VersionRanges{
VersionRange{MinVersion: Version{Major: 9, Minor: 5}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 10, Minor: 5}, MaxVersion: Version{Major: 10, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 11, Minor: 11}, MaxVersion: Version{Major: 11, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 12, Minor: 1}, MaxVersion: Version{Major: 12, Minor: math.MaxInt32}},
VersionRange{MinVersion: Version{Major: 13, Minor: 1}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}},
}
//HNS 13.2 allows for L4WfpProxy Policy support
L4WfpProxyPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
//HNS 14.0 allows for TierAcl Policy support
TierAclPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 14, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
)
// GetGlobals returns the global properties of the HCN Service.

45
vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go generated vendored
View File

@@ -36,6 +36,7 @@ var (
LoadBalancerFlagsNone LoadBalancerFlags = 0
// LoadBalancerFlagsDSR enables Direct Server Return (DSR)
LoadBalancerFlagsDSR LoadBalancerFlags = 1
LoadBalancerFlagsIPv6 LoadBalancerFlags = 2
)
// LoadBalancerPortMappingFlags are special settings on a loadbalancer.
@@ -160,50 +161,6 @@ func createLoadBalancer(settings string) (*HostComputeLoadBalancer, error) {
return &outputLoadBalancer, nil
}
func modifyLoadBalancer(loadBalancerId string, settings string) (*HostComputeLoadBalancer, error) {
loadBalancerGuid, err := guid.FromString(loadBalancerId)
if err != nil {
return nil, errInvalidLoadBalancerID
}
// Open loadBalancer.
var (
loadBalancerHandle hcnLoadBalancer
resultBuffer *uint16
propertiesBuffer *uint16
)
hr := hcnOpenLoadBalancer(&loadBalancerGuid, &loadBalancerHandle, &resultBuffer)
if err := checkForErrors("hcnOpenLoadBalancer", hr, resultBuffer); err != nil {
return nil, err
}
// Modify loadBalancer.
hr = hcnModifyLoadBalancer(loadBalancerHandle, settings, &resultBuffer)
if err := checkForErrors("hcnModifyLoadBalancer", hr, resultBuffer); err != nil {
return nil, err
}
// Query loadBalancer.
hcnQuery := defaultQuery()
query, err := json.Marshal(hcnQuery)
if err != nil {
return nil, err
}
hr = hcnQueryLoadBalancerProperties(loadBalancerHandle, string(query), &propertiesBuffer, &resultBuffer)
if err := checkForErrors("hcnQueryLoadBalancerProperties", hr, resultBuffer); err != nil {
return nil, err
}
properties := interop.ConvertAndFreeCoTaskMemString(propertiesBuffer)
// Close loadBalancer.
hr = hcnCloseLoadBalancer(loadBalancerHandle)
if err := checkForErrors("hcnCloseLoadBalancer", hr, nil); err != nil {
return nil, err
}
// Convert output to LoadBalancer
var outputLoadBalancer HostComputeLoadBalancer
if err := json.Unmarshal([]byte(properties), &outputLoadBalancer); err != nil {
return nil, err
}
return &outputLoadBalancer, nil
}
func deleteLoadBalancer(loadBalancerId string) error {
loadBalancerGuid, err := guid.FromString(loadBalancerId)
if err != nil {

2
vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go generated vendored
View File

@@ -378,7 +378,7 @@ func (namespace *HostComputeNamespace) Sync() error {
// The shim is likey gone. Simply ignore the sync as if it didn't exist.
if perr, ok := err.(*os.PathError); ok && perr.Err == syscall.ERROR_FILE_NOT_FOUND {
// Remove the reg key there is no point to try again
cfg.Remove()
_ = cfg.Remove()
return nil
}
f := map[string]interface{}{

11
vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go generated vendored
View File

@@ -9,21 +9,21 @@ import (
"github.com/sirupsen/logrus"
)
// Route is assoicated with a subnet.
// Route is associated with a subnet.
type Route struct {
NextHop string `json:",omitempty"`
DestinationPrefix string `json:",omitempty"`
Metric uint16 `json:",omitempty"`
}
// Subnet is assoicated with a Ipam.
// Subnet is associated with a Ipam.
type Subnet struct {
IpAddressPrefix string `json:",omitempty"`
Policies []json.RawMessage `json:",omitempty"`
Routes []Route `json:",omitempty"`
}
// Ipam (Internet Protocol Addres Management) is assoicated with a network
// Ipam (Internet Protocol Address Management) is associated with a network
// and represents the address space(s) of a network.
type Ipam struct {
Type string `json:",omitempty"` // Ex: Static, DHCP
@@ -36,12 +36,12 @@ type MacRange struct {
EndMacAddress string `json:",omitempty"`
}
// MacPool is assoicated with a network and represents pool of MacRanges.
// MacPool is associated with a network and represents pool of MacRanges.
type MacPool struct {
Ranges []MacRange `json:",omitempty"`
}
// Dns (Domain Name System is associated with a network.
// Dns (Domain Name System is associated with a network).
type Dns struct {
Domain string `json:",omitempty"`
Search []string `json:",omitempty"`
@@ -82,6 +82,7 @@ type HostComputeNetwork struct {
Dns Dns `json:",omitempty"`
Ipams []Ipam `json:",omitempty"`
Flags NetworkFlags `json:",omitempty"` // 0: None
Health Health `json:",omitempty"`
SchemaVersion SchemaVersion `json:",omitempty"`
}

83
vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go generated vendored
View File

@@ -19,9 +19,11 @@ const (
L4WFPPROXY EndpointPolicyType = "L4WFPPROXY"
PortName EndpointPolicyType = "PortName"
EncapOverhead EndpointPolicyType = "EncapOverhead"
IOV EndpointPolicyType = "Iov"
// Endpoint and Network have InterfaceConstraint and ProviderAddress
NetworkProviderAddress EndpointPolicyType = "ProviderAddress"
NetworkInterfaceConstraint EndpointPolicyType = "InterfaceConstraint"
TierAcl EndpointPolicyType = "TierAcl"
)
// EndpointPolicy is a collection of Policy settings for an Endpoint.
@@ -46,6 +48,8 @@ const (
VxlanPort NetworkPolicyType = "VxlanPort"
HostRoute NetworkPolicyType = "HostRoute"
SetPolicy NetworkPolicyType = "SetPolicy"
NetworkL4Proxy NetworkPolicyType = "L4Proxy"
LayerConstraint NetworkPolicyType = "LayerConstraint"
)
// NetworkPolicy is a collection of Policy settings for a Network.
@@ -72,6 +76,12 @@ type SubnetPolicy struct {
// NatFlags are flags for portmappings.
type NatFlags uint32
const (
NatFlagsNone NatFlags = iota
NatFlagsLocalRoutedVip
NatFlagsIPv6
)
/// Endpoint Policy objects
// PortMappingPolicySetting defines Port Mapping (NAT)
@@ -97,6 +107,8 @@ const (
ActionTypeAllow ActionType = "Allow"
// Block traffic
ActionTypeBlock ActionType = "Block"
// Pass traffic
ActionTypePass ActionType = "Pass"
// In is traffic coming to the Endpoint
DirectionTypeIn DirectionType = "In"
@@ -132,6 +144,7 @@ type OutboundNatPolicySetting struct {
VirtualIP string `json:",omitempty"`
Exceptions []string `json:",omitempty"`
Destinations []string `json:",omitempty"`
Flags NatFlags `json:",omitempty"`
}
// SDNRoutePolicySetting sets SDN Route on an Endpoint.
@@ -141,7 +154,7 @@ type SDNRoutePolicySetting struct {
NeedEncap bool `json:",omitempty"`
}
// FiveTuple is nested in L4ProxyPolicySetting for WFP support.
// FiveTuple is nested in L4ProxyPolicySetting for WFP support.
type FiveTuple struct {
Protocols string `json:",omitempty"`
LocalAddresses string `json:",omitempty"`
@@ -151,11 +164,20 @@ type FiveTuple struct {
Priority uint16 `json:",omitempty"`
}
// ProxyExceptions exempts traffic to IpAddresses and Ports
type ProxyExceptions struct {
IpAddressExceptions []string `json:",omitempty"`
PortExceptions []string `json:",omitempty"`
}
// L4WfpProxyPolicySetting sets Layer-4 Proxy on an endpoint.
type L4WfpProxyPolicySetting struct {
Port string `json:",omitempty"`
FilterTuple FiveTuple `json:",omitempty"`
UserSID string `json:",omitempty"`
InboundProxyPort string `json:",omitempty"`
OutboundProxyPort string `json:",omitempty"`
FilterTuple FiveTuple `json:",omitempty"`
UserSID string `json:",omitempty"`
InboundExceptions ProxyExceptions `json:",omitempty"`
OutboundExceptions ProxyExceptions `json:",omitempty"`
}
// PortnameEndpointPolicySetting sets the port name for an endpoint.
@@ -168,6 +190,13 @@ type EncapOverheadEndpointPolicySetting struct {
Overhead uint16 `json:",omitempty"`
}
// IovPolicySetting sets the Iov settings for an endpoint.
type IovPolicySetting struct {
IovOffloadWeight uint32 `json:",omitempty"`
QueuePairsRequested uint32 `json:",omitempty"`
InterruptModeration uint32 `json:",omitempty"`
}
/// Endpoint and Network Policy objects
// ProviderAddressEndpointPolicySetting sets the PA for an endpoint.
@@ -213,6 +242,10 @@ type AutomaticDNSNetworkPolicySetting struct {
Enable bool `json:",omitempty"`
}
type LayerConstraintNetworkPolicySetting struct {
LayerId string `json:",omitempty"`
}
/// Subnet Policy objects
// VlanPolicySetting isolates a subnet with VLAN tagging.
@@ -252,3 +285,45 @@ type SetPolicySetting struct {
type VxlanPortPolicySetting struct {
Port uint16
}
// ProtocolType associated with L4ProxyPolicy
type ProtocolType uint32
const (
ProtocolTypeUnknown ProtocolType = 0
ProtocolTypeICMPv4 ProtocolType = 1
ProtocolTypeIGMP ProtocolType = 2
ProtocolTypeTCP ProtocolType = 6
ProtocolTypeUDP ProtocolType = 17
ProtocolTypeICMPv6 ProtocolType = 58
)
//L4ProxyPolicySetting applies proxy policy on network/endpoint
type L4ProxyPolicySetting struct {
IP string `json:",omitempty"`
Port string `json:",omitempty"`
Protocol ProtocolType `json:",omitempty"`
Exceptions []string `json:",omitempty"`
Destination string
OutboundNAT bool `json:",omitempty"`
}
// TierAclRule represents an ACL within TierAclPolicySetting
type TierAclRule struct {
Id string `json:",omitempty"`
Protocols string `json:",omitempty"`
TierAclRuleAction ActionType `json:","`
LocalAddresses string `json:",omitempty"`
RemoteAddresses string `json:",omitempty"`
LocalPorts string `json:",omitempty"`
RemotePorts string `json:",omitempty"`
Priority uint16 `json:",omitempty"`
}
// TierAclPolicySetting represents a Tier containing ACLs
type TierAclPolicySetting struct {
Name string `json:","`
Direction DirectionType `json:","`
Order uint16 `json:""`
TierAclRules []TierAclRule `json:",omitempty"`
}

63
vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go generated vendored
View File

@@ -1,9 +1,21 @@
package hcn
import (
"fmt"
"sync"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
var (
// featuresOnce handles assigning the supported features and printing the supported info to stdout only once to avoid unnecessary work
// multiple times.
featuresOnce sync.Once
featuresErr error
supportedFeatures SupportedFeatures
)
// SupportedFeatures are the features provided by the Service.
type SupportedFeatures struct {
Acl AclFeatures `json:"ACL"`
@@ -17,6 +29,9 @@ type SupportedFeatures struct {
IPv6DualStack bool `json:"IPv6DualStack"`
SetPolicy bool `json:"SetPolicy"`
VxlanPort bool `json:"VxlanPort"`
L4Proxy bool `json:"L4Proxy"` // network policy that applies VFP rules to all endpoints on the network to redirect traffic
L4WfpProxy bool `json:"L4WfpProxy"` // endpoint policy that applies WFP filters to redirect traffic to/from that endpoint
TierAcl bool `json:"TierAcl"`
}
// AclFeatures are the supported ACL possibilities.
@@ -33,17 +48,41 @@ type ApiSupport struct {
V2 bool `json:"V2"`
}
// GetSupportedFeatures returns the features supported by the Service.
func GetSupportedFeatures() SupportedFeatures {
var features SupportedFeatures
// GetCachedSupportedFeatures returns the features supported by the Service and an error if the query failed. If this has been called
// before it will return the supported features and error received from the first call. This can be used to optimize if many calls to the
// various hcn.IsXSupported methods need to be made.
func GetCachedSupportedFeatures() (SupportedFeatures, error) {
// Only query the HCN version and features supported once, instead of everytime this is invoked. The logs are useful to
// debug incidents where there's confusion on if a feature is supported on the host machine. The sync.Once helps to avoid redundant
// spam of these anytime a check needs to be made for if an HCN feature is supported. This is a common occurrence in kube-proxy
// for example.
featuresOnce.Do(func() {
supportedFeatures, featuresErr = getSupportedFeatures()
})
globals, err := GetGlobals()
return supportedFeatures, featuresErr
}
// GetSupportedFeatures returns the features supported by the Service.
//
// Deprecated: Use GetCachedSupportedFeatures instead.
func GetSupportedFeatures() SupportedFeatures {
features, err := GetCachedSupportedFeatures()
if err != nil {
// Expected on pre-1803 builds, all features will be false/unsupported
logrus.Debugf("Unable to obtain globals: %s", err)
logrus.WithError(err).Errorf("unable to obtain supported features")
return features
}
return features
}
func getSupportedFeatures() (SupportedFeatures, error) {
var features SupportedFeatures
globals, err := GetGlobals()
if err != nil {
// It's expected if this fails once, it should always fail. It should fail on pre 1803 builds for example.
return SupportedFeatures{}, errors.Wrap(err, "failed to query HCN version number: this is expected on pre 1803 builds.")
}
features.Acl = AclFeatures{
AclAddressLists: isFeatureSupported(globals.Version, HNSVersion1803),
AclNoHostRulePriority: isFeatureSupported(globals.Version, HNSVersion1803),
@@ -65,8 +104,16 @@ func GetSupportedFeatures() SupportedFeatures {
features.IPv6DualStack = isFeatureSupported(globals.Version, IPv6DualStackVersion)
features.SetPolicy = isFeatureSupported(globals.Version, SetPolicyVersion)
features.VxlanPort = isFeatureSupported(globals.Version, VxlanPortVersion)
features.L4Proxy = isFeatureSupported(globals.Version, L4ProxyPolicyVersion)
features.L4WfpProxy = isFeatureSupported(globals.Version, L4WfpProxyPolicyVersion)
features.TierAcl = isFeatureSupported(globals.Version, TierAclPolicyVersion)
return features
logrus.WithFields(logrus.Fields{
"version": fmt.Sprintf("%+v", globals.Version),
"supportedFeatures": fmt.Sprintf("%+v", features),
}).Info("HCN feature check")
return features, nil
}
func isFeatureSupported(currentVersion Version, versionsSupported VersionRanges) bool {
@@ -81,19 +128,15 @@ func isFeatureSupported(currentVersion Version, versionsSupported VersionRanges)
func isFeatureInRange(currentVersion Version, versionRange VersionRange) bool {
if currentVersion.Major < versionRange.MinVersion.Major {
logrus.Infof("currentVersion.Major < versionRange.MinVersion.Major: %v, %v", currentVersion.Major, versionRange.MinVersion.Major)
return false
}
if currentVersion.Major > versionRange.MaxVersion.Major {
logrus.Infof("currentVersion.Major > versionRange.MaxVersion.Major: %v, %v", currentVersion.Major, versionRange.MaxVersion.Major)
return false
}
if currentVersion.Major == versionRange.MinVersion.Major && currentVersion.Minor < versionRange.MinVersion.Minor {
logrus.Infof("currentVersion.Minor < versionRange.MinVersion.Major: %v, %v", currentVersion.Minor, versionRange.MinVersion.Minor)
return false
}
if currentVersion.Major == versionRange.MaxVersion.Major && currentVersion.Minor > versionRange.MaxVersion.Minor {
logrus.Infof("currentVersion.Minor > versionRange.MaxVersion.Major: %v, %v", currentVersion.Minor, versionRange.MaxVersion.Minor)
return false
}
return true

60
vendor/github.com/Microsoft/hcsshim/hcn/zsyscall_windows.go generated vendored
View File

@@ -78,10 +78,6 @@ var (
procHcnQuerySdnRouteProperties = modcomputenetwork.NewProc("HcnQuerySdnRouteProperties")
procHcnDeleteSdnRoute = modcomputenetwork.NewProc("HcnDeleteSdnRoute")
procHcnCloseSdnRoute = modcomputenetwork.NewProc("HcnCloseSdnRoute")
procHcnOpenService = modcomputenetwork.NewProc("HcnOpenService")
procHcnRegisterServiceCallback = modcomputenetwork.NewProc("HcnRegisterServiceCallback")
procHcnUnregisterServiceCallback = modcomputenetwork.NewProc("HcnUnregisterServiceCallback")
procHcnCloseService = modcomputenetwork.NewProc("HcnCloseService")
)
func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
@@ -797,59 +793,3 @@ func hcnCloseRoute(route hcnRoute) (hr error) {
}
return
}
func hcnOpenService(service *hcnService, result **uint16) (hr error) {
if hr = procHcnOpenService.Find(); hr != nil {
return
}
r0, _, _ := syscall.Syscall(procHcnOpenService.Addr(), 2, uintptr(unsafe.Pointer(service)), uintptr(unsafe.Pointer(result)), 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func hcnRegisterServiceCallback(service hcnService, callback int32, context int32, callbackHandle *hcnCallbackHandle) (hr error) {
if hr = procHcnRegisterServiceCallback.Find(); hr != nil {
return
}
r0, _, _ := syscall.Syscall6(procHcnRegisterServiceCallback.Addr(), 4, uintptr(service), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func hcnUnregisterServiceCallback(callbackHandle hcnCallbackHandle) (hr error) {
if hr = procHcnUnregisterServiceCallback.Find(); hr != nil {
return
}
r0, _, _ := syscall.Syscall(procHcnUnregisterServiceCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func hcnCloseService(service hcnService) (hr error) {
if hr = procHcnCloseService.Find(); hr != nil {
return
}
r0, _, _ := syscall.Syscall(procHcnCloseService.Addr(), 1, uintptr(service), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}