diff --git a/Gopkg.lock b/Gopkg.lock index a615f56029..82e0b93301 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -955,7 +955,7 @@ version = "v1.0.0" [[projects]] - digest = "1:9282374de44d63a6035eaa0dfb89fb9af9166c2010718a11a8d253327e558e9e" + digest = "1:71319e2422b5d6f6b9032c16bb16c364191f069aa7f809fd8fda0a694f92444c" name = "github.com/gravitational/satellite" packages = [ "agent", @@ -966,14 +966,15 @@ "lib/history/sqlite", "lib/kubernetes", "lib/membership", + "lib/nethealth", "lib/rpc", "lib/rpc/client", "monitoring", "utils", ] pruneopts = "UT" - revision = "d6669b7a61450d0afa71bc4a823892b0028db17c" - version = "6.1.15" + revision = "336a276099236ea802e0dfe722acabab8ce9560a" + version = "6.1.19" [[projects]] digest = "1:49f6abbce9ade5f43508429e4af1adcce55d27adcd62719fea049decc766a7c9" @@ -2091,7 +2092,7 @@ [[projects]] branch = "master" - digest = "1:4b3ab0b41b7a63380a6055ada2cce3dda98826f1ba13564093149221a1cba2af" + digest = "1:3913764a4b6220154431e04ff8c9c2a125e4f57978106024bcfe3a9db1b5d21b" name = "golang.org/x/net" packages = [ "bpf", @@ -2102,6 +2103,7 @@ "http/httpguts", "http2", "http2/hpack", + "icmp", "idna", "internal/iana", "internal/socket", @@ -2968,9 +2970,9 @@ "github.com/ghodss/yaml", "github.com/gizak/termui", "github.com/gogo/protobuf/gogoproto", + "github.com/gogo/protobuf/proto", "github.com/gogo/protobuf/types", "github.com/gokyle/hotp", - "github.com/golang/protobuf/proto", "github.com/golang/protobuf/ptypes/any", "github.com/gravitational/configure", "github.com/gravitational/configure/cstrings", @@ -3054,6 +3056,7 @@ "google.golang.org/grpc", "google.golang.org/grpc/codes", "google.golang.org/grpc/credentials", + "google.golang.org/grpc/grpclog", "google.golang.org/grpc/health", "google.golang.org/grpc/health/grpc_health_v1", "google.golang.org/grpc/status", diff --git a/Gopkg.toml b/Gopkg.toml index c217e35ce6..97c938a6dd 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -75,7 +75,7 @@ ignored = [ [[constraint]] name = "github.com/gravitational/satellite" - version = "=6.1.15" + version = "=6.1.19" [[constraint]] name = "github.com/miekg/dns" diff --git a/Makefile b/Makefile index 76df6b7c65..d9916df618 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ RELEASE_OUT ?= TELEPORT_TAG = 3.2.13 # TELEPORT_REPOTAG adapts TELEPORT_TAG to the teleport tagging scheme TELEPORT_REPOTAG := v$(TELEPORT_TAG) -PLANET_TAG := 6.1.43-$(K8S_VER_SUFFIX) +PLANET_TAG := 6.1.44-$(K8S_VER_SUFFIX) PLANET_BRANCH := $(PLANET_TAG) K8S_APP_TAG := $(GRAVITY_TAG) TELEKUBE_APP_TAG := $(GRAVITY_TAG) diff --git a/vendor/github.com/gravitational/satellite/agent/agent.go b/vendor/github.com/gravitational/satellite/agent/agent.go index 2cc30620d5..4a3977fd1c 100644 --- a/vendor/github.com/gravitational/satellite/agent/agent.go +++ b/vendor/github.com/gravitational/satellite/agent/agent.go @@ -168,6 +168,9 @@ type agent struct { // LocalTimeline keeps track of local timeline events. LocalTimeline history.Timeline + + // newSerfClientFunc is used to create a serf client on demand. + newSerfClientFunc func() (membership.ClusterMembership, error) } // New creates an instance of an agent based on configuration options given in config. @@ -176,13 +179,6 @@ func New(config *Config) (*agent, error) { return nil, trace.Wrap(err) } - serfClient, err := initSerfClient(config.SerfConfig, config.Tags) - if err != nil { - return nil, trace.Wrap(err, "failed to initialize serf client") - } - - // TODO: do we need to initialize metrics listener in constructor? - // Move to Start? metricsListener, err := net.Listen("tcp", config.MetricsAddr) if err != nil { return nil, trace.Wrap(err, "failed to serve prometheus metrics") @@ -216,10 +212,10 @@ func New(config *Config) (*agent, error) { lastSeen: lastSeen, done: make(chan struct{}), Config: *config, - ClusterMembership: serfClient, ClusterTimeline: clusterTimeline, LocalTimeline: localTimeline, } + agent.newSerfClientFunc = agent.newSerfClient agent.rpc, err = newRPCServer(agent, config.CAFile, config.CertFile, config.KeyFile, config.RPCAddrs) if err != nil { @@ -228,20 +224,7 @@ func New(config *Config) (*agent, error) { return agent, nil } -// initSerfClient initializes a new serf client and modifies the client with -// the provided tags. -func initSerfClient(config serf.Config, tags map[string]string) (*membership.RetryingClient, error) { - client, err := membership.NewSerfClient(config) - if err != nil { - return nil, trace.Wrap(err, "failed to connect to serf") - } - if err = client.UpdateTags(tags, nil); err != nil { - return nil, trace.Wrap(err, "failed to update serf agent tags") - } - return client, nil -} - -// initTimeline initializes a new sqlite timeline. dbName specifies the +// initTimeline initializes a new sqlite timeline. fileName specifies the // SQLite database file name. func initTimeline(config sqlite.Config, fileName string) (history.Timeline, error) { ctx, cancel := context.WithTimeout(context.Background(), timelineInitTimeout) @@ -288,34 +271,42 @@ func (r *agent) serveMetrics() { } // IsMember returns true if this agent is a member of the serf cluster -func (r *agent) IsMember() bool { - members, err := r.ClusterMembership.Members() +func (r *agent) IsMember() (ok bool, err error) { + client, err := r.newSerfClientFunc() if err != nil { - log.Errorf("failed to retrieve members: %v", trace.DebugReport(err)) - return false + return false, trace.Wrap(err) + } + defer client.Close() + members, err := client.Members() + if err != nil { + return false, trace.Wrap(err, "failed to retrieve members") } // if we're the only one, consider that we're not in the cluster yet // (cause more often than not there are more than 1 member) if len(members) == 1 && members[0].Name() == r.Name { - return false + return false, nil } for _, member := range members { if member.Name() == r.Name { - return true + return true, nil } } - return false + return false, nil } // Join attempts to join a serf cluster identified by peers. func (r *agent) Join(peers []string) error { + client, err := r.newSerfClientFunc() + if err != nil { + return trace.Wrap(err) + } + defer client.Close() noReplay := false - numJoined, err := r.ClusterMembership.Join(peers, noReplay) + numJoined, err := client.Join(peers, noReplay) if err != nil { return trace.Wrap(err) } - - log.Infof("joined %d nodes", numJoined) + log.Infof("Joined %d nodes.", numJoined) return nil } @@ -333,16 +324,7 @@ func (r *agent) Close() (err error) { if r.done != nil { close(r.done) } - - err = r.ClusterMembership.Close() - if err != nil { - errors = append(errors, trace.Wrap(err)) - } - - if len(errors) > 0 { - return trace.NewAggregate(errors...) - } - return nil + return trace.NewAggregate(errors...) } // Time reports the current server time. @@ -556,34 +538,54 @@ func (r *agent) statusUpdateLoop(ctx context.Context) { func (r *agent) updateStatus(ctx context.Context) error { ctxStatus, cancel := context.WithTimeout(ctx, r.statusQueryReplyTimeout) defer cancel() - status, err := r.collectStatus(ctxStatus) - if err != nil { - return trace.Wrap(err, "error collecting system status") - } - if status == nil { - return nil - } + status := r.collectStatus(ctxStatus) if err := r.Cache.UpdateStatus(status); err != nil { return trace.Wrap(err, "error updating system status in cache") } return nil } +func (r *agent) defaultUnknownStatus() *pb.NodeStatus { + return &pb.NodeStatus{ + Name: r.Name, + MemberStatus: &pb.MemberStatus{ + Name: r.Name, + }, + } +} + // collectStatus obtains the cluster status by querying statuses of // known cluster members. -func (r *agent) collectStatus(ctx context.Context) (systemStatus *pb.SystemStatus, err error) { +func (r *agent) collectStatus(ctx context.Context) *pb.SystemStatus { ctx, cancel := context.WithTimeout(ctx, StatusUpdateTimeout) defer cancel() - systemStatus = &pb.SystemStatus{ - Status: pb.SystemStatus_Unknown, - Timestamp: pb.NewTimeToProto(r.Clock.Now()), + client, err := r.newSerfClientFunc() + if err != nil { + log.WithError(err).Error("Failed to create serf client.") + r.setLocalStatus(r.defaultUnknownStatus()) + return &pb.SystemStatus{ + Status: pb.SystemStatus_Degraded, + Timestamp: pb.NewTimeToProto(r.Clock.Now()), + Summary: fmt.Sprintf("failed to create serf client: %v", err), + } } + defer client.Close() - members, err := r.ClusterMembership.Members() + members, err := client.Members() if err != nil { - log.WithError(err).Warn("Failed to query serf members.") - return nil, trace.Wrap(err, "failed to query serf members") + log.WithError(err).Error("Failed to query serf members.") + r.setLocalStatus(r.defaultUnknownStatus()) + return &pb.SystemStatus{ + Status: pb.SystemStatus_Degraded, + Timestamp: pb.NewTimeToProto(r.Clock.Now()), + Summary: fmt.Sprintf("failed to query serf members: %v", err), + } + } + + systemStatus := &pb.SystemStatus{ + Status: pb.SystemStatus_Unknown, + Timestamp: pb.NewTimeToProto(r.Clock.Now()), } log.Debugf("Started collecting statuses from members %v.", members) @@ -594,7 +596,7 @@ func (r *agent) collectStatus(ctx context.Context) (systemStatus *pb.SystemStatu statusCh := make(chan *statusResponse, len(members)) for _, member := range members { if r.Name == member.Name() { - go r.getLocalStatus(ctxNode, statusCh) + go r.getLocalStatus(ctxNode, statusCh, client) } else { go r.getStatusFrom(ctx, member, statusCh) } @@ -622,12 +624,12 @@ L: setSystemStatus(systemStatus, members) - return systemStatus, nil + return systemStatus } // collectLocalStatus executes monitoring tests on the local node. -func (r *agent) collectLocalStatus(ctx context.Context) (status *pb.NodeStatus, err error) { - local, err := r.ClusterMembership.FindMember(r.Name) +func (r *agent) collectLocalStatus(ctx context.Context, client membership.ClusterMembership) (status *pb.NodeStatus, err error) { + local, err := client.FindMember(r.Name) if err != nil { return nil, trace.Wrap(err, "failed to query local serf member") } @@ -645,7 +647,7 @@ func (r *agent) collectLocalStatus(ctx context.Context) (status *pb.NodeStatus, return status, trace.Wrap(err, "failed to record local timeline events") } - if err := r.notifyMasters(ctx); err != nil { + if err := r.notifyMasters(ctx, client); err != nil { return status, trace.Wrap(err, "failed to notify master nodes of local timeline events") } @@ -653,15 +655,14 @@ func (r *agent) collectLocalStatus(ctx context.Context) (status *pb.NodeStatus, } // getLocalStatus obtains local node status. -func (r *agent) getLocalStatus(ctx context.Context, respc chan<- *statusResponse) { +func (r *agent) getLocalStatus(ctx context.Context, respc chan<- *statusResponse, client membership.ClusterMembership) { // TODO: restructure code so that local member is not needed here. - local, err := r.ClusterMembership.FindMember(r.Name) + local, err := client.FindMember(r.Name) if err != nil { respc <- &statusResponse{err: err} return } - - status, err := r.collectLocalStatus(ctx) + status, err := r.collectLocalStatus(ctx, client) resp := &statusResponse{ NodeStatus: status, member: local, @@ -674,8 +675,8 @@ func (r *agent) getLocalStatus(ctx context.Context, respc chan<- *statusResponse } // notifyMasters pushes new timeline events to all master nodes in the cluster. -func (r *agent) notifyMasters(ctx context.Context) error { - members, err := r.ClusterMembership.Members() +func (r *agent) notifyMasters(ctx context.Context, client membership.ClusterMembership) error { + members, err := client.Members() if err != nil { return trace.Wrap(err) } @@ -761,6 +762,24 @@ func (r *agent) recentLocalStatus() *pb.NodeStatus { return r.localStatus } +func (r *agent) setLocalStatus(status *pb.NodeStatus) { + r.Lock() + defer r.Unlock() + r.localStatus = status +} + +// newSerfClient creates a new instance of the serf client. +// +// It is responsibility of the caller to close the returned client. +func (r *agent) newSerfClient() (membership.ClusterMembership, error) { + client, err := membership.NewSerfClient(r.Config.SerfConfig) + if err != nil { + return nil, trace.Wrap(err, "failed to connect to serf agent: %#v", + r.Config.SerfConfig) + } + return client, nil +} + // filterByTimestamp filters out events that occurred before the provided // timestamp. func filterByTimestamp(events []*pb.TimelineEvent, timestamp time.Time) (filtered []*pb.TimelineEvent) { diff --git a/vendor/github.com/gravitational/satellite/agent/server.go b/vendor/github.com/gravitational/satellite/agent/server.go index 995d67d246..e8b6695df9 100644 --- a/vendor/github.com/gravitational/satellite/agent/server.go +++ b/vendor/github.com/gravitational/satellite/agent/server.go @@ -316,7 +316,7 @@ type Agent interface { // RecordLocalEvents records the events into the local timeline. RecordLocalEvents(ctx context.Context, events []*pb.TimelineEvent) error // IsMember returns whether this agent is already a member of serf cluster - IsMember() bool + IsMember() (ok bool, err error) // GetConfig returns the agent configuration. GetConfig() Config // CheckerRepository allows to add checks to the agent. diff --git a/vendor/github.com/gravitational/satellite/lib/kubernetes/constants.go b/vendor/github.com/gravitational/satellite/lib/kubernetes/constants.go index b5dd846944..f1d73baaae 100644 --- a/vendor/github.com/gravitational/satellite/lib/kubernetes/constants.go +++ b/vendor/github.com/gravitational/satellite/lib/kubernetes/constants.go @@ -16,5 +16,7 @@ limitations under the License. package kubernetes -// AllNamespaces can be used to query pods in all namespaces. -const AllNamespaces = "" +const ( + // AllNamespaces can be used to query pods in all namespaces. + AllNamespaces = "" +) diff --git a/vendor/github.com/gravitational/satellite/lib/membership/serf.go b/vendor/github.com/gravitational/satellite/lib/membership/serf.go index 4397e53930..bcd29cc042 100644 --- a/vendor/github.com/gravitational/satellite/lib/membership/serf.go +++ b/vendor/github.com/gravitational/satellite/lib/membership/serf.go @@ -20,7 +20,6 @@ import ( "context" "fmt" "net" - "sync" "github.com/gravitational/satellite/lib/rpc" "github.com/gravitational/satellite/lib/rpc/client" @@ -30,35 +29,24 @@ import ( "github.com/hashicorp/serf/coordinate" ) -// RetryingClient is an rpc client used to make requests to a serf agent. -// Attempts to reconnect to agent if connection is lost. -type RetryingClient struct { - sync.RWMutex +// Client is an rpc client used to make requests to a serf agent. +type Client struct { client *serf.RPCClient - config serf.Config } // NewSerfClient returns a new serf client for the specified configuration. -// The client will attempt to reconnect if it detects that the connection to the -// serf agent has been lost. -func NewSerfClient(config serf.Config) (*RetryingClient, error) { - client, err := reinit(config) +func NewSerfClient(config serf.Config) (*Client, error) { + client, err := serf.ClientFromConfig(&config) if err != nil { return nil, trace.Wrap(err) } - return &RetryingClient{ + return &Client{ client: client, - config: config, }, nil } // Members lists members of the serf cluster. -func (r *RetryingClient) Members() ([]ClusterMember, error) { - if err := r.reinit(); err != nil { - return nil, trace.Wrap(err) - } - r.RLock() - defer r.RUnlock() +func (r *Client) Members() ([]ClusterMember, error) { members, err := r.client.Members() if err != nil { return nil, trace.Wrap(err) @@ -77,7 +65,7 @@ func (r *RetryingClient) Members() ([]ClusterMember, error) { } // FindMember finds serf member with the specified name. -func (r *RetryingClient) FindMember(name string) (member ClusterMember, err error) { +func (r *Client) FindMember(name string) (member ClusterMember, err error) { members, err := r.Members() if err != nil { return member, trace.Wrap(err) @@ -91,41 +79,24 @@ func (r *RetryingClient) FindMember(name string) (member ClusterMember, err erro } // Stop cancels the serf event delivery and removes the subscription. -func (r *RetryingClient) Stop(handle serf.StreamHandle) error { - if err := r.reinit(); err != nil { - return trace.Wrap(err) - } - r.RLock() - defer r.RUnlock() +func (r *Client) Stop(handle serf.StreamHandle) error { return r.client.Stop(handle) } // Join attempts to join an existing serf cluster identified by peers. // Replay controls if previous user events are replayed once this node has joined the cluster. // Returns the number of nodes joined -func (r *RetryingClient) Join(peers []string, replay bool) (int, error) { - if err := r.reinit(); err != nil { - return 0, trace.Wrap(err) - } - r.RLock() - defer r.RUnlock() +func (r *Client) Join(peers []string, replay bool) (int, error) { return r.client.Join(peers, replay) } // UpdateTags will modify the tags on a running serf agent -func (r *RetryingClient) UpdateTags(tags map[string]string, delTags []string) error { - if err := r.reinit(); err != nil { - return trace.Wrap(err) - } - r.RLock() - defer r.RUnlock() +func (r *Client) UpdateTags(tags map[string]string, delTags []string) error { return r.client.UpdateTags(tags, delTags) } // Close closes the client -func (r *RetryingClient) Close() error { - r.RLock() - defer r.RUnlock() +func (r *Client) Close() error { if r.client.IsClosed() { return nil } @@ -133,38 +104,10 @@ func (r *RetryingClient) Close() error { } // GetCoordinate returns the Serf Coordinate for a specific node -func (r *RetryingClient) GetCoordinate(node string) (*coordinate.Coordinate, error) { - if err := r.reinit(); err != nil { - return nil, trace.Wrap(err) - } - r.RLock() - defer r.RUnlock() +func (r *Client) GetCoordinate(node string) (*coordinate.Coordinate, error) { return r.client.GetCoordinate(node) } -func (r *RetryingClient) reinit() (err error) { - r.Lock() - defer r.Unlock() - client := r.client - if !client.IsClosed() { - return nil - } - client, err = reinit(r.config) - if err != nil { - return trace.Wrap(err) - } - r.client = client - return nil -} - -func reinit(clientConfig serf.Config) (*serf.RPCClient, error) { - client, err := serf.ClientFromConfig(&clientConfig) - if err != nil { - return nil, trace.Wrap(err) - } - return client, nil -} - // filterLeft filters out members that have left the serf cluster func filterLeft(members []serf.Member) (result []serf.Member) { result = make([]serf.Member, 0, len(members)) @@ -185,7 +128,6 @@ type SerfMember struct { // Dial attempts to create client connection to the serf member. func (r SerfMember) Dial(ctx context.Context, caFile, certFile, keyFile string) (client.Client, error) { - config := client.Config{ Address: fmt.Sprintf("%s:%d", r.Member.Addr.String(), rpc.Port), CAFile: caFile, diff --git a/vendor/github.com/gravitational/satellite/lib/nethealth/nethealth.go b/vendor/github.com/gravitational/satellite/lib/nethealth/nethealth.go new file mode 100644 index 0000000000..6d1e19e28e --- /dev/null +++ b/vendor/github.com/gravitational/satellite/lib/nethealth/nethealth.go @@ -0,0 +1,628 @@ +/* +Copyright 2019 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package nethealth implements a daemonset that when deployed to a kubernetes cluster, will locate and send ICMP echos +// (pings) to the nethealth pod on every other node in the cluster. This will give an indication into whether the +// overlay network is functional for pod -> pod communications, and also record packet loss on the network. +package nethealth + +import ( + "fmt" + "net" + "net/http" + "os" + "reflect" + "sort" + "time" + + "golang.org/x/net/icmp" + "golang.org/x/net/ipv4" + + "github.com/gravitational/trace" + "github.com/jonboulle/clockwork" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/sirupsen/logrus" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" +) + +const ( + // heartbeatInterval is the duration between sending heartbeats to each peer. Any heartbeat that takes more + // than one interval to respond will also be considered timed out. + heartbeatInterval = 1 * time.Second + + // resyncInterval is the duration between full resyncs of local state with kubernetes. If a node is deleted it + // may not be detected until the full resync completes. + resyncInterval = 15 * time.Minute + + // dnsDiscoveryInterval is the duration of time for doing DNS based service discovery for pod changes. This is a + // lightweight test for whether there is a change to the nethealth pods within the cluster. + dnsDiscoveryInterval = 10 * time.Second + + // Default selector to use for finding nethealth pods + DefaultSelector = "k8s-app=nethealth" + + // DefaultServiceDiscoveryQuery is the default name to query for service discovery changes + DefaultServiceDiscoveryQuery = "any.nethealth" + + // RxQueueSize is the size of queued ping responses to process + // Main processing occurs in a single goroutine, so we need a large enough processing queue to hold onto all ping + // responses while the routine is working on other operations. + // 2000 is chosen as double the maximum supported cluster size (1k) + RxQueueSize = 2000 + + // DefaultNethealthSocket is the default location of a unix domain socket that contains the prometheus metrics + DefaultNethealthSocket = "/run/nethealth/nethealth.sock" +) + +const ( + // Init is peer state that we've found the node but don't know anything about it yet. + Init = "init" + // Up is a peer state that the peer is currently reachable + Up = "up" + // Timeout is a peer state that the peer is currently timing out to pings + Timeout = "timeout" +) + +type Config struct { + // PrometheusSocket is the path to a unix socket that can be used to retrieve the prometheus metrics + PrometheusSocket string + + // PrometheusPort is the port to bind to for serving prometheus metrics + PrometheusPort uint32 + + // Namespace is the kubernetes namespace to monitor for other nethealth instances + Namespace string + // NodeName is the node this instance is running on + NodeName string + // Selector is a kubernetes selector to find all the nethealth pods in the configured namespace + Selector string + // ServiceDiscoveryQuery is a DNS name that will be used for lightweight service discovery checks. A query to + // any..default.svc.cluster.local will return a list of pods for the service. If the list of pods + // changes we know to resync with the kubernetes API. This method uses significantly less resources than running a + // kubernetes watcher on the API. Defaults to any.nethealth which will utilize the search path from resolv.conf. + ServiceDiscoveryQuery string +} + +// New creates a new server to ping each peer. +func (c Config) New() (*Server, error) { + + promPeerRTT := prometheus.NewHistogramVec(prometheus.HistogramOpts{ + Namespace: "nethealth", + Subsystem: "echo", + Name: "duration_seconds", + Help: "The round trip time to reach the peer", + Buckets: []float64{ + 0.0001, // 0.1 ms + 0.0002, // 0.2 ms + 0.0003, // 0.3 ms + 0.0004, // 0.4 ms + 0.0005, // 0.5 ms + 0.0006, // 0.6 ms + 0.0007, // 0.7 ms + 0.0008, // 0.8 ms + 0.0009, // 0.9 ms + 0.001, // 1ms + 0.0015, // 1.5ms + 0.002, // 2ms + 0.003, // 3ms + 0.004, // 4ms + 0.005, // 5ms + 0.01, // 10ms + 0.02, // 20ms + 0.04, // 40ms + 0.08, // 80ms + }, + }, []string{"node_name", "peer_name"}) + promPeerTimeout := prometheus.NewCounterVec(prometheus.CounterOpts{ + Namespace: "nethealth", + Subsystem: "echo", + Name: "timeout_total", + Help: "The number of echo requests that have timed out", + }, []string{"node_name", "peer_name"}) + promPeerRequest := prometheus.NewCounterVec(prometheus.CounterOpts{ + Namespace: "nethealth", + Subsystem: "echo", + Name: "request_total", + Help: "The number of echo requests that have been sent", + }, []string{"node_name", "peer_name"}) + + prometheus.MustRegister( + promPeerRTT, + promPeerTimeout, + promPeerRequest, + ) + + selector := DefaultSelector + if c.Selector != "" { + selector = c.Selector + } + + labelSelector, err := labels.Parse(selector) + if err != nil { + return nil, trace.Wrap(err) + } + + if c.ServiceDiscoveryQuery == "" { + c.ServiceDiscoveryQuery = DefaultServiceDiscoveryQuery + } + + return &Server{ + config: c, + FieldLogger: logrus.WithField(trace.Component, "nethealth"), + promPeerRTT: promPeerRTT, + promPeerTimeout: promPeerTimeout, + promPeerRequest: promPeerRequest, + selector: labelSelector, + triggerResync: make(chan bool, 1), + rxMessage: make(chan messageWrapper, RxQueueSize), + peers: make(map[string]*peer), + addrToPeer: make(map[string]string), + }, nil +} + +// Server is an instance of nethealth that is running on each node responsible for sending and responding to heartbeats. +type Server struct { + logrus.FieldLogger + + config Config + clock clockwork.Clock + conn *icmp.PacketConn + httpServer *http.Server + selector labels.Selector + + // rxMessage is a processing queue of received echo responses + rxMessage chan messageWrapper + triggerResync chan bool + + peers map[string]*peer + addrToPeer map[string]string + + client kubernetes.Interface + + promPeerRTT *prometheus.HistogramVec + promPeerTimeout *prometheus.CounterVec + promPeerRequest *prometheus.CounterVec +} + +type peer struct { + name string + addr net.Addr + echoCounter int + echoTime time.Time + echoTimeout bool + + status string + lastStatusChange time.Time +} + +type messageWrapper struct { + message *icmp.Message + rxTime time.Time + peerAddr net.Addr +} + +// Start sets up the server and begins normal operation +func (s *Server) Start() error { + config, err := rest.InClusterConfig() + if err != nil { + return trace.Wrap(err) + } + s.client, err = kubernetes.NewForConfig(config) + if err != nil { + return trace.Wrap(err) + } + + s.conn, err = icmp.ListenPacket("ip4:icmp", "0.0.0.0") + if err != nil { + return trace.Wrap(err) + } + + s.clock = clockwork.NewRealClock() + go s.loop() + go s.loopServiceDiscovery() + go s.serve() + + mux := http.ServeMux{} + mux.Handle("/metrics", promhttp.Handler()) + s.httpServer = &http.Server{Addr: fmt.Sprint(":", s.config.PrometheusPort), Handler: &mux} + go func() { + if err := s.httpServer.ListenAndServe(); err != http.ErrServerClosed { + s.Fatalf("ListenAndServe(): %s", err) + } + }() + + if s.config.PrometheusSocket != "" { + _ = os.Remove(s.config.PrometheusSocket) + + unixListener, err := net.Listen("unix", s.config.PrometheusSocket) + if err != nil { + return trace.Wrap(err) + } + + go func() { + if err := s.httpServer.Serve(unixListener); err != http.ErrServerClosed { + s.Fatalf("Unix Listen(): %s", err) + } + }() + } + + s.Info("Started nethealth with config:") + s.Info(" PrometheusSocket: ", s.config.PrometheusSocket) + s.Info(" PrometheusPort: ", s.config.PrometheusPort) + s.Info(" Namespace: ", s.config.Namespace) + s.Info(" NodeName: ", s.config.NodeName) + s.Info(" Selector: ", s.selector) + s.Info(" ServiceDiscoveryQuery: ", s.config.ServiceDiscoveryQuery) + + return nil +} + +// loop is the main processing loop for sending/receiving heartbeats. +func (s *Server) loop() { + heartbeatTicker := s.clock.NewTicker(heartbeatInterval) + defer heartbeatTicker.Stop() + + resyncTicker := s.clock.NewTicker(resyncInterval) + defer resyncTicker.Stop() + + for { + select { + // + // Re-sync cluster peers + // + case <-resyncTicker.Chan(): + err := s.resyncPeerList() + if err != nil { + s.WithError(err).Error("Unexpected error re-syncing the list of peer nodes.") + } + + err = s.resyncNethealthPods() + if err != nil { + s.WithError(err).Error("Unexpected error re-syncing the list of peer pods.") + } + case <-s.triggerResync: + err := s.resyncPeerList() + if err != nil { + s.WithError(err).Error("Unexpected error re-syncing the list of peer nodes.") + } + + err = s.resyncNethealthPods() + if err != nil { + s.WithError(err).Error("Unexpected error re-syncing the list of peer pods.") + } + + // + // Send a heartbeat to each peer we know about + // Check for peers that are timing out / down + // + case <-heartbeatTicker.Chan(): + s.checkTimeouts() + for _, peer := range s.peers { + s.sendHeartbeat(peer) + } + + // + // Rx heartbeats responses from peers + // + case rx := <-s.rxMessage: + err := s.processAck(rx) + if err != nil { + s.WithFields(logrus.Fields{ + logrus.ErrorKey: err, + "peer_addr": rx.peerAddr, + "rx_time": rx.rxTime, + "message": rx.message, + }).Error("Error processing icmp message.") + } + } + } +} + +// loopServiceDiscovery uses cluster-dns service discovery as a lightweight check for pod changes +// and will trigger a resync if the cluster DNS service discovery changes +func (s *Server) loopServiceDiscovery() { + s.Info("Starting DNS service discovery for nethealth pod.") + ticker := s.clock.NewTicker(dnsDiscoveryInterval) + query := s.config.ServiceDiscoveryQuery + + previousNames := []string{} + + for { + <-ticker.Chan() + + s.Debugf("Querying %v for service discovery", query) + names, err := net.LookupHost(query) + if err != nil { + s.WithError(err).WithField("query", query).Error("Error querying service discovery.") + continue + } + + sort.Strings(names) + if reflect.DeepEqual(names, previousNames) { + continue + } + previousNames = names + s.Info("Triggering peer resync due to service discovery change") + + select { + case s.triggerResync <- true: + default: + // Don't block + } + } +} + +// resyncPeerList contacts the kubernetes API to sync the list of kubernetes nodes +func (s *Server) resyncPeerList() error { + nodes, err := s.client.CoreV1().Nodes().List(metav1.ListOptions{}) + if err != nil { + return trace.Wrap(err) + } + + peerMap := make(map[string]bool) + for _, node := range nodes.Items { + // Don't add our own node as a peer + if node.Name == s.config.NodeName { + continue + } + + peerMap[node.Name] = true + if _, ok := s.peers[node.Name]; !ok { + s.peers[node.Name] = &peer{ + name: node.Name, + lastStatusChange: s.clock.Now(), + addr: &net.IPAddr{}, + } + s.WithField("peer", node.Name).Info("Adding peer.") + // Initialize the peer so it shows up in prometheus with a 0 count + s.promPeerTimeout.WithLabelValues(s.config.NodeName, node.Name).Add(0) + s.promPeerRequest.WithLabelValues(s.config.NodeName, node.Name).Add(0) + } + } + + // check for peers that have been deleted + for key := range s.peers { + if _, ok := peerMap[key]; !ok { + s.WithField("peer", key).Info("Deleting peer.") + delete(s.peers, key) + } + } + + return nil +} + +// resyncNethealthPods contacts the kubernetes API to sync the list of pods running the nethealth daemon +func (s *Server) resyncNethealthPods() error { + list, err := s.client.CoreV1().Pods(s.config.Namespace).List(metav1.ListOptions{ + LabelSelector: s.selector.String(), + }) + if err != nil { + return trace.Wrap(err) + } + + for _, pod := range list.Items { + // skip our own pod + if pod.Spec.NodeName == s.config.NodeName { + continue + } + + // skip if the peer object can't be located + if peer, ok := s.peers[pod.Spec.NodeName]; !ok { + continue + } else { + newAddr := &net.IPAddr{ + IP: net.ParseIP(pod.Status.PodIP), + } + + if peer.addr.String() != newAddr.String() { + s.WithFields(logrus.Fields{ + "peer": peer.name, + "new_peer_addr": newAddr, + "old_peer_addr": peer.addr, + }).Info("Updating peer pod IP address.") + peer.addr = newAddr + s.addrToPeer[peer.addr.String()] = pod.Spec.NodeName + } + } + } + + // Free entries in the lookup table that no longer point to a valid object + for key, value := range s.addrToPeer { + if _, ok := s.peers[value]; !ok { + delete(s.addrToPeer, key) + } + } + + return nil +} + +// serve monitors for incoming icmp messages +func (s *Server) serve() { + buf := make([]byte, 256) + + for { + n, peerAddr, err := s.conn.ReadFrom(buf) + rxTime := s.clock.Now() + log := s.WithFields(logrus.Fields{ + "peer_addr": peerAddr, + "node": s.config.NodeName, + "length": n, + }) + if err != nil { + log.WithError(err).Error("Error in udp socket read.") + continue + } + + // The ICMP package doesn't export the protocol numbers + // 1 - ICMP + // 58 - ICMPv6 + // https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml + msg, err := icmp.ParseMessage(1, buf[:n]) + if err != nil { + log.WithError(err).Error("Error parsing icmp message.") + continue + } + + select { + case s.rxMessage <- messageWrapper{ + message: msg, + rxTime: rxTime, + peerAddr: peerAddr, + }: + default: + // Don't block + log.Warn("Dropped icmp message due to full rxMessage queue") + } + } +} + +func (s *Server) lookupPeer(addr string) (*peer, error) { + peerName, ok := s.addrToPeer[addr] + if !ok { + return nil, trace.BadParameter("address not found in address table").AddField("address", addr) + } + + p, ok := s.peers[peerName] + if !ok { + return nil, trace.BadParameter("peer not found in peer table").AddField("peer_name", peerName) + } + return p, nil +} + +// processAck processes a received ICMP Ack message +func (s *Server) processAck(e messageWrapper) error { + switch e.message.Type { + case ipv4.ICMPTypeEchoReply: + // ok + case ipv4.ICMPTypeEcho: + // nothing to do with echo requests + return nil + default: + //unexpected / unknown + return trace.BadParameter("received unexpected icmp message type").AddField("type", e.message.Type) + } + + switch pkt := e.message.Body.(type) { + case *icmp.Echo: + peer, err := s.lookupPeer(e.peerAddr.String()) + if err != nil { + return trace.Wrap(err) + } + if uint16(pkt.Seq) != uint16(peer.echoCounter) { + return trace.BadParameter("response sequence doesn't match latest request."). + AddField("expected", uint16(peer.echoCounter)). + AddField("received", uint16(pkt.Seq)) + } + + rtt := e.rxTime.Sub(peer.echoTime) + s.promPeerRTT.WithLabelValues(s.config.NodeName, peer.name).Observe(rtt.Seconds()) + s.updatePeerStatus(peer, Up) + peer.echoTimeout = false + + s.WithFields(logrus.Fields{ + "peer_name": peer.name, + "peer_addr": peer.addr, + "counter": peer.echoCounter, + "seq": uint16(peer.echoCounter), + "rtt": rtt, + }).Debug("Ack.") + default: + s.WithFields(logrus.Fields{ + "peer_addr": e.peerAddr.String(), + }).Warn("Unexpected icmp message") + } + return nil +} + +func (s *Server) sendHeartbeat(peer *peer) { + peer.echoCounter++ + log := s.WithFields(logrus.Fields{ + "peer_name": peer.name, + "peer_addr": peer.addr, + "id": peer.echoCounter, + }) + + s.promPeerRequest.WithLabelValues(s.config.NodeName, peer.name).Inc() + + // If we don't know the pod IP address of the peer, we still want to generate a timeout, but not actually send + // a heartbeat + peer.echoTimeout = true + if peer.addr == nil || peer.addr.String() == "" || peer.addr.String() == "0.0.0.0" { + return + } + + msg := icmp.Message{ + Type: ipv4.ICMPTypeEcho, + Code: 0, + Body: &icmp.Echo{ + ID: 1, + Seq: peer.echoCounter, + }, + } + buf, err := msg.Marshal(nil) + if err != nil { + log.WithError(err).Warn("Failed to marshal ping.") + return + } + + peer.echoTime = s.clock.Now() + _, err = s.conn.WriteTo(buf, peer.addr) + if err != nil { + log.WithError(err).Warn("Failed to send ping.") + return + } + + log.Debug("Sent echo request.") +} + +// checkTimeouts iterates over each peer, and checks whether our last heartbeat has timed out +func (s *Server) checkTimeouts() { + s.Debug("checking for timeouts") + for _, peer := range s.peers { + // if the echoTimeout flag is set, it means we didn't receive a response to our last request + if peer.echoTimeout { + s.WithFields(logrus.Fields{ + "peer_name": peer.name, + "peer_addr": peer.addr, + "id": peer.echoCounter, + }).Debug("echo timeout") + s.promPeerTimeout.WithLabelValues(s.config.NodeName, peer.name).Inc() + s.updatePeerStatus(peer, Timeout) + } + } +} + +func (s *Server) updatePeerStatus(peer *peer, status string) { + if peer.status == status { + return + } + + s.WithFields(logrus.Fields{ + "peer_name": peer.name, + "peer_addr": peer.addr, + "duration": s.clock.Now().Sub(peer.lastStatusChange), + "old_status": peer.status, + "new_status": status, + }).Info("Peer status changed.") + + peer.status = status + peer.lastStatusChange = s.clock.Now() + +} diff --git a/vendor/github.com/gravitational/satellite/monitoring/defaults_linux.go b/vendor/github.com/gravitational/satellite/monitoring/defaults_linux.go index 4c40ff53ad..7541c70035 100644 --- a/vendor/github.com/gravitational/satellite/monitoring/defaults_linux.go +++ b/vendor/github.com/gravitational/satellite/monitoring/defaults_linux.go @@ -114,12 +114,6 @@ func DefaultBootConfigParams() health.Checker { BootConfigParam{Name: "CONFIG_VETH"}, BootConfigParam{Name: "CONFIG_BRIDGE"}, BootConfigParam{Name: "CONFIG_BRIDGE_NETFILTER"}, - BootConfigParam{ - // https://cateee.net/lkddb/web-lkddb/NF_NAT_IPV4.html - // CONFIG_NF_NAT_IPV4 has been removed as of kernel 5.1 - Name: "CONFIG_NF_NAT_IPV4", - KernelConstraint: KernelVersionLessThan(KernelVersion{Release: 5, Major: 1}), - }, BootConfigParam{Name: "CONFIG_IP_NF_FILTER"}, BootConfigParam{Name: "CONFIG_IP_NF_TARGET_MASQUERADE"}, BootConfigParam{Name: "CONFIG_NETFILTER_XT_MATCH_ADDRTYPE"}, diff --git a/vendor/github.com/gravitational/satellite/monitoring/nethealth.go b/vendor/github.com/gravitational/satellite/monitoring/nethealth.go index 10bdaeec52..51ee460df2 100644 --- a/vendor/github.com/gravitational/satellite/monitoring/nethealth.go +++ b/vendor/github.com/gravitational/satellite/monitoring/nethealth.go @@ -20,22 +20,24 @@ import ( "bytes" "context" "fmt" + "io/ioutil" "math" + "net" + "net/http" "sync" "time" "github.com/gravitational/satellite/agent" "github.com/gravitational/satellite/agent/health" pb "github.com/gravitational/satellite/agent/proto/agentpb" + "github.com/gravitational/satellite/lib/nethealth" "github.com/gravitational/satellite/utils" - "github.com/gravitational/roundtrip" "github.com/gravitational/trace" "github.com/mailgun/holster" dto "github.com/prometheus/client_model/go" "github.com/prometheus/common/expfmt" log "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" ) @@ -44,8 +46,8 @@ import ( type NethealthConfig struct { // NodeName specifies the kubernetes name of this node. NodeName string - // NethealthPort specifies the port that nethealth is listening on. - NethealthPort int + // NethealthSocketPath specifies the location of the unix-socket nethealth is listening on. + NethealthSocketPath string // NetStatsInterval specifies the duration to store net stats. NetStatsInterval time.Duration // KubeConfig specifies kubernetes access information. @@ -62,8 +64,8 @@ func (c *NethealthConfig) CheckAndSetDefaults() error { if c.KubeConfig == nil { errors = append(errors, trace.BadParameter("kubernetes access config must be provided")) } - if c.NethealthPort == 0 { - c.NethealthPort = defaultNethealthPort + if c.NethealthSocketPath == "" { + c.NethealthSocketPath = nethealth.DefaultNethealthSocket } if c.NetStatsInterval == time.Duration(0) { c.NetStatsInterval = defaultNetStatsInterval @@ -127,16 +129,7 @@ func (c *nethealthChecker) check(ctx context.Context, reporter health.Reporter) return nil } - addr, err := c.getNethealthAddr() - if trace.IsNotFound(err) { - log.Debug("Nethealth pod was not found.") - return nil // pod was not found, log and treat gracefully - } - if err != nil { - return trace.Wrap(err) // received unexpected error, maybe network-related, will add error probe above - } - - resp, err := fetchNethealthMetrics(ctx, addr) + resp, err := c.fetchNethealthMetrics(ctx) if err != nil { return trace.Wrap(err, "failed to fetch nethealth metrics") } @@ -173,33 +166,6 @@ func (c *nethealthChecker) getPeers() (peers []string, err error) { return peers, nil } -// getNethealthAddr returns the address of the local nethealth pod. -func (c *nethealthChecker) getNethealthAddr() (addr string, err error) { - opts := metav1.ListOptions{ - LabelSelector: nethealthLabelSelector.String(), - FieldSelector: fields.OneTermEqualSelector("spec.nodeName", c.NodeName).String(), - Limit: 1, - } - pods, err := c.Client.CoreV1().Pods(nethealthNamespace).List(opts) - if err != nil { - return addr, utils.ConvertError(err) // this will convert error to a proper trace error, e.g. trace.NotFound - } - - if len(pods.Items) < 1 { - return addr, trace.NotFound("nethealth pod not found on local node %s", c.NodeName) - } - - pod := pods.Items[0] - if pod.Status.Phase != corev1.PodRunning { - return addr, trace.NotFound("local nethealth pod %v is not Running: %v", pod.Name, pod.Status.Phase) - } - if pod.Status.PodIP == "" { - return addr, trace.NotFound("local nethealth pod %v has not been assigned an IP", pod.Name) - } - - return fmt.Sprintf("http://%s:%d", pod.Status.PodIP, c.NethealthPort), nil -} - // updateStats updates netStats with new incoming data. // Returns the list of updated peers. func (c *nethealthChecker) updateStats(incoming map[string]networkData) (updated []string, err error) { @@ -328,14 +294,18 @@ func nethealthFailureProbe(name, peer string, packetLoss float64) *pb.Probe { } } -// fetchNethealthMetrics collects the network metrics from the nethealth pod -// specified by addr. Returns the resp as an array of bytes. -func fetchNethealthMetrics(ctx context.Context, addr string) ([]byte, error) { - client, err := roundtrip.NewClient(addr, "") - if err != nil { - return nil, trace.Wrap(err, "failed to connect to nethealth service at %s.", addr) +// fetchNethealthMetrics collects the network metrics from the nethealth pod. +// Returns the response as an array of bytes. +func (c *nethealthChecker) fetchNethealthMetrics(ctx context.Context) (res []byte, err error) { + client := http.Client{ + Transport: &http.Transport{ + DialContext: func(_ context.Context, _, _ string) (net.Conn, error) { + var d net.Dialer + return d.DialContext(ctx, "unix", c.NethealthSocketPath) + }, + }, + Timeout: time.Second, } - // The two relevant metrics exposed by nethealth are 'nethealth_echo_request_total' and // 'nethealth_echo_timeout_total'. We expect a pair of request/timeout metrics per peer. // Example metrics received from nethealth may look something like the output below: @@ -348,11 +318,29 @@ func fetchNethealthMetrics(ctx context.Context, addr string) ([]byte, error) { // # TYPE nethealth_echo_timeout_total counter // nethealth_echo_timeout_total{node_name="10.128.0.96",peer_name="10.128.0.70"} 37 // nethealth_echo_timeout_total{node_name="10.128.0.96",peer_name="10.128.0.97"} 0 - resp, err := client.Get(ctx, client.Endpoint("metrics"), nil) + req, err := http.NewRequest(http.MethodGet, "http://unix/metrics", nil) + if err != nil { + return nil, trace.Wrap(err) + } + + req = req.WithContext(ctx) + + resp, err := client.Do(req) if err != nil { return nil, trace.Wrap(err) } - return resp.Bytes(), nil + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + buffer, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, trace.ConvertSystemError(err) + } + + return buffer, nil + } + + return nil, trace.BadParameter("unexpected response from %s: %v", c.NethealthSocketPath, resp.Status) } // parseMetrics parses the provided data and returns the structured network @@ -518,9 +506,6 @@ const ( // echoTimeoutLabel defines the metric family label for the echo timeout counter. echoTimeoutLabel = "nethealth_echo_timeout_total" - // defaultNethealthPort defines the default nethealth port. - defaultNethealthPort = 9801 - // defaultNetStatsInterval defines the default interval duration for the netStats. defaultNetStatsInterval = 5 * time.Minute diff --git a/vendor/github.com/gravitational/satellite/monitoring/system_pods.go b/vendor/github.com/gravitational/satellite/monitoring/system_pods.go index e753944a72..a97a5d14e9 100644 --- a/vendor/github.com/gravitational/satellite/monitoring/system_pods.go +++ b/vendor/github.com/gravitational/satellite/monitoring/system_pods.go @@ -22,31 +22,26 @@ import ( "github.com/gravitational/satellite/agent/health" pb "github.com/gravitational/satellite/agent/proto/agentpb" - "github.com/gravitational/satellite/lib/kubernetes" "github.com/gravitational/satellite/utils" "github.com/gravitational/trace" log "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" ) // SystemPodsConfig specifies configuration for a system pods checker. type SystemPodsConfig struct { - // NodeName specifies the kubernetes name of this node. - NodeName string // KubeConfig specifies kubernetes access configuration. *KubeConfig + // Namespaces specifies the list of namespaces to query for critical pods. + Namespaces []string } // checkAndSetDefaults validates that this configuration is correct and sets // value defaults where necessary. func (r *SystemPodsConfig) checkAndSetDefaults() error { var errors []error - if r.NodeName == "" { - errors = append(errors, trace.BadParameter("node name must be provided")) - } if r.KubeConfig == nil { errors = append(errors, trace.BadParameter("kubernetes access config must be provided")) } @@ -104,17 +99,20 @@ func (r *systemPodsChecker) check(ctx context.Context, reporter health.Reporter) // getPods returns a list of the local pods that have the // `gravitational.io/critical-pod` label. -func (r *systemPodsChecker) getPods() ([]corev1.Pod, error) { +func (r *systemPodsChecker) getPods() (pods []corev1.Pod, err error) { opts := metav1.ListOptions{ LabelSelector: systemPodsSelector.String(), - FieldSelector: fields.OneTermEqualSelector("spec.nodeName", r.NodeName).String(), } - pods, err := r.Client.CoreV1().Pods(kubernetes.AllNamespaces).List(opts) - if err != nil { - return nil, utils.ConvertError(err) + + for _, namespace := range r.Namespaces { + podList, err := r.Client.CoreV1().Pods(namespace).List(opts) + if err != nil { + return pods, utils.ConvertError(err) + } + pods = append(pods, podList.Items...) } - return pods.Items, nil + return pods, nil } // verifyPods verifies the pods are in a valid state. Reports a failed probe for diff --git a/vendor/github.com/gravitational/satellite/monitoring/timedrift.go b/vendor/github.com/gravitational/satellite/monitoring/timedrift.go index 1c5be4bb7b..b7930d419a 100644 --- a/vendor/github.com/gravitational/satellite/monitoring/timedrift.go +++ b/vendor/github.com/gravitational/satellite/monitoring/timedrift.go @@ -40,6 +40,14 @@ const ( // timeDriftThreshold sets the default threshold of the acceptable time // difference between nodes. timeDriftThreshold = 300 * time.Millisecond + + // timeDriftCheckTimeout drops time checks where the RPC call to the remote server take too long to respond. + // If the client or server is busy and the request takes too long to be processed, this will cause an inaccurate + // comparison of the current time. + timeDriftCheckTimeout = 100 * time.Millisecond + + // parallelRoutines indicates how many parallel queries we should run to peer nodes + parallelRoutines = 20 ) // timeDriftChecker is a checker that verifies that the time difference between @@ -133,16 +141,39 @@ func (c *timeDriftChecker) check(ctx context.Context, r health.Reporter) (err er if err != nil { return trace.Wrap(err) } + + nodesC := make(chan serf.Member, len(nodes)) for _, node := range nodes { - drift, err := c.getTimeDrift(ctx, node) - if err != nil { - log.WithError(err).Debug("Failed to get time drift.") - continue - } - if isDriftHigh(drift) { - r.Add(c.failureProbe(node, drift)) - } + nodesC <- node + } + close(nodesC) + + var mutex sync.Mutex + + var wg sync.WaitGroup + + wg.Add(parallelRoutines) + + for i := 0; i < parallelRoutines; i++ { + go func() { + for node := range nodesC { + drift, err := c.getTimeDrift(ctx, node) + if err != nil { + log.WithError(err).Debug("Failed to get time drift.") + continue + } + + if isDriftHigh(drift) { + mutex.Lock() + r.Add(c.failureProbe(node, drift)) + mutex.Unlock() + } + } + wg.Done() + }() } + + wg.Wait() return nil } @@ -179,11 +210,15 @@ func (c *timeDriftChecker) getTimeDrift(ctx context.Context, node serf.Member) ( return 0, trace.Wrap(err) } - // Obtain this node's local timestamp. - t1Start := c.Clock.Now().UTC() + queryStart := c.Clock.Now().UTC() + + // if the RPC call takes a long duration it will result in an inaccurate comparison. Timeout the RPC + // call to reduce false positives on a slow server. + ctx, cancel := context.WithTimeout(ctx, timeDriftCheckTimeout) + defer cancel() // Send "time" request to the specified node. - t2Response, err := agentClient.Time(ctx, &pb.TimeRequest{}) + peerResponse, err := agentClient.Time(ctx, &pb.TimeRequest{}) if err != nil { // If the agent we're making request to is of an older version, // it may not support Time() method yet. This can happen, e.g., @@ -195,18 +230,21 @@ func (c *timeDriftChecker) getTimeDrift(ctx context.Context, node serf.Member) ( return 0, trace.Wrap(err) } - // Calculate how much time has elapsed since T1Start. This value will - // roughly be the request roundtrip time, so the latency b/w the nodes - // is half that. - latency := c.Clock.Now().UTC().Sub(t1Start) / 2 + queryEnd := c.Clock.Now().UTC() + + // The request / response will take some time to perform over the network + // Use an adjustment of half the RTT time under the assumption that the request / response consume + // equal delays. + latencyAdjustment := queryEnd.Sub(queryStart) / 2 - // Finally calculate the time drift between this and the specified node - // using formula: T2 - T1Start - Latency. - t2 := t2Response.GetTimestamp().ToTime() - drift := t2.Sub(t1Start) - latency + adjustedPeerTime := peerResponse.GetTimestamp().ToTime().Add(latencyAdjustment) - c.WithField("node", node.Name).Debugf("T1Start: %v; T2: %v; Latency: %v; Drift: %v.", - t1Start, t2, latency, drift) + // drift is relative to the current nodes time. + // if peer time > node time, return a positive duration + // if peer time < node time, return a negative duration + drift := adjustedPeerTime.Sub(queryEnd) + c.WithField("node", node.Name).Debugf("queryStart: %v; queryEnd: %v; peerTime: %v; adjustedPeerTime: %v drift: %v.", + queryStart, queryEnd, peerResponse.GetTimestamp().ToTime(), adjustedPeerTime, drift) return drift, nil } diff --git a/vendor/golang.org/x/net/icmp/dstunreach.go b/vendor/golang.org/x/net/icmp/dstunreach.go new file mode 100644 index 0000000000..7464bf7ead --- /dev/null +++ b/vendor/golang.org/x/net/icmp/dstunreach.go @@ -0,0 +1,41 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +// A DstUnreach represents an ICMP destination unreachable message +// body. +type DstUnreach struct { + Data []byte // data, known as original datagram field + Extensions []Extension // extensions +} + +// Len implements the Len method of MessageBody interface. +func (p *DstUnreach) Len(proto int) int { + if p == nil { + return 0 + } + l, _ := multipartMessageBodyDataLen(proto, true, p.Data, p.Extensions) + return 4 + l +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *DstUnreach) Marshal(proto int) ([]byte, error) { + return marshalMultipartMessageBody(proto, true, p.Data, p.Extensions) +} + +// parseDstUnreach parses b as an ICMP destination unreachable message +// body. +func parseDstUnreach(proto int, typ Type, b []byte) (MessageBody, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + p := &DstUnreach{} + var err error + p.Data, p.Extensions, err = parseMultipartMessageBody(proto, typ, b) + if err != nil { + return nil, err + } + return p, nil +} diff --git a/vendor/golang.org/x/net/icmp/echo.go b/vendor/golang.org/x/net/icmp/echo.go new file mode 100644 index 0000000000..c611f65165 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/echo.go @@ -0,0 +1,157 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import "encoding/binary" + +// An Echo represents an ICMP echo request or reply message body. +type Echo struct { + ID int // identifier + Seq int // sequence number + Data []byte // data +} + +// Len implements the Len method of MessageBody interface. +func (p *Echo) Len(proto int) int { + if p == nil { + return 0 + } + return 4 + len(p.Data) +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *Echo) Marshal(proto int) ([]byte, error) { + b := make([]byte, 4+len(p.Data)) + binary.BigEndian.PutUint16(b[:2], uint16(p.ID)) + binary.BigEndian.PutUint16(b[2:4], uint16(p.Seq)) + copy(b[4:], p.Data) + return b, nil +} + +// parseEcho parses b as an ICMP echo request or reply message body. +func parseEcho(proto int, _ Type, b []byte) (MessageBody, error) { + bodyLen := len(b) + if bodyLen < 4 { + return nil, errMessageTooShort + } + p := &Echo{ID: int(binary.BigEndian.Uint16(b[:2])), Seq: int(binary.BigEndian.Uint16(b[2:4]))} + if bodyLen > 4 { + p.Data = make([]byte, bodyLen-4) + copy(p.Data, b[4:]) + } + return p, nil +} + +// An ExtendedEchoRequest represents an ICMP extended echo request +// message body. +type ExtendedEchoRequest struct { + ID int // identifier + Seq int // sequence number + Local bool // must be true when identifying by name or index + Extensions []Extension // extensions +} + +// Len implements the Len method of MessageBody interface. +func (p *ExtendedEchoRequest) Len(proto int) int { + if p == nil { + return 0 + } + l, _ := multipartMessageBodyDataLen(proto, false, nil, p.Extensions) + return 4 + l +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *ExtendedEchoRequest) Marshal(proto int) ([]byte, error) { + b, err := marshalMultipartMessageBody(proto, false, nil, p.Extensions) + if err != nil { + return nil, err + } + bb := make([]byte, 4) + binary.BigEndian.PutUint16(bb[:2], uint16(p.ID)) + bb[2] = byte(p.Seq) + if p.Local { + bb[3] |= 0x01 + } + bb = append(bb, b...) + return bb, nil +} + +// parseExtendedEchoRequest parses b as an ICMP extended echo request +// message body. +func parseExtendedEchoRequest(proto int, typ Type, b []byte) (MessageBody, error) { + if len(b) < 4+4 { + return nil, errMessageTooShort + } + p := &ExtendedEchoRequest{ID: int(binary.BigEndian.Uint16(b[:2])), Seq: int(b[2])} + if b[3]&0x01 != 0 { + p.Local = true + } + var err error + _, p.Extensions, err = parseMultipartMessageBody(proto, typ, b[4:]) + if err != nil { + return nil, err + } + return p, nil +} + +// An ExtendedEchoReply represents an ICMP extended echo reply message +// body. +type ExtendedEchoReply struct { + ID int // identifier + Seq int // sequence number + State int // 3-bit state working together with Message.Code + Active bool // probed interface is active + IPv4 bool // probed interface runs IPv4 + IPv6 bool // probed interface runs IPv6 +} + +// Len implements the Len method of MessageBody interface. +func (p *ExtendedEchoReply) Len(proto int) int { + if p == nil { + return 0 + } + return 4 +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *ExtendedEchoReply) Marshal(proto int) ([]byte, error) { + b := make([]byte, 4) + binary.BigEndian.PutUint16(b[:2], uint16(p.ID)) + b[2] = byte(p.Seq) + b[3] = byte(p.State<<5) & 0xe0 + if p.Active { + b[3] |= 0x04 + } + if p.IPv4 { + b[3] |= 0x02 + } + if p.IPv6 { + b[3] |= 0x01 + } + return b, nil +} + +// parseExtendedEchoReply parses b as an ICMP extended echo reply +// message body. +func parseExtendedEchoReply(proto int, _ Type, b []byte) (MessageBody, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + p := &ExtendedEchoReply{ + ID: int(binary.BigEndian.Uint16(b[:2])), + Seq: int(b[2]), + State: int(b[3]) >> 5, + } + if b[3]&0x04 != 0 { + p.Active = true + } + if b[3]&0x02 != 0 { + p.IPv4 = true + } + if b[3]&0x01 != 0 { + p.IPv6 = true + } + return p, nil +} diff --git a/vendor/golang.org/x/net/icmp/endpoint.go b/vendor/golang.org/x/net/icmp/endpoint.go new file mode 100644 index 0000000000..4841bdd2b3 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/endpoint.go @@ -0,0 +1,113 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import ( + "net" + "runtime" + "time" + + "golang.org/x/net/ipv4" + "golang.org/x/net/ipv6" +) + +var _ net.PacketConn = &PacketConn{} + +// A PacketConn represents a packet network endpoint that uses either +// ICMPv4 or ICMPv6. +type PacketConn struct { + c net.PacketConn + p4 *ipv4.PacketConn + p6 *ipv6.PacketConn +} + +func (c *PacketConn) ok() bool { return c != nil && c.c != nil } + +// IPv4PacketConn returns the ipv4.PacketConn of c. +// It returns nil when c is not created as the endpoint for ICMPv4. +func (c *PacketConn) IPv4PacketConn() *ipv4.PacketConn { + if !c.ok() { + return nil + } + return c.p4 +} + +// IPv6PacketConn returns the ipv6.PacketConn of c. +// It returns nil when c is not created as the endpoint for ICMPv6. +func (c *PacketConn) IPv6PacketConn() *ipv6.PacketConn { + if !c.ok() { + return nil + } + return c.p6 +} + +// ReadFrom reads an ICMP message from the connection. +func (c *PacketConn) ReadFrom(b []byte) (int, net.Addr, error) { + if !c.ok() { + return 0, nil, errInvalidConn + } + // Please be informed that ipv4.NewPacketConn enables + // IP_STRIPHDR option by default on Darwin. + // See golang.org/issue/9395 for further information. + if runtime.GOOS == "darwin" && c.p4 != nil { + n, _, peer, err := c.p4.ReadFrom(b) + return n, peer, err + } + return c.c.ReadFrom(b) +} + +// WriteTo writes the ICMP message b to dst. +// The provided dst must be net.UDPAddr when c is a non-privileged +// datagram-oriented ICMP endpoint. +// Otherwise it must be net.IPAddr. +func (c *PacketConn) WriteTo(b []byte, dst net.Addr) (int, error) { + if !c.ok() { + return 0, errInvalidConn + } + return c.c.WriteTo(b, dst) +} + +// Close closes the endpoint. +func (c *PacketConn) Close() error { + if !c.ok() { + return errInvalidConn + } + return c.c.Close() +} + +// LocalAddr returns the local network address. +func (c *PacketConn) LocalAddr() net.Addr { + if !c.ok() { + return nil + } + return c.c.LocalAddr() +} + +// SetDeadline sets the read and write deadlines associated with the +// endpoint. +func (c *PacketConn) SetDeadline(t time.Time) error { + if !c.ok() { + return errInvalidConn + } + return c.c.SetDeadline(t) +} + +// SetReadDeadline sets the read deadline associated with the +// endpoint. +func (c *PacketConn) SetReadDeadline(t time.Time) error { + if !c.ok() { + return errInvalidConn + } + return c.c.SetReadDeadline(t) +} + +// SetWriteDeadline sets the write deadline associated with the +// endpoint. +func (c *PacketConn) SetWriteDeadline(t time.Time) error { + if !c.ok() { + return errInvalidConn + } + return c.c.SetWriteDeadline(t) +} diff --git a/vendor/golang.org/x/net/icmp/extension.go b/vendor/golang.org/x/net/icmp/extension.go new file mode 100644 index 0000000000..d27c462dd8 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/extension.go @@ -0,0 +1,110 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import ( + "encoding/binary" + + "golang.org/x/net/ipv4" + "golang.org/x/net/ipv6" +) + +// An Extension represents an ICMP extension. +type Extension interface { + // Len returns the length of ICMP extension. + // The provided proto must be either the ICMPv4 or ICMPv6 + // protocol number. + Len(proto int) int + + // Marshal returns the binary encoding of ICMP extension. + // The provided proto must be either the ICMPv4 or ICMPv6 + // protocol number. + Marshal(proto int) ([]byte, error) +} + +const extensionVersion = 2 + +func validExtensionHeader(b []byte) bool { + v := int(b[0]&0xf0) >> 4 + s := binary.BigEndian.Uint16(b[2:4]) + if s != 0 { + s = checksum(b) + } + if v != extensionVersion || s != 0 { + return false + } + return true +} + +// parseExtensions parses b as a list of ICMP extensions. +// The length attribute l must be the length attribute field in +// received icmp messages. +// +// It will return a list of ICMP extensions and an adjusted length +// attribute that represents the length of the padded original +// datagram field. Otherwise, it returns an error. +func parseExtensions(typ Type, b []byte, l int) ([]Extension, int, error) { + // Still a lot of non-RFC 4884 compliant implementations are + // out there. Set the length attribute l to 128 when it looks + // inappropriate for backwards compatibility. + // + // A minimal extension at least requires 8 octets; 4 octets + // for an extension header, and 4 octets for a single object + // header. + // + // See RFC 4884 for further information. + switch typ { + case ipv4.ICMPTypeExtendedEchoRequest, ipv6.ICMPTypeExtendedEchoRequest: + if len(b) < 8 || !validExtensionHeader(b) { + return nil, -1, errNoExtension + } + l = 0 + default: + if 128 > l || l+8 > len(b) { + l = 128 + } + if l+8 > len(b) { + return nil, -1, errNoExtension + } + if !validExtensionHeader(b[l:]) { + if l == 128 { + return nil, -1, errNoExtension + } + l = 128 + if !validExtensionHeader(b[l:]) { + return nil, -1, errNoExtension + } + } + } + var exts []Extension + for b = b[l+4:]; len(b) >= 4; { + ol := int(binary.BigEndian.Uint16(b[:2])) + if 4 > ol || ol > len(b) { + break + } + switch b[2] { + case classMPLSLabelStack: + ext, err := parseMPLSLabelStack(b[:ol]) + if err != nil { + return nil, -1, err + } + exts = append(exts, ext) + case classInterfaceInfo: + ext, err := parseInterfaceInfo(b[:ol]) + if err != nil { + return nil, -1, err + } + exts = append(exts, ext) + case classInterfaceIdent: + ext, err := parseInterfaceIdent(b[:ol]) + if err != nil { + return nil, -1, err + } + exts = append(exts, ext) + } + b = b[ol:] + } + return exts, l, nil +} diff --git a/vendor/golang.org/x/net/icmp/helper_posix.go b/vendor/golang.org/x/net/icmp/helper_posix.go new file mode 100644 index 0000000000..398fd388ff --- /dev/null +++ b/vendor/golang.org/x/net/icmp/helper_posix.go @@ -0,0 +1,75 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows + +package icmp + +import ( + "net" + "strconv" + "syscall" +) + +func sockaddr(family int, address string) (syscall.Sockaddr, error) { + switch family { + case syscall.AF_INET: + a, err := net.ResolveIPAddr("ip4", address) + if err != nil { + return nil, err + } + if len(a.IP) == 0 { + a.IP = net.IPv4zero + } + if a.IP = a.IP.To4(); a.IP == nil { + return nil, net.InvalidAddrError("non-ipv4 address") + } + sa := &syscall.SockaddrInet4{} + copy(sa.Addr[:], a.IP) + return sa, nil + case syscall.AF_INET6: + a, err := net.ResolveIPAddr("ip6", address) + if err != nil { + return nil, err + } + if len(a.IP) == 0 { + a.IP = net.IPv6unspecified + } + if a.IP.Equal(net.IPv4zero) { + a.IP = net.IPv6unspecified + } + if a.IP = a.IP.To16(); a.IP == nil || a.IP.To4() != nil { + return nil, net.InvalidAddrError("non-ipv6 address") + } + sa := &syscall.SockaddrInet6{ZoneId: zoneToUint32(a.Zone)} + copy(sa.Addr[:], a.IP) + return sa, nil + default: + return nil, net.InvalidAddrError("unexpected family") + } +} + +func zoneToUint32(zone string) uint32 { + if zone == "" { + return 0 + } + if ifi, err := net.InterfaceByName(zone); err == nil { + return uint32(ifi.Index) + } + n, err := strconv.Atoi(zone) + if err != nil { + return 0 + } + return uint32(n) +} + +func last(s string, b byte) int { + i := len(s) + for i--; i >= 0; i-- { + if s[i] == b { + break + } + } + return i +} diff --git a/vendor/golang.org/x/net/icmp/interface.go b/vendor/golang.org/x/net/icmp/interface.go new file mode 100644 index 0000000000..617f757b99 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/interface.go @@ -0,0 +1,322 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import ( + "encoding/binary" + "net" + "strings" + + "golang.org/x/net/internal/iana" +) + +const ( + classInterfaceInfo = 2 +) + +const ( + attrMTU = 1 << iota + attrName + attrIPAddr + attrIfIndex +) + +// An InterfaceInfo represents interface and next-hop identification. +type InterfaceInfo struct { + Class int // extension object class number + Type int // extension object sub-type + Interface *net.Interface + Addr *net.IPAddr +} + +func (ifi *InterfaceInfo) nameLen() int { + if len(ifi.Interface.Name) > 63 { + return 64 + } + l := 1 + len(ifi.Interface.Name) + return (l + 3) &^ 3 +} + +func (ifi *InterfaceInfo) attrsAndLen(proto int) (attrs, l int) { + l = 4 + if ifi.Interface != nil && ifi.Interface.Index > 0 { + attrs |= attrIfIndex + l += 4 + if len(ifi.Interface.Name) > 0 { + attrs |= attrName + l += ifi.nameLen() + } + if ifi.Interface.MTU > 0 { + attrs |= attrMTU + l += 4 + } + } + if ifi.Addr != nil { + switch proto { + case iana.ProtocolICMP: + if ifi.Addr.IP.To4() != nil { + attrs |= attrIPAddr + l += 4 + net.IPv4len + } + case iana.ProtocolIPv6ICMP: + if ifi.Addr.IP.To16() != nil && ifi.Addr.IP.To4() == nil { + attrs |= attrIPAddr + l += 4 + net.IPv6len + } + } + } + return +} + +// Len implements the Len method of Extension interface. +func (ifi *InterfaceInfo) Len(proto int) int { + _, l := ifi.attrsAndLen(proto) + return l +} + +// Marshal implements the Marshal method of Extension interface. +func (ifi *InterfaceInfo) Marshal(proto int) ([]byte, error) { + attrs, l := ifi.attrsAndLen(proto) + b := make([]byte, l) + if err := ifi.marshal(proto, b, attrs, l); err != nil { + return nil, err + } + return b, nil +} + +func (ifi *InterfaceInfo) marshal(proto int, b []byte, attrs, l int) error { + binary.BigEndian.PutUint16(b[:2], uint16(l)) + b[2], b[3] = classInterfaceInfo, byte(ifi.Type) + for b = b[4:]; len(b) > 0 && attrs != 0; { + switch { + case attrs&attrIfIndex != 0: + b = ifi.marshalIfIndex(proto, b) + attrs &^= attrIfIndex + case attrs&attrIPAddr != 0: + b = ifi.marshalIPAddr(proto, b) + attrs &^= attrIPAddr + case attrs&attrName != 0: + b = ifi.marshalName(proto, b) + attrs &^= attrName + case attrs&attrMTU != 0: + b = ifi.marshalMTU(proto, b) + attrs &^= attrMTU + } + } + return nil +} + +func (ifi *InterfaceInfo) marshalIfIndex(proto int, b []byte) []byte { + binary.BigEndian.PutUint32(b[:4], uint32(ifi.Interface.Index)) + return b[4:] +} + +func (ifi *InterfaceInfo) parseIfIndex(b []byte) ([]byte, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + ifi.Interface.Index = int(binary.BigEndian.Uint32(b[:4])) + return b[4:], nil +} + +func (ifi *InterfaceInfo) marshalIPAddr(proto int, b []byte) []byte { + switch proto { + case iana.ProtocolICMP: + binary.BigEndian.PutUint16(b[:2], uint16(iana.AddrFamilyIPv4)) + copy(b[4:4+net.IPv4len], ifi.Addr.IP.To4()) + b = b[4+net.IPv4len:] + case iana.ProtocolIPv6ICMP: + binary.BigEndian.PutUint16(b[:2], uint16(iana.AddrFamilyIPv6)) + copy(b[4:4+net.IPv6len], ifi.Addr.IP.To16()) + b = b[4+net.IPv6len:] + } + return b +} + +func (ifi *InterfaceInfo) parseIPAddr(b []byte) ([]byte, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + afi := int(binary.BigEndian.Uint16(b[:2])) + b = b[4:] + switch afi { + case iana.AddrFamilyIPv4: + if len(b) < net.IPv4len { + return nil, errMessageTooShort + } + ifi.Addr.IP = make(net.IP, net.IPv4len) + copy(ifi.Addr.IP, b[:net.IPv4len]) + b = b[net.IPv4len:] + case iana.AddrFamilyIPv6: + if len(b) < net.IPv6len { + return nil, errMessageTooShort + } + ifi.Addr.IP = make(net.IP, net.IPv6len) + copy(ifi.Addr.IP, b[:net.IPv6len]) + b = b[net.IPv6len:] + } + return b, nil +} + +func (ifi *InterfaceInfo) marshalName(proto int, b []byte) []byte { + l := byte(ifi.nameLen()) + b[0] = l + copy(b[1:], []byte(ifi.Interface.Name)) + return b[l:] +} + +func (ifi *InterfaceInfo) parseName(b []byte) ([]byte, error) { + if 4 > len(b) || len(b) < int(b[0]) { + return nil, errMessageTooShort + } + l := int(b[0]) + if l%4 != 0 || 4 > l || l > 64 { + return nil, errInvalidExtension + } + var name [63]byte + copy(name[:], b[1:l]) + ifi.Interface.Name = strings.Trim(string(name[:]), "\000") + return b[l:], nil +} + +func (ifi *InterfaceInfo) marshalMTU(proto int, b []byte) []byte { + binary.BigEndian.PutUint32(b[:4], uint32(ifi.Interface.MTU)) + return b[4:] +} + +func (ifi *InterfaceInfo) parseMTU(b []byte) ([]byte, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + ifi.Interface.MTU = int(binary.BigEndian.Uint32(b[:4])) + return b[4:], nil +} + +func parseInterfaceInfo(b []byte) (Extension, error) { + ifi := &InterfaceInfo{ + Class: int(b[2]), + Type: int(b[3]), + } + if ifi.Type&(attrIfIndex|attrName|attrMTU) != 0 { + ifi.Interface = &net.Interface{} + } + if ifi.Type&attrIPAddr != 0 { + ifi.Addr = &net.IPAddr{} + } + attrs := ifi.Type & (attrIfIndex | attrIPAddr | attrName | attrMTU) + for b = b[4:]; len(b) > 0 && attrs != 0; { + var err error + switch { + case attrs&attrIfIndex != 0: + b, err = ifi.parseIfIndex(b) + attrs &^= attrIfIndex + case attrs&attrIPAddr != 0: + b, err = ifi.parseIPAddr(b) + attrs &^= attrIPAddr + case attrs&attrName != 0: + b, err = ifi.parseName(b) + attrs &^= attrName + case attrs&attrMTU != 0: + b, err = ifi.parseMTU(b) + attrs &^= attrMTU + } + if err != nil { + return nil, err + } + } + if ifi.Interface != nil && ifi.Interface.Name != "" && ifi.Addr != nil && ifi.Addr.IP.To16() != nil && ifi.Addr.IP.To4() == nil { + ifi.Addr.Zone = ifi.Interface.Name + } + return ifi, nil +} + +const ( + classInterfaceIdent = 3 + typeInterfaceByName = 1 + typeInterfaceByIndex = 2 + typeInterfaceByAddress = 3 +) + +// An InterfaceIdent represents interface identification. +type InterfaceIdent struct { + Class int // extension object class number + Type int // extension object sub-type + Name string // interface name + Index int // interface index + AFI int // address family identifier; see address family numbers in IANA registry + Addr []byte // address +} + +// Len implements the Len method of Extension interface. +func (ifi *InterfaceIdent) Len(_ int) int { + switch ifi.Type { + case typeInterfaceByName: + l := len(ifi.Name) + if l > 255 { + l = 255 + } + return 4 + (l+3)&^3 + case typeInterfaceByIndex: + return 4 + 8 + case typeInterfaceByAddress: + return 4 + 4 + (len(ifi.Addr)+3)&^3 + default: + return 4 + } +} + +// Marshal implements the Marshal method of Extension interface. +func (ifi *InterfaceIdent) Marshal(proto int) ([]byte, error) { + b := make([]byte, ifi.Len(proto)) + if err := ifi.marshal(proto, b); err != nil { + return nil, err + } + return b, nil +} + +func (ifi *InterfaceIdent) marshal(proto int, b []byte) error { + l := ifi.Len(proto) + binary.BigEndian.PutUint16(b[:2], uint16(l)) + b[2], b[3] = classInterfaceIdent, byte(ifi.Type) + switch ifi.Type { + case typeInterfaceByName: + copy(b[4:], ifi.Name) + case typeInterfaceByIndex: + binary.BigEndian.PutUint64(b[4:4+8], uint64(ifi.Index)) + case typeInterfaceByAddress: + binary.BigEndian.PutUint16(b[4:4+2], uint16(ifi.AFI)) + b[4+2] = byte(len(ifi.Addr)) + copy(b[4+4:], ifi.Addr) + } + return nil +} + +func parseInterfaceIdent(b []byte) (Extension, error) { + ifi := &InterfaceIdent{ + Class: int(b[2]), + Type: int(b[3]), + } + switch ifi.Type { + case typeInterfaceByName: + ifi.Name = strings.Trim(string(b[4:]), string(0)) + case typeInterfaceByIndex: + if len(b[4:]) < 8 { + return nil, errInvalidExtension + } + ifi.Index = int(binary.BigEndian.Uint64(b[4 : 4+8])) + case typeInterfaceByAddress: + if len(b[4:]) < 4 { + return nil, errInvalidExtension + } + ifi.AFI = int(binary.BigEndian.Uint16(b[4 : 4+2])) + l := int(b[4+2]) + if len(b[4+4:]) < l { + return nil, errInvalidExtension + } + ifi.Addr = make([]byte, l) + copy(ifi.Addr, b[4+4:]) + } + return ifi, nil +} diff --git a/vendor/golang.org/x/net/icmp/ipv4.go b/vendor/golang.org/x/net/icmp/ipv4.go new file mode 100644 index 0000000000..c4629240ca --- /dev/null +++ b/vendor/golang.org/x/net/icmp/ipv4.go @@ -0,0 +1,69 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import ( + "encoding/binary" + "net" + "runtime" + + "golang.org/x/net/internal/socket" + "golang.org/x/net/ipv4" +) + +// freebsdVersion is set in sys_freebsd.go. +// See http://www.freebsd.org/doc/en/books/porters-handbook/freebsd-versions.html. +var freebsdVersion uint32 + +// ParseIPv4Header returns the IPv4 header of the IPv4 packet that +// triggered an ICMP error message. +// This is found in the Data field of the ICMP error message body. +// +// The provided b must be in the format used by a raw ICMP socket on +// the local system. +// This may differ from the wire format, and the format used by a raw +// IP socket, depending on the system. +// +// To parse an IPv6 header, use ipv6.ParseHeader. +func ParseIPv4Header(b []byte) (*ipv4.Header, error) { + if len(b) < ipv4.HeaderLen { + return nil, errHeaderTooShort + } + hdrlen := int(b[0]&0x0f) << 2 + if hdrlen > len(b) { + return nil, errBufferTooShort + } + h := &ipv4.Header{ + Version: int(b[0] >> 4), + Len: hdrlen, + TOS: int(b[1]), + ID: int(binary.BigEndian.Uint16(b[4:6])), + FragOff: int(binary.BigEndian.Uint16(b[6:8])), + TTL: int(b[8]), + Protocol: int(b[9]), + Checksum: int(binary.BigEndian.Uint16(b[10:12])), + Src: net.IPv4(b[12], b[13], b[14], b[15]), + Dst: net.IPv4(b[16], b[17], b[18], b[19]), + } + switch runtime.GOOS { + case "darwin": + h.TotalLen = int(socket.NativeEndian.Uint16(b[2:4])) + case "freebsd": + if freebsdVersion >= 1000000 { + h.TotalLen = int(binary.BigEndian.Uint16(b[2:4])) + } else { + h.TotalLen = int(socket.NativeEndian.Uint16(b[2:4])) + } + default: + h.TotalLen = int(binary.BigEndian.Uint16(b[2:4])) + } + h.Flags = ipv4.HeaderFlags(h.FragOff&0xe000) >> 13 + h.FragOff = h.FragOff & 0x1fff + if hdrlen-ipv4.HeaderLen > 0 { + h.Options = make([]byte, hdrlen-ipv4.HeaderLen) + copy(h.Options, b[ipv4.HeaderLen:]) + } + return h, nil +} diff --git a/vendor/golang.org/x/net/icmp/ipv6.go b/vendor/golang.org/x/net/icmp/ipv6.go new file mode 100644 index 0000000000..2e8cfeb131 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/ipv6.go @@ -0,0 +1,23 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import ( + "net" + + "golang.org/x/net/internal/iana" +) + +const ipv6PseudoHeaderLen = 2*net.IPv6len + 8 + +// IPv6PseudoHeader returns an IPv6 pseudo header for checksum +// calculation. +func IPv6PseudoHeader(src, dst net.IP) []byte { + b := make([]byte, ipv6PseudoHeaderLen) + copy(b, src.To16()) + copy(b[net.IPv6len:], dst.To16()) + b[len(b)-1] = byte(iana.ProtocolIPv6ICMP) + return b +} diff --git a/vendor/golang.org/x/net/icmp/listen_posix.go b/vendor/golang.org/x/net/icmp/listen_posix.go new file mode 100644 index 0000000000..7fac4f9652 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/listen_posix.go @@ -0,0 +1,100 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build darwin dragonfly freebsd linux netbsd openbsd solaris windows + +package icmp + +import ( + "net" + "os" + "runtime" + "syscall" + + "golang.org/x/net/internal/iana" + "golang.org/x/net/ipv4" + "golang.org/x/net/ipv6" +) + +const sysIP_STRIPHDR = 0x17 // for now only darwin supports this option + +// ListenPacket listens for incoming ICMP packets addressed to +// address. See net.Dial for the syntax of address. +// +// For non-privileged datagram-oriented ICMP endpoints, network must +// be "udp4" or "udp6". The endpoint allows to read, write a few +// limited ICMP messages such as echo request and echo reply. +// Currently only Darwin and Linux support this. +// +// Examples: +// ListenPacket("udp4", "192.168.0.1") +// ListenPacket("udp4", "0.0.0.0") +// ListenPacket("udp6", "fe80::1%en0") +// ListenPacket("udp6", "::") +// +// For privileged raw ICMP endpoints, network must be "ip4" or "ip6" +// followed by a colon and an ICMP protocol number or name. +// +// Examples: +// ListenPacket("ip4:icmp", "192.168.0.1") +// ListenPacket("ip4:1", "0.0.0.0") +// ListenPacket("ip6:ipv6-icmp", "fe80::1%en0") +// ListenPacket("ip6:58", "::") +func ListenPacket(network, address string) (*PacketConn, error) { + var family, proto int + switch network { + case "udp4": + family, proto = syscall.AF_INET, iana.ProtocolICMP + case "udp6": + family, proto = syscall.AF_INET6, iana.ProtocolIPv6ICMP + default: + i := last(network, ':') + switch network[:i] { + case "ip4": + proto = iana.ProtocolICMP + case "ip6": + proto = iana.ProtocolIPv6ICMP + } + } + var cerr error + var c net.PacketConn + switch family { + case syscall.AF_INET, syscall.AF_INET6: + s, err := syscall.Socket(family, syscall.SOCK_DGRAM, proto) + if err != nil { + return nil, os.NewSyscallError("socket", err) + } + if runtime.GOOS == "darwin" && family == syscall.AF_INET { + if err := syscall.SetsockoptInt(s, iana.ProtocolIP, sysIP_STRIPHDR, 1); err != nil { + syscall.Close(s) + return nil, os.NewSyscallError("setsockopt", err) + } + } + sa, err := sockaddr(family, address) + if err != nil { + syscall.Close(s) + return nil, err + } + if err := syscall.Bind(s, sa); err != nil { + syscall.Close(s) + return nil, os.NewSyscallError("bind", err) + } + f := os.NewFile(uintptr(s), "datagram-oriented icmp") + c, cerr = net.FilePacketConn(f) + f.Close() + default: + c, cerr = net.ListenPacket(network, address) + } + if cerr != nil { + return nil, cerr + } + switch proto { + case iana.ProtocolICMP: + return &PacketConn{c: c, p4: ipv4.NewPacketConn(c)}, nil + case iana.ProtocolIPv6ICMP: + return &PacketConn{c: c, p6: ipv6.NewPacketConn(c)}, nil + default: + return &PacketConn{c: c}, nil + } +} diff --git a/vendor/golang.org/x/net/icmp/listen_stub.go b/vendor/golang.org/x/net/icmp/listen_stub.go new file mode 100644 index 0000000000..14beb0ef10 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/listen_stub.go @@ -0,0 +1,33 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows + +package icmp + +// ListenPacket listens for incoming ICMP packets addressed to +// address. See net.Dial for the syntax of address. +// +// For non-privileged datagram-oriented ICMP endpoints, network must +// be "udp4" or "udp6". The endpoint allows to read, write a few +// limited ICMP messages such as echo request and echo reply. +// Currently only Darwin and Linux support this. +// +// Examples: +// ListenPacket("udp4", "192.168.0.1") +// ListenPacket("udp4", "0.0.0.0") +// ListenPacket("udp6", "fe80::1%en0") +// ListenPacket("udp6", "::") +// +// For privileged raw ICMP endpoints, network must be "ip4" or "ip6" +// followed by a colon and an ICMP protocol number or name. +// +// Examples: +// ListenPacket("ip4:icmp", "192.168.0.1") +// ListenPacket("ip4:1", "0.0.0.0") +// ListenPacket("ip6:ipv6-icmp", "fe80::1%en0") +// ListenPacket("ip6:58", "::") +func ListenPacket(network, address string) (*PacketConn, error) { + return nil, errOpNoSupport +} diff --git a/vendor/golang.org/x/net/icmp/message.go b/vendor/golang.org/x/net/icmp/message.go new file mode 100644 index 0000000000..75aac6c5b1 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/message.go @@ -0,0 +1,159 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package icmp provides basic functions for the manipulation of +// messages used in the Internet Control Message Protocols, +// ICMPv4 and ICMPv6. +// +// ICMPv4 and ICMPv6 are defined in RFC 792 and RFC 4443. +// Multi-part message support for ICMP is defined in RFC 4884. +// ICMP extensions for MPLS are defined in RFC 4950. +// ICMP extensions for interface and next-hop identification are +// defined in RFC 5837. +// PROBE: A utility for probing interfaces is defined in RFC 8335. +package icmp // import "golang.org/x/net/icmp" + +import ( + "encoding/binary" + "errors" + "net" + + "golang.org/x/net/internal/iana" + "golang.org/x/net/ipv4" + "golang.org/x/net/ipv6" +) + +// BUG(mikio): This package is not implemented on JS, NaCl and Plan 9. + +var ( + errInvalidConn = errors.New("invalid connection") + errInvalidProtocol = errors.New("invalid protocol") + errMessageTooShort = errors.New("message too short") + errHeaderTooShort = errors.New("header too short") + errBufferTooShort = errors.New("buffer too short") + errOpNoSupport = errors.New("operation not supported") + errNoExtension = errors.New("no extension") + errInvalidExtension = errors.New("invalid extension") +) + +func checksum(b []byte) uint16 { + csumcv := len(b) - 1 // checksum coverage + s := uint32(0) + for i := 0; i < csumcv; i += 2 { + s += uint32(b[i+1])<<8 | uint32(b[i]) + } + if csumcv&1 == 0 { + s += uint32(b[csumcv]) + } + s = s>>16 + s&0xffff + s = s + s>>16 + return ^uint16(s) +} + +// A Type represents an ICMP message type. +type Type interface { + Protocol() int +} + +// A Message represents an ICMP message. +type Message struct { + Type Type // type, either ipv4.ICMPType or ipv6.ICMPType + Code int // code + Checksum int // checksum + Body MessageBody // body +} + +// Marshal returns the binary encoding of the ICMP message m. +// +// For an ICMPv4 message, the returned message always contains the +// calculated checksum field. +// +// For an ICMPv6 message, the returned message contains the calculated +// checksum field when psh is not nil, otherwise the kernel will +// compute the checksum field during the message transmission. +// When psh is not nil, it must be the pseudo header for IPv6. +func (m *Message) Marshal(psh []byte) ([]byte, error) { + var mtype int + switch typ := m.Type.(type) { + case ipv4.ICMPType: + mtype = int(typ) + case ipv6.ICMPType: + mtype = int(typ) + default: + return nil, errInvalidProtocol + } + b := []byte{byte(mtype), byte(m.Code), 0, 0} + if m.Type.Protocol() == iana.ProtocolIPv6ICMP && psh != nil { + b = append(psh, b...) + } + if m.Body != nil && m.Body.Len(m.Type.Protocol()) != 0 { + mb, err := m.Body.Marshal(m.Type.Protocol()) + if err != nil { + return nil, err + } + b = append(b, mb...) + } + if m.Type.Protocol() == iana.ProtocolIPv6ICMP { + if psh == nil { // cannot calculate checksum here + return b, nil + } + off, l := 2*net.IPv6len, len(b)-len(psh) + binary.BigEndian.PutUint32(b[off:off+4], uint32(l)) + } + s := checksum(b) + // Place checksum back in header; using ^= avoids the + // assumption the checksum bytes are zero. + b[len(psh)+2] ^= byte(s) + b[len(psh)+3] ^= byte(s >> 8) + return b[len(psh):], nil +} + +var parseFns = map[Type]func(int, Type, []byte) (MessageBody, error){ + ipv4.ICMPTypeDestinationUnreachable: parseDstUnreach, + ipv4.ICMPTypeTimeExceeded: parseTimeExceeded, + ipv4.ICMPTypeParameterProblem: parseParamProb, + + ipv4.ICMPTypeEcho: parseEcho, + ipv4.ICMPTypeEchoReply: parseEcho, + ipv4.ICMPTypeExtendedEchoRequest: parseExtendedEchoRequest, + ipv4.ICMPTypeExtendedEchoReply: parseExtendedEchoReply, + + ipv6.ICMPTypeDestinationUnreachable: parseDstUnreach, + ipv6.ICMPTypePacketTooBig: parsePacketTooBig, + ipv6.ICMPTypeTimeExceeded: parseTimeExceeded, + ipv6.ICMPTypeParameterProblem: parseParamProb, + + ipv6.ICMPTypeEchoRequest: parseEcho, + ipv6.ICMPTypeEchoReply: parseEcho, + ipv6.ICMPTypeExtendedEchoRequest: parseExtendedEchoRequest, + ipv6.ICMPTypeExtendedEchoReply: parseExtendedEchoReply, +} + +// ParseMessage parses b as an ICMP message. +// The provided proto must be either the ICMPv4 or ICMPv6 protocol +// number. +func ParseMessage(proto int, b []byte) (*Message, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + var err error + m := &Message{Code: int(b[1]), Checksum: int(binary.BigEndian.Uint16(b[2:4]))} + switch proto { + case iana.ProtocolICMP: + m.Type = ipv4.ICMPType(b[0]) + case iana.ProtocolIPv6ICMP: + m.Type = ipv6.ICMPType(b[0]) + default: + return nil, errInvalidProtocol + } + if fn, ok := parseFns[m.Type]; !ok { + m.Body, err = parseDefaultMessageBody(proto, b[4:]) + } else { + m.Body, err = fn(proto, m.Type, b[4:]) + } + if err != nil { + return nil, err + } + return m, nil +} diff --git a/vendor/golang.org/x/net/icmp/messagebody.go b/vendor/golang.org/x/net/icmp/messagebody.go new file mode 100644 index 0000000000..f12250c0f9 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/messagebody.go @@ -0,0 +1,43 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +// A MessageBody represents an ICMP message body. +type MessageBody interface { + // Len returns the length of ICMP message body. + // The provided proto must be either the ICMPv4 or ICMPv6 + // protocol number. + Len(proto int) int + + // Marshal returns the binary encoding of ICMP message body. + // The provided proto must be either the ICMPv4 or ICMPv6 + // protocol number. + Marshal(proto int) ([]byte, error) +} + +// A DefaultMessageBody represents the default message body. +type DefaultMessageBody struct { + Data []byte // data +} + +// Len implements the Len method of MessageBody interface. +func (p *DefaultMessageBody) Len(proto int) int { + if p == nil { + return 0 + } + return len(p.Data) +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *DefaultMessageBody) Marshal(proto int) ([]byte, error) { + return p.Data, nil +} + +// parseDefaultMessageBody parses b as an ICMP message body. +func parseDefaultMessageBody(proto int, b []byte) (MessageBody, error) { + p := &DefaultMessageBody{Data: make([]byte, len(b))} + copy(p.Data, b) + return p, nil +} diff --git a/vendor/golang.org/x/net/icmp/mpls.go b/vendor/golang.org/x/net/icmp/mpls.go new file mode 100644 index 0000000000..f9f4841bce --- /dev/null +++ b/vendor/golang.org/x/net/icmp/mpls.go @@ -0,0 +1,77 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import "encoding/binary" + +// MPLSLabel represents an MPLS label stack entry. +type MPLSLabel struct { + Label int // label value + TC int // traffic class; formerly experimental use + S bool // bottom of stack + TTL int // time to live +} + +const ( + classMPLSLabelStack = 1 + typeIncomingMPLSLabelStack = 1 +) + +// MPLSLabelStack represents an MPLS label stack. +type MPLSLabelStack struct { + Class int // extension object class number + Type int // extension object sub-type + Labels []MPLSLabel +} + +// Len implements the Len method of Extension interface. +func (ls *MPLSLabelStack) Len(proto int) int { + return 4 + (4 * len(ls.Labels)) +} + +// Marshal implements the Marshal method of Extension interface. +func (ls *MPLSLabelStack) Marshal(proto int) ([]byte, error) { + b := make([]byte, ls.Len(proto)) + if err := ls.marshal(proto, b); err != nil { + return nil, err + } + return b, nil +} + +func (ls *MPLSLabelStack) marshal(proto int, b []byte) error { + l := ls.Len(proto) + binary.BigEndian.PutUint16(b[:2], uint16(l)) + b[2], b[3] = classMPLSLabelStack, typeIncomingMPLSLabelStack + off := 4 + for _, ll := range ls.Labels { + b[off], b[off+1], b[off+2] = byte(ll.Label>>12), byte(ll.Label>>4&0xff), byte(ll.Label<<4&0xf0) + b[off+2] |= byte(ll.TC << 1 & 0x0e) + if ll.S { + b[off+2] |= 0x1 + } + b[off+3] = byte(ll.TTL) + off += 4 + } + return nil +} + +func parseMPLSLabelStack(b []byte) (Extension, error) { + ls := &MPLSLabelStack{ + Class: int(b[2]), + Type: int(b[3]), + } + for b = b[4:]; len(b) >= 4; b = b[4:] { + ll := MPLSLabel{ + Label: int(b[0])<<12 | int(b[1])<<4 | int(b[2])>>4, + TC: int(b[2]&0x0e) >> 1, + TTL: int(b[3]), + } + if b[2]&0x1 != 0 { + ll.S = true + } + ls.Labels = append(ls.Labels, ll) + } + return ls, nil +} diff --git a/vendor/golang.org/x/net/icmp/multipart.go b/vendor/golang.org/x/net/icmp/multipart.go new file mode 100644 index 0000000000..9ebbbafe9b --- /dev/null +++ b/vendor/golang.org/x/net/icmp/multipart.go @@ -0,0 +1,121 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import "golang.org/x/net/internal/iana" + +// multipartMessageBodyDataLen takes b as an original datagram and +// exts as extensions, and returns a required length for message body +// and a required length for a padded original datagram in wire +// format. +func multipartMessageBodyDataLen(proto int, withOrigDgram bool, b []byte, exts []Extension) (bodyLen, dataLen int) { + for _, ext := range exts { + bodyLen += ext.Len(proto) + } + if bodyLen > 0 { + if withOrigDgram { + dataLen = multipartMessageOrigDatagramLen(proto, b) + } + bodyLen += 4 // length of extension header + } else { + dataLen = len(b) + } + bodyLen += dataLen + return bodyLen, dataLen +} + +// multipartMessageOrigDatagramLen takes b as an original datagram, +// and returns a required length for a padded orignal datagram in wire +// format. +func multipartMessageOrigDatagramLen(proto int, b []byte) int { + roundup := func(b []byte, align int) int { + // According to RFC 4884, the padded original datagram + // field must contain at least 128 octets. + if len(b) < 128 { + return 128 + } + r := len(b) + return (r + align - 1) & ^(align - 1) + } + switch proto { + case iana.ProtocolICMP: + return roundup(b, 4) + case iana.ProtocolIPv6ICMP: + return roundup(b, 8) + default: + return len(b) + } +} + +// marshalMultipartMessageBody takes data as an original datagram and +// exts as extesnsions, and returns a binary encoding of message body. +// It can be used for non-multipart message bodies when exts is nil. +func marshalMultipartMessageBody(proto int, withOrigDgram bool, data []byte, exts []Extension) ([]byte, error) { + bodyLen, dataLen := multipartMessageBodyDataLen(proto, withOrigDgram, data, exts) + b := make([]byte, 4+bodyLen) + copy(b[4:], data) + off := dataLen + 4 + if len(exts) > 0 { + b[dataLen+4] = byte(extensionVersion << 4) + off += 4 // length of object header + for _, ext := range exts { + switch ext := ext.(type) { + case *MPLSLabelStack: + if err := ext.marshal(proto, b[off:]); err != nil { + return nil, err + } + off += ext.Len(proto) + case *InterfaceInfo: + attrs, l := ext.attrsAndLen(proto) + if err := ext.marshal(proto, b[off:], attrs, l); err != nil { + return nil, err + } + off += ext.Len(proto) + case *InterfaceIdent: + if err := ext.marshal(proto, b[off:]); err != nil { + return nil, err + } + off += ext.Len(proto) + } + } + s := checksum(b[dataLen+4:]) + b[dataLen+4+2] ^= byte(s) + b[dataLen+4+3] ^= byte(s >> 8) + if withOrigDgram { + switch proto { + case iana.ProtocolICMP: + b[1] = byte(dataLen / 4) + case iana.ProtocolIPv6ICMP: + b[0] = byte(dataLen / 8) + } + } + } + return b, nil +} + +// parseMultipartMessageBody parses b as either a non-multipart +// message body or a multipart message body. +func parseMultipartMessageBody(proto int, typ Type, b []byte) ([]byte, []Extension, error) { + var l int + switch proto { + case iana.ProtocolICMP: + l = 4 * int(b[1]) + case iana.ProtocolIPv6ICMP: + l = 8 * int(b[0]) + } + if len(b) == 4 { + return nil, nil, nil + } + exts, l, err := parseExtensions(typ, b[4:], l) + if err != nil { + l = len(b) - 4 + } + var data []byte + if l > 0 { + data = make([]byte, l) + copy(data, b[4:]) + } + return data, exts, nil +} diff --git a/vendor/golang.org/x/net/icmp/packettoobig.go b/vendor/golang.org/x/net/icmp/packettoobig.go new file mode 100644 index 0000000000..afbf24f1ba --- /dev/null +++ b/vendor/golang.org/x/net/icmp/packettoobig.go @@ -0,0 +1,43 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import "encoding/binary" + +// A PacketTooBig represents an ICMP packet too big message body. +type PacketTooBig struct { + MTU int // maximum transmission unit of the nexthop link + Data []byte // data, known as original datagram field +} + +// Len implements the Len method of MessageBody interface. +func (p *PacketTooBig) Len(proto int) int { + if p == nil { + return 0 + } + return 4 + len(p.Data) +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *PacketTooBig) Marshal(proto int) ([]byte, error) { + b := make([]byte, 4+len(p.Data)) + binary.BigEndian.PutUint32(b[:4], uint32(p.MTU)) + copy(b[4:], p.Data) + return b, nil +} + +// parsePacketTooBig parses b as an ICMP packet too big message body. +func parsePacketTooBig(proto int, _ Type, b []byte) (MessageBody, error) { + bodyLen := len(b) + if bodyLen < 4 { + return nil, errMessageTooShort + } + p := &PacketTooBig{MTU: int(binary.BigEndian.Uint32(b[:4]))} + if bodyLen > 4 { + p.Data = make([]byte, bodyLen-4) + copy(p.Data, b[4:]) + } + return p, nil +} diff --git a/vendor/golang.org/x/net/icmp/paramprob.go b/vendor/golang.org/x/net/icmp/paramprob.go new file mode 100644 index 0000000000..85872554fd --- /dev/null +++ b/vendor/golang.org/x/net/icmp/paramprob.go @@ -0,0 +1,63 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import ( + "encoding/binary" + "golang.org/x/net/internal/iana" +) + +// A ParamProb represents an ICMP parameter problem message body. +type ParamProb struct { + Pointer uintptr // offset within the data where the error was detected + Data []byte // data, known as original datagram field + Extensions []Extension // extensions +} + +// Len implements the Len method of MessageBody interface. +func (p *ParamProb) Len(proto int) int { + if p == nil { + return 0 + } + l, _ := multipartMessageBodyDataLen(proto, true, p.Data, p.Extensions) + return 4 + l +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *ParamProb) Marshal(proto int) ([]byte, error) { + if proto == iana.ProtocolIPv6ICMP { + b := make([]byte, p.Len(proto)) + binary.BigEndian.PutUint32(b[:4], uint32(p.Pointer)) + copy(b[4:], p.Data) + return b, nil + } + b, err := marshalMultipartMessageBody(proto, true, p.Data, p.Extensions) + if err != nil { + return nil, err + } + b[0] = byte(p.Pointer) + return b, nil +} + +// parseParamProb parses b as an ICMP parameter problem message body. +func parseParamProb(proto int, typ Type, b []byte) (MessageBody, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + p := &ParamProb{} + if proto == iana.ProtocolIPv6ICMP { + p.Pointer = uintptr(binary.BigEndian.Uint32(b[:4])) + p.Data = make([]byte, len(b)-4) + copy(p.Data, b[4:]) + return p, nil + } + p.Pointer = uintptr(b[0]) + var err error + p.Data, p.Extensions, err = parseMultipartMessageBody(proto, typ, b) + if err != nil { + return nil, err + } + return p, nil +} diff --git a/vendor/golang.org/x/net/icmp/sys_freebsd.go b/vendor/golang.org/x/net/icmp/sys_freebsd.go new file mode 100644 index 0000000000..c75f3ddaa7 --- /dev/null +++ b/vendor/golang.org/x/net/icmp/sys_freebsd.go @@ -0,0 +1,11 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +import "syscall" + +func init() { + freebsdVersion, _ = syscall.SysctlUint32("kern.osreldate") +} diff --git a/vendor/golang.org/x/net/icmp/timeexceeded.go b/vendor/golang.org/x/net/icmp/timeexceeded.go new file mode 100644 index 0000000000..14e9e23ccd --- /dev/null +++ b/vendor/golang.org/x/net/icmp/timeexceeded.go @@ -0,0 +1,39 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package icmp + +// A TimeExceeded represents an ICMP time exceeded message body. +type TimeExceeded struct { + Data []byte // data, known as original datagram field + Extensions []Extension // extensions +} + +// Len implements the Len method of MessageBody interface. +func (p *TimeExceeded) Len(proto int) int { + if p == nil { + return 0 + } + l, _ := multipartMessageBodyDataLen(proto, true, p.Data, p.Extensions) + return 4 + l +} + +// Marshal implements the Marshal method of MessageBody interface. +func (p *TimeExceeded) Marshal(proto int) ([]byte, error) { + return marshalMultipartMessageBody(proto, true, p.Data, p.Extensions) +} + +// parseTimeExceeded parses b as an ICMP time exceeded message body. +func parseTimeExceeded(proto int, typ Type, b []byte) (MessageBody, error) { + if len(b) < 4 { + return nil, errMessageTooShort + } + p := &TimeExceeded{} + var err error + p.Data, p.Extensions, err = parseMultipartMessageBody(proto, typ, b) + if err != nil { + return nil, err + } + return p, nil +}