From 3ddd61407657e4875bc660ad4c23b07820ae609a Mon Sep 17 00:00:00 2001 From: Aaron Prindle Date: Mon, 8 Jul 2024 02:47:12 +0000 Subject: [PATCH] deps: bump github.com/moby/buildkit and github.com/docker/docker --- go.mod | 13 +- go.sum | 26 +- pkg/dockerfile/dockerfile.go | 3 +- pkg/image/image_util_test.go | 3 +- pkg/util/command_util.go | 2 +- vendor/github.com/cilium/ebpf/.clang-format | 17 - vendor/github.com/cilium/ebpf/.gitignore | 14 - vendor/github.com/cilium/ebpf/.golangci.yaml | 28 - vendor/github.com/cilium/ebpf/ARCHITECTURE.md | 86 - .../github.com/cilium/ebpf/CODE_OF_CONDUCT.md | 46 - vendor/github.com/cilium/ebpf/CONTRIBUTING.md | 40 - vendor/github.com/cilium/ebpf/LICENSE | 23 - vendor/github.com/cilium/ebpf/MAINTAINERS.md | 8 - vendor/github.com/cilium/ebpf/Makefile | 110 - vendor/github.com/cilium/ebpf/README.md | 77 - vendor/github.com/cilium/ebpf/asm/alu.go | 149 -- .../github.com/cilium/ebpf/asm/alu_string.go | 107 - vendor/github.com/cilium/ebpf/asm/doc.go | 2 - vendor/github.com/cilium/ebpf/asm/func.go | 242 -- .../github.com/cilium/ebpf/asm/func_string.go | 227 -- .../github.com/cilium/ebpf/asm/instruction.go | 859 -------- vendor/github.com/cilium/ebpf/asm/jump.go | 127 -- .../github.com/cilium/ebpf/asm/jump_string.go | 53 - .../github.com/cilium/ebpf/asm/load_store.go | 204 -- .../cilium/ebpf/asm/load_store_string.go | 80 - vendor/github.com/cilium/ebpf/asm/metadata.go | 80 - vendor/github.com/cilium/ebpf/asm/opcode.go | 271 --- .../cilium/ebpf/asm/opcode_string.go | 30 - vendor/github.com/cilium/ebpf/asm/register.go | 50 - .../cilium/ebpf/attachtype_string.go | 65 - vendor/github.com/cilium/ebpf/btf/btf.go | 897 -------- .../github.com/cilium/ebpf/btf/btf_types.go | 343 --- .../cilium/ebpf/btf/btf_types_string.go | 44 - vendor/github.com/cilium/ebpf/btf/core.go | 972 -------- vendor/github.com/cilium/ebpf/btf/doc.go | 5 - vendor/github.com/cilium/ebpf/btf/ext_info.go | 721 ------ vendor/github.com/cilium/ebpf/btf/format.go | 319 --- vendor/github.com/cilium/ebpf/btf/handle.go | 121 - vendor/github.com/cilium/ebpf/btf/strings.go | 128 -- vendor/github.com/cilium/ebpf/btf/types.go | 1212 ---------- vendor/github.com/cilium/ebpf/collection.go | 772 ------- vendor/github.com/cilium/ebpf/doc.go | 25 - vendor/github.com/cilium/ebpf/elf_reader.go | 1197 ---------- vendor/github.com/cilium/ebpf/info.go | 323 --- .../github.com/cilium/ebpf/internal/align.go | 6 - vendor/github.com/cilium/ebpf/internal/cpu.go | 62 - vendor/github.com/cilium/ebpf/internal/elf.go | 102 - .../cilium/ebpf/internal/endian_be.go | 13 - .../cilium/ebpf/internal/endian_le.go | 13 - .../github.com/cilium/ebpf/internal/errors.go | 206 -- .../cilium/ebpf/internal/feature.go | 100 - vendor/github.com/cilium/ebpf/internal/io.go | 62 - .../github.com/cilium/ebpf/internal/output.go | 84 - .../cilium/ebpf/internal/pinning.go | 77 - .../cilium/ebpf/internal/sys/doc.go | 6 - .../github.com/cilium/ebpf/internal/sys/fd.go | 96 - .../cilium/ebpf/internal/sys/ptr.go | 38 - .../cilium/ebpf/internal/sys/ptr_32_be.go | 15 - .../cilium/ebpf/internal/sys/ptr_32_le.go | 15 - .../cilium/ebpf/internal/sys/ptr_64.go | 14 - .../cilium/ebpf/internal/sys/syscall.go | 126 -- .../cilium/ebpf/internal/sys/types.go | 1052 --------- .../cilium/ebpf/internal/unix/types_linux.go | 210 -- .../cilium/ebpf/internal/unix/types_other.go | 278 --- .../github.com/cilium/ebpf/internal/vdso.go | 150 -- .../cilium/ebpf/internal/version.go | 122 - vendor/github.com/cilium/ebpf/link/cgroup.go | 165 -- vendor/github.com/cilium/ebpf/link/doc.go | 2 - vendor/github.com/cilium/ebpf/link/iter.go | 85 - vendor/github.com/cilium/ebpf/link/kprobe.go | 568 ----- vendor/github.com/cilium/ebpf/link/link.go | 313 --- vendor/github.com/cilium/ebpf/link/netns.go | 36 - .../github.com/cilium/ebpf/link/perf_event.go | 394 ---- .../github.com/cilium/ebpf/link/platform.go | 25 - vendor/github.com/cilium/ebpf/link/program.go | 76 - .../cilium/ebpf/link/raw_tracepoint.go | 87 - .../cilium/ebpf/link/socket_filter.go | 40 - .../github.com/cilium/ebpf/link/syscalls.go | 103 - .../github.com/cilium/ebpf/link/tracepoint.go | 77 - vendor/github.com/cilium/ebpf/link/tracing.go | 141 -- vendor/github.com/cilium/ebpf/link/uprobe.go | 373 ---- vendor/github.com/cilium/ebpf/link/xdp.go | 54 - vendor/github.com/cilium/ebpf/linker.go | 238 -- vendor/github.com/cilium/ebpf/map.go | 1424 ------------ vendor/github.com/cilium/ebpf/marshalers.go | 247 --- vendor/github.com/cilium/ebpf/prog.go | 875 -------- vendor/github.com/cilium/ebpf/run-tests.sh | 145 -- vendor/github.com/cilium/ebpf/syscalls.go | 264 --- vendor/github.com/cilium/ebpf/types.go | 284 --- vendor/github.com/cilium/ebpf/types_string.go | 120 - .../containerd/cgroups/v3/.gitignore | 2 - .../github.com/containerd/cgroups/v3/LICENSE | 201 -- .../github.com/containerd/cgroups/v3/Makefile | 26 - .../containerd/cgroups/v3/Protobuild.toml | 31 - .../containerd/cgroups/v3/README.md | 238 -- .../containerd/cgroups/v3/cgroup1/blkio.go | 361 --- .../containerd/cgroups/v3/cgroup1/cgroup.go | 575 ----- .../containerd/cgroups/v3/cgroup1/control.go | 99 - .../containerd/cgroups/v3/cgroup1/cpu.go | 125 -- .../containerd/cgroups/v3/cgroup1/cpuacct.go | 129 -- .../containerd/cgroups/v3/cgroup1/cpuset.go | 158 -- .../containerd/cgroups/v3/cgroup1/devices.go | 92 - .../containerd/cgroups/v3/cgroup1/errors.go | 47 - .../containerd/cgroups/v3/cgroup1/freezer.go | 82 - .../cgroups/v3/cgroup1/hierarchy.go | 20 - .../containerd/cgroups/v3/cgroup1/hugetlb.go | 109 - .../containerd/cgroups/v3/cgroup1/memory.go | 480 ---- .../containerd/cgroups/v3/cgroup1/named.go | 39 - .../containerd/cgroups/v3/cgroup1/net_cls.go | 61 - .../containerd/cgroups/v3/cgroup1/net_prio.go | 65 - .../containerd/cgroups/v3/cgroup1/opts.go | 72 - .../containerd/cgroups/v3/cgroup1/paths.go | 106 - .../cgroups/v3/cgroup1/perf_event.go | 37 - .../containerd/cgroups/v3/cgroup1/pids.go | 78 - .../containerd/cgroups/v3/cgroup1/rdma.go | 153 -- .../containerd/cgroups/v3/cgroup1/state.go | 28 - .../cgroups/v3/cgroup1/stats/doc.go | 17 - .../cgroups/v3/cgroup1/stats/metrics.pb.go | 1959 ----------------- .../cgroups/v3/cgroup1/stats/metrics.pb.txt | 771 ------- .../cgroups/v3/cgroup1/stats/metrics.proto | 158 -- .../cgroups/v3/cgroup1/subsystem.go | 117 - .../containerd/cgroups/v3/cgroup1/systemd.go | 157 -- .../containerd/cgroups/v3/cgroup1/ticks.go | 26 - .../containerd/cgroups/v3/cgroup1/utils.go | 280 --- .../containerd/cgroups/v3/cgroup1/v1.go | 73 - .../containerd/cgroups/v3/cgroup2/cpu.go | 83 - .../cgroups/v3/cgroup2/devicefilter.go | 200 -- .../containerd/cgroups/v3/cgroup2/ebpf.go | 96 - .../containerd/cgroups/v3/cgroup2/errors.go | 26 - .../containerd/cgroups/v3/cgroup2/hugetlb.go | 37 - .../containerd/cgroups/v3/cgroup2/io.go | 64 - .../containerd/cgroups/v3/cgroup2/manager.go | 921 -------- .../containerd/cgroups/v3/cgroup2/memory.go | 59 - .../containerd/cgroups/v3/cgroup2/paths.go | 60 - .../containerd/cgroups/v3/cgroup2/pids.go | 37 - .../containerd/cgroups/v3/cgroup2/rdma.go | 46 - .../containerd/cgroups/v3/cgroup2/state.go | 65 - .../cgroups/v3/cgroup2/stats/doc.go | 17 - .../cgroups/v3/cgroup2/stats/metrics.pb.go | 1333 ----------- .../cgroups/v3/cgroup2/stats/metrics.pb.txt | 538 ----- .../cgroups/v3/cgroup2/stats/metrics.proto | 105 - .../containerd/cgroups/v3/cgroup2/utils.go | 488 ---- .../github.com/containerd/cgroups/v3/utils.go | 150 -- .../containerd/pkg/seccomp/seccomp.go | 25 - .../containerd/pkg/seccomp/seccomp_linux.go | 80 - .../pkg/seccomp/seccomp_unsupported.go | 23 - .../github.com/coreos/go-systemd/v22/LICENSE | 191 -- .../github.com/coreos/go-systemd/v22/NOTICE | 5 - .../coreos/go-systemd/v22/dbus/dbus.go | 266 --- .../coreos/go-systemd/v22/dbus/methods.go | 864 -------- .../coreos/go-systemd/v22/dbus/properties.go | 237 -- .../coreos/go-systemd/v22/dbus/set.go | 47 - .../go-systemd/v22/dbus/subscription.go | 333 --- .../go-systemd/v22/dbus/subscription_set.go | 57 - .../distribution/reference/README.md | 2 +- .../distribution/reference/normalize.go | 59 +- .../distribution/reference/reference.go | 44 +- vendor/github.com/docker/docker/AUTHORS | 20 +- vendor/github.com/docker/docker/api/common.go | 2 +- .../github.com/docker/docker/api/swagger.yaml | 714 ++++-- .../docker/api/types/backend/backend.go | 12 +- .../docker/docker/api/types/client.go | 59 +- .../docker/docker/api/types/configs.go | 18 - .../docker/api/types/container/config.go | 9 - .../docker/api/types/container/container.go | 44 + .../api/types/container/create_request.go | 13 + .../docker/docker/api/types/container/exec.go | 43 + .../docker/api/types/container/hostconfig.go | 22 +- .../api/types/container/hostconfig_unix.go | 38 +- .../api/types/container/hostconfig_windows.go | 29 +- .../docker/api/types/{ => container}/stats.go | 10 +- .../docker/docker/api/types/events/events.go | 8 + .../docker/docker/api/types/image/image.go | 40 +- .../docker/docker/api/types/image/opts.go | 34 +- .../docker/docker/api/types/mount/mount.go | 6 +- .../api/types/network/create_response.go | 19 + .../docker/api/types/network/endpoint.go | 2 +- .../docker/api/types/network/network.go | 94 + .../docker/api/types/registry/registry.go | 26 - .../docker/api/types/registry/search.go | 47 + .../docker/api/types/swarm/container.go | 4 +- .../docker/docker/api/types/system/info.go | 39 + .../docker/docker/api/types/types.go | 159 +- .../docker/api/types/types_deprecated.go | 211 +- .../docker/docker/api/types/volume/options.go | 7 + .../docker/builder/dockerfile/buildargs.go | 4 +- .../docker/builder/dockerfile/builder.go | 18 +- .../docker/docker/builder/dockerfile/copy.go | 6 +- .../docker/builder/dockerfile/dispatchers.go | 8 +- .../docker/builder/dockerfile/evaluator.go | 6 +- .../docker/builder/dockerfile/internals.go | 67 +- .../builder/dockerfile/internals_windows.go | 3 +- .../docker/builder/remotecontext/remote.go | 4 +- .../github.com/docker/docker/client/client.go | 28 +- .../docker/docker/client/container_copy.go | 16 +- .../docker/docker/client/container_exec.go | 17 +- .../docker/docker/client/container_prune.go | 6 +- .../docker/docker/client/container_stats.go | 14 +- .../github.com/docker/docker/client/events.go | 5 +- .../docker/docker/client/image_import.go | 3 +- .../docker/docker/client/image_load.go | 8 +- .../docker/docker/client/image_prune.go | 6 +- .../docker/docker/client/image_pull.go | 2 +- .../docker/docker/client/image_push.go | 18 +- .../docker/docker/client/image_search.go | 5 +- .../docker/docker/client/interface.go | 42 +- .../docker/docker/client/network_connect.go | 3 +- .../docker/docker/client/network_create.go | 13 +- .../docker/client/network_disconnect.go | 7 +- .../docker/docker/client/network_inspect.go | 29 +- .../docker/docker/client/network_list.go | 6 +- .../docker/docker/client/network_prune.go | 6 +- .../docker/docker/client/plugin_install.go | 4 +- .../docker/docker/client/request.go | 8 +- .../docker/docker/client/volume_prune.go | 6 +- .../docker/container/archive_windows.go | 6 +- .../docker/docker/container/container.go | 10 +- .../docker/docker/container/state.go | 20 +- .../docker/docker/container/stream/attach.go | 8 + .../docker/docker/container/view.go | 5 + .../docker/daemon/cluster/provider/network.go | 4 +- .../docker/daemon/graphdriver/driver.go | 4 +- .../daemon/graphdriver/driver_freebsd.go | 15 - .../docker/daemon/graphdriver/driver_linux.go | 16 +- .../docker/daemon/graphdriver/plugin.go | 4 + .../docker/docker/daemon/network/filter.go | 25 +- .../docker/daemon/network/network_mode.go | 13 + .../daemon/network/network_mode_unix.go | 15 + .../daemon/network/network_mode_windows.go | 12 + .../github.com/docker/docker/image/image.go | 5 +- .../docker/internal/compatcontext/cancel.go | 89 - .../internal/compatcontext/cancel_go121.go | 9 - .../docker/internal/safepath/join_windows.go | 9 +- .../docker/internal/sliceutil/sliceutil.go | 2 +- .../internal/unix_noeintr/epoll_linux.go | 37 + .../docker/docker/pkg/archive/archive.go | 59 +- .../docker/pkg/archive/archive_linux.go | 32 +- .../docker/pkg/archive/archive_other.go | 4 +- .../docker/docker/pkg/archive/archive_unix.go | 19 +- .../docker/pkg/archive/archive_windows.go | 22 +- .../docker/docker/pkg/archive/changes.go | 9 +- .../docker/pkg/archive/changes_other.go | 18 +- .../docker/docker/pkg/archive/diff.go | 4 +- .../pkg/chrootarchive/archive_windows.go | 22 +- .../docker/pkg/chrootarchive/diff_unix.go | 2 +- .../docker/pkg/chrootarchive/diff_windows.go | 8 +- .../docker/docker/pkg/ioutils/fswriters.go | 4 +- .../docker/docker/pkg/longpath/longpath.go | 22 +- .../docker/docker/pkg/parsers/parsers.go | 100 - .../docker/docker/pkg/reexec/command_linux.go | 29 +- .../docker/docker/pkg/reexec/command_other.go | 19 + .../docker/docker/pkg/reexec/command_unix.go | 23 - .../docker/pkg/reexec/command_unsupported.go | 6 +- .../docker/pkg/reexec/command_windows.go | 21 - .../docker/docker/pkg/reexec/reexec.go | 31 +- .../docker/docker/pkg/stringid/stringid.go | 4 + .../docker/pkg/sysinfo/cgroup2_linux.go | 145 -- .../docker/docker/pkg/sysinfo/numcpu.go | 15 - .../docker/docker/pkg/sysinfo/numcpu_linux.go | 17 - .../docker/docker/pkg/sysinfo/numcpu_other.go | 8 - .../docker/pkg/sysinfo/numcpu_windows.go | 36 - .../docker/docker/pkg/sysinfo/sysinfo.go | 170 -- .../docker/pkg/sysinfo/sysinfo_linux.go | 306 --- .../docker/pkg/sysinfo/sysinfo_other.go | 8 - .../docker/docker/pkg/tarsum/tarsum.go | 2 +- .../docker/docker/plugin/v2/plugin_linux.go | 2 +- .../docker/docker/runconfig/config.go | 81 - .../docker/docker/runconfig/config_unix.go | 59 - .../docker/docker/runconfig/config_windows.go | 19 - .../docker/docker/runconfig/errors.go | 58 - .../docker/docker/runconfig/hostconfig.go | 54 - .../docker/runconfig/hostconfig_unix.go | 83 - .../docker/runconfig/hostconfig_windows.go | 74 - .../docker/docker/runconfig/opts/parse.go | 16 - .../docker/volume/mounts/linux_parser.go | 33 + .../github.com/godbus/dbus/v5/CONTRIBUTING.md | 50 - vendor/github.com/godbus/dbus/v5/LICENSE | 25 - vendor/github.com/godbus/dbus/v5/MAINTAINERS | 3 - vendor/github.com/godbus/dbus/v5/README.md | 46 - vendor/github.com/godbus/dbus/v5/auth.go | 257 --- .../godbus/dbus/v5/auth_anonymous.go | 16 - .../godbus/dbus/v5/auth_external.go | 26 - vendor/github.com/godbus/dbus/v5/auth_sha1.go | 102 - vendor/github.com/godbus/dbus/v5/call.go | 69 - vendor/github.com/godbus/dbus/v5/conn.go | 996 --------- .../github.com/godbus/dbus/v5/conn_darwin.go | 37 - .../github.com/godbus/dbus/v5/conn_other.go | 90 - vendor/github.com/godbus/dbus/v5/conn_unix.go | 17 - .../github.com/godbus/dbus/v5/conn_windows.go | 15 - vendor/github.com/godbus/dbus/v5/dbus.go | 430 ---- vendor/github.com/godbus/dbus/v5/decoder.go | 292 --- .../godbus/dbus/v5/default_handler.go | 342 --- vendor/github.com/godbus/dbus/v5/doc.go | 71 - vendor/github.com/godbus/dbus/v5/encoder.go | 235 -- vendor/github.com/godbus/dbus/v5/escape.go | 84 - vendor/github.com/godbus/dbus/v5/export.go | 463 ---- vendor/github.com/godbus/dbus/v5/homedir.go | 25 - vendor/github.com/godbus/dbus/v5/match.go | 89 - vendor/github.com/godbus/dbus/v5/message.go | 390 ---- vendor/github.com/godbus/dbus/v5/object.go | 174 -- vendor/github.com/godbus/dbus/v5/sequence.go | 24 - .../godbus/dbus/v5/sequential_handler.go | 125 -- .../godbus/dbus/v5/server_interfaces.go | 107 - vendor/github.com/godbus/dbus/v5/sig.go | 293 --- .../godbus/dbus/v5/transport_darwin.go | 6 - .../godbus/dbus/v5/transport_generic.go | 52 - .../godbus/dbus/v5/transport_nonce_tcp.go | 39 - .../godbus/dbus/v5/transport_tcp.go | 41 - .../godbus/dbus/v5/transport_unix.go | 212 -- .../dbus/v5/transport_unixcred_dragonfly.go | 95 - .../dbus/v5/transport_unixcred_freebsd.go | 92 - .../dbus/v5/transport_unixcred_linux.go | 25 - .../dbus/v5/transport_unixcred_netbsd.go | 14 - .../dbus/v5/transport_unixcred_openbsd.go | 14 - .../godbus/dbus/v5/transport_zos.go | 6 - vendor/github.com/godbus/dbus/v5/variant.go | 150 -- .../godbus/dbus/v5/variant_lexer.go | 284 --- .../godbus/dbus/v5/variant_parser.go | 817 ------- .../dockerfile/instructions/commands.go | 21 +- .../dockerfile/instructions/errors_windows.go | 2 +- .../frontend/dockerfile/instructions/parse.go | 92 +- .../frontend/dockerfile/linter/linter.go | 102 + .../frontend/dockerfile/linter/ruleset.go | 127 ++ .../frontend/dockerfile/parser/directives.go | 32 +- .../dockerfile/parser/line_parsers.go | 21 +- .../frontend/dockerfile/parser/parser.go | 2 +- .../buildkit/frontend/dockerfile/shell/lex.go | 56 +- .../moby/buildkit/util/stack/stack.go | 27 +- .../moby/buildkit/util/stack/stack.pb.go | 2 +- .../moby/buildkit/util/suggest/error.go | 27 +- vendor/modules.txt | 39 +- 331 files changed, 2335 insertions(+), 41638 deletions(-) delete mode 100644 vendor/github.com/cilium/ebpf/.clang-format delete mode 100644 vendor/github.com/cilium/ebpf/.gitignore delete mode 100644 vendor/github.com/cilium/ebpf/.golangci.yaml delete mode 100644 vendor/github.com/cilium/ebpf/ARCHITECTURE.md delete mode 100644 vendor/github.com/cilium/ebpf/CODE_OF_CONDUCT.md delete mode 100644 vendor/github.com/cilium/ebpf/CONTRIBUTING.md delete mode 100644 vendor/github.com/cilium/ebpf/LICENSE delete mode 100644 vendor/github.com/cilium/ebpf/MAINTAINERS.md delete mode 100644 vendor/github.com/cilium/ebpf/Makefile delete mode 100644 vendor/github.com/cilium/ebpf/README.md delete mode 100644 vendor/github.com/cilium/ebpf/asm/alu.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/alu_string.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/doc.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/func.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/func_string.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/instruction.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/jump.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/jump_string.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/load_store.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/load_store_string.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/metadata.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/opcode.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/opcode_string.go delete mode 100644 vendor/github.com/cilium/ebpf/asm/register.go delete mode 100644 vendor/github.com/cilium/ebpf/attachtype_string.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/btf.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/btf_types.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/btf_types_string.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/core.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/doc.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/ext_info.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/format.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/handle.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/strings.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/types.go delete mode 100644 vendor/github.com/cilium/ebpf/collection.go delete mode 100644 vendor/github.com/cilium/ebpf/doc.go delete mode 100644 vendor/github.com/cilium/ebpf/elf_reader.go delete mode 100644 vendor/github.com/cilium/ebpf/info.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/align.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/cpu.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/elf.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/endian_be.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/endian_le.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/errors.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/feature.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/io.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/output.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/pinning.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/doc.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/fd.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/ptr.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/syscall.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/types.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/unix/types_linux.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/unix/types_other.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/vdso.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/version.go delete mode 100644 vendor/github.com/cilium/ebpf/link/cgroup.go delete mode 100644 vendor/github.com/cilium/ebpf/link/doc.go delete mode 100644 vendor/github.com/cilium/ebpf/link/iter.go delete mode 100644 vendor/github.com/cilium/ebpf/link/kprobe.go delete mode 100644 vendor/github.com/cilium/ebpf/link/link.go delete mode 100644 vendor/github.com/cilium/ebpf/link/netns.go delete mode 100644 vendor/github.com/cilium/ebpf/link/perf_event.go delete mode 100644 vendor/github.com/cilium/ebpf/link/platform.go delete mode 100644 vendor/github.com/cilium/ebpf/link/program.go delete mode 100644 vendor/github.com/cilium/ebpf/link/raw_tracepoint.go delete mode 100644 vendor/github.com/cilium/ebpf/link/socket_filter.go delete mode 100644 vendor/github.com/cilium/ebpf/link/syscalls.go delete mode 100644 vendor/github.com/cilium/ebpf/link/tracepoint.go delete mode 100644 vendor/github.com/cilium/ebpf/link/tracing.go delete mode 100644 vendor/github.com/cilium/ebpf/link/uprobe.go delete mode 100644 vendor/github.com/cilium/ebpf/link/xdp.go delete mode 100644 vendor/github.com/cilium/ebpf/linker.go delete mode 100644 vendor/github.com/cilium/ebpf/map.go delete mode 100644 vendor/github.com/cilium/ebpf/marshalers.go delete mode 100644 vendor/github.com/cilium/ebpf/prog.go delete mode 100644 vendor/github.com/cilium/ebpf/run-tests.sh delete mode 100644 vendor/github.com/cilium/ebpf/syscalls.go delete mode 100644 vendor/github.com/cilium/ebpf/types.go delete mode 100644 vendor/github.com/cilium/ebpf/types_string.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/.gitignore delete mode 100644 vendor/github.com/containerd/cgroups/v3/LICENSE delete mode 100644 vendor/github.com/containerd/cgroups/v3/Makefile delete mode 100644 vendor/github.com/containerd/cgroups/v3/Protobuild.toml delete mode 100644 vendor/github.com/containerd/cgroups/v3/README.md delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/blkio.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/cgroup.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/control.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/cpu.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/cpuacct.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/cpuset.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/devices.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/errors.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/freezer.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/hierarchy.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/hugetlb.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/memory.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/named.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/net_cls.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/net_prio.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/opts.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/paths.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/perf_event.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/pids.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/rdma.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/state.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/subsystem.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/systemd.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/ticks.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/utils.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup1/v1.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/cpu.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/devicefilter.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/ebpf.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/errors.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/hugetlb.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/io.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/manager.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/memory.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/paths.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/pids.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/rdma.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/state.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/stats/doc.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.txt delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.proto delete mode 100644 vendor/github.com/containerd/cgroups/v3/cgroup2/utils.go delete mode 100644 vendor/github.com/containerd/cgroups/v3/utils.go delete mode 100644 vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go delete mode 100644 vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go delete mode 100644 vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/LICENSE delete mode 100644 vendor/github.com/coreos/go-systemd/v22/NOTICE delete mode 100644 vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/dbus/methods.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/dbus/properties.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/dbus/set.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go delete mode 100644 vendor/github.com/docker/docker/api/types/configs.go create mode 100644 vendor/github.com/docker/docker/api/types/container/container.go create mode 100644 vendor/github.com/docker/docker/api/types/container/create_request.go create mode 100644 vendor/github.com/docker/docker/api/types/container/exec.go rename vendor/github.com/docker/docker/api/types/{ => container}/stats.go (96%) create mode 100644 vendor/github.com/docker/docker/api/types/network/create_response.go create mode 100644 vendor/github.com/docker/docker/api/types/registry/search.go create mode 100644 vendor/github.com/docker/docker/daemon/network/network_mode.go create mode 100644 vendor/github.com/docker/docker/daemon/network/network_mode_unix.go create mode 100644 vendor/github.com/docker/docker/daemon/network/network_mode_windows.go delete mode 100644 vendor/github.com/docker/docker/internal/compatcontext/cancel.go delete mode 100644 vendor/github.com/docker/docker/internal/compatcontext/cancel_go121.go create mode 100644 vendor/github.com/docker/docker/internal/unix_noeintr/epoll_linux.go delete mode 100644 vendor/github.com/docker/docker/pkg/parsers/parsers.go create mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_other.go delete mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_unix.go delete mode 100644 vendor/github.com/docker/docker/pkg/reexec/command_windows.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu_other.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go delete mode 100644 vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_other.go delete mode 100644 vendor/github.com/docker/docker/runconfig/config.go delete mode 100644 vendor/github.com/docker/docker/runconfig/config_unix.go delete mode 100644 vendor/github.com/docker/docker/runconfig/config_windows.go delete mode 100644 vendor/github.com/docker/docker/runconfig/errors.go delete mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig.go delete mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_unix.go delete mode 100644 vendor/github.com/docker/docker/runconfig/hostconfig_windows.go delete mode 100644 vendor/github.com/docker/docker/runconfig/opts/parse.go delete mode 100644 vendor/github.com/godbus/dbus/v5/CONTRIBUTING.md delete mode 100644 vendor/github.com/godbus/dbus/v5/LICENSE delete mode 100644 vendor/github.com/godbus/dbus/v5/MAINTAINERS delete mode 100644 vendor/github.com/godbus/dbus/v5/README.md delete mode 100644 vendor/github.com/godbus/dbus/v5/auth.go delete mode 100644 vendor/github.com/godbus/dbus/v5/auth_anonymous.go delete mode 100644 vendor/github.com/godbus/dbus/v5/auth_external.go delete mode 100644 vendor/github.com/godbus/dbus/v5/auth_sha1.go delete mode 100644 vendor/github.com/godbus/dbus/v5/call.go delete mode 100644 vendor/github.com/godbus/dbus/v5/conn.go delete mode 100644 vendor/github.com/godbus/dbus/v5/conn_darwin.go delete mode 100644 vendor/github.com/godbus/dbus/v5/conn_other.go delete mode 100644 vendor/github.com/godbus/dbus/v5/conn_unix.go delete mode 100644 vendor/github.com/godbus/dbus/v5/conn_windows.go delete mode 100644 vendor/github.com/godbus/dbus/v5/dbus.go delete mode 100644 vendor/github.com/godbus/dbus/v5/decoder.go delete mode 100644 vendor/github.com/godbus/dbus/v5/default_handler.go delete mode 100644 vendor/github.com/godbus/dbus/v5/doc.go delete mode 100644 vendor/github.com/godbus/dbus/v5/encoder.go delete mode 100644 vendor/github.com/godbus/dbus/v5/escape.go delete mode 100644 vendor/github.com/godbus/dbus/v5/export.go delete mode 100644 vendor/github.com/godbus/dbus/v5/homedir.go delete mode 100644 vendor/github.com/godbus/dbus/v5/match.go delete mode 100644 vendor/github.com/godbus/dbus/v5/message.go delete mode 100644 vendor/github.com/godbus/dbus/v5/object.go delete mode 100644 vendor/github.com/godbus/dbus/v5/sequence.go delete mode 100644 vendor/github.com/godbus/dbus/v5/sequential_handler.go delete mode 100644 vendor/github.com/godbus/dbus/v5/server_interfaces.go delete mode 100644 vendor/github.com/godbus/dbus/v5/sig.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_darwin.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_generic.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_tcp.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_unix.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_unixcred_dragonfly.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_unixcred_netbsd.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_unixcred_openbsd.go delete mode 100644 vendor/github.com/godbus/dbus/v5/transport_zos.go delete mode 100644 vendor/github.com/godbus/dbus/v5/variant.go delete mode 100644 vendor/github.com/godbus/dbus/v5/variant_lexer.go delete mode 100644 vendor/github.com/godbus/dbus/v5/variant_parser.go create mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/linter/linter.go create mode 100644 vendor/github.com/moby/buildkit/frontend/dockerfile/linter/ruleset.go diff --git a/go.mod b/go.mod index 2c2bc1c2e7..9969753d9e 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240419161514-af205d85bb44 github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 github.com/containerd/cgroups v1.1.0 // indirect - github.com/docker/docker v26.1.3+incompatible + github.com/docker/docker v27.0.3+incompatible github.com/go-git/go-billy/v5 v5.5.0 github.com/go-git/go-git/v5 v5.12.0 github.com/golang/mock v1.6.0 @@ -22,7 +22,7 @@ require ( github.com/google/slowjam v1.1.1 github.com/karrick/godirwalk v1.16.1 github.com/minio/highwayhash v1.0.2 - github.com/moby/buildkit v0.13.2 + github.com/moby/buildkit v0.14.1 github.com/otiai10/copy v1.14.0 github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.9.3 @@ -74,13 +74,11 @@ require ( github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/cilium/ebpf v0.9.1 // indirect github.com/containerd/continuity v0.4.3 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect - github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/docker/cli v26.1.0+incompatible // indirect + github.com/docker/cli v26.1.4+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/docker/go-connections v0.5.0 // indirect @@ -90,7 +88,6 @@ require ( github.com/ePirat/docker-credential-gitlabci v1.0.0 github.com/emirpasic/gods v1.18.1 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -129,7 +126,6 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect go.etcd.io/etcd/raft/v3 v3.5.6 // indirect go.opencensus.io v0.24.0 // indirect - go.uber.org/goleak v1.2.1 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/sys v0.21.0 golang.org/x/text v0.16.0 // indirect @@ -154,13 +150,12 @@ require ( github.com/aws/aws-sdk-go-v2/service/ecr v1.27.4 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.4 // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/containerd/cgroups/v3 v3.0.2 // indirect github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/ttrpc v1.2.4 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect - github.com/distribution/reference v0.5.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/logr v1.4.1 // indirect diff --git a/go.sum b/go.sum index bd21f41490..21dad0c268 100644 --- a/go.sum +++ b/go.sum @@ -134,8 +134,6 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= -github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= -github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= @@ -146,8 +144,6 @@ github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoC github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= -github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao= github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= @@ -165,8 +161,6 @@ github.com/containerd/ttrpc v1.2.4/go.mod h1:ojvb8SJBSch0XkqNO0L0YX/5NxR3UnVk2Lz github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -178,16 +172,16 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlPXifX/UQ3Y= -github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8= +github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= -github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE= +github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -235,8 +229,6 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= -github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -356,8 +348,8 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/buildkit v0.13.2 h1:nXNszM4qD9E7QtG7bFWPnDI1teUQFQglBzon/IU3SzI= -github.com/moby/buildkit v0.13.2/go.mod h1:2cyVOv9NoHM7arphK9ZfHIWKn9YVZRFd1wXB8kKmEzY= +github.com/moby/buildkit v0.14.1 h1:2epLCZTkn4CikdImtsLtIa++7DzCimrrZCT1sway+oI= +github.com/moby/buildkit v0.14.1/go.mod h1:1XssG7cAqv5Bz1xcGMxJL123iCv5TYN4Z/qf647gfuk= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= @@ -513,8 +505,6 @@ go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= diff --git a/pkg/dockerfile/dockerfile.go b/pkg/dockerfile/dockerfile.go index fec1cb3f19..2a4d77454c 100644 --- a/pkg/dockerfile/dockerfile.go +++ b/pkg/dockerfile/dockerfile.go @@ -32,6 +32,7 @@ import ( "github.com/GoogleContainerTools/kaniko/pkg/config" "github.com/GoogleContainerTools/kaniko/pkg/util" "github.com/moby/buildkit/frontend/dockerfile/instructions" + "github.com/moby/buildkit/frontend/dockerfile/linter" "github.com/moby/buildkit/frontend/dockerfile/parser" "github.com/pkg/errors" ) @@ -90,7 +91,7 @@ func Parse(b []byte) ([]instructions.Stage, []instructions.ArgCommand, error) { if err != nil { return nil, nil, err } - stages, metaArgs, err := instructions.Parse(p.AST) + stages, metaArgs, err := instructions.Parse(p.AST, &linter.Linter{}) if err != nil { return nil, nil, err } diff --git a/pkg/image/image_util_test.go b/pkg/image/image_util_test.go index 3debab63f5..227ac5990e 100644 --- a/pkg/image/image_util_test.go +++ b/pkg/image/image_util_test.go @@ -23,6 +23,7 @@ import ( v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" "github.com/moby/buildkit/frontend/dockerfile/instructions" + "github.com/moby/buildkit/frontend/dockerfile/linter" "github.com/moby/buildkit/frontend/dockerfile/parser" "github.com/GoogleContainerTools/kaniko/pkg/config" @@ -117,7 +118,7 @@ func parse(s string) ([]instructions.Stage, error) { if err != nil { return nil, err } - stages, _, err := instructions.Parse(p.AST) + stages, _, err := instructions.Parse(p.AST, &linter.Linter{}) if err != nil { return nil, err } diff --git a/pkg/util/command_util.go b/pkg/util/command_util.go index 67e56af35b..d09e1431ca 100644 --- a/pkg/util/command_util.go +++ b/pkg/util/command_util.go @@ -70,7 +70,7 @@ func ResolveEnvironmentReplacementList(values, envs []string, isFilepath bool) ( // "a\"b" -> "a"b" func ResolveEnvironmentReplacement(value string, envs []string, isFilepath bool) (string, error) { shlex := shell.NewLex(parser.DefaultEscapeToken) - fp, err := shlex.ProcessWord(value, envs) + fp, _, err := shlex.ProcessWord(value, envs) // Check after replacement if value is a remote URL if !isFilepath || IsSrcRemoteFileURL(fp) { return fp, err diff --git a/vendor/github.com/cilium/ebpf/.clang-format b/vendor/github.com/cilium/ebpf/.clang-format deleted file mode 100644 index 4eb94b1baa..0000000000 --- a/vendor/github.com/cilium/ebpf/.clang-format +++ /dev/null @@ -1,17 +0,0 @@ ---- -Language: Cpp -BasedOnStyle: LLVM -AlignAfterOpenBracket: DontAlign -AlignConsecutiveAssignments: true -AlignEscapedNewlines: DontAlign -AlwaysBreakBeforeMultilineStrings: true -AlwaysBreakTemplateDeclarations: false -AllowAllParametersOfDeclarationOnNextLine: false -AllowShortFunctionsOnASingleLine: false -BreakBeforeBraces: Attach -IndentWidth: 4 -KeepEmptyLinesAtTheStartOfBlocks: false -TabWidth: 4 -UseTab: ForContinuationAndIndentation -ColumnLimit: 1000 -... diff --git a/vendor/github.com/cilium/ebpf/.gitignore b/vendor/github.com/cilium/ebpf/.gitignore deleted file mode 100644 index b46162b8ec..0000000000 --- a/vendor/github.com/cilium/ebpf/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -*.o -!*_bpf*.o - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out diff --git a/vendor/github.com/cilium/ebpf/.golangci.yaml b/vendor/github.com/cilium/ebpf/.golangci.yaml deleted file mode 100644 index dc62dd6d0f..0000000000 --- a/vendor/github.com/cilium/ebpf/.golangci.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -issues: - exclude-rules: - # syscall param structs will have unused fields in Go code. - - path: syscall.*.go - linters: - - structcheck - -linters: - disable-all: true - enable: - - deadcode - - errcheck - - goimports - - gosimple - - govet - - ineffassign - - misspell - - staticcheck - - structcheck - - typecheck - - unused - - varcheck - - # Could be enabled later: - # - gocyclo - # - maligned - # - gosec diff --git a/vendor/github.com/cilium/ebpf/ARCHITECTURE.md b/vendor/github.com/cilium/ebpf/ARCHITECTURE.md deleted file mode 100644 index 8cd7e2486e..0000000000 --- a/vendor/github.com/cilium/ebpf/ARCHITECTURE.md +++ /dev/null @@ -1,86 +0,0 @@ -Architecture of the library -=== - - ELF -> Specifications -> Objects -> Links - -ELF ---- - -BPF is usually produced by using Clang to compile a subset of C. Clang outputs -an ELF file which contains program byte code (aka BPF), but also metadata for -maps used by the program. The metadata follows the conventions set by libbpf -shipped with the kernel. Certain ELF sections have special meaning -and contain structures defined by libbpf. Newer versions of clang emit -additional metadata in BPF Type Format (aka BTF). - -The library aims to be compatible with libbpf so that moving from a C toolchain -to a Go one creates little friction. To that end, the [ELF reader](elf_reader.go) -is tested against the Linux selftests and avoids introducing custom behaviour -if possible. - -The output of the ELF reader is a `CollectionSpec` which encodes -all of the information contained in the ELF in a form that is easy to work with -in Go. - -### BTF - -The BPF Type Format describes more than just the types used by a BPF program. It -includes debug aids like which source line corresponds to which instructions and -what global variables are used. - -[BTF parsing](internal/btf/) lives in a separate internal package since exposing -it would mean an additional maintenance burden, and because the API still -has sharp corners. The most important concept is the `btf.Type` interface, which -also describes things that aren't really types like `.rodata` or `.bss` sections. -`btf.Type`s can form cyclical graphs, which can easily lead to infinite loops if -one is not careful. Hopefully a safe pattern to work with `btf.Type` emerges as -we write more code that deals with it. - -Specifications ---- - -`CollectionSpec`, `ProgramSpec` and `MapSpec` are blueprints for in-kernel -objects and contain everything necessary to execute the relevant `bpf(2)` -syscalls. Since the ELF reader outputs a `CollectionSpec` it's possible to -modify clang-compiled BPF code, for example to rewrite constants. At the same -time the [asm](asm/) package provides an assembler that can be used to generate -`ProgramSpec` on the fly. - -Creating a spec should never require any privileges or be restricted in any way, -for example by only allowing programs in native endianness. This ensures that -the library stays flexible. - -Objects ---- - -`Program` and `Map` are the result of loading specs into the kernel. Sometimes -loading a spec will fail because the kernel is too old, or a feature is not -enabled. There are multiple ways the library deals with that: - -* Fallback: older kernels don't allow naming programs and maps. The library - automatically detects support for names, and omits them during load if - necessary. This works since name is primarily a debug aid. - -* Sentinel error: sometimes it's possible to detect that a feature isn't available. - In that case the library will return an error wrapping `ErrNotSupported`. - This is also useful to skip tests that can't run on the current kernel. - -Once program and map objects are loaded they expose the kernel's low-level API, -e.g. `NextKey`. Often this API is awkward to use in Go, so there are safer -wrappers on top of the low-level API, like `MapIterator`. The low-level API is -useful when our higher-level API doesn't support a particular use case. - -Links ---- - -BPF can be attached to many different points in the kernel and newer BPF hooks -tend to use bpf_link to do so. Older hooks unfortunately use a combination of -syscalls, netlink messages, etc. Adding support for a new link type should not -pull in large dependencies like netlink, so XDP programs or tracepoints are -out of scope. - -Each bpf_link_type has one corresponding Go type, e.g. `link.tracing` corresponds -to BPF_LINK_TRACING. In general, these types should be unexported as long as they -don't export methods outside of the Link interface. Each Go type may have multiple -exported constructors. For example `AttachTracing` and `AttachLSM` create a -tracing link, but are distinct functions since they may require different arguments. diff --git a/vendor/github.com/cilium/ebpf/CODE_OF_CONDUCT.md b/vendor/github.com/cilium/ebpf/CODE_OF_CONDUCT.md deleted file mode 100644 index 8e42838c5a..0000000000 --- a/vendor/github.com/cilium/ebpf/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,46 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. - -## Our Standards - -Examples of behavior that contributes to creating a positive environment include: - -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members - -Examples of unacceptable behavior by participants include: - -* The use of sexualized language or imagery and unwelcome sexual attention or advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a professional setting - -## Our Responsibilities - -Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. - -Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. - -## Scope - -This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at nathanjsweet at gmail dot com or i at lmb dot io. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. - -Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] - -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ diff --git a/vendor/github.com/cilium/ebpf/CONTRIBUTING.md b/vendor/github.com/cilium/ebpf/CONTRIBUTING.md deleted file mode 100644 index 0d29eae81e..0000000000 --- a/vendor/github.com/cilium/ebpf/CONTRIBUTING.md +++ /dev/null @@ -1,40 +0,0 @@ -# How to contribute - -Development is on [GitHub](https://github.com/cilium/ebpf) and contributions in -the form of pull requests and issues reporting bugs or suggesting new features -are welcome. Please take a look at [the architecture](ARCHITECTURE.md) to get -a better understanding for the high-level goals. - -New features must be accompanied by tests. Before starting work on any large -feature, please [join](https://ebpf.io/slack) the -[#ebpf-go](https://cilium.slack.com/messages/ebpf-go) channel on Slack to -discuss the design first. - -When submitting pull requests, consider writing details about what problem you -are solving and why the proposed approach solves that problem in commit messages -and/or pull request description to help future library users and maintainers to -reason about the proposed changes. - -## Running the tests - -Many of the tests require privileges to set resource limits and load eBPF code. -The easiest way to obtain these is to run the tests with `sudo`. - -To test the current package with your local kernel you can simply run: -``` -go test -exec sudo ./... -``` - -To test the current package with a different kernel version you can use the [run-tests.sh](run-tests.sh) script. -It requires [virtme](https://github.com/amluto/virtme) and qemu to be installed. - -Examples: - -```bash -# Run all tests on a 5.4 kernel -./run-tests.sh 5.4 - -# Run a subset of tests: -./run-tests.sh 5.4 go test ./link -``` - diff --git a/vendor/github.com/cilium/ebpf/LICENSE b/vendor/github.com/cilium/ebpf/LICENSE deleted file mode 100644 index c637ae99c2..0000000000 --- a/vendor/github.com/cilium/ebpf/LICENSE +++ /dev/null @@ -1,23 +0,0 @@ -MIT License - -Copyright (c) 2017 Nathan Sweet -Copyright (c) 2018, 2019 Cloudflare -Copyright (c) 2019 Authors of Cilium - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/cilium/ebpf/MAINTAINERS.md b/vendor/github.com/cilium/ebpf/MAINTAINERS.md deleted file mode 100644 index 9c18e7e76f..0000000000 --- a/vendor/github.com/cilium/ebpf/MAINTAINERS.md +++ /dev/null @@ -1,8 +0,0 @@ -# Maintainers - - * [Lorenz Bauer] - * [Timo Beckers] (Isovalent) - - -[Lorenz Bauer]: https://github.com/lmb -[Timo Beckers]: https://github.com/ti-mo diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile deleted file mode 100644 index 2d5f04c370..0000000000 --- a/vendor/github.com/cilium/ebpf/Makefile +++ /dev/null @@ -1,110 +0,0 @@ -# The development version of clang is distributed as the 'clang' binary, -# while stable/released versions have a version number attached. -# Pin the default clang to a stable version. -CLANG ?= clang-14 -STRIP ?= llvm-strip-14 -OBJCOPY ?= llvm-objcopy-14 -CFLAGS := -O2 -g -Wall -Werror $(CFLAGS) - -CI_KERNEL_URL ?= https://github.com/cilium/ci-kernels/raw/master/ - -# Obtain an absolute path to the directory of the Makefile. -# Assume the Makefile is in the root of the repository. -REPODIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) -UIDGID := $(shell stat -c '%u:%g' ${REPODIR}) - -# Prefer podman if installed, otherwise use docker. -# Note: Setting the var at runtime will always override. -CONTAINER_ENGINE ?= $(if $(shell command -v podman), podman, docker) -CONTAINER_RUN_ARGS ?= $(if $(filter ${CONTAINER_ENGINE}, podman), --log-driver=none, --user "${UIDGID}") - -IMAGE := $(shell cat ${REPODIR}/testdata/docker/IMAGE) -VERSION := $(shell cat ${REPODIR}/testdata/docker/VERSION) - - -# clang <8 doesn't tag relocs properly (STT_NOTYPE) -# clang 9 is the first version emitting BTF -TARGETS := \ - testdata/loader-clang-7 \ - testdata/loader-clang-9 \ - testdata/loader-$(CLANG) \ - testdata/btf_map_init \ - testdata/invalid_map \ - testdata/raw_tracepoint \ - testdata/invalid_map_static \ - testdata/invalid_btf_map_init \ - testdata/strings \ - testdata/freplace \ - testdata/iproute2_map_compat \ - testdata/map_spin_lock \ - testdata/subprog_reloc \ - testdata/fwd_decl \ - btf/testdata/relocs \ - btf/testdata/relocs_read \ - btf/testdata/relocs_read_tgt - -.PHONY: all clean container-all container-shell generate - -.DEFAULT_TARGET = container-all - -# Build all ELF binaries using a containerized LLVM toolchain. -container-all: - ${CONTAINER_ENGINE} run --rm ${CONTAINER_RUN_ARGS} \ - -v "${REPODIR}":/ebpf -w /ebpf --env MAKEFLAGS \ - --env CFLAGS="-fdebug-prefix-map=/ebpf=." \ - --env HOME="/tmp" \ - "${IMAGE}:${VERSION}" \ - $(MAKE) all - -# (debug) Drop the user into a shell inside the container as root. -container-shell: - ${CONTAINER_ENGINE} run --rm -ti \ - -v "${REPODIR}":/ebpf -w /ebpf \ - "${IMAGE}:${VERSION}" - -clean: - -$(RM) testdata/*.elf - -$(RM) btf/testdata/*.elf - -format: - find . -type f -name "*.c" | xargs clang-format -i - -all: format $(addsuffix -el.elf,$(TARGETS)) $(addsuffix -eb.elf,$(TARGETS)) generate - ln -srf testdata/loader-$(CLANG)-el.elf testdata/loader-el.elf - ln -srf testdata/loader-$(CLANG)-eb.elf testdata/loader-eb.elf - -# $BPF_CLANG is used in go:generate invocations. -generate: export BPF_CLANG := $(CLANG) -generate: export BPF_CFLAGS := $(CFLAGS) -generate: - go generate ./cmd/bpf2go/test - go generate ./internal/sys - cd examples/ && go generate ./... - -testdata/loader-%-el.elf: testdata/loader.c - $* $(CFLAGS) -target bpfel -c $< -o $@ - $(STRIP) -g $@ - -testdata/loader-%-eb.elf: testdata/loader.c - $* $(CFLAGS) -target bpfeb -c $< -o $@ - $(STRIP) -g $@ - -%-el.elf: %.c - $(CLANG) $(CFLAGS) -target bpfel -c $< -o $@ - $(STRIP) -g $@ - -%-eb.elf : %.c - $(CLANG) $(CFLAGS) -target bpfeb -c $< -o $@ - $(STRIP) -g $@ - -.PHONY: generate-btf -generate-btf: KERNEL_VERSION?=5.18 -generate-btf: - $(eval TMP := $(shell mktemp -d)) - curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION).bz" -o "$(TMP)/bzImage" - ./testdata/extract-vmlinux "$(TMP)/bzImage" > "$(TMP)/vmlinux" - $(OBJCOPY) --dump-section .BTF=/dev/stdout "$(TMP)/vmlinux" /dev/null | gzip > "btf/testdata/vmlinux.btf.gz" - curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-selftests-bpf.tgz" -o "$(TMP)/selftests.tgz" - tar -xf "$(TMP)/selftests.tgz" --to-stdout tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko | \ - $(OBJCOPY) --dump-section .BTF="btf/testdata/btf_testmod.btf" - /dev/null - $(RM) -r "$(TMP)" diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md deleted file mode 100644 index 3e490de711..0000000000 --- a/vendor/github.com/cilium/ebpf/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# eBPF - -[![PkgGoDev](https://pkg.go.dev/badge/github.com/cilium/ebpf)](https://pkg.go.dev/github.com/cilium/ebpf) - -![HoneyGopher](.github/images/cilium-ebpf.png) - -eBPF is a pure Go library that provides utilities for loading, compiling, and -debugging eBPF programs. It has minimal external dependencies and is intended to -be used in long running processes. - -The library is maintained by [Cloudflare](https://www.cloudflare.com) and -[Cilium](https://www.cilium.io). - -See [ebpf.io](https://ebpf.io) for other projects from the eBPF ecosystem. - -## Getting Started - -A small collection of Go and eBPF programs that serve as examples for building -your own tools can be found under [examples/](examples/). - -Contributions are highly encouraged, as they highlight certain use cases of -eBPF and the library, and help shape the future of the project. - -## Getting Help - -Please -[join](https://ebpf.io/slack) the -[#ebpf-go](https://cilium.slack.com/messages/ebpf-go) channel on Slack if you -have questions regarding the library. - -## Packages - -This library includes the following packages: - -* [asm](https://pkg.go.dev/github.com/cilium/ebpf/asm) contains a basic - assembler, allowing you to write eBPF assembly instructions directly - within your Go code. (You don't need to use this if you prefer to write your eBPF program in C.) -* [cmd/bpf2go](https://pkg.go.dev/github.com/cilium/ebpf/cmd/bpf2go) allows - compiling and embedding eBPF programs written in C within Go code. As well as - compiling the C code, it auto-generates Go code for loading and manipulating - the eBPF program and map objects. -* [link](https://pkg.go.dev/github.com/cilium/ebpf/link) allows attaching eBPF - to various hooks -* [perf](https://pkg.go.dev/github.com/cilium/ebpf/perf) allows reading from a - `PERF_EVENT_ARRAY` -* [ringbuf](https://pkg.go.dev/github.com/cilium/ebpf/ringbuf) allows reading from a - `BPF_MAP_TYPE_RINGBUF` map -* [features](https://pkg.go.dev/github.com/cilium/ebpf/features) implements the equivalent - of `bpftool feature probe` for discovering BPF-related kernel features using native Go. -* [rlimit](https://pkg.go.dev/github.com/cilium/ebpf/rlimit) provides a convenient API to lift - the `RLIMIT_MEMLOCK` constraint on kernels before 5.11. - -## Requirements - -* A version of Go that is [supported by - upstream](https://golang.org/doc/devel/release.html#policy) -* Linux >= 4.9. CI is run against kernel.org LTS releases. 4.4 should work but is - not tested against. - -## Regenerating Testdata - -Run `make` in the root of this repository to rebuild testdata in all -subpackages. This requires Docker, as it relies on a standardized build -environment to keep the build output stable. - -It is possible to regenerate data using Podman by overriding the `CONTAINER_*` -variables: `CONTAINER_ENGINE=podman CONTAINER_RUN_ARGS= make`. - -The toolchain image build files are kept in [testdata/docker/](testdata/docker/). - -## License - -MIT - -### eBPF Gopher - -The eBPF honeygopher is based on the Go gopher designed by Renee French. diff --git a/vendor/github.com/cilium/ebpf/asm/alu.go b/vendor/github.com/cilium/ebpf/asm/alu.go deleted file mode 100644 index 70ccc4d151..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/alu.go +++ /dev/null @@ -1,149 +0,0 @@ -package asm - -//go:generate stringer -output alu_string.go -type=Source,Endianness,ALUOp - -// Source of ALU / ALU64 / Branch operations -// -// msb lsb -// +----+-+---+ -// |op |S|cls| -// +----+-+---+ -type Source uint8 - -const sourceMask OpCode = 0x08 - -// Source bitmask -const ( - // InvalidSource is returned by getters when invoked - // on non ALU / branch OpCodes. - InvalidSource Source = 0xff - // ImmSource src is from constant - ImmSource Source = 0x00 - // RegSource src is from register - RegSource Source = 0x08 -) - -// The Endianness of a byte swap instruction. -type Endianness uint8 - -const endianMask = sourceMask - -// Endian flags -const ( - InvalidEndian Endianness = 0xff - // Convert to little endian - LE Endianness = 0x00 - // Convert to big endian - BE Endianness = 0x08 -) - -// ALUOp are ALU / ALU64 operations -// -// msb lsb -// +----+-+---+ -// |OP |s|cls| -// +----+-+---+ -type ALUOp uint8 - -const aluMask OpCode = 0xf0 - -const ( - // InvalidALUOp is returned by getters when invoked - // on non ALU OpCodes - InvalidALUOp ALUOp = 0xff - // Add - addition - Add ALUOp = 0x00 - // Sub - subtraction - Sub ALUOp = 0x10 - // Mul - multiplication - Mul ALUOp = 0x20 - // Div - division - Div ALUOp = 0x30 - // Or - bitwise or - Or ALUOp = 0x40 - // And - bitwise and - And ALUOp = 0x50 - // LSh - bitwise shift left - LSh ALUOp = 0x60 - // RSh - bitwise shift right - RSh ALUOp = 0x70 - // Neg - sign/unsign signing bit - Neg ALUOp = 0x80 - // Mod - modulo - Mod ALUOp = 0x90 - // Xor - bitwise xor - Xor ALUOp = 0xa0 - // Mov - move value from one place to another - Mov ALUOp = 0xb0 - // ArSh - arithmatic shift - ArSh ALUOp = 0xc0 - // Swap - endian conversions - Swap ALUOp = 0xd0 -) - -// HostTo converts from host to another endianness. -func HostTo(endian Endianness, dst Register, size Size) Instruction { - var imm int64 - switch size { - case Half: - imm = 16 - case Word: - imm = 32 - case DWord: - imm = 64 - default: - return Instruction{OpCode: InvalidOpCode} - } - - return Instruction{ - OpCode: OpCode(ALUClass).SetALUOp(Swap).SetSource(Source(endian)), - Dst: dst, - Constant: imm, - } -} - -// Op returns the OpCode for an ALU operation with a given source. -func (op ALUOp) Op(source Source) OpCode { - return OpCode(ALU64Class).SetALUOp(op).SetSource(source) -} - -// Reg emits `dst (op) src`. -func (op ALUOp) Reg(dst, src Register) Instruction { - return Instruction{ - OpCode: op.Op(RegSource), - Dst: dst, - Src: src, - } -} - -// Imm emits `dst (op) value`. -func (op ALUOp) Imm(dst Register, value int32) Instruction { - return Instruction{ - OpCode: op.Op(ImmSource), - Dst: dst, - Constant: int64(value), - } -} - -// Op32 returns the OpCode for a 32-bit ALU operation with a given source. -func (op ALUOp) Op32(source Source) OpCode { - return OpCode(ALUClass).SetALUOp(op).SetSource(source) -} - -// Reg32 emits `dst (op) src`, zeroing the upper 32 bit of dst. -func (op ALUOp) Reg32(dst, src Register) Instruction { - return Instruction{ - OpCode: op.Op32(RegSource), - Dst: dst, - Src: src, - } -} - -// Imm32 emits `dst (op) value`, zeroing the upper 32 bit of dst. -func (op ALUOp) Imm32(dst Register, value int32) Instruction { - return Instruction{ - OpCode: op.Op32(ImmSource), - Dst: dst, - Constant: int64(value), - } -} diff --git a/vendor/github.com/cilium/ebpf/asm/alu_string.go b/vendor/github.com/cilium/ebpf/asm/alu_string.go deleted file mode 100644 index 72d3fe6292..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/alu_string.go +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by "stringer -output alu_string.go -type=Source,Endianness,ALUOp"; DO NOT EDIT. - -package asm - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[InvalidSource-255] - _ = x[ImmSource-0] - _ = x[RegSource-8] -} - -const ( - _Source_name_0 = "ImmSource" - _Source_name_1 = "RegSource" - _Source_name_2 = "InvalidSource" -) - -func (i Source) String() string { - switch { - case i == 0: - return _Source_name_0 - case i == 8: - return _Source_name_1 - case i == 255: - return _Source_name_2 - default: - return "Source(" + strconv.FormatInt(int64(i), 10) + ")" - } -} -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[InvalidEndian-255] - _ = x[LE-0] - _ = x[BE-8] -} - -const ( - _Endianness_name_0 = "LE" - _Endianness_name_1 = "BE" - _Endianness_name_2 = "InvalidEndian" -) - -func (i Endianness) String() string { - switch { - case i == 0: - return _Endianness_name_0 - case i == 8: - return _Endianness_name_1 - case i == 255: - return _Endianness_name_2 - default: - return "Endianness(" + strconv.FormatInt(int64(i), 10) + ")" - } -} -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[InvalidALUOp-255] - _ = x[Add-0] - _ = x[Sub-16] - _ = x[Mul-32] - _ = x[Div-48] - _ = x[Or-64] - _ = x[And-80] - _ = x[LSh-96] - _ = x[RSh-112] - _ = x[Neg-128] - _ = x[Mod-144] - _ = x[Xor-160] - _ = x[Mov-176] - _ = x[ArSh-192] - _ = x[Swap-208] -} - -const _ALUOp_name = "AddSubMulDivOrAndLShRShNegModXorMovArShSwapInvalidALUOp" - -var _ALUOp_map = map[ALUOp]string{ - 0: _ALUOp_name[0:3], - 16: _ALUOp_name[3:6], - 32: _ALUOp_name[6:9], - 48: _ALUOp_name[9:12], - 64: _ALUOp_name[12:14], - 80: _ALUOp_name[14:17], - 96: _ALUOp_name[17:20], - 112: _ALUOp_name[20:23], - 128: _ALUOp_name[23:26], - 144: _ALUOp_name[26:29], - 160: _ALUOp_name[29:32], - 176: _ALUOp_name[32:35], - 192: _ALUOp_name[35:39], - 208: _ALUOp_name[39:43], - 255: _ALUOp_name[43:55], -} - -func (i ALUOp) String() string { - if str, ok := _ALUOp_map[i]; ok { - return str - } - return "ALUOp(" + strconv.FormatInt(int64(i), 10) + ")" -} diff --git a/vendor/github.com/cilium/ebpf/asm/doc.go b/vendor/github.com/cilium/ebpf/asm/doc.go deleted file mode 100644 index 7031bdc276..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/doc.go +++ /dev/null @@ -1,2 +0,0 @@ -// Package asm is an assembler for eBPF bytecode. -package asm diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go deleted file mode 100644 index a14e9e2c3c..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ /dev/null @@ -1,242 +0,0 @@ -package asm - -//go:generate stringer -output func_string.go -type=BuiltinFunc - -// BuiltinFunc is a built-in eBPF function. -type BuiltinFunc int32 - -func (_ BuiltinFunc) Max() BuiltinFunc { - return maxBuiltinFunc - 1 -} - -// eBPF built-in functions -// -// You can regenerate this list using the following gawk script: -// -// /FN\(.+\),/ { -// match($1, /\((.+)\)/, r) -// split(r[1], p, "_") -// printf "Fn" -// for (i in p) { -// printf "%s%s", toupper(substr(p[i], 1, 1)), substr(p[i], 2) -// } -// print "" -// } -// -// The script expects include/uapi/linux/bpf.h as it's input. -const ( - FnUnspec BuiltinFunc = iota - FnMapLookupElem - FnMapUpdateElem - FnMapDeleteElem - FnProbeRead - FnKtimeGetNs - FnTracePrintk - FnGetPrandomU32 - FnGetSmpProcessorId - FnSkbStoreBytes - FnL3CsumReplace - FnL4CsumReplace - FnTailCall - FnCloneRedirect - FnGetCurrentPidTgid - FnGetCurrentUidGid - FnGetCurrentComm - FnGetCgroupClassid - FnSkbVlanPush - FnSkbVlanPop - FnSkbGetTunnelKey - FnSkbSetTunnelKey - FnPerfEventRead - FnRedirect - FnGetRouteRealm - FnPerfEventOutput - FnSkbLoadBytes - FnGetStackid - FnCsumDiff - FnSkbGetTunnelOpt - FnSkbSetTunnelOpt - FnSkbChangeProto - FnSkbChangeType - FnSkbUnderCgroup - FnGetHashRecalc - FnGetCurrentTask - FnProbeWriteUser - FnCurrentTaskUnderCgroup - FnSkbChangeTail - FnSkbPullData - FnCsumUpdate - FnSetHashInvalid - FnGetNumaNodeId - FnSkbChangeHead - FnXdpAdjustHead - FnProbeReadStr - FnGetSocketCookie - FnGetSocketUid - FnSetHash - FnSetsockopt - FnSkbAdjustRoom - FnRedirectMap - FnSkRedirectMap - FnSockMapUpdate - FnXdpAdjustMeta - FnPerfEventReadValue - FnPerfProgReadValue - FnGetsockopt - FnOverrideReturn - FnSockOpsCbFlagsSet - FnMsgRedirectMap - FnMsgApplyBytes - FnMsgCorkBytes - FnMsgPullData - FnBind - FnXdpAdjustTail - FnSkbGetXfrmState - FnGetStack - FnSkbLoadBytesRelative - FnFibLookup - FnSockHashUpdate - FnMsgRedirectHash - FnSkRedirectHash - FnLwtPushEncap - FnLwtSeg6StoreBytes - FnLwtSeg6AdjustSrh - FnLwtSeg6Action - FnRcRepeat - FnRcKeydown - FnSkbCgroupId - FnGetCurrentCgroupId - FnGetLocalStorage - FnSkSelectReuseport - FnSkbAncestorCgroupId - FnSkLookupTcp - FnSkLookupUdp - FnSkRelease - FnMapPushElem - FnMapPopElem - FnMapPeekElem - FnMsgPushData - FnMsgPopData - FnRcPointerRel - FnSpinLock - FnSpinUnlock - FnSkFullsock - FnTcpSock - FnSkbEcnSetCe - FnGetListenerSock - FnSkcLookupTcp - FnTcpCheckSyncookie - FnSysctlGetName - FnSysctlGetCurrentValue - FnSysctlGetNewValue - FnSysctlSetNewValue - FnStrtol - FnStrtoul - FnSkStorageGet - FnSkStorageDelete - FnSendSignal - FnTcpGenSyncookie - FnSkbOutput - FnProbeReadUser - FnProbeReadKernel - FnProbeReadUserStr - FnProbeReadKernelStr - FnTcpSendAck - FnSendSignalThread - FnJiffies64 - FnReadBranchRecords - FnGetNsCurrentPidTgid - FnXdpOutput - FnGetNetnsCookie - FnGetCurrentAncestorCgroupId - FnSkAssign - FnKtimeGetBootNs - FnSeqPrintf - FnSeqWrite - FnSkCgroupId - FnSkAncestorCgroupId - FnRingbufOutput - FnRingbufReserve - FnRingbufSubmit - FnRingbufDiscard - FnRingbufQuery - FnCsumLevel - FnSkcToTcp6Sock - FnSkcToTcpSock - FnSkcToTcpTimewaitSock - FnSkcToTcpRequestSock - FnSkcToUdp6Sock - FnGetTaskStack - FnLoadHdrOpt - FnStoreHdrOpt - FnReserveHdrOpt - FnInodeStorageGet - FnInodeStorageDelete - FnDPath - FnCopyFromUser - FnSnprintfBtf - FnSeqPrintfBtf - FnSkbCgroupClassid - FnRedirectNeigh - FnPerCpuPtr - FnThisCpuPtr - FnRedirectPeer - FnTaskStorageGet - FnTaskStorageDelete - FnGetCurrentTaskBtf - FnBprmOptsSet - FnKtimeGetCoarseNs - FnImaInodeHash - FnSockFromFile - FnCheckMtu - FnForEachMapElem - FnSnprintf - FnSysBpf - FnBtfFindByNameKind - FnSysClose - FnTimerInit - FnTimerSetCallback - FnTimerStart - FnTimerCancel - FnGetFuncIp - FnGetAttachCookie - FnTaskPtRegs - FnGetBranchSnapshot - FnTraceVprintk - FnSkcToUnixSock - FnKallsymsLookupName - FnFindVma - FnLoop - FnStrncmp - FnGetFuncArg - FnGetFuncRet - FnGetFuncArgCnt - FnGetRetval - FnSetRetval - FnXdpGetBuffLen - FnXdpLoadBytes - FnXdpStoreBytes - FnCopyFromUserTask - FnSkbSetTstamp - FnImaFileHash - FnKptrXchg - FnMapLookupPercpuElem - FnSkcToMptcpSock - FnDynptrFromMem - FnRingbufReserveDynptr - FnRingbufSubmitDynptr - FnRingbufDiscardDynptr - FnDynptrRead - FnDynptrWrite - FnDynptrData - - maxBuiltinFunc -) - -// Call emits a function call. -func (fn BuiltinFunc) Call() Instruction { - return Instruction{ - OpCode: OpCode(JumpClass).SetJumpOp(Call), - Constant: int64(fn), - } -} diff --git a/vendor/github.com/cilium/ebpf/asm/func_string.go b/vendor/github.com/cilium/ebpf/asm/func_string.go deleted file mode 100644 index b7431b7f60..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/func_string.go +++ /dev/null @@ -1,227 +0,0 @@ -// Code generated by "stringer -output func_string.go -type=BuiltinFunc"; DO NOT EDIT. - -package asm - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[FnUnspec-0] - _ = x[FnMapLookupElem-1] - _ = x[FnMapUpdateElem-2] - _ = x[FnMapDeleteElem-3] - _ = x[FnProbeRead-4] - _ = x[FnKtimeGetNs-5] - _ = x[FnTracePrintk-6] - _ = x[FnGetPrandomU32-7] - _ = x[FnGetSmpProcessorId-8] - _ = x[FnSkbStoreBytes-9] - _ = x[FnL3CsumReplace-10] - _ = x[FnL4CsumReplace-11] - _ = x[FnTailCall-12] - _ = x[FnCloneRedirect-13] - _ = x[FnGetCurrentPidTgid-14] - _ = x[FnGetCurrentUidGid-15] - _ = x[FnGetCurrentComm-16] - _ = x[FnGetCgroupClassid-17] - _ = x[FnSkbVlanPush-18] - _ = x[FnSkbVlanPop-19] - _ = x[FnSkbGetTunnelKey-20] - _ = x[FnSkbSetTunnelKey-21] - _ = x[FnPerfEventRead-22] - _ = x[FnRedirect-23] - _ = x[FnGetRouteRealm-24] - _ = x[FnPerfEventOutput-25] - _ = x[FnSkbLoadBytes-26] - _ = x[FnGetStackid-27] - _ = x[FnCsumDiff-28] - _ = x[FnSkbGetTunnelOpt-29] - _ = x[FnSkbSetTunnelOpt-30] - _ = x[FnSkbChangeProto-31] - _ = x[FnSkbChangeType-32] - _ = x[FnSkbUnderCgroup-33] - _ = x[FnGetHashRecalc-34] - _ = x[FnGetCurrentTask-35] - _ = x[FnProbeWriteUser-36] - _ = x[FnCurrentTaskUnderCgroup-37] - _ = x[FnSkbChangeTail-38] - _ = x[FnSkbPullData-39] - _ = x[FnCsumUpdate-40] - _ = x[FnSetHashInvalid-41] - _ = x[FnGetNumaNodeId-42] - _ = x[FnSkbChangeHead-43] - _ = x[FnXdpAdjustHead-44] - _ = x[FnProbeReadStr-45] - _ = x[FnGetSocketCookie-46] - _ = x[FnGetSocketUid-47] - _ = x[FnSetHash-48] - _ = x[FnSetsockopt-49] - _ = x[FnSkbAdjustRoom-50] - _ = x[FnRedirectMap-51] - _ = x[FnSkRedirectMap-52] - _ = x[FnSockMapUpdate-53] - _ = x[FnXdpAdjustMeta-54] - _ = x[FnPerfEventReadValue-55] - _ = x[FnPerfProgReadValue-56] - _ = x[FnGetsockopt-57] - _ = x[FnOverrideReturn-58] - _ = x[FnSockOpsCbFlagsSet-59] - _ = x[FnMsgRedirectMap-60] - _ = x[FnMsgApplyBytes-61] - _ = x[FnMsgCorkBytes-62] - _ = x[FnMsgPullData-63] - _ = x[FnBind-64] - _ = x[FnXdpAdjustTail-65] - _ = x[FnSkbGetXfrmState-66] - _ = x[FnGetStack-67] - _ = x[FnSkbLoadBytesRelative-68] - _ = x[FnFibLookup-69] - _ = x[FnSockHashUpdate-70] - _ = x[FnMsgRedirectHash-71] - _ = x[FnSkRedirectHash-72] - _ = x[FnLwtPushEncap-73] - _ = x[FnLwtSeg6StoreBytes-74] - _ = x[FnLwtSeg6AdjustSrh-75] - _ = x[FnLwtSeg6Action-76] - _ = x[FnRcRepeat-77] - _ = x[FnRcKeydown-78] - _ = x[FnSkbCgroupId-79] - _ = x[FnGetCurrentCgroupId-80] - _ = x[FnGetLocalStorage-81] - _ = x[FnSkSelectReuseport-82] - _ = x[FnSkbAncestorCgroupId-83] - _ = x[FnSkLookupTcp-84] - _ = x[FnSkLookupUdp-85] - _ = x[FnSkRelease-86] - _ = x[FnMapPushElem-87] - _ = x[FnMapPopElem-88] - _ = x[FnMapPeekElem-89] - _ = x[FnMsgPushData-90] - _ = x[FnMsgPopData-91] - _ = x[FnRcPointerRel-92] - _ = x[FnSpinLock-93] - _ = x[FnSpinUnlock-94] - _ = x[FnSkFullsock-95] - _ = x[FnTcpSock-96] - _ = x[FnSkbEcnSetCe-97] - _ = x[FnGetListenerSock-98] - _ = x[FnSkcLookupTcp-99] - _ = x[FnTcpCheckSyncookie-100] - _ = x[FnSysctlGetName-101] - _ = x[FnSysctlGetCurrentValue-102] - _ = x[FnSysctlGetNewValue-103] - _ = x[FnSysctlSetNewValue-104] - _ = x[FnStrtol-105] - _ = x[FnStrtoul-106] - _ = x[FnSkStorageGet-107] - _ = x[FnSkStorageDelete-108] - _ = x[FnSendSignal-109] - _ = x[FnTcpGenSyncookie-110] - _ = x[FnSkbOutput-111] - _ = x[FnProbeReadUser-112] - _ = x[FnProbeReadKernel-113] - _ = x[FnProbeReadUserStr-114] - _ = x[FnProbeReadKernelStr-115] - _ = x[FnTcpSendAck-116] - _ = x[FnSendSignalThread-117] - _ = x[FnJiffies64-118] - _ = x[FnReadBranchRecords-119] - _ = x[FnGetNsCurrentPidTgid-120] - _ = x[FnXdpOutput-121] - _ = x[FnGetNetnsCookie-122] - _ = x[FnGetCurrentAncestorCgroupId-123] - _ = x[FnSkAssign-124] - _ = x[FnKtimeGetBootNs-125] - _ = x[FnSeqPrintf-126] - _ = x[FnSeqWrite-127] - _ = x[FnSkCgroupId-128] - _ = x[FnSkAncestorCgroupId-129] - _ = x[FnRingbufOutput-130] - _ = x[FnRingbufReserve-131] - _ = x[FnRingbufSubmit-132] - _ = x[FnRingbufDiscard-133] - _ = x[FnRingbufQuery-134] - _ = x[FnCsumLevel-135] - _ = x[FnSkcToTcp6Sock-136] - _ = x[FnSkcToTcpSock-137] - _ = x[FnSkcToTcpTimewaitSock-138] - _ = x[FnSkcToTcpRequestSock-139] - _ = x[FnSkcToUdp6Sock-140] - _ = x[FnGetTaskStack-141] - _ = x[FnLoadHdrOpt-142] - _ = x[FnStoreHdrOpt-143] - _ = x[FnReserveHdrOpt-144] - _ = x[FnInodeStorageGet-145] - _ = x[FnInodeStorageDelete-146] - _ = x[FnDPath-147] - _ = x[FnCopyFromUser-148] - _ = x[FnSnprintfBtf-149] - _ = x[FnSeqPrintfBtf-150] - _ = x[FnSkbCgroupClassid-151] - _ = x[FnRedirectNeigh-152] - _ = x[FnPerCpuPtr-153] - _ = x[FnThisCpuPtr-154] - _ = x[FnRedirectPeer-155] - _ = x[FnTaskStorageGet-156] - _ = x[FnTaskStorageDelete-157] - _ = x[FnGetCurrentTaskBtf-158] - _ = x[FnBprmOptsSet-159] - _ = x[FnKtimeGetCoarseNs-160] - _ = x[FnImaInodeHash-161] - _ = x[FnSockFromFile-162] - _ = x[FnCheckMtu-163] - _ = x[FnForEachMapElem-164] - _ = x[FnSnprintf-165] - _ = x[FnSysBpf-166] - _ = x[FnBtfFindByNameKind-167] - _ = x[FnSysClose-168] - _ = x[FnTimerInit-169] - _ = x[FnTimerSetCallback-170] - _ = x[FnTimerStart-171] - _ = x[FnTimerCancel-172] - _ = x[FnGetFuncIp-173] - _ = x[FnGetAttachCookie-174] - _ = x[FnTaskPtRegs-175] - _ = x[FnGetBranchSnapshot-176] - _ = x[FnTraceVprintk-177] - _ = x[FnSkcToUnixSock-178] - _ = x[FnKallsymsLookupName-179] - _ = x[FnFindVma-180] - _ = x[FnLoop-181] - _ = x[FnStrncmp-182] - _ = x[FnGetFuncArg-183] - _ = x[FnGetFuncRet-184] - _ = x[FnGetFuncArgCnt-185] - _ = x[FnGetRetval-186] - _ = x[FnSetRetval-187] - _ = x[FnXdpGetBuffLen-188] - _ = x[FnXdpLoadBytes-189] - _ = x[FnXdpStoreBytes-190] - _ = x[FnCopyFromUserTask-191] - _ = x[FnSkbSetTstamp-192] - _ = x[FnImaFileHash-193] - _ = x[FnKptrXchg-194] - _ = x[FnMapLookupPercpuElem-195] - _ = x[FnSkcToMptcpSock-196] - _ = x[FnDynptrFromMem-197] - _ = x[FnRingbufReserveDynptr-198] - _ = x[FnRingbufSubmitDynptr-199] - _ = x[FnRingbufDiscardDynptr-200] - _ = x[FnDynptrRead-201] - _ = x[FnDynptrWrite-202] - _ = x[FnDynptrData-203] - _ = x[maxBuiltinFunc-204] -} - -const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegsFnGetBranchSnapshotFnTraceVprintkFnSkcToUnixSockFnKallsymsLookupNameFnFindVmaFnLoopFnStrncmpFnGetFuncArgFnGetFuncRetFnGetFuncArgCntFnGetRetvalFnSetRetvalFnXdpGetBuffLenFnXdpLoadBytesFnXdpStoreBytesFnCopyFromUserTaskFnSkbSetTstampFnImaFileHashFnKptrXchgFnMapLookupPercpuElemFnSkcToMptcpSockFnDynptrFromMemFnRingbufReserveDynptrFnRingbufSubmitDynptrFnRingbufDiscardDynptrFnDynptrReadFnDynptrWriteFnDynptrDatamaxBuiltinFunc" - -var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591, 2610, 2624, 2639, 2659, 2668, 2674, 2683, 2695, 2707, 2722, 2733, 2744, 2759, 2773, 2788, 2806, 2820, 2833, 2843, 2864, 2880, 2895, 2917, 2938, 2960, 2972, 2985, 2997, 3011} - -func (i BuiltinFunc) String() string { - if i < 0 || i >= BuiltinFunc(len(_BuiltinFunc_index)-1) { - return "BuiltinFunc(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _BuiltinFunc_name[_BuiltinFunc_index[i]:_BuiltinFunc_index[i+1]] -} diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go deleted file mode 100644 index f17d88b518..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ /dev/null @@ -1,859 +0,0 @@ -package asm - -import ( - "crypto/sha1" - "encoding/binary" - "encoding/hex" - "errors" - "fmt" - "io" - "math" - "sort" - "strings" - - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// InstructionSize is the size of a BPF instruction in bytes -const InstructionSize = 8 - -// RawInstructionOffset is an offset in units of raw BPF instructions. -type RawInstructionOffset uint64 - -var ErrUnreferencedSymbol = errors.New("unreferenced symbol") -var ErrUnsatisfiedMapReference = errors.New("unsatisfied map reference") -var ErrUnsatisfiedProgramReference = errors.New("unsatisfied program reference") - -// Bytes returns the offset of an instruction in bytes. -func (rio RawInstructionOffset) Bytes() uint64 { - return uint64(rio) * InstructionSize -} - -// Instruction is a single eBPF instruction. -type Instruction struct { - OpCode OpCode - Dst Register - Src Register - Offset int16 - Constant int64 - - // Metadata contains optional metadata about this instruction. - Metadata Metadata -} - -// Unmarshal decodes a BPF instruction. -func (ins *Instruction) Unmarshal(r io.Reader, bo binary.ByteOrder) (uint64, error) { - data := make([]byte, InstructionSize) - if _, err := io.ReadFull(r, data); err != nil { - return 0, err - } - - ins.OpCode = OpCode(data[0]) - - regs := data[1] - switch bo { - case binary.LittleEndian: - ins.Dst, ins.Src = Register(regs&0xF), Register(regs>>4) - case binary.BigEndian: - ins.Dst, ins.Src = Register(regs>>4), Register(regs&0xf) - } - - ins.Offset = int16(bo.Uint16(data[2:4])) - // Convert to int32 before widening to int64 - // to ensure the signed bit is carried over. - ins.Constant = int64(int32(bo.Uint32(data[4:8]))) - - if !ins.OpCode.IsDWordLoad() { - return InstructionSize, nil - } - - // Pull another instruction from the stream to retrieve the second - // half of the 64-bit immediate value. - if _, err := io.ReadFull(r, data); err != nil { - // No Wrap, to avoid io.EOF clash - return 0, errors.New("64bit immediate is missing second half") - } - - // Require that all fields other than the value are zero. - if bo.Uint32(data[0:4]) != 0 { - return 0, errors.New("64bit immediate has non-zero fields") - } - - cons1 := uint32(ins.Constant) - cons2 := int32(bo.Uint32(data[4:8])) - ins.Constant = int64(cons2)<<32 | int64(cons1) - - return 2 * InstructionSize, nil -} - -// Marshal encodes a BPF instruction. -func (ins Instruction) Marshal(w io.Writer, bo binary.ByteOrder) (uint64, error) { - if ins.OpCode == InvalidOpCode { - return 0, errors.New("invalid opcode") - } - - isDWordLoad := ins.OpCode.IsDWordLoad() - - cons := int32(ins.Constant) - if isDWordLoad { - // Encode least significant 32bit first for 64bit operations. - cons = int32(uint32(ins.Constant)) - } - - regs, err := newBPFRegisters(ins.Dst, ins.Src, bo) - if err != nil { - return 0, fmt.Errorf("can't marshal registers: %s", err) - } - - data := make([]byte, InstructionSize) - data[0] = byte(ins.OpCode) - data[1] = byte(regs) - bo.PutUint16(data[2:4], uint16(ins.Offset)) - bo.PutUint32(data[4:8], uint32(cons)) - if _, err := w.Write(data); err != nil { - return 0, err - } - - if !isDWordLoad { - return InstructionSize, nil - } - - // The first half of the second part of a double-wide instruction - // must be zero. The second half carries the value. - bo.PutUint32(data[0:4], 0) - bo.PutUint32(data[4:8], uint32(ins.Constant>>32)) - if _, err := w.Write(data); err != nil { - return 0, err - } - - return 2 * InstructionSize, nil -} - -// AssociateMap associates a Map with this Instruction. -// -// Implicitly clears the Instruction's Reference field. -// -// Returns an error if the Instruction is not a map load. -func (ins *Instruction) AssociateMap(m FDer) error { - if !ins.IsLoadFromMap() { - return errors.New("not a load from a map") - } - - ins.Metadata.Set(referenceMeta{}, nil) - ins.Metadata.Set(mapMeta{}, m) - - return nil -} - -// RewriteMapPtr changes an instruction to use a new map fd. -// -// Returns an error if the instruction doesn't load a map. -// -// Deprecated: use AssociateMap instead. If you cannot provide a Map, -// wrap an fd in a type implementing FDer. -func (ins *Instruction) RewriteMapPtr(fd int) error { - if !ins.IsLoadFromMap() { - return errors.New("not a load from a map") - } - - ins.encodeMapFD(fd) - - return nil -} - -func (ins *Instruction) encodeMapFD(fd int) { - // Preserve the offset value for direct map loads. - offset := uint64(ins.Constant) & (math.MaxUint32 << 32) - rawFd := uint64(uint32(fd)) - ins.Constant = int64(offset | rawFd) -} - -// MapPtr returns the map fd for this instruction. -// -// The result is undefined if the instruction is not a load from a map, -// see IsLoadFromMap. -// -// Deprecated: use Map() instead. -func (ins *Instruction) MapPtr() int { - // If there is a map associated with the instruction, return its FD. - if fd := ins.Metadata.Get(mapMeta{}); fd != nil { - return fd.(FDer).FD() - } - - // Fall back to the fd stored in the Constant field - return ins.mapFd() -} - -// mapFd returns the map file descriptor stored in the 32 least significant -// bits of ins' Constant field. -func (ins *Instruction) mapFd() int { - return int(int32(ins.Constant)) -} - -// RewriteMapOffset changes the offset of a direct load from a map. -// -// Returns an error if the instruction is not a direct load. -func (ins *Instruction) RewriteMapOffset(offset uint32) error { - if !ins.OpCode.IsDWordLoad() { - return fmt.Errorf("%s is not a 64 bit load", ins.OpCode) - } - - if ins.Src != PseudoMapValue { - return errors.New("not a direct load from a map") - } - - fd := uint64(ins.Constant) & math.MaxUint32 - ins.Constant = int64(uint64(offset)<<32 | fd) - return nil -} - -func (ins *Instruction) mapOffset() uint32 { - return uint32(uint64(ins.Constant) >> 32) -} - -// IsLoadFromMap returns true if the instruction loads from a map. -// -// This covers both loading the map pointer and direct map value loads. -func (ins *Instruction) IsLoadFromMap() bool { - return ins.OpCode == LoadImmOp(DWord) && (ins.Src == PseudoMapFD || ins.Src == PseudoMapValue) -} - -// IsFunctionCall returns true if the instruction calls another BPF function. -// -// This is not the same thing as a BPF helper call. -func (ins *Instruction) IsFunctionCall() bool { - return ins.OpCode.JumpOp() == Call && ins.Src == PseudoCall -} - -// IsLoadOfFunctionPointer returns true if the instruction loads a function pointer. -func (ins *Instruction) IsLoadOfFunctionPointer() bool { - return ins.OpCode.IsDWordLoad() && ins.Src == PseudoFunc -} - -// IsFunctionReference returns true if the instruction references another BPF -// function, either by invoking a Call jump operation or by loading a function -// pointer. -func (ins *Instruction) IsFunctionReference() bool { - return ins.IsFunctionCall() || ins.IsLoadOfFunctionPointer() -} - -// IsBuiltinCall returns true if the instruction is a built-in call, i.e. BPF helper call. -func (ins *Instruction) IsBuiltinCall() bool { - return ins.OpCode.JumpOp() == Call && ins.Src == R0 && ins.Dst == R0 -} - -// IsConstantLoad returns true if the instruction loads a constant of the -// given size. -func (ins *Instruction) IsConstantLoad(size Size) bool { - return ins.OpCode == LoadImmOp(size) && ins.Src == R0 && ins.Offset == 0 -} - -// Format implements fmt.Formatter. -func (ins Instruction) Format(f fmt.State, c rune) { - if c != 'v' { - fmt.Fprintf(f, "{UNRECOGNIZED: %c}", c) - return - } - - op := ins.OpCode - - if op == InvalidOpCode { - fmt.Fprint(f, "INVALID") - return - } - - // Omit trailing space for Exit - if op.JumpOp() == Exit { - fmt.Fprint(f, op) - return - } - - if ins.IsLoadFromMap() { - fd := ins.mapFd() - m := ins.Map() - switch ins.Src { - case PseudoMapFD: - if m != nil { - fmt.Fprintf(f, "LoadMapPtr dst: %s map: %s", ins.Dst, m) - } else { - fmt.Fprintf(f, "LoadMapPtr dst: %s fd: %d", ins.Dst, fd) - } - - case PseudoMapValue: - if m != nil { - fmt.Fprintf(f, "LoadMapValue dst: %s, map: %s off: %d", ins.Dst, m, ins.mapOffset()) - } else { - fmt.Fprintf(f, "LoadMapValue dst: %s, fd: %d off: %d", ins.Dst, fd, ins.mapOffset()) - } - } - - goto ref - } - - fmt.Fprintf(f, "%v ", op) - switch cls := op.Class(); { - case cls.isLoadOrStore(): - switch op.Mode() { - case ImmMode: - fmt.Fprintf(f, "dst: %s imm: %d", ins.Dst, ins.Constant) - case AbsMode: - fmt.Fprintf(f, "imm: %d", ins.Constant) - case IndMode: - fmt.Fprintf(f, "dst: %s src: %s imm: %d", ins.Dst, ins.Src, ins.Constant) - case MemMode: - fmt.Fprintf(f, "dst: %s src: %s off: %d imm: %d", ins.Dst, ins.Src, ins.Offset, ins.Constant) - case XAddMode: - fmt.Fprintf(f, "dst: %s src: %s", ins.Dst, ins.Src) - } - - case cls.IsALU(): - fmt.Fprintf(f, "dst: %s ", ins.Dst) - if op.ALUOp() == Swap || op.Source() == ImmSource { - fmt.Fprintf(f, "imm: %d", ins.Constant) - } else { - fmt.Fprintf(f, "src: %s", ins.Src) - } - - case cls.IsJump(): - switch jop := op.JumpOp(); jop { - case Call: - if ins.Src == PseudoCall { - // bpf-to-bpf call - fmt.Fprint(f, ins.Constant) - } else { - fmt.Fprint(f, BuiltinFunc(ins.Constant)) - } - - default: - fmt.Fprintf(f, "dst: %s off: %d ", ins.Dst, ins.Offset) - if op.Source() == ImmSource { - fmt.Fprintf(f, "imm: %d", ins.Constant) - } else { - fmt.Fprintf(f, "src: %s", ins.Src) - } - } - } - -ref: - if ins.Reference() != "" { - fmt.Fprintf(f, " <%s>", ins.Reference()) - } -} - -func (ins Instruction) equal(other Instruction) bool { - return ins.OpCode == other.OpCode && - ins.Dst == other.Dst && - ins.Src == other.Src && - ins.Offset == other.Offset && - ins.Constant == other.Constant -} - -// Size returns the amount of bytes ins would occupy in binary form. -func (ins Instruction) Size() uint64 { - return uint64(InstructionSize * ins.OpCode.rawInstructions()) -} - -type symbolMeta struct{} - -// WithSymbol marks the Instruction as a Symbol, which other Instructions -// can point to using corresponding calls to WithReference. -func (ins Instruction) WithSymbol(name string) Instruction { - ins.Metadata.Set(symbolMeta{}, name) - return ins -} - -// Sym creates a symbol. -// -// Deprecated: use WithSymbol instead. -func (ins Instruction) Sym(name string) Instruction { - return ins.WithSymbol(name) -} - -// Symbol returns the value ins has been marked with using WithSymbol, -// otherwise returns an empty string. A symbol is often an Instruction -// at the start of a function body. -func (ins Instruction) Symbol() string { - sym, _ := ins.Metadata.Get(symbolMeta{}).(string) - return sym -} - -type referenceMeta struct{} - -// WithReference makes ins reference another Symbol or map by name. -func (ins Instruction) WithReference(ref string) Instruction { - ins.Metadata.Set(referenceMeta{}, ref) - return ins -} - -// Reference returns the Symbol or map name referenced by ins, if any. -func (ins Instruction) Reference() string { - ref, _ := ins.Metadata.Get(referenceMeta{}).(string) - return ref -} - -type mapMeta struct{} - -// Map returns the Map referenced by ins, if any. -// An Instruction will contain a Map if e.g. it references an existing, -// pinned map that was opened during ELF loading. -func (ins Instruction) Map() FDer { - fd, _ := ins.Metadata.Get(mapMeta{}).(FDer) - return fd -} - -type sourceMeta struct{} - -// WithSource adds source information about the Instruction. -func (ins Instruction) WithSource(src fmt.Stringer) Instruction { - ins.Metadata.Set(sourceMeta{}, src) - return ins -} - -// Source returns source information about the Instruction. The field is -// present when the compiler emits BTF line info about the Instruction and -// usually contains the line of source code responsible for it. -func (ins Instruction) Source() fmt.Stringer { - str, _ := ins.Metadata.Get(sourceMeta{}).(fmt.Stringer) - return str -} - -// A Comment can be passed to Instruction.WithSource to add a comment -// to an instruction. -type Comment string - -func (s Comment) String() string { - return string(s) -} - -// FDer represents a resource tied to an underlying file descriptor. -// Used as a stand-in for e.g. ebpf.Map since that type cannot be -// imported here and FD() is the only method we rely on. -type FDer interface { - FD() int -} - -// Instructions is an eBPF program. -type Instructions []Instruction - -// Unmarshal unmarshals an Instructions from a binary instruction stream. -// All instructions in insns are replaced by instructions decoded from r. -func (insns *Instructions) Unmarshal(r io.Reader, bo binary.ByteOrder) error { - if len(*insns) > 0 { - *insns = nil - } - - var offset uint64 - for { - var ins Instruction - n, err := ins.Unmarshal(r, bo) - if errors.Is(err, io.EOF) { - break - } - if err != nil { - return fmt.Errorf("offset %d: %w", offset, err) - } - - *insns = append(*insns, ins) - offset += n - } - - return nil -} - -// Name returns the name of the function insns belongs to, if any. -func (insns Instructions) Name() string { - if len(insns) == 0 { - return "" - } - return insns[0].Symbol() -} - -func (insns Instructions) String() string { - return fmt.Sprint(insns) -} - -// Size returns the amount of bytes insns would occupy in binary form. -func (insns Instructions) Size() uint64 { - var sum uint64 - for _, ins := range insns { - sum += ins.Size() - } - return sum -} - -// AssociateMap updates all Instructions that Reference the given symbol -// to point to an existing Map m instead. -// -// Returns ErrUnreferencedSymbol error if no references to symbol are found -// in insns. If symbol is anything else than the symbol name of map (e.g. -// a bpf2bpf subprogram), an error is returned. -func (insns Instructions) AssociateMap(symbol string, m FDer) error { - if symbol == "" { - return errors.New("empty symbol") - } - - var found bool - for i := range insns { - ins := &insns[i] - if ins.Reference() != symbol { - continue - } - - if err := ins.AssociateMap(m); err != nil { - return err - } - - found = true - } - - if !found { - return fmt.Errorf("symbol %s: %w", symbol, ErrUnreferencedSymbol) - } - - return nil -} - -// RewriteMapPtr rewrites all loads of a specific map pointer to a new fd. -// -// Returns ErrUnreferencedSymbol if the symbol isn't used. -// -// Deprecated: use AssociateMap instead. -func (insns Instructions) RewriteMapPtr(symbol string, fd int) error { - if symbol == "" { - return errors.New("empty symbol") - } - - var found bool - for i := range insns { - ins := &insns[i] - if ins.Reference() != symbol { - continue - } - - if !ins.IsLoadFromMap() { - return errors.New("not a load from a map") - } - - ins.encodeMapFD(fd) - - found = true - } - - if !found { - return fmt.Errorf("symbol %s: %w", symbol, ErrUnreferencedSymbol) - } - - return nil -} - -// SymbolOffsets returns the set of symbols and their offset in -// the instructions. -func (insns Instructions) SymbolOffsets() (map[string]int, error) { - offsets := make(map[string]int) - - for i, ins := range insns { - if ins.Symbol() == "" { - continue - } - - if _, ok := offsets[ins.Symbol()]; ok { - return nil, fmt.Errorf("duplicate symbol %s", ins.Symbol()) - } - - offsets[ins.Symbol()] = i - } - - return offsets, nil -} - -// FunctionReferences returns a set of symbol names these Instructions make -// bpf-to-bpf calls to. -func (insns Instructions) FunctionReferences() []string { - calls := make(map[string]struct{}) - for _, ins := range insns { - if ins.Constant != -1 { - // BPF-to-BPF calls have -1 constants. - continue - } - - if ins.Reference() == "" { - continue - } - - if !ins.IsFunctionReference() { - continue - } - - calls[ins.Reference()] = struct{}{} - } - - result := make([]string, 0, len(calls)) - for call := range calls { - result = append(result, call) - } - - sort.Strings(result) - return result -} - -// ReferenceOffsets returns the set of references and their offset in -// the instructions. -func (insns Instructions) ReferenceOffsets() map[string][]int { - offsets := make(map[string][]int) - - for i, ins := range insns { - if ins.Reference() == "" { - continue - } - - offsets[ins.Reference()] = append(offsets[ins.Reference()], i) - } - - return offsets -} - -// Format implements fmt.Formatter. -// -// You can control indentation of symbols by -// specifying a width. Setting a precision controls the indentation of -// instructions. -// The default character is a tab, which can be overridden by specifying -// the ' ' space flag. -func (insns Instructions) Format(f fmt.State, c rune) { - if c != 's' && c != 'v' { - fmt.Fprintf(f, "{UNKNOWN FORMAT '%c'}", c) - return - } - - // Precision is better in this case, because it allows - // specifying 0 padding easily. - padding, ok := f.Precision() - if !ok { - padding = 1 - } - - indent := strings.Repeat("\t", padding) - if f.Flag(' ') { - indent = strings.Repeat(" ", padding) - } - - symPadding, ok := f.Width() - if !ok { - symPadding = padding - 1 - } - if symPadding < 0 { - symPadding = 0 - } - - symIndent := strings.Repeat("\t", symPadding) - if f.Flag(' ') { - symIndent = strings.Repeat(" ", symPadding) - } - - // Guess how many digits we need at most, by assuming that all instructions - // are double wide. - highestOffset := len(insns) * 2 - offsetWidth := int(math.Ceil(math.Log10(float64(highestOffset)))) - - iter := insns.Iterate() - for iter.Next() { - if iter.Ins.Symbol() != "" { - fmt.Fprintf(f, "%s%s:\n", symIndent, iter.Ins.Symbol()) - } - if src := iter.Ins.Source(); src != nil { - line := strings.TrimSpace(src.String()) - if line != "" { - fmt.Fprintf(f, "%s%*s; %s\n", indent, offsetWidth, " ", line) - } - } - fmt.Fprintf(f, "%s%*d: %v\n", indent, offsetWidth, iter.Offset, iter.Ins) - } -} - -// Marshal encodes a BPF program into the kernel format. -// -// insns may be modified if there are unresolved jumps or bpf2bpf calls. -// -// Returns ErrUnsatisfiedProgramReference if there is a Reference Instruction -// without a matching Symbol Instruction within insns. -func (insns Instructions) Marshal(w io.Writer, bo binary.ByteOrder) error { - if err := insns.encodeFunctionReferences(); err != nil { - return err - } - - if err := insns.encodeMapPointers(); err != nil { - return err - } - - for i, ins := range insns { - if _, err := ins.Marshal(w, bo); err != nil { - return fmt.Errorf("instruction %d: %w", i, err) - } - } - return nil -} - -// Tag calculates the kernel tag for a series of instructions. -// -// It mirrors bpf_prog_calc_tag in the kernel and so can be compared -// to ProgramInfo.Tag to figure out whether a loaded program matches -// certain instructions. -func (insns Instructions) Tag(bo binary.ByteOrder) (string, error) { - h := sha1.New() - for i, ins := range insns { - if ins.IsLoadFromMap() { - ins.Constant = 0 - } - _, err := ins.Marshal(h, bo) - if err != nil { - return "", fmt.Errorf("instruction %d: %w", i, err) - } - } - return hex.EncodeToString(h.Sum(nil)[:unix.BPF_TAG_SIZE]), nil -} - -// encodeFunctionReferences populates the Offset (or Constant, depending on -// the instruction type) field of instructions with a Reference field to point -// to the offset of the corresponding instruction with a matching Symbol field. -// -// Only Reference Instructions that are either jumps or BPF function references -// (calls or function pointer loads) are populated. -// -// Returns ErrUnsatisfiedProgramReference if there is a Reference Instruction -// without at least one corresponding Symbol Instruction within insns. -func (insns Instructions) encodeFunctionReferences() error { - // Index the offsets of instructions tagged as a symbol. - symbolOffsets := make(map[string]RawInstructionOffset) - iter := insns.Iterate() - for iter.Next() { - ins := iter.Ins - - if ins.Symbol() == "" { - continue - } - - if _, ok := symbolOffsets[ins.Symbol()]; ok { - return fmt.Errorf("duplicate symbol %s", ins.Symbol()) - } - - symbolOffsets[ins.Symbol()] = iter.Offset - } - - // Find all instructions tagged as references to other symbols. - // Depending on the instruction type, populate their constant or offset - // fields to point to the symbol they refer to within the insn stream. - iter = insns.Iterate() - for iter.Next() { - i := iter.Index - offset := iter.Offset - ins := iter.Ins - - if ins.Reference() == "" { - continue - } - - switch { - case ins.IsFunctionReference() && ins.Constant == -1: - symOffset, ok := symbolOffsets[ins.Reference()] - if !ok { - return fmt.Errorf("%s at insn %d: symbol %q: %w", ins.OpCode, i, ins.Reference(), ErrUnsatisfiedProgramReference) - } - - ins.Constant = int64(symOffset - offset - 1) - - case ins.OpCode.Class().IsJump() && ins.Offset == -1: - symOffset, ok := symbolOffsets[ins.Reference()] - if !ok { - return fmt.Errorf("%s at insn %d: symbol %q: %w", ins.OpCode, i, ins.Reference(), ErrUnsatisfiedProgramReference) - } - - ins.Offset = int16(symOffset - offset - 1) - } - } - - return nil -} - -// encodeMapPointers finds all Map Instructions and encodes their FDs -// into their Constant fields. -func (insns Instructions) encodeMapPointers() error { - iter := insns.Iterate() - for iter.Next() { - ins := iter.Ins - - if !ins.IsLoadFromMap() { - continue - } - - m := ins.Map() - if m == nil { - continue - } - - fd := m.FD() - if fd < 0 { - return fmt.Errorf("map %s: %w", m, sys.ErrClosedFd) - } - - ins.encodeMapFD(m.FD()) - } - - return nil -} - -// Iterate allows iterating a BPF program while keeping track of -// various offsets. -// -// Modifying the instruction slice will lead to undefined behaviour. -func (insns Instructions) Iterate() *InstructionIterator { - return &InstructionIterator{insns: insns} -} - -// InstructionIterator iterates over a BPF program. -type InstructionIterator struct { - insns Instructions - // The instruction in question. - Ins *Instruction - // The index of the instruction in the original instruction slice. - Index int - // The offset of the instruction in raw BPF instructions. This accounts - // for double-wide instructions. - Offset RawInstructionOffset -} - -// Next returns true as long as there are any instructions remaining. -func (iter *InstructionIterator) Next() bool { - if len(iter.insns) == 0 { - return false - } - - if iter.Ins != nil { - iter.Index++ - iter.Offset += RawInstructionOffset(iter.Ins.OpCode.rawInstructions()) - } - iter.Ins = &iter.insns[0] - iter.insns = iter.insns[1:] - return true -} - -type bpfRegisters uint8 - -func newBPFRegisters(dst, src Register, bo binary.ByteOrder) (bpfRegisters, error) { - switch bo { - case binary.LittleEndian: - return bpfRegisters((src << 4) | (dst & 0xF)), nil - case binary.BigEndian: - return bpfRegisters((dst << 4) | (src & 0xF)), nil - default: - return 0, fmt.Errorf("unrecognized ByteOrder %T", bo) - } -} - -// IsUnreferencedSymbol returns true if err was caused by -// an unreferenced symbol. -// -// Deprecated: use errors.Is(err, asm.ErrUnreferencedSymbol). -func IsUnreferencedSymbol(err error) bool { - return errors.Is(err, ErrUnreferencedSymbol) -} diff --git a/vendor/github.com/cilium/ebpf/asm/jump.go b/vendor/github.com/cilium/ebpf/asm/jump.go deleted file mode 100644 index e31e42cac5..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/jump.go +++ /dev/null @@ -1,127 +0,0 @@ -package asm - -//go:generate stringer -output jump_string.go -type=JumpOp - -// JumpOp affect control flow. -// -// msb lsb -// +----+-+---+ -// |OP |s|cls| -// +----+-+---+ -type JumpOp uint8 - -const jumpMask OpCode = aluMask - -const ( - // InvalidJumpOp is returned by getters when invoked - // on non branch OpCodes - InvalidJumpOp JumpOp = 0xff - // Ja jumps by offset unconditionally - Ja JumpOp = 0x00 - // JEq jumps by offset if r == imm - JEq JumpOp = 0x10 - // JGT jumps by offset if r > imm - JGT JumpOp = 0x20 - // JGE jumps by offset if r >= imm - JGE JumpOp = 0x30 - // JSet jumps by offset if r & imm - JSet JumpOp = 0x40 - // JNE jumps by offset if r != imm - JNE JumpOp = 0x50 - // JSGT jumps by offset if signed r > signed imm - JSGT JumpOp = 0x60 - // JSGE jumps by offset if signed r >= signed imm - JSGE JumpOp = 0x70 - // Call builtin or user defined function from imm - Call JumpOp = 0x80 - // Exit ends execution, with value in r0 - Exit JumpOp = 0x90 - // JLT jumps by offset if r < imm - JLT JumpOp = 0xa0 - // JLE jumps by offset if r <= imm - JLE JumpOp = 0xb0 - // JSLT jumps by offset if signed r < signed imm - JSLT JumpOp = 0xc0 - // JSLE jumps by offset if signed r <= signed imm - JSLE JumpOp = 0xd0 -) - -// Return emits an exit instruction. -// -// Requires a return value in R0. -func Return() Instruction { - return Instruction{ - OpCode: OpCode(JumpClass).SetJumpOp(Exit), - } -} - -// Op returns the OpCode for a given jump source. -func (op JumpOp) Op(source Source) OpCode { - return OpCode(JumpClass).SetJumpOp(op).SetSource(source) -} - -// Imm compares 64 bit dst to 64 bit value (sign extended), and adjusts PC by offset if the condition is fulfilled. -func (op JumpOp) Imm(dst Register, value int32, label string) Instruction { - return Instruction{ - OpCode: op.opCode(JumpClass, ImmSource), - Dst: dst, - Offset: -1, - Constant: int64(value), - }.WithReference(label) -} - -// Imm32 compares 32 bit dst to 32 bit value, and adjusts PC by offset if the condition is fulfilled. -// Requires kernel 5.1. -func (op JumpOp) Imm32(dst Register, value int32, label string) Instruction { - return Instruction{ - OpCode: op.opCode(Jump32Class, ImmSource), - Dst: dst, - Offset: -1, - Constant: int64(value), - }.WithReference(label) -} - -// Reg compares 64 bit dst to 64 bit src, and adjusts PC by offset if the condition is fulfilled. -func (op JumpOp) Reg(dst, src Register, label string) Instruction { - return Instruction{ - OpCode: op.opCode(JumpClass, RegSource), - Dst: dst, - Src: src, - Offset: -1, - }.WithReference(label) -} - -// Reg32 compares 32 bit dst to 32 bit src, and adjusts PC by offset if the condition is fulfilled. -// Requires kernel 5.1. -func (op JumpOp) Reg32(dst, src Register, label string) Instruction { - return Instruction{ - OpCode: op.opCode(Jump32Class, RegSource), - Dst: dst, - Src: src, - Offset: -1, - }.WithReference(label) -} - -func (op JumpOp) opCode(class Class, source Source) OpCode { - if op == Exit || op == Call || op == Ja { - return InvalidOpCode - } - - return OpCode(class).SetJumpOp(op).SetSource(source) -} - -// Label adjusts PC to the address of the label. -func (op JumpOp) Label(label string) Instruction { - if op == Call { - return Instruction{ - OpCode: OpCode(JumpClass).SetJumpOp(Call), - Src: PseudoCall, - Constant: -1, - }.WithReference(label) - } - - return Instruction{ - OpCode: OpCode(JumpClass).SetJumpOp(op), - Offset: -1, - }.WithReference(label) -} diff --git a/vendor/github.com/cilium/ebpf/asm/jump_string.go b/vendor/github.com/cilium/ebpf/asm/jump_string.go deleted file mode 100644 index 85a4aaffa5..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/jump_string.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by "stringer -output jump_string.go -type=JumpOp"; DO NOT EDIT. - -package asm - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[InvalidJumpOp-255] - _ = x[Ja-0] - _ = x[JEq-16] - _ = x[JGT-32] - _ = x[JGE-48] - _ = x[JSet-64] - _ = x[JNE-80] - _ = x[JSGT-96] - _ = x[JSGE-112] - _ = x[Call-128] - _ = x[Exit-144] - _ = x[JLT-160] - _ = x[JLE-176] - _ = x[JSLT-192] - _ = x[JSLE-208] -} - -const _JumpOp_name = "JaJEqJGTJGEJSetJNEJSGTJSGECallExitJLTJLEJSLTJSLEInvalidJumpOp" - -var _JumpOp_map = map[JumpOp]string{ - 0: _JumpOp_name[0:2], - 16: _JumpOp_name[2:5], - 32: _JumpOp_name[5:8], - 48: _JumpOp_name[8:11], - 64: _JumpOp_name[11:15], - 80: _JumpOp_name[15:18], - 96: _JumpOp_name[18:22], - 112: _JumpOp_name[22:26], - 128: _JumpOp_name[26:30], - 144: _JumpOp_name[30:34], - 160: _JumpOp_name[34:37], - 176: _JumpOp_name[37:40], - 192: _JumpOp_name[40:44], - 208: _JumpOp_name[44:48], - 255: _JumpOp_name[48:61], -} - -func (i JumpOp) String() string { - if str, ok := _JumpOp_map[i]; ok { - return str - } - return "JumpOp(" + strconv.FormatInt(int64(i), 10) + ")" -} diff --git a/vendor/github.com/cilium/ebpf/asm/load_store.go b/vendor/github.com/cilium/ebpf/asm/load_store.go deleted file mode 100644 index 85ed286b02..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/load_store.go +++ /dev/null @@ -1,204 +0,0 @@ -package asm - -//go:generate stringer -output load_store_string.go -type=Mode,Size - -// Mode for load and store operations -// -// msb lsb -// +---+--+---+ -// |MDE|sz|cls| -// +---+--+---+ -type Mode uint8 - -const modeMask OpCode = 0xe0 - -const ( - // InvalidMode is returned by getters when invoked - // on non load / store OpCodes - InvalidMode Mode = 0xff - // ImmMode - immediate value - ImmMode Mode = 0x00 - // AbsMode - immediate value + offset - AbsMode Mode = 0x20 - // IndMode - indirect (imm+src) - IndMode Mode = 0x40 - // MemMode - load from memory - MemMode Mode = 0x60 - // XAddMode - add atomically across processors. - XAddMode Mode = 0xc0 -) - -// Size of load and store operations -// -// msb lsb -// +---+--+---+ -// |mde|SZ|cls| -// +---+--+---+ -type Size uint8 - -const sizeMask OpCode = 0x18 - -const ( - // InvalidSize is returned by getters when invoked - // on non load / store OpCodes - InvalidSize Size = 0xff - // DWord - double word; 64 bits - DWord Size = 0x18 - // Word - word; 32 bits - Word Size = 0x00 - // Half - half-word; 16 bits - Half Size = 0x08 - // Byte - byte; 8 bits - Byte Size = 0x10 -) - -// Sizeof returns the size in bytes. -func (s Size) Sizeof() int { - switch s { - case DWord: - return 8 - case Word: - return 4 - case Half: - return 2 - case Byte: - return 1 - default: - return -1 - } -} - -// LoadMemOp returns the OpCode to load a value of given size from memory. -func LoadMemOp(size Size) OpCode { - return OpCode(LdXClass).SetMode(MemMode).SetSize(size) -} - -// LoadMem emits `dst = *(size *)(src + offset)`. -func LoadMem(dst, src Register, offset int16, size Size) Instruction { - return Instruction{ - OpCode: LoadMemOp(size), - Dst: dst, - Src: src, - Offset: offset, - } -} - -// LoadImmOp returns the OpCode to load an immediate of given size. -// -// As of kernel 4.20, only DWord size is accepted. -func LoadImmOp(size Size) OpCode { - return OpCode(LdClass).SetMode(ImmMode).SetSize(size) -} - -// LoadImm emits `dst = (size)value`. -// -// As of kernel 4.20, only DWord size is accepted. -func LoadImm(dst Register, value int64, size Size) Instruction { - return Instruction{ - OpCode: LoadImmOp(size), - Dst: dst, - Constant: value, - } -} - -// LoadMapPtr stores a pointer to a map in dst. -func LoadMapPtr(dst Register, fd int) Instruction { - if fd < 0 { - return Instruction{OpCode: InvalidOpCode} - } - - return Instruction{ - OpCode: LoadImmOp(DWord), - Dst: dst, - Src: PseudoMapFD, - Constant: int64(uint32(fd)), - } -} - -// LoadMapValue stores a pointer to the value at a certain offset of a map. -func LoadMapValue(dst Register, fd int, offset uint32) Instruction { - if fd < 0 { - return Instruction{OpCode: InvalidOpCode} - } - - fdAndOffset := (uint64(offset) << 32) | uint64(uint32(fd)) - return Instruction{ - OpCode: LoadImmOp(DWord), - Dst: dst, - Src: PseudoMapValue, - Constant: int64(fdAndOffset), - } -} - -// LoadIndOp returns the OpCode for loading a value of given size from an sk_buff. -func LoadIndOp(size Size) OpCode { - return OpCode(LdClass).SetMode(IndMode).SetSize(size) -} - -// LoadInd emits `dst = ntoh(*(size *)(((sk_buff *)R6)->data + src + offset))`. -func LoadInd(dst, src Register, offset int32, size Size) Instruction { - return Instruction{ - OpCode: LoadIndOp(size), - Dst: dst, - Src: src, - Constant: int64(offset), - } -} - -// LoadAbsOp returns the OpCode for loading a value of given size from an sk_buff. -func LoadAbsOp(size Size) OpCode { - return OpCode(LdClass).SetMode(AbsMode).SetSize(size) -} - -// LoadAbs emits `r0 = ntoh(*(size *)(((sk_buff *)R6)->data + offset))`. -func LoadAbs(offset int32, size Size) Instruction { - return Instruction{ - OpCode: LoadAbsOp(size), - Dst: R0, - Constant: int64(offset), - } -} - -// StoreMemOp returns the OpCode for storing a register of given size in memory. -func StoreMemOp(size Size) OpCode { - return OpCode(StXClass).SetMode(MemMode).SetSize(size) -} - -// StoreMem emits `*(size *)(dst + offset) = src` -func StoreMem(dst Register, offset int16, src Register, size Size) Instruction { - return Instruction{ - OpCode: StoreMemOp(size), - Dst: dst, - Src: src, - Offset: offset, - } -} - -// StoreImmOp returns the OpCode for storing an immediate of given size in memory. -func StoreImmOp(size Size) OpCode { - return OpCode(StClass).SetMode(MemMode).SetSize(size) -} - -// StoreImm emits `*(size *)(dst + offset) = value`. -func StoreImm(dst Register, offset int16, value int64, size Size) Instruction { - return Instruction{ - OpCode: StoreImmOp(size), - Dst: dst, - Offset: offset, - Constant: value, - } -} - -// StoreXAddOp returns the OpCode to atomically add a register to a value in memory. -func StoreXAddOp(size Size) OpCode { - return OpCode(StXClass).SetMode(XAddMode).SetSize(size) -} - -// StoreXAdd atomically adds src to *dst. -func StoreXAdd(dst, src Register, size Size) Instruction { - return Instruction{ - OpCode: StoreXAddOp(size), - Dst: dst, - Src: src, - } -} diff --git a/vendor/github.com/cilium/ebpf/asm/load_store_string.go b/vendor/github.com/cilium/ebpf/asm/load_store_string.go deleted file mode 100644 index 76d29a0756..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/load_store_string.go +++ /dev/null @@ -1,80 +0,0 @@ -// Code generated by "stringer -output load_store_string.go -type=Mode,Size"; DO NOT EDIT. - -package asm - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[InvalidMode-255] - _ = x[ImmMode-0] - _ = x[AbsMode-32] - _ = x[IndMode-64] - _ = x[MemMode-96] - _ = x[XAddMode-192] -} - -const ( - _Mode_name_0 = "ImmMode" - _Mode_name_1 = "AbsMode" - _Mode_name_2 = "IndMode" - _Mode_name_3 = "MemMode" - _Mode_name_4 = "XAddMode" - _Mode_name_5 = "InvalidMode" -) - -func (i Mode) String() string { - switch { - case i == 0: - return _Mode_name_0 - case i == 32: - return _Mode_name_1 - case i == 64: - return _Mode_name_2 - case i == 96: - return _Mode_name_3 - case i == 192: - return _Mode_name_4 - case i == 255: - return _Mode_name_5 - default: - return "Mode(" + strconv.FormatInt(int64(i), 10) + ")" - } -} -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[InvalidSize-255] - _ = x[DWord-24] - _ = x[Word-0] - _ = x[Half-8] - _ = x[Byte-16] -} - -const ( - _Size_name_0 = "Word" - _Size_name_1 = "Half" - _Size_name_2 = "Byte" - _Size_name_3 = "DWord" - _Size_name_4 = "InvalidSize" -) - -func (i Size) String() string { - switch { - case i == 0: - return _Size_name_0 - case i == 8: - return _Size_name_1 - case i == 16: - return _Size_name_2 - case i == 24: - return _Size_name_3 - case i == 255: - return _Size_name_4 - default: - return "Size(" + strconv.FormatInt(int64(i), 10) + ")" - } -} diff --git a/vendor/github.com/cilium/ebpf/asm/metadata.go b/vendor/github.com/cilium/ebpf/asm/metadata.go deleted file mode 100644 index dd368a9360..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/metadata.go +++ /dev/null @@ -1,80 +0,0 @@ -package asm - -// Metadata contains metadata about an instruction. -type Metadata struct { - head *metaElement -} - -type metaElement struct { - next *metaElement - key, value interface{} -} - -// Find the element containing key. -// -// Returns nil if there is no such element. -func (m *Metadata) find(key interface{}) *metaElement { - for e := m.head; e != nil; e = e.next { - if e.key == key { - return e - } - } - return nil -} - -// Remove an element from the linked list. -// -// Copies as many elements of the list as necessary to remove r, but doesn't -// perform a full copy. -func (m *Metadata) remove(r *metaElement) { - current := &m.head - for e := m.head; e != nil; e = e.next { - if e == r { - // We've found the element we want to remove. - *current = e.next - - // No need to copy the tail. - return - } - - // There is another element in front of the one we want to remove. - // We have to copy it to be able to change metaElement.next. - cpy := &metaElement{key: e.key, value: e.value} - *current = cpy - current = &cpy.next - } -} - -// Set a key to a value. -// -// If value is nil, the key is removed. Avoids modifying old metadata by -// copying if necessary. -func (m *Metadata) Set(key, value interface{}) { - if e := m.find(key); e != nil { - if e.value == value { - // Key is present and the value is the same. Nothing to do. - return - } - - // Key is present with a different value. Create a copy of the list - // which doesn't have the element in it. - m.remove(e) - } - - // m.head is now a linked list that doesn't contain key. - if value == nil { - return - } - - m.head = &metaElement{key: key, value: value, next: m.head} -} - -// Get the value of a key. -// -// Returns nil if no value with the given key is present. -func (m *Metadata) Get(key interface{}) interface{} { - if e := m.find(key); e != nil { - return e.value - } - return nil -} diff --git a/vendor/github.com/cilium/ebpf/asm/opcode.go b/vendor/github.com/cilium/ebpf/asm/opcode.go deleted file mode 100644 index b11917e18b..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/opcode.go +++ /dev/null @@ -1,271 +0,0 @@ -package asm - -import ( - "fmt" - "strings" -) - -//go:generate stringer -output opcode_string.go -type=Class - -// Class of operations -// -// msb lsb -// +---+--+---+ -// | ?? |CLS| -// +---+--+---+ -type Class uint8 - -const classMask OpCode = 0x07 - -const ( - // LdClass loads immediate values into registers. - // Also used for non-standard load operations from cBPF. - LdClass Class = 0x00 - // LdXClass loads memory into registers. - LdXClass Class = 0x01 - // StClass stores immediate values to memory. - StClass Class = 0x02 - // StXClass stores registers to memory. - StXClass Class = 0x03 - // ALUClass describes arithmetic operators. - ALUClass Class = 0x04 - // JumpClass describes jump operators. - JumpClass Class = 0x05 - // Jump32Class describes jump operators with 32-bit comparisons. - // Requires kernel 5.1. - Jump32Class Class = 0x06 - // ALU64Class describes arithmetic operators in 64-bit mode. - ALU64Class Class = 0x07 -) - -// IsLoad checks if this is either LdClass or LdXClass. -func (cls Class) IsLoad() bool { - return cls == LdClass || cls == LdXClass -} - -// IsStore checks if this is either StClass or StXClass. -func (cls Class) IsStore() bool { - return cls == StClass || cls == StXClass -} - -func (cls Class) isLoadOrStore() bool { - return cls.IsLoad() || cls.IsStore() -} - -// IsALU checks if this is either ALUClass or ALU64Class. -func (cls Class) IsALU() bool { - return cls == ALUClass || cls == ALU64Class -} - -// IsJump checks if this is either JumpClass or Jump32Class. -func (cls Class) IsJump() bool { - return cls == JumpClass || cls == Jump32Class -} - -func (cls Class) isJumpOrALU() bool { - return cls.IsJump() || cls.IsALU() -} - -// OpCode is a packed eBPF opcode. -// -// Its encoding is defined by a Class value: -// -// msb lsb -// +----+-+---+ -// | ???? |CLS| -// +----+-+---+ -type OpCode uint8 - -// InvalidOpCode is returned by setters on OpCode -const InvalidOpCode OpCode = 0xff - -// rawInstructions returns the number of BPF instructions required -// to encode this opcode. -func (op OpCode) rawInstructions() int { - if op.IsDWordLoad() { - return 2 - } - return 1 -} - -func (op OpCode) IsDWordLoad() bool { - return op == LoadImmOp(DWord) -} - -// Class returns the class of operation. -func (op OpCode) Class() Class { - return Class(op & classMask) -} - -// Mode returns the mode for load and store operations. -func (op OpCode) Mode() Mode { - if !op.Class().isLoadOrStore() { - return InvalidMode - } - return Mode(op & modeMask) -} - -// Size returns the size for load and store operations. -func (op OpCode) Size() Size { - if !op.Class().isLoadOrStore() { - return InvalidSize - } - return Size(op & sizeMask) -} - -// Source returns the source for branch and ALU operations. -func (op OpCode) Source() Source { - if !op.Class().isJumpOrALU() || op.ALUOp() == Swap { - return InvalidSource - } - return Source(op & sourceMask) -} - -// ALUOp returns the ALUOp. -func (op OpCode) ALUOp() ALUOp { - if !op.Class().IsALU() { - return InvalidALUOp - } - return ALUOp(op & aluMask) -} - -// Endianness returns the Endianness for a byte swap instruction. -func (op OpCode) Endianness() Endianness { - if op.ALUOp() != Swap { - return InvalidEndian - } - return Endianness(op & endianMask) -} - -// JumpOp returns the JumpOp. -// Returns InvalidJumpOp if it doesn't encode a jump. -func (op OpCode) JumpOp() JumpOp { - if !op.Class().IsJump() { - return InvalidJumpOp - } - - jumpOp := JumpOp(op & jumpMask) - - // Some JumpOps are only supported by JumpClass, not Jump32Class. - if op.Class() == Jump32Class && (jumpOp == Exit || jumpOp == Call || jumpOp == Ja) { - return InvalidJumpOp - } - - return jumpOp -} - -// SetMode sets the mode on load and store operations. -// -// Returns InvalidOpCode if op is of the wrong class. -func (op OpCode) SetMode(mode Mode) OpCode { - if !op.Class().isLoadOrStore() || !valid(OpCode(mode), modeMask) { - return InvalidOpCode - } - return (op & ^modeMask) | OpCode(mode) -} - -// SetSize sets the size on load and store operations. -// -// Returns InvalidOpCode if op is of the wrong class. -func (op OpCode) SetSize(size Size) OpCode { - if !op.Class().isLoadOrStore() || !valid(OpCode(size), sizeMask) { - return InvalidOpCode - } - return (op & ^sizeMask) | OpCode(size) -} - -// SetSource sets the source on jump and ALU operations. -// -// Returns InvalidOpCode if op is of the wrong class. -func (op OpCode) SetSource(source Source) OpCode { - if !op.Class().isJumpOrALU() || !valid(OpCode(source), sourceMask) { - return InvalidOpCode - } - return (op & ^sourceMask) | OpCode(source) -} - -// SetALUOp sets the ALUOp on ALU operations. -// -// Returns InvalidOpCode if op is of the wrong class. -func (op OpCode) SetALUOp(alu ALUOp) OpCode { - if !op.Class().IsALU() || !valid(OpCode(alu), aluMask) { - return InvalidOpCode - } - return (op & ^aluMask) | OpCode(alu) -} - -// SetJumpOp sets the JumpOp on jump operations. -// -// Returns InvalidOpCode if op is of the wrong class. -func (op OpCode) SetJumpOp(jump JumpOp) OpCode { - if !op.Class().IsJump() || !valid(OpCode(jump), jumpMask) { - return InvalidOpCode - } - - newOp := (op & ^jumpMask) | OpCode(jump) - - // Check newOp is legal. - if newOp.JumpOp() == InvalidJumpOp { - return InvalidOpCode - } - - return newOp -} - -func (op OpCode) String() string { - var f strings.Builder - - switch class := op.Class(); { - case class.isLoadOrStore(): - f.WriteString(strings.TrimSuffix(class.String(), "Class")) - - mode := op.Mode() - f.WriteString(strings.TrimSuffix(mode.String(), "Mode")) - - switch op.Size() { - case DWord: - f.WriteString("DW") - case Word: - f.WriteString("W") - case Half: - f.WriteString("H") - case Byte: - f.WriteString("B") - } - - case class.IsALU(): - f.WriteString(op.ALUOp().String()) - - if op.ALUOp() == Swap { - // Width for Endian is controlled by Constant - f.WriteString(op.Endianness().String()) - } else { - if class == ALUClass { - f.WriteString("32") - } - - f.WriteString(strings.TrimSuffix(op.Source().String(), "Source")) - } - - case class.IsJump(): - f.WriteString(op.JumpOp().String()) - - if class == Jump32Class { - f.WriteString("32") - } - - if jop := op.JumpOp(); jop != Exit && jop != Call { - f.WriteString(strings.TrimSuffix(op.Source().String(), "Source")) - } - - default: - fmt.Fprintf(&f, "OpCode(%#x)", uint8(op)) - } - - return f.String() -} - -// valid returns true if all bits in value are covered by mask. -func valid(value, mask OpCode) bool { - return value & ^mask == 0 -} diff --git a/vendor/github.com/cilium/ebpf/asm/opcode_string.go b/vendor/github.com/cilium/ebpf/asm/opcode_string.go deleted file mode 100644 index 58bc3e7e7f..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/opcode_string.go +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by "stringer -output opcode_string.go -type=Class"; DO NOT EDIT. - -package asm - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[LdClass-0] - _ = x[LdXClass-1] - _ = x[StClass-2] - _ = x[StXClass-3] - _ = x[ALUClass-4] - _ = x[JumpClass-5] - _ = x[Jump32Class-6] - _ = x[ALU64Class-7] -} - -const _Class_name = "LdClassLdXClassStClassStXClassALUClassJumpClassJump32ClassALU64Class" - -var _Class_index = [...]uint8{0, 7, 15, 22, 30, 38, 47, 58, 68} - -func (i Class) String() string { - if i >= Class(len(_Class_index)-1) { - return "Class(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _Class_name[_Class_index[i]:_Class_index[i+1]] -} diff --git a/vendor/github.com/cilium/ebpf/asm/register.go b/vendor/github.com/cilium/ebpf/asm/register.go deleted file mode 100644 index dd5d44f1c1..0000000000 --- a/vendor/github.com/cilium/ebpf/asm/register.go +++ /dev/null @@ -1,50 +0,0 @@ -package asm - -import ( - "fmt" -) - -// Register is the source or destination of most operations. -type Register uint8 - -// R0 contains return values. -const R0 Register = 0 - -// Registers for function arguments. -const ( - R1 Register = R0 + 1 + iota - R2 - R3 - R4 - R5 -) - -// Callee saved registers preserved by function calls. -const ( - R6 Register = R5 + 1 + iota - R7 - R8 - R9 -) - -// Read-only frame pointer to access stack. -const ( - R10 Register = R9 + 1 - RFP = R10 -) - -// Pseudo registers used by 64bit loads and jumps -const ( - PseudoMapFD = R1 // BPF_PSEUDO_MAP_FD - PseudoMapValue = R2 // BPF_PSEUDO_MAP_VALUE - PseudoCall = R1 // BPF_PSEUDO_CALL - PseudoFunc = R4 // BPF_PSEUDO_FUNC -) - -func (r Register) String() string { - v := uint8(r) - if v == 10 { - return "rfp" - } - return fmt.Sprintf("r%d", v) -} diff --git a/vendor/github.com/cilium/ebpf/attachtype_string.go b/vendor/github.com/cilium/ebpf/attachtype_string.go deleted file mode 100644 index de355ed909..0000000000 --- a/vendor/github.com/cilium/ebpf/attachtype_string.go +++ /dev/null @@ -1,65 +0,0 @@ -// Code generated by "stringer -type AttachType -trimprefix Attach"; DO NOT EDIT. - -package ebpf - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[AttachNone-0] - _ = x[AttachCGroupInetIngress-0] - _ = x[AttachCGroupInetEgress-1] - _ = x[AttachCGroupInetSockCreate-2] - _ = x[AttachCGroupSockOps-3] - _ = x[AttachSkSKBStreamParser-4] - _ = x[AttachSkSKBStreamVerdict-5] - _ = x[AttachCGroupDevice-6] - _ = x[AttachSkMsgVerdict-7] - _ = x[AttachCGroupInet4Bind-8] - _ = x[AttachCGroupInet6Bind-9] - _ = x[AttachCGroupInet4Connect-10] - _ = x[AttachCGroupInet6Connect-11] - _ = x[AttachCGroupInet4PostBind-12] - _ = x[AttachCGroupInet6PostBind-13] - _ = x[AttachCGroupUDP4Sendmsg-14] - _ = x[AttachCGroupUDP6Sendmsg-15] - _ = x[AttachLircMode2-16] - _ = x[AttachFlowDissector-17] - _ = x[AttachCGroupSysctl-18] - _ = x[AttachCGroupUDP4Recvmsg-19] - _ = x[AttachCGroupUDP6Recvmsg-20] - _ = x[AttachCGroupGetsockopt-21] - _ = x[AttachCGroupSetsockopt-22] - _ = x[AttachTraceRawTp-23] - _ = x[AttachTraceFEntry-24] - _ = x[AttachTraceFExit-25] - _ = x[AttachModifyReturn-26] - _ = x[AttachLSMMac-27] - _ = x[AttachTraceIter-28] - _ = x[AttachCgroupInet4GetPeername-29] - _ = x[AttachCgroupInet6GetPeername-30] - _ = x[AttachCgroupInet4GetSockname-31] - _ = x[AttachCgroupInet6GetSockname-32] - _ = x[AttachXDPDevMap-33] - _ = x[AttachCgroupInetSockRelease-34] - _ = x[AttachXDPCPUMap-35] - _ = x[AttachSkLookup-36] - _ = x[AttachXDP-37] - _ = x[AttachSkSKBVerdict-38] - _ = x[AttachSkReuseportSelect-39] - _ = x[AttachSkReuseportSelectOrMigrate-40] - _ = x[AttachPerfEvent-41] -} - -const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEvent" - -var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610} - -func (i AttachType) String() string { - if i >= AttachType(len(_AttachType_index)-1) { - return "AttachType(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _AttachType_name[_AttachType_index[i]:_AttachType_index[i+1]] -} diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go deleted file mode 100644 index a5969332aa..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ /dev/null @@ -1,897 +0,0 @@ -package btf - -import ( - "bufio" - "bytes" - "debug/elf" - "encoding/binary" - "errors" - "fmt" - "io" - "math" - "os" - "reflect" - - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -const btfMagic = 0xeB9F - -// Errors returned by BTF functions. -var ( - ErrNotSupported = internal.ErrNotSupported - ErrNotFound = errors.New("not found") - ErrNoExtendedInfo = errors.New("no extended info") -) - -// ID represents the unique ID of a BTF object. -type ID = sys.BTFID - -// Spec represents decoded BTF. -type Spec struct { - // Data from .BTF. - rawTypes []rawType - strings *stringTable - - // All types contained by the spec. For the base type, the position of - // a type in the slice is its ID. - types types - - // Type IDs indexed by type. - typeIDs map[Type]TypeID - - // Types indexed by essential name. - // Includes all struct flavors and types with the same name. - namedTypes map[essentialName][]Type - - byteOrder binary.ByteOrder -} - -type btfHeader struct { - Magic uint16 - Version uint8 - Flags uint8 - HdrLen uint32 - - TypeOff uint32 - TypeLen uint32 - StringOff uint32 - StringLen uint32 -} - -// typeStart returns the offset from the beginning of the .BTF section -// to the start of its type entries. -func (h *btfHeader) typeStart() int64 { - return int64(h.HdrLen + h.TypeOff) -} - -// stringStart returns the offset from the beginning of the .BTF section -// to the start of its string table. -func (h *btfHeader) stringStart() int64 { - return int64(h.HdrLen + h.StringOff) -} - -// LoadSpec opens file and calls LoadSpecFromReader on it. -func LoadSpec(file string) (*Spec, error) { - fh, err := os.Open(file) - if err != nil { - return nil, err - } - defer fh.Close() - - return LoadSpecFromReader(fh) -} - -// LoadSpecFromReader reads from an ELF or a raw BTF blob. -// -// Returns ErrNotFound if reading from an ELF which contains no BTF. ExtInfos -// may be nil. -func LoadSpecFromReader(rd io.ReaderAt) (*Spec, error) { - file, err := internal.NewSafeELFFile(rd) - if err != nil { - if bo := guessRawBTFByteOrder(rd); bo != nil { - // Try to parse a naked BTF blob. This will return an error if - // we encounter a Datasec, since we can't fix it up. - spec, err := loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil, nil) - return spec, err - } - - return nil, err - } - - return loadSpecFromELF(file) -} - -// LoadSpecAndExtInfosFromReader reads from an ELF. -// -// ExtInfos may be nil if the ELF doesn't contain section metadta. -// Returns ErrNotFound if the ELF contains no BTF. -func LoadSpecAndExtInfosFromReader(rd io.ReaderAt) (*Spec, *ExtInfos, error) { - file, err := internal.NewSafeELFFile(rd) - if err != nil { - return nil, nil, err - } - - spec, err := loadSpecFromELF(file) - if err != nil { - return nil, nil, err - } - - extInfos, err := loadExtInfosFromELF(file, spec.types, spec.strings) - if err != nil && !errors.Is(err, ErrNotFound) { - return nil, nil, err - } - - return spec, extInfos, nil -} - -// variableOffsets extracts all symbols offsets from an ELF and indexes them by -// section and variable name. -// -// References to variables in BTF data sections carry unsigned 32-bit offsets. -// Some ELF symbols (e.g. in vmlinux) may point to virtual memory that is well -// beyond this range. Since these symbols cannot be described by BTF info, -// ignore them here. -func variableOffsets(file *internal.SafeELFFile) (map[variable]uint32, error) { - symbols, err := file.Symbols() - if err != nil { - return nil, fmt.Errorf("can't read symbols: %v", err) - } - - variableOffsets := make(map[variable]uint32) - for _, symbol := range symbols { - if idx := symbol.Section; idx >= elf.SHN_LORESERVE && idx <= elf.SHN_HIRESERVE { - // Ignore things like SHN_ABS - continue - } - - if symbol.Value > math.MaxUint32 { - // VarSecinfo offset is u32, cannot reference symbols in higher regions. - continue - } - - if int(symbol.Section) >= len(file.Sections) { - return nil, fmt.Errorf("symbol %s: invalid section %d", symbol.Name, symbol.Section) - } - - secName := file.Sections[symbol.Section].Name - variableOffsets[variable{secName, symbol.Name}] = uint32(symbol.Value) - } - - return variableOffsets, nil -} - -func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { - var ( - btfSection *elf.Section - sectionSizes = make(map[string]uint32) - ) - - for _, sec := range file.Sections { - switch sec.Name { - case ".BTF": - btfSection = sec - default: - if sec.Type != elf.SHT_PROGBITS && sec.Type != elf.SHT_NOBITS { - break - } - - if sec.Size > math.MaxUint32 { - return nil, fmt.Errorf("section %s exceeds maximum size", sec.Name) - } - - sectionSizes[sec.Name] = uint32(sec.Size) - } - } - - if btfSection == nil { - return nil, fmt.Errorf("btf: %w", ErrNotFound) - } - - vars, err := variableOffsets(file) - if err != nil { - return nil, err - } - - if btfSection.ReaderAt == nil { - return nil, fmt.Errorf("compressed BTF is not supported") - } - - rawTypes, rawStrings, err := parseBTF(btfSection.ReaderAt, file.ByteOrder, nil) - if err != nil { - return nil, err - } - - err = fixupDatasec(rawTypes, rawStrings, sectionSizes, vars) - if err != nil { - return nil, err - } - - return inflateSpec(rawTypes, rawStrings, file.ByteOrder, nil) -} - -func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, - baseTypes types, baseStrings *stringTable) (*Spec, error) { - - rawTypes, rawStrings, err := parseBTF(btf, bo, baseStrings) - if err != nil { - return nil, err - } - - return inflateSpec(rawTypes, rawStrings, bo, baseTypes) -} - -func inflateSpec(rawTypes []rawType, rawStrings *stringTable, bo binary.ByteOrder, - baseTypes types) (*Spec, error) { - - types, err := inflateRawTypes(rawTypes, baseTypes, rawStrings) - if err != nil { - return nil, err - } - - typeIDs, typesByName := indexTypes(types, TypeID(len(baseTypes))) - - return &Spec{ - rawTypes: rawTypes, - namedTypes: typesByName, - typeIDs: typeIDs, - types: types, - strings: rawStrings, - byteOrder: bo, - }, nil -} - -func indexTypes(types []Type, typeIDOffset TypeID) (map[Type]TypeID, map[essentialName][]Type) { - namedTypes := 0 - for _, typ := range types { - if typ.TypeName() != "" { - // Do a pre-pass to figure out how big types by name has to be. - // Most types have unique names, so it's OK to ignore essentialName - // here. - namedTypes++ - } - } - - typeIDs := make(map[Type]TypeID, len(types)) - typesByName := make(map[essentialName][]Type, namedTypes) - - for i, typ := range types { - if name := newEssentialName(typ.TypeName()); name != "" { - typesByName[name] = append(typesByName[name], typ) - } - typeIDs[typ] = TypeID(i) + typeIDOffset - } - - return typeIDs, typesByName -} - -// LoadKernelSpec returns the current kernel's BTF information. -// -// Defaults to /sys/kernel/btf/vmlinux and falls back to scanning the file system -// for vmlinux ELFs. Returns an error wrapping ErrNotSupported if BTF is not enabled. -func LoadKernelSpec() (*Spec, error) { - fh, err := os.Open("/sys/kernel/btf/vmlinux") - if err == nil { - defer fh.Close() - - return loadRawSpec(fh, internal.NativeEndian, nil, nil) - } - - file, err := findVMLinux() - if err != nil { - return nil, err - } - defer file.Close() - - return loadSpecFromELF(file) -} - -// findVMLinux scans multiple well-known paths for vmlinux kernel images. -func findVMLinux() (*internal.SafeELFFile, error) { - release, err := internal.KernelRelease() - if err != nil { - return nil, err - } - - // use same list of locations as libbpf - // https://github.com/libbpf/libbpf/blob/9a3a42608dbe3731256a5682a125ac1e23bced8f/src/btf.c#L3114-L3122 - locations := []string{ - "/boot/vmlinux-%s", - "/lib/modules/%s/vmlinux-%[1]s", - "/lib/modules/%s/build/vmlinux", - "/usr/lib/modules/%s/kernel/vmlinux", - "/usr/lib/debug/boot/vmlinux-%s", - "/usr/lib/debug/boot/vmlinux-%s.debug", - "/usr/lib/debug/lib/modules/%s/vmlinux", - } - - for _, loc := range locations { - file, err := internal.OpenSafeELFFile(fmt.Sprintf(loc, release)) - if errors.Is(err, os.ErrNotExist) { - continue - } - return file, err - } - - return nil, fmt.Errorf("no BTF found for kernel version %s: %w", release, internal.ErrNotSupported) -} - -// parseBTFHeader parses the header of the .BTF section. -func parseBTFHeader(r io.Reader, bo binary.ByteOrder) (*btfHeader, error) { - var header btfHeader - if err := binary.Read(r, bo, &header); err != nil { - return nil, fmt.Errorf("can't read header: %v", err) - } - - if header.Magic != btfMagic { - return nil, fmt.Errorf("incorrect magic value %v", header.Magic) - } - - if header.Version != 1 { - return nil, fmt.Errorf("unexpected version %v", header.Version) - } - - if header.Flags != 0 { - return nil, fmt.Errorf("unsupported flags %v", header.Flags) - } - - remainder := int64(header.HdrLen) - int64(binary.Size(&header)) - if remainder < 0 { - return nil, errors.New("header length shorter than btfHeader size") - } - - if _, err := io.CopyN(internal.DiscardZeroes{}, r, remainder); err != nil { - return nil, fmt.Errorf("header padding: %v", err) - } - - return &header, nil -} - -func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { - buf := new(bufio.Reader) - for _, bo := range []binary.ByteOrder{ - binary.LittleEndian, - binary.BigEndian, - } { - buf.Reset(io.NewSectionReader(r, 0, math.MaxInt64)) - if _, err := parseBTFHeader(buf, bo); err == nil { - return bo - } - } - - return nil -} - -// parseBTF reads a .BTF section into memory and parses it into a list of -// raw types and a string table. -func parseBTF(btf io.ReaderAt, bo binary.ByteOrder, baseStrings *stringTable) ([]rawType, *stringTable, error) { - buf := internal.NewBufferedSectionReader(btf, 0, math.MaxInt64) - header, err := parseBTFHeader(buf, bo) - if err != nil { - return nil, nil, fmt.Errorf("parsing .BTF header: %v", err) - } - - rawStrings, err := readStringTable(io.NewSectionReader(btf, header.stringStart(), int64(header.StringLen)), - baseStrings) - if err != nil { - return nil, nil, fmt.Errorf("can't read type names: %w", err) - } - - buf.Reset(io.NewSectionReader(btf, header.typeStart(), int64(header.TypeLen))) - rawTypes, err := readTypes(buf, bo, header.TypeLen) - if err != nil { - return nil, nil, fmt.Errorf("can't read types: %w", err) - } - - return rawTypes, rawStrings, nil -} - -type variable struct { - section string - name string -} - -func fixupDatasec(rawTypes []rawType, rawStrings *stringTable, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) error { - for i, rawType := range rawTypes { - if rawType.Kind() != kindDatasec { - continue - } - - name, err := rawStrings.Lookup(rawType.NameOff) - if err != nil { - return err - } - - if name == ".kconfig" || name == ".ksyms" { - return fmt.Errorf("reference to %s: %w", name, ErrNotSupported) - } - - if rawTypes[i].SizeType != 0 { - continue - } - - size, ok := sectionSizes[name] - if !ok { - return fmt.Errorf("data section %s: missing size", name) - } - - rawTypes[i].SizeType = size - - secinfos := rawType.data.([]btfVarSecinfo) - for j, secInfo := range secinfos { - id := int(secInfo.Type - 1) - if id >= len(rawTypes) { - return fmt.Errorf("data section %s: invalid type id %d for variable %d", name, id, j) - } - - varName, err := rawStrings.Lookup(rawTypes[id].NameOff) - if err != nil { - return fmt.Errorf("data section %s: can't get name for type %d: %w", name, id, err) - } - - offset, ok := variableOffsets[variable{name, varName}] - if !ok { - return fmt.Errorf("data section %s: missing offset for variable %s", name, varName) - } - - secinfos[j].Offset = offset - } - } - - return nil -} - -// Copy creates a copy of Spec. -func (s *Spec) Copy() *Spec { - types := copyTypes(s.types, nil) - - typeIDOffset := TypeID(0) - if len(s.types) != 0 { - typeIDOffset = s.typeIDs[s.types[0]] - } - typeIDs, typesByName := indexTypes(types, typeIDOffset) - - // NB: Other parts of spec are not copied since they are immutable. - return &Spec{ - s.rawTypes, - s.strings, - types, - typeIDs, - typesByName, - s.byteOrder, - } -} - -type marshalOpts struct { - ByteOrder binary.ByteOrder - StripFuncLinkage bool -} - -func (s *Spec) marshal(opts marshalOpts) ([]byte, error) { - var ( - buf bytes.Buffer - header = new(btfHeader) - headerLen = binary.Size(header) - ) - - // Reserve space for the header. We have to write it last since - // we don't know the size of the type section yet. - _, _ = buf.Write(make([]byte, headerLen)) - - // Write type section, just after the header. - for _, raw := range s.rawTypes { - switch { - case opts.StripFuncLinkage && raw.Kind() == kindFunc: - raw.SetLinkage(StaticFunc) - } - - if err := raw.Marshal(&buf, opts.ByteOrder); err != nil { - return nil, fmt.Errorf("can't marshal BTF: %w", err) - } - } - - typeLen := uint32(buf.Len() - headerLen) - - // Write string section after type section. - stringsLen := s.strings.Length() - buf.Grow(stringsLen) - if err := s.strings.Marshal(&buf); err != nil { - return nil, err - } - - // Fill out the header, and write it out. - header = &btfHeader{ - Magic: btfMagic, - Version: 1, - Flags: 0, - HdrLen: uint32(headerLen), - TypeOff: 0, - TypeLen: typeLen, - StringOff: typeLen, - StringLen: uint32(stringsLen), - } - - raw := buf.Bytes() - err := binary.Write(sliceWriter(raw[:headerLen]), opts.ByteOrder, header) - if err != nil { - return nil, fmt.Errorf("can't write header: %v", err) - } - - return raw, nil -} - -type sliceWriter []byte - -func (sw sliceWriter) Write(p []byte) (int, error) { - if len(p) != len(sw) { - return 0, errors.New("size doesn't match") - } - - return copy(sw, p), nil -} - -// TypeByID returns the BTF Type with the given type ID. -// -// Returns an error wrapping ErrNotFound if a Type with the given ID -// does not exist in the Spec. -func (s *Spec) TypeByID(id TypeID) (Type, error) { - return s.types.ByID(id) -} - -// TypeID returns the ID for a given Type. -// -// Returns an error wrapping ErrNoFound if the type isn't part of the Spec. -func (s *Spec) TypeID(typ Type) (TypeID, error) { - if _, ok := typ.(*Void); ok { - // Equality is weird for void, since it is a zero sized type. - return 0, nil - } - - id, ok := s.typeIDs[typ] - if !ok { - return 0, fmt.Errorf("no ID for type %s: %w", typ, ErrNotFound) - } - - return id, nil -} - -// AnyTypesByName returns a list of BTF Types with the given name. -// -// If the BTF blob describes multiple compilation units like vmlinux, multiple -// Types with the same name and kind can exist, but might not describe the same -// data structure. -// -// Returns an error wrapping ErrNotFound if no matching Type exists in the Spec. -func (s *Spec) AnyTypesByName(name string) ([]Type, error) { - types := s.namedTypes[newEssentialName(name)] - if len(types) == 0 { - return nil, fmt.Errorf("type name %s: %w", name, ErrNotFound) - } - - // Return a copy to prevent changes to namedTypes. - result := make([]Type, 0, len(types)) - for _, t := range types { - // Match against the full name, not just the essential one - // in case the type being looked up is a struct flavor. - if t.TypeName() == name { - result = append(result, t) - } - } - return result, nil -} - -// AnyTypeByName returns a Type with the given name. -// -// Returns an error if multiple types of that name exist. -func (s *Spec) AnyTypeByName(name string) (Type, error) { - types, err := s.AnyTypesByName(name) - if err != nil { - return nil, err - } - - if len(types) > 1 { - return nil, fmt.Errorf("found multiple types: %v", types) - } - - return types[0], nil -} - -// TypeByName searches for a Type with a specific name. Since multiple -// Types with the same name can exist, the parameter typ is taken to -// narrow down the search in case of a clash. -// -// typ must be a non-nil pointer to an implementation of a Type. -// On success, the address of the found Type will be copied to typ. -// -// Returns an error wrapping ErrNotFound if no matching -// Type exists in the Spec. If multiple candidates are found, -// an error is returned. -func (s *Spec) TypeByName(name string, typ interface{}) error { - typValue := reflect.ValueOf(typ) - if typValue.Kind() != reflect.Ptr { - return fmt.Errorf("%T is not a pointer", typ) - } - - typPtr := typValue.Elem() - if !typPtr.CanSet() { - return fmt.Errorf("%T cannot be set", typ) - } - - wanted := typPtr.Type() - if !wanted.AssignableTo(reflect.TypeOf((*Type)(nil)).Elem()) { - return fmt.Errorf("%T does not satisfy Type interface", typ) - } - - types, err := s.AnyTypesByName(name) - if err != nil { - return err - } - - var candidate Type - for _, typ := range types { - if reflect.TypeOf(typ) != wanted { - continue - } - - if candidate != nil { - return fmt.Errorf("type %s: multiple candidates for %T", name, typ) - } - - candidate = typ - } - - if candidate == nil { - return fmt.Errorf("type %s: %w", name, ErrNotFound) - } - - typPtr.Set(reflect.ValueOf(candidate)) - - return nil -} - -// LoadSplitSpecFromReader loads split BTF from a reader. -// -// Types from base are used to resolve references in the split BTF. -// The returned Spec only contains types from the split BTF, not from the base. -func LoadSplitSpecFromReader(r io.ReaderAt, base *Spec) (*Spec, error) { - return loadRawSpec(r, internal.NativeEndian, base.types, base.strings) -} - -// TypesIterator iterates over types of a given spec. -type TypesIterator struct { - spec *Spec - index int - // The last visited type in the spec. - Type Type -} - -// Iterate returns the types iterator. -func (s *Spec) Iterate() *TypesIterator { - return &TypesIterator{spec: s, index: 0} -} - -// Next returns true as long as there are any remaining types. -func (iter *TypesIterator) Next() bool { - if len(iter.spec.types) <= iter.index { - return false - } - - iter.Type = iter.spec.types[iter.index] - iter.index++ - return true -} - -// Handle is a reference to BTF loaded into the kernel. -type Handle struct { - fd *sys.FD - - // Size of the raw BTF in bytes. - size uint32 -} - -// NewHandle loads BTF into the kernel. -// -// Returns ErrNotSupported if BTF is not supported. -func NewHandle(spec *Spec) (*Handle, error) { - if err := haveBTF(); err != nil { - return nil, err - } - - if spec.byteOrder != internal.NativeEndian { - return nil, fmt.Errorf("can't load %s BTF on %s", spec.byteOrder, internal.NativeEndian) - } - - btf, err := spec.marshal(marshalOpts{ - ByteOrder: internal.NativeEndian, - StripFuncLinkage: haveFuncLinkage() != nil, - }) - if err != nil { - return nil, fmt.Errorf("can't marshal BTF: %w", err) - } - - if uint64(len(btf)) > math.MaxUint32 { - return nil, errors.New("BTF exceeds the maximum size") - } - - attr := &sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - } - - fd, err := sys.BtfLoad(attr) - if err != nil { - logBuf := make([]byte, 64*1024) - attr.BtfLogBuf = sys.NewSlicePointer(logBuf) - attr.BtfLogSize = uint32(len(logBuf)) - attr.BtfLogLevel = 1 - // NB: The syscall will never return ENOSPC as of 5.18-rc4. - _, _ = sys.BtfLoad(attr) - return nil, internal.ErrorWithLog(err, logBuf) - } - - return &Handle{fd, attr.BtfSize}, nil -} - -// NewHandleFromID returns the BTF handle for a given id. -// -// Prefer calling [ebpf.Program.Handle] or [ebpf.Map.Handle] if possible. -// -// Returns ErrNotExist, if there is no BTF with the given id. -// -// Requires CAP_SYS_ADMIN. -func NewHandleFromID(id ID) (*Handle, error) { - fd, err := sys.BtfGetFdById(&sys.BtfGetFdByIdAttr{ - Id: uint32(id), - }) - if err != nil { - return nil, fmt.Errorf("get FD for ID %d: %w", id, err) - } - - info, err := newHandleInfoFromFD(fd) - if err != nil { - _ = fd.Close() - return nil, err - } - - return &Handle{fd, info.size}, nil -} - -// Spec parses the kernel BTF into Go types. -// -// base is used to decode split BTF and may be nil. -func (h *Handle) Spec(base *Spec) (*Spec, error) { - var btfInfo sys.BtfInfo - btfBuffer := make([]byte, h.size) - btfInfo.Btf, btfInfo.BtfSize = sys.NewSlicePointerLen(btfBuffer) - - if err := sys.ObjInfo(h.fd, &btfInfo); err != nil { - return nil, err - } - - var baseTypes types - var baseStrings *stringTable - if base != nil { - baseTypes = base.types - baseStrings = base.strings - } - - return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, baseTypes, baseStrings) -} - -// Close destroys the handle. -// -// Subsequent calls to FD will return an invalid value. -func (h *Handle) Close() error { - if h == nil { - return nil - } - - return h.fd.Close() -} - -// FD returns the file descriptor for the handle. -func (h *Handle) FD() int { - return h.fd.Int() -} - -// Info returns metadata about the handle. -func (h *Handle) Info() (*HandleInfo, error) { - return newHandleInfoFromFD(h.fd) -} - -func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte { - const minHeaderLength = 24 - - typesLen := uint32(binary.Size(types)) - header := btfHeader{ - Magic: btfMagic, - Version: 1, - HdrLen: minHeaderLength, - TypeOff: 0, - TypeLen: typesLen, - StringOff: typesLen, - StringLen: uint32(len(strings)), - } - - buf := new(bytes.Buffer) - _ = binary.Write(buf, bo, &header) - _ = binary.Write(buf, bo, types) - buf.Write(strings) - - return buf.Bytes() -} - -var haveBTF = internal.FeatureTest("BTF", "5.1", func() error { - var ( - types struct { - Integer btfType - Var btfType - btfVar struct{ Linkage uint32 } - } - strings = []byte{0, 'a', 0} - ) - - // We use a BTF_KIND_VAR here, to make sure that - // the kernel understands BTF at least as well as we - // do. BTF_KIND_VAR was introduced ~5.1. - types.Integer.SetKind(kindPointer) - types.Var.NameOff = 1 - types.Var.SetKind(kindVar) - types.Var.SizeType = 1 - - btf := marshalBTF(&types, strings, internal.NativeEndian) - - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - }) - if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { - // Treat both EINVAL and EPERM as not supported: loading the program - // might still succeed without BTF. - return internal.ErrNotSupported - } - if err != nil { - return err - } - - fd.Close() - return nil -}) - -var haveFuncLinkage = internal.FeatureTest("BTF func linkage", "5.6", func() error { - if err := haveBTF(); err != nil { - return err - } - - var ( - types struct { - FuncProto btfType - Func btfType - } - strings = []byte{0, 'a', 0} - ) - - types.FuncProto.SetKind(kindFuncProto) - types.Func.SetKind(kindFunc) - types.Func.SizeType = 1 // aka FuncProto - types.Func.NameOff = 1 - types.Func.SetLinkage(GlobalFunc) - - btf := marshalBTF(&types, strings, internal.NativeEndian) - - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - }) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - if err != nil { - return err - } - - fd.Close() - return nil -}) diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go deleted file mode 100644 index 4810180494..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ /dev/null @@ -1,343 +0,0 @@ -package btf - -import ( - "encoding/binary" - "fmt" - "io" -) - -//go:generate stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage - -// btfKind describes a Type. -type btfKind uint8 - -// Equivalents of the BTF_KIND_* constants. -const ( - kindUnknown btfKind = iota - kindInt - kindPointer - kindArray - kindStruct - kindUnion - kindEnum - kindForward - kindTypedef - kindVolatile - kindConst - kindRestrict - // Added ~4.20 - kindFunc - kindFuncProto - // Added ~5.1 - kindVar - kindDatasec - // Added ~5.13 - kindFloat -) - -// FuncLinkage describes BTF function linkage metadata. -type FuncLinkage int - -// Equivalent of enum btf_func_linkage. -const ( - StaticFunc FuncLinkage = iota // static - GlobalFunc // global - ExternFunc // extern -) - -// VarLinkage describes BTF variable linkage metadata. -type VarLinkage int - -const ( - StaticVar VarLinkage = iota // static - GlobalVar // global - ExternVar // extern -) - -const ( - btfTypeKindShift = 24 - btfTypeKindLen = 5 - btfTypeVlenShift = 0 - btfTypeVlenMask = 16 - btfTypeKindFlagShift = 31 - btfTypeKindFlagMask = 1 -) - -// btfType is equivalent to struct btf_type in Documentation/bpf/btf.rst. -type btfType struct { - NameOff uint32 - /* "info" bits arrangement - * bits 0-15: vlen (e.g. # of struct's members), linkage - * bits 16-23: unused - * bits 24-28: kind (e.g. int, ptr, array...etc) - * bits 29-30: unused - * bit 31: kind_flag, currently used by - * struct, union and fwd - */ - Info uint32 - /* "size" is used by INT, ENUM, STRUCT and UNION. - * "size" tells the size of the type it is describing. - * - * "type" is used by PTR, TYPEDEF, VOLATILE, CONST, RESTRICT, - * FUNC and FUNC_PROTO. - * "type" is a type_id referring to another type. - */ - SizeType uint32 -} - -func (k btfKind) String() string { - switch k { - case kindUnknown: - return "Unknown" - case kindInt: - return "Integer" - case kindPointer: - return "Pointer" - case kindArray: - return "Array" - case kindStruct: - return "Struct" - case kindUnion: - return "Union" - case kindEnum: - return "Enumeration" - case kindForward: - return "Forward" - case kindTypedef: - return "Typedef" - case kindVolatile: - return "Volatile" - case kindConst: - return "Const" - case kindRestrict: - return "Restrict" - case kindFunc: - return "Function" - case kindFuncProto: - return "Function Proto" - case kindVar: - return "Variable" - case kindDatasec: - return "Section" - case kindFloat: - return "Float" - default: - return fmt.Sprintf("Unknown (%d)", k) - } -} - -func mask(len uint32) uint32 { - return (1 << len) - 1 -} - -func readBits(value, len, shift uint32) uint32 { - return (value >> shift) & mask(len) -} - -func writeBits(value, len, shift, new uint32) uint32 { - value &^= mask(len) << shift - value |= (new & mask(len)) << shift - return value -} - -func (bt *btfType) info(len, shift uint32) uint32 { - return readBits(bt.Info, len, shift) -} - -func (bt *btfType) setInfo(value, len, shift uint32) { - bt.Info = writeBits(bt.Info, len, shift, value) -} - -func (bt *btfType) Kind() btfKind { - return btfKind(bt.info(btfTypeKindLen, btfTypeKindShift)) -} - -func (bt *btfType) SetKind(kind btfKind) { - bt.setInfo(uint32(kind), btfTypeKindLen, btfTypeKindShift) -} - -func (bt *btfType) Vlen() int { - return int(bt.info(btfTypeVlenMask, btfTypeVlenShift)) -} - -func (bt *btfType) SetVlen(vlen int) { - bt.setInfo(uint32(vlen), btfTypeVlenMask, btfTypeVlenShift) -} - -func (bt *btfType) KindFlag() bool { - return bt.info(btfTypeKindFlagMask, btfTypeKindFlagShift) == 1 -} - -func (bt *btfType) Linkage() FuncLinkage { - return FuncLinkage(bt.info(btfTypeVlenMask, btfTypeVlenShift)) -} - -func (bt *btfType) SetLinkage(linkage FuncLinkage) { - bt.setInfo(uint32(linkage), btfTypeVlenMask, btfTypeVlenShift) -} - -func (bt *btfType) Type() TypeID { - // TODO: Panic here if wrong kind? - return TypeID(bt.SizeType) -} - -func (bt *btfType) Size() uint32 { - // TODO: Panic here if wrong kind? - return bt.SizeType -} - -func (bt *btfType) SetSize(size uint32) { - bt.SizeType = size -} - -type rawType struct { - btfType - data interface{} -} - -func (rt *rawType) Marshal(w io.Writer, bo binary.ByteOrder) error { - if err := binary.Write(w, bo, &rt.btfType); err != nil { - return err - } - - if rt.data == nil { - return nil - } - - return binary.Write(w, bo, rt.data) -} - -// btfInt encodes additional data for integers. -// -// ? ? ? ? e e e e o o o o o o o o ? ? ? ? ? ? ? ? b b b b b b b b -// ? = undefined -// e = encoding -// o = offset (bitfields?) -// b = bits (bitfields) -type btfInt struct { - Raw uint32 -} - -const ( - btfIntEncodingLen = 4 - btfIntEncodingShift = 24 - btfIntOffsetLen = 8 - btfIntOffsetShift = 16 - btfIntBitsLen = 8 - btfIntBitsShift = 0 -) - -func (bi btfInt) Encoding() IntEncoding { - return IntEncoding(readBits(bi.Raw, btfIntEncodingLen, btfIntEncodingShift)) -} - -func (bi *btfInt) SetEncoding(e IntEncoding) { - bi.Raw = writeBits(uint32(bi.Raw), btfIntEncodingLen, btfIntEncodingShift, uint32(e)) -} - -func (bi btfInt) Offset() Bits { - return Bits(readBits(bi.Raw, btfIntOffsetLen, btfIntOffsetShift)) -} - -func (bi *btfInt) SetOffset(offset uint32) { - bi.Raw = writeBits(bi.Raw, btfIntOffsetLen, btfIntOffsetShift, offset) -} - -func (bi btfInt) Bits() Bits { - return Bits(readBits(bi.Raw, btfIntBitsLen, btfIntBitsShift)) -} - -func (bi *btfInt) SetBits(bits byte) { - bi.Raw = writeBits(bi.Raw, btfIntBitsLen, btfIntBitsShift, uint32(bits)) -} - -type btfArray struct { - Type TypeID - IndexType TypeID - Nelems uint32 -} - -type btfMember struct { - NameOff uint32 - Type TypeID - Offset uint32 -} - -type btfVarSecinfo struct { - Type TypeID - Offset uint32 - Size uint32 -} - -type btfVariable struct { - Linkage uint32 -} - -type btfEnum struct { - NameOff uint32 - Val int32 -} - -type btfParam struct { - NameOff uint32 - Type TypeID -} - -func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, error) { - var header btfType - // because of the interleaving between types and struct members it is difficult to - // precompute the numbers of raw types this will parse - // this "guess" is a good first estimation - sizeOfbtfType := uintptr(binary.Size(btfType{})) - tyMaxCount := uintptr(typeLen) / sizeOfbtfType / 2 - types := make([]rawType, 0, tyMaxCount) - - for id := TypeID(1); ; id++ { - if err := binary.Read(r, bo, &header); err == io.EOF { - return types, nil - } else if err != nil { - return nil, fmt.Errorf("can't read type info for id %v: %v", id, err) - } - - var data interface{} - switch header.Kind() { - case kindInt: - data = new(btfInt) - case kindPointer: - case kindArray: - data = new(btfArray) - case kindStruct: - fallthrough - case kindUnion: - data = make([]btfMember, header.Vlen()) - case kindEnum: - data = make([]btfEnum, header.Vlen()) - case kindForward: - case kindTypedef: - case kindVolatile: - case kindConst: - case kindRestrict: - case kindFunc: - case kindFuncProto: - data = make([]btfParam, header.Vlen()) - case kindVar: - data = new(btfVariable) - case kindDatasec: - data = make([]btfVarSecinfo, header.Vlen()) - case kindFloat: - default: - return nil, fmt.Errorf("type id %v: unknown kind: %v", id, header.Kind()) - } - - if data == nil { - types = append(types, rawType{header, nil}) - continue - } - - if err := binary.Read(r, bo, data); err != nil { - return nil, fmt.Errorf("type id %d: kind %v: can't read %T: %v", id, header.Kind(), data, err) - } - - types = append(types, rawType{header, data}) - } -} diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types_string.go b/vendor/github.com/cilium/ebpf/btf/btf_types_string.go deleted file mode 100644 index 0e0c17d68b..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/btf_types_string.go +++ /dev/null @@ -1,44 +0,0 @@ -// Code generated by "stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage"; DO NOT EDIT. - -package btf - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[StaticFunc-0] - _ = x[GlobalFunc-1] - _ = x[ExternFunc-2] -} - -const _FuncLinkage_name = "staticglobalextern" - -var _FuncLinkage_index = [...]uint8{0, 6, 12, 18} - -func (i FuncLinkage) String() string { - if i < 0 || i >= FuncLinkage(len(_FuncLinkage_index)-1) { - return "FuncLinkage(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _FuncLinkage_name[_FuncLinkage_index[i]:_FuncLinkage_index[i+1]] -} -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[StaticVar-0] - _ = x[GlobalVar-1] - _ = x[ExternVar-2] -} - -const _VarLinkage_name = "staticglobalextern" - -var _VarLinkage_index = [...]uint8{0, 6, 12, 18} - -func (i VarLinkage) String() string { - if i < 0 || i >= VarLinkage(len(_VarLinkage_index)-1) { - return "VarLinkage(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _VarLinkage_name[_VarLinkage_index[i]:_VarLinkage_index[i+1]] -} diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go deleted file mode 100644 index c487548093..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ /dev/null @@ -1,972 +0,0 @@ -package btf - -import ( - "encoding/binary" - "errors" - "fmt" - "math" - "reflect" - "strconv" - "strings" - - "github.com/cilium/ebpf/asm" -) - -// Code in this file is derived from libbpf, which is available under a BSD -// 2-Clause license. - -// COREFixup is the result of computing a CO-RE relocation for a target. -type COREFixup struct { - kind coreKind - local uint32 - target uint32 - // True if there is no valid fixup. The instruction is replaced with an - // invalid dummy. - poison bool - // True if the validation of the local value should be skipped. Used by - // some kinds of bitfield relocations. - skipLocalValidation bool -} - -func (f *COREFixup) equal(other COREFixup) bool { - return f.local == other.local && f.target == other.target -} - -func (f *COREFixup) String() string { - if f.poison { - return fmt.Sprintf("%s=poison", f.kind) - } - return fmt.Sprintf("%s=%d->%d", f.kind, f.local, f.target) -} - -func (f *COREFixup) Apply(ins *asm.Instruction) error { - if f.poison { - const badRelo = 0xbad2310 - - *ins = asm.BuiltinFunc(badRelo).Call() - return nil - } - - switch class := ins.OpCode.Class(); class { - case asm.LdXClass, asm.StClass, asm.StXClass: - if want := int16(f.local); !f.skipLocalValidation && want != ins.Offset { - return fmt.Errorf("invalid offset %d, expected %d", ins.Offset, f.local) - } - - if f.target > math.MaxInt16 { - return fmt.Errorf("offset %d exceeds MaxInt16", f.target) - } - - ins.Offset = int16(f.target) - - case asm.LdClass: - if !ins.IsConstantLoad(asm.DWord) { - return fmt.Errorf("not a dword-sized immediate load") - } - - if want := int64(f.local); !f.skipLocalValidation && want != ins.Constant { - return fmt.Errorf("invalid immediate %d, expected %d (fixup: %v)", ins.Constant, want, f) - } - - ins.Constant = int64(f.target) - - case asm.ALUClass: - if ins.OpCode.ALUOp() == asm.Swap { - return fmt.Errorf("relocation against swap") - } - - fallthrough - - case asm.ALU64Class: - if src := ins.OpCode.Source(); src != asm.ImmSource { - return fmt.Errorf("invalid source %s", src) - } - - if want := int64(f.local); !f.skipLocalValidation && want != ins.Constant { - return fmt.Errorf("invalid immediate %d, expected %d (fixup: %v, kind: %v, ins: %v)", ins.Constant, want, f, f.kind, ins) - } - - if f.target > math.MaxInt32 { - return fmt.Errorf("immediate %d exceeds MaxInt32", f.target) - } - - ins.Constant = int64(f.target) - - default: - return fmt.Errorf("invalid class %s", class) - } - - return nil -} - -func (f COREFixup) isNonExistant() bool { - return f.kind.checksForExistence() && f.target == 0 -} - -// coreKind is the type of CO-RE relocation as specified in BPF source code. -type coreKind uint32 - -const ( - reloFieldByteOffset coreKind = iota /* field byte offset */ - reloFieldByteSize /* field size in bytes */ - reloFieldExists /* field existence in target kernel */ - reloFieldSigned /* field signedness (0 - unsigned, 1 - signed) */ - reloFieldLShiftU64 /* bitfield-specific left bitshift */ - reloFieldRShiftU64 /* bitfield-specific right bitshift */ - reloTypeIDLocal /* type ID in local BPF object */ - reloTypeIDTarget /* type ID in target kernel */ - reloTypeExists /* type existence in target kernel */ - reloTypeSize /* type size in bytes */ - reloEnumvalExists /* enum value existence in target kernel */ - reloEnumvalValue /* enum value integer value */ -) - -func (k coreKind) checksForExistence() bool { - return k == reloEnumvalExists || k == reloTypeExists || k == reloFieldExists -} - -func (k coreKind) String() string { - switch k { - case reloFieldByteOffset: - return "byte_off" - case reloFieldByteSize: - return "byte_sz" - case reloFieldExists: - return "field_exists" - case reloFieldSigned: - return "signed" - case reloFieldLShiftU64: - return "lshift_u64" - case reloFieldRShiftU64: - return "rshift_u64" - case reloTypeIDLocal: - return "local_type_id" - case reloTypeIDTarget: - return "target_type_id" - case reloTypeExists: - return "type_exists" - case reloTypeSize: - return "type_size" - case reloEnumvalExists: - return "enumval_exists" - case reloEnumvalValue: - return "enumval_value" - default: - return "unknown" - } -} - -// CORERelocate calculates the difference in types between local and target. -// -// Returns a list of fixups which can be applied to instructions to make them -// match the target type(s). -// -// Fixups are returned in the order of relos, e.g. fixup[i] is the solution -// for relos[i]. -func CORERelocate(local, target *Spec, relos []*CORERelocation) ([]COREFixup, error) { - if local.byteOrder != target.byteOrder { - return nil, fmt.Errorf("can't relocate %s against %s", local.byteOrder, target.byteOrder) - } - - type reloGroup struct { - relos []*CORERelocation - // Position of each relocation in relos. - indices []int - } - - // Split relocations into per Type lists. - relosByType := make(map[Type]*reloGroup) - result := make([]COREFixup, len(relos)) - for i, relo := range relos { - if relo.kind == reloTypeIDLocal { - // Filtering out reloTypeIDLocal here makes our lives a lot easier - // down the line, since it doesn't have a target at all. - if len(relo.accessor) > 1 || relo.accessor[0] != 0 { - return nil, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor) - } - - id, err := local.TypeID(relo.typ) - if err != nil { - return nil, fmt.Errorf("%s: %w", relo.kind, err) - } - - result[i] = COREFixup{ - kind: relo.kind, - local: uint32(id), - target: uint32(id), - } - continue - } - - group, ok := relosByType[relo.typ] - if !ok { - group = &reloGroup{} - relosByType[relo.typ] = group - } - group.relos = append(group.relos, relo) - group.indices = append(group.indices, i) - } - - for localType, group := range relosByType { - localTypeName := localType.TypeName() - if localTypeName == "" { - return nil, fmt.Errorf("relocate unnamed or anonymous type %s: %w", localType, ErrNotSupported) - } - - targets := target.namedTypes[newEssentialName(localTypeName)] - fixups, err := coreCalculateFixups(local, target, localType, targets, group.relos) - if err != nil { - return nil, fmt.Errorf("relocate %s: %w", localType, err) - } - - for j, index := range group.indices { - result[index] = fixups[j] - } - } - - return result, nil -} - -var errAmbiguousRelocation = errors.New("ambiguous relocation") -var errImpossibleRelocation = errors.New("impossible relocation") - -// coreCalculateFixups calculates the fixups for the given relocations using -// the "best" target. -// -// The best target is determined by scoring: the less poisoning we have to do -// the better the target is. -func coreCalculateFixups(localSpec, targetSpec *Spec, local Type, targets []Type, relos []*CORERelocation) ([]COREFixup, error) { - localID, err := localSpec.TypeID(local) - if err != nil { - return nil, fmt.Errorf("local type ID: %w", err) - } - local = Copy(local, UnderlyingType) - - bestScore := len(relos) - var bestFixups []COREFixup - for i := range targets { - targetID, err := targetSpec.TypeID(targets[i]) - if err != nil { - return nil, fmt.Errorf("target type ID: %w", err) - } - target := Copy(targets[i], UnderlyingType) - - score := 0 // lower is better - fixups := make([]COREFixup, 0, len(relos)) - for _, relo := range relos { - fixup, err := coreCalculateFixup(localSpec.byteOrder, local, localID, target, targetID, relo) - if err != nil { - return nil, fmt.Errorf("target %s: %w", target, err) - } - if fixup.poison || fixup.isNonExistant() { - score++ - } - fixups = append(fixups, fixup) - } - - if score > bestScore { - // We have a better target already, ignore this one. - continue - } - - if score < bestScore { - // This is the best target yet, use it. - bestScore = score - bestFixups = fixups - continue - } - - // Some other target has the same score as the current one. Make sure - // the fixups agree with each other. - for i, fixup := range bestFixups { - if !fixup.equal(fixups[i]) { - return nil, fmt.Errorf("%s: multiple types match: %w", fixup.kind, errAmbiguousRelocation) - } - } - } - - if bestFixups == nil { - // Nothing at all matched, probably because there are no suitable - // targets at all. - // - // Poison everything except checksForExistence. - bestFixups = make([]COREFixup, len(relos)) - for i, relo := range relos { - if relo.kind.checksForExistence() { - bestFixups[i] = COREFixup{kind: relo.kind, local: 1, target: 0} - } else { - bestFixups[i] = COREFixup{kind: relo.kind, poison: true} - } - } - } - - return bestFixups, nil -} - -// coreCalculateFixup calculates the fixup for a single local type, target type -// and relocation. -func coreCalculateFixup(byteOrder binary.ByteOrder, local Type, localID TypeID, target Type, targetID TypeID, relo *CORERelocation) (COREFixup, error) { - fixup := func(local, target uint32) (COREFixup, error) { - return COREFixup{kind: relo.kind, local: local, target: target}, nil - } - fixupWithoutValidation := func(local, target uint32) (COREFixup, error) { - return COREFixup{kind: relo.kind, local: local, target: target, skipLocalValidation: true}, nil - } - poison := func() (COREFixup, error) { - if relo.kind.checksForExistence() { - return fixup(1, 0) - } - return COREFixup{kind: relo.kind, poison: true}, nil - } - zero := COREFixup{} - - switch relo.kind { - case reloTypeIDTarget, reloTypeSize, reloTypeExists: - if len(relo.accessor) > 1 || relo.accessor[0] != 0 { - return zero, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor) - } - - err := coreAreTypesCompatible(local, target) - if errors.Is(err, errImpossibleRelocation) { - return poison() - } - if err != nil { - return zero, fmt.Errorf("relocation %s: %w", relo.kind, err) - } - - switch relo.kind { - case reloTypeExists: - return fixup(1, 1) - - case reloTypeIDTarget: - return fixup(uint32(localID), uint32(targetID)) - - case reloTypeSize: - localSize, err := Sizeof(local) - if err != nil { - return zero, err - } - - targetSize, err := Sizeof(target) - if err != nil { - return zero, err - } - - return fixup(uint32(localSize), uint32(targetSize)) - } - - case reloEnumvalValue, reloEnumvalExists: - localValue, targetValue, err := coreFindEnumValue(local, relo.accessor, target) - if errors.Is(err, errImpossibleRelocation) { - return poison() - } - if err != nil { - return zero, fmt.Errorf("relocation %s: %w", relo.kind, err) - } - - switch relo.kind { - case reloEnumvalExists: - return fixup(1, 1) - - case reloEnumvalValue: - return fixup(uint32(localValue.Value), uint32(targetValue.Value)) - } - - case reloFieldSigned: - switch local.(type) { - case *Enum: - return fixup(1, 1) - case *Int: - return fixup( - uint32(local.(*Int).Encoding&Signed), - uint32(target.(*Int).Encoding&Signed), - ) - default: - return fixupWithoutValidation(0, 0) - } - - case reloFieldByteOffset, reloFieldByteSize, reloFieldExists, reloFieldLShiftU64, reloFieldRShiftU64: - if _, ok := target.(*Fwd); ok { - // We can't relocate fields using a forward declaration, so - // skip it. If a non-forward declaration is present in the BTF - // we'll find it in one of the other iterations. - return poison() - } - - localField, targetField, err := coreFindField(local, relo.accessor, target) - if errors.Is(err, errImpossibleRelocation) { - return poison() - } - if err != nil { - return zero, fmt.Errorf("target %s: %w", target, err) - } - - maybeSkipValidation := func(f COREFixup, err error) (COREFixup, error) { - f.skipLocalValidation = localField.bitfieldSize > 0 - return f, err - } - - switch relo.kind { - case reloFieldExists: - return fixup(1, 1) - - case reloFieldByteOffset: - return maybeSkipValidation(fixup(localField.offset, targetField.offset)) - - case reloFieldByteSize: - localSize, err := Sizeof(localField.Type) - if err != nil { - return zero, err - } - - targetSize, err := Sizeof(targetField.Type) - if err != nil { - return zero, err - } - return maybeSkipValidation(fixup(uint32(localSize), uint32(targetSize))) - - case reloFieldLShiftU64: - var target uint32 - if byteOrder == binary.LittleEndian { - targetSize, err := targetField.sizeBits() - if err != nil { - return zero, err - } - - target = uint32(64 - targetField.bitfieldOffset - targetSize) - } else { - loadWidth, err := Sizeof(targetField.Type) - if err != nil { - return zero, err - } - - target = uint32(64 - Bits(loadWidth*8) + targetField.bitfieldOffset) - } - return fixupWithoutValidation(0, target) - - case reloFieldRShiftU64: - targetSize, err := targetField.sizeBits() - if err != nil { - return zero, err - } - - return fixupWithoutValidation(0, uint32(64-targetSize)) - } - } - - return zero, fmt.Errorf("relocation %s: %w", relo.kind, ErrNotSupported) -} - -/* coreAccessor contains a path through a struct. It contains at least one index. - * - * The interpretation depends on the kind of the relocation. The following is - * taken from struct bpf_core_relo in libbpf_internal.h: - * - * - for field-based relocations, string encodes an accessed field using - * a sequence of field and array indices, separated by colon (:). It's - * conceptually very close to LLVM's getelementptr ([0]) instruction's - * arguments for identifying offset to a field. - * - for type-based relocations, strings is expected to be just "0"; - * - for enum value-based relocations, string contains an index of enum - * value within its enum type; - * - * Example to provide a better feel. - * - * struct sample { - * int a; - * struct { - * int b[10]; - * }; - * }; - * - * struct sample s = ...; - * int x = &s->a; // encoded as "0:0" (a is field #0) - * int y = &s->b[5]; // encoded as "0:1:0:5" (anon struct is field #1, - * // b is field #0 inside anon struct, accessing elem #5) - * int z = &s[10]->b; // encoded as "10:1" (ptr is used as an array) - */ -type coreAccessor []int - -func parseCOREAccessor(accessor string) (coreAccessor, error) { - if accessor == "" { - return nil, fmt.Errorf("empty accessor") - } - - parts := strings.Split(accessor, ":") - result := make(coreAccessor, 0, len(parts)) - for _, part := range parts { - // 31 bits to avoid overflowing int on 32 bit platforms. - index, err := strconv.ParseUint(part, 10, 31) - if err != nil { - return nil, fmt.Errorf("accessor index %q: %s", part, err) - } - - result = append(result, int(index)) - } - - return result, nil -} - -func (ca coreAccessor) String() string { - strs := make([]string, 0, len(ca)) - for _, i := range ca { - strs = append(strs, strconv.Itoa(i)) - } - return strings.Join(strs, ":") -} - -func (ca coreAccessor) enumValue(t Type) (*EnumValue, error) { - e, ok := t.(*Enum) - if !ok { - return nil, fmt.Errorf("not an enum: %s", t) - } - - if len(ca) > 1 { - return nil, fmt.Errorf("invalid accessor %s for enum", ca) - } - - i := ca[0] - if i >= len(e.Values) { - return nil, fmt.Errorf("invalid index %d for %s", i, e) - } - - return &e.Values[i], nil -} - -// coreField represents the position of a "child" of a composite type from the -// start of that type. -// -// /- start of composite -// | offset * 8 | bitfieldOffset | bitfieldSize | ... | -// \- start of field end of field -/ -type coreField struct { - Type Type - - // The position of the field from the start of the composite type in bytes. - offset uint32 - - // The offset of the bitfield in bits from the start of the field. - bitfieldOffset Bits - - // The size of the bitfield in bits. - // - // Zero if the field is not a bitfield. - bitfieldSize Bits -} - -func (cf *coreField) adjustOffsetToNthElement(n int) error { - size, err := Sizeof(cf.Type) - if err != nil { - return err - } - - cf.offset += uint32(n) * uint32(size) - return nil -} - -func (cf *coreField) adjustOffsetBits(offset Bits) error { - align, err := alignof(cf.Type) - if err != nil { - return err - } - - // We can compute the load offset by: - // 1) converting the bit offset to bytes with a flooring division. - // 2) dividing and multiplying that offset by the alignment, yielding the - // load size aligned offset. - offsetBytes := uint32(offset/8) / uint32(align) * uint32(align) - - // The number of bits remaining is the bit offset less the number of bits - // we can "skip" with the aligned offset. - cf.bitfieldOffset = offset - Bits(offsetBytes*8) - - // We know that cf.offset is aligned at to at least align since we get it - // from the compiler via BTF. Adding an aligned offsetBytes preserves the - // alignment. - cf.offset += offsetBytes - return nil -} - -func (cf *coreField) sizeBits() (Bits, error) { - if cf.bitfieldSize > 0 { - return cf.bitfieldSize, nil - } - - // Someone is trying to access a non-bitfield via a bit shift relocation. - // This happens when a field changes from a bitfield to a regular field - // between kernel versions. Synthesise the size to make the shifts work. - size, err := Sizeof(cf.Type) - if err != nil { - return 0, nil - } - return Bits(size * 8), nil -} - -// coreFindField descends into the local type using the accessor and tries to -// find an equivalent field in target at each step. -// -// Returns the field and the offset of the field from the start of -// target in bits. -func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, coreField, error) { - local := coreField{Type: localT} - target := coreField{Type: targetT} - - // The first index is used to offset a pointer of the base type like - // when accessing an array. - if err := local.adjustOffsetToNthElement(localAcc[0]); err != nil { - return coreField{}, coreField{}, err - } - - if err := target.adjustOffsetToNthElement(localAcc[0]); err != nil { - return coreField{}, coreField{}, err - } - - if err := coreAreMembersCompatible(local.Type, target.Type); err != nil { - return coreField{}, coreField{}, fmt.Errorf("fields: %w", err) - } - - var localMaybeFlex, targetMaybeFlex bool - for i, acc := range localAcc[1:] { - switch localType := local.Type.(type) { - case composite: - // For composite types acc is used to find the field in the local type, - // and then we try to find a field in target with the same name. - localMembers := localType.members() - if acc >= len(localMembers) { - return coreField{}, coreField{}, fmt.Errorf("invalid accessor %d for %s", acc, localType) - } - - localMember := localMembers[acc] - if localMember.Name == "" { - _, ok := localMember.Type.(composite) - if !ok { - return coreField{}, coreField{}, fmt.Errorf("unnamed field with type %s: %s", localMember.Type, ErrNotSupported) - } - - // This is an anonymous struct or union, ignore it. - local = coreField{ - Type: localMember.Type, - offset: local.offset + localMember.Offset.Bytes(), - } - localMaybeFlex = false - continue - } - - targetType, ok := target.Type.(composite) - if !ok { - return coreField{}, coreField{}, fmt.Errorf("target not composite: %w", errImpossibleRelocation) - } - - targetMember, last, err := coreFindMember(targetType, localMember.Name) - if err != nil { - return coreField{}, coreField{}, err - } - - local = coreField{ - Type: localMember.Type, - offset: local.offset, - bitfieldSize: localMember.BitfieldSize, - } - localMaybeFlex = acc == len(localMembers)-1 - - target = coreField{ - Type: targetMember.Type, - offset: target.offset, - bitfieldSize: targetMember.BitfieldSize, - } - targetMaybeFlex = last - - if local.bitfieldSize == 0 && target.bitfieldSize == 0 { - local.offset += localMember.Offset.Bytes() - target.offset += targetMember.Offset.Bytes() - break - } - - // Either of the members is a bitfield. Make sure we're at the - // end of the accessor. - if next := i + 1; next < len(localAcc[1:]) { - return coreField{}, coreField{}, fmt.Errorf("can't descend into bitfield") - } - - if err := local.adjustOffsetBits(localMember.Offset); err != nil { - return coreField{}, coreField{}, err - } - - if err := target.adjustOffsetBits(targetMember.Offset); err != nil { - return coreField{}, coreField{}, err - } - - case *Array: - // For arrays, acc is the index in the target. - targetType, ok := target.Type.(*Array) - if !ok { - return coreField{}, coreField{}, fmt.Errorf("target not array: %w", errImpossibleRelocation) - } - - if localType.Nelems == 0 && !localMaybeFlex { - return coreField{}, coreField{}, fmt.Errorf("local type has invalid flexible array") - } - if targetType.Nelems == 0 && !targetMaybeFlex { - return coreField{}, coreField{}, fmt.Errorf("target type has invalid flexible array") - } - - if localType.Nelems > 0 && acc >= int(localType.Nelems) { - return coreField{}, coreField{}, fmt.Errorf("invalid access of %s at index %d", localType, acc) - } - if targetType.Nelems > 0 && acc >= int(targetType.Nelems) { - return coreField{}, coreField{}, fmt.Errorf("out of bounds access of target: %w", errImpossibleRelocation) - } - - local = coreField{ - Type: localType.Type, - offset: local.offset, - } - localMaybeFlex = false - - if err := local.adjustOffsetToNthElement(acc); err != nil { - return coreField{}, coreField{}, err - } - - target = coreField{ - Type: targetType.Type, - offset: target.offset, - } - targetMaybeFlex = false - - if err := target.adjustOffsetToNthElement(acc); err != nil { - return coreField{}, coreField{}, err - } - - default: - return coreField{}, coreField{}, fmt.Errorf("relocate field of %T: %w", localType, ErrNotSupported) - } - - if err := coreAreMembersCompatible(local.Type, target.Type); err != nil { - return coreField{}, coreField{}, err - } - } - - return local, target, nil -} - -// coreFindMember finds a member in a composite type while handling anonymous -// structs and unions. -func coreFindMember(typ composite, name string) (Member, bool, error) { - if name == "" { - return Member{}, false, errors.New("can't search for anonymous member") - } - - type offsetTarget struct { - composite - offset Bits - } - - targets := []offsetTarget{{typ, 0}} - visited := make(map[composite]bool) - - for i := 0; i < len(targets); i++ { - target := targets[i] - - // Only visit targets once to prevent infinite recursion. - if visited[target] { - continue - } - if len(visited) >= maxTypeDepth { - // This check is different than libbpf, which restricts the entire - // path to BPF_CORE_SPEC_MAX_LEN items. - return Member{}, false, fmt.Errorf("type is nested too deep") - } - visited[target] = true - - members := target.members() - for j, member := range members { - if member.Name == name { - // NB: This is safe because member is a copy. - member.Offset += target.offset - return member, j == len(members)-1, nil - } - - // The names don't match, but this member could be an anonymous struct - // or union. - if member.Name != "" { - continue - } - - comp, ok := member.Type.(composite) - if !ok { - return Member{}, false, fmt.Errorf("anonymous non-composite type %T not allowed", member.Type) - } - - targets = append(targets, offsetTarget{comp, target.offset + member.Offset}) - } - } - - return Member{}, false, fmt.Errorf("no matching member: %w", errImpossibleRelocation) -} - -// coreFindEnumValue follows localAcc to find the equivalent enum value in target. -func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localValue, targetValue *EnumValue, _ error) { - localValue, err := localAcc.enumValue(local) - if err != nil { - return nil, nil, err - } - - targetEnum, ok := target.(*Enum) - if !ok { - return nil, nil, errImpossibleRelocation - } - - localName := newEssentialName(localValue.Name) - for i, targetValue := range targetEnum.Values { - if newEssentialName(targetValue.Name) != localName { - continue - } - - return localValue, &targetEnum.Values[i], nil - } - - return nil, nil, errImpossibleRelocation -} - -/* The comment below is from bpf_core_types_are_compat in libbpf.c: - * - * Check local and target types for compatibility. This check is used for - * type-based CO-RE relocations and follow slightly different rules than - * field-based relocations. This function assumes that root types were already - * checked for name match. Beyond that initial root-level name check, names - * are completely ignored. Compatibility rules are as follows: - * - any two STRUCTs/UNIONs/FWDs/ENUMs/INTs are considered compatible, but - * kind should match for local and target types (i.e., STRUCT is not - * compatible with UNION); - * - for ENUMs, the size is ignored; - * - for INT, size and signedness are ignored; - * - for ARRAY, dimensionality is ignored, element types are checked for - * compatibility recursively; - * - CONST/VOLATILE/RESTRICT modifiers are ignored; - * - TYPEDEFs/PTRs are compatible if types they pointing to are compatible; - * - FUNC_PROTOs are compatible if they have compatible signature: same - * number of input args and compatible return and argument types. - * These rules are not set in stone and probably will be adjusted as we get - * more experience with using BPF CO-RE relocations. - * - * Returns errImpossibleRelocation if types are not compatible. - */ -func coreAreTypesCompatible(localType Type, targetType Type) error { - var ( - localTs, targetTs typeDeque - l, t = &localType, &targetType - depth = 0 - ) - - for ; l != nil && t != nil; l, t = localTs.shift(), targetTs.shift() { - if depth >= maxTypeDepth { - return errors.New("types are nested too deep") - } - - localType = *l - targetType = *t - - if reflect.TypeOf(localType) != reflect.TypeOf(targetType) { - return fmt.Errorf("type mismatch: %w", errImpossibleRelocation) - } - - switch lv := (localType).(type) { - case *Void, *Struct, *Union, *Enum, *Fwd, *Int: - // Nothing to do here - - case *Pointer, *Array: - depth++ - localType.walk(&localTs) - targetType.walk(&targetTs) - - case *FuncProto: - tv := targetType.(*FuncProto) - if len(lv.Params) != len(tv.Params) { - return fmt.Errorf("function param mismatch: %w", errImpossibleRelocation) - } - - depth++ - localType.walk(&localTs) - targetType.walk(&targetTs) - - default: - return fmt.Errorf("unsupported type %T", localType) - } - } - - if l != nil { - return fmt.Errorf("dangling local type %T", *l) - } - - if t != nil { - return fmt.Errorf("dangling target type %T", *t) - } - - return nil -} - -/* coreAreMembersCompatible checks two types for field-based relocation compatibility. - * - * The comment below is from bpf_core_fields_are_compat in libbpf.c: - * - * Check two types for compatibility for the purpose of field access - * relocation. const/volatile/restrict and typedefs are skipped to ensure we - * are relocating semantically compatible entities: - * - any two STRUCTs/UNIONs are compatible and can be mixed; - * - any two FWDs are compatible, if their names match (modulo flavor suffix); - * - any two PTRs are always compatible; - * - for ENUMs, names should be the same (ignoring flavor suffix) or at - * least one of enums should be anonymous; - * - for ENUMs, check sizes, names are ignored; - * - for INT, size and signedness are ignored; - * - any two FLOATs are always compatible; - * - for ARRAY, dimensionality is ignored, element types are checked for - * compatibility recursively; - * [ NB: coreAreMembersCompatible doesn't recurse, this check is done - * by coreFindField. ] - * - everything else shouldn't be ever a target of relocation. - * These rules are not set in stone and probably will be adjusted as we get - * more experience with using BPF CO-RE relocations. - * - * Returns errImpossibleRelocation if the members are not compatible. - */ -func coreAreMembersCompatible(localType Type, targetType Type) error { - doNamesMatch := func(a, b string) error { - if a == "" || b == "" { - // allow anonymous and named type to match - return nil - } - - if newEssentialName(a) == newEssentialName(b) { - return nil - } - - return fmt.Errorf("names don't match: %w", errImpossibleRelocation) - } - - _, lok := localType.(composite) - _, tok := targetType.(composite) - if lok && tok { - return nil - } - - if reflect.TypeOf(localType) != reflect.TypeOf(targetType) { - return fmt.Errorf("type mismatch: %w", errImpossibleRelocation) - } - - switch lv := localType.(type) { - case *Array, *Pointer, *Float, *Int: - return nil - - case *Enum: - tv := targetType.(*Enum) - return doNamesMatch(lv.Name, tv.Name) - - case *Fwd: - tv := targetType.(*Fwd) - return doNamesMatch(lv.Name, tv.Name) - - default: - return fmt.Errorf("type %s: %w", localType, ErrNotSupported) - } -} diff --git a/vendor/github.com/cilium/ebpf/btf/doc.go b/vendor/github.com/cilium/ebpf/btf/doc.go deleted file mode 100644 index b1f4b1fc3e..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/doc.go +++ /dev/null @@ -1,5 +0,0 @@ -// Package btf handles data encoded according to the BPF Type Format. -// -// The canonical documentation lives in the Linux kernel repository and is -// available at https://www.kernel.org/doc/html/latest/bpf/btf.html -package btf diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go deleted file mode 100644 index 2c0e1afe29..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ /dev/null @@ -1,721 +0,0 @@ -package btf - -import ( - "bytes" - "encoding/binary" - "errors" - "fmt" - "io" - "math" - "sort" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal" -) - -// ExtInfos contains ELF section metadata. -type ExtInfos struct { - // The slices are sorted by offset in ascending order. - funcInfos map[string][]funcInfo - lineInfos map[string][]lineInfo - relocationInfos map[string][]coreRelocationInfo -} - -// loadExtInfosFromELF parses ext infos from the .BTF.ext section in an ELF. -// -// Returns an error wrapping ErrNotFound if no ext infos are present. -func loadExtInfosFromELF(file *internal.SafeELFFile, ts types, strings *stringTable) (*ExtInfos, error) { - section := file.Section(".BTF.ext") - if section == nil { - return nil, fmt.Errorf("btf ext infos: %w", ErrNotFound) - } - - if section.ReaderAt == nil { - return nil, fmt.Errorf("compressed ext_info is not supported") - } - - return loadExtInfos(section.ReaderAt, file.ByteOrder, ts, strings) -} - -// loadExtInfos parses bare ext infos. -func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, ts types, strings *stringTable) (*ExtInfos, error) { - // Open unbuffered section reader. binary.Read() calls io.ReadFull on - // the header structs, resulting in one syscall per header. - headerRd := io.NewSectionReader(r, 0, math.MaxInt64) - extHeader, err := parseBTFExtHeader(headerRd, bo) - if err != nil { - return nil, fmt.Errorf("parsing BTF extension header: %w", err) - } - - coreHeader, err := parseBTFExtCOREHeader(headerRd, bo, extHeader) - if err != nil { - return nil, fmt.Errorf("parsing BTF CO-RE header: %w", err) - } - - buf := internal.NewBufferedSectionReader(r, extHeader.funcInfoStart(), int64(extHeader.FuncInfoLen)) - btfFuncInfos, err := parseFuncInfos(buf, bo, strings) - if err != nil { - return nil, fmt.Errorf("parsing BTF function info: %w", err) - } - - funcInfos := make(map[string][]funcInfo, len(btfFuncInfos)) - for section, bfis := range btfFuncInfos { - funcInfos[section], err = newFuncInfos(bfis, ts) - if err != nil { - return nil, fmt.Errorf("section %s: func infos: %w", section, err) - } - } - - buf = internal.NewBufferedSectionReader(r, extHeader.lineInfoStart(), int64(extHeader.LineInfoLen)) - btfLineInfos, err := parseLineInfos(buf, bo, strings) - if err != nil { - return nil, fmt.Errorf("parsing BTF line info: %w", err) - } - - lineInfos := make(map[string][]lineInfo, len(btfLineInfos)) - for section, blis := range btfLineInfos { - lineInfos[section], err = newLineInfos(blis, strings) - if err != nil { - return nil, fmt.Errorf("section %s: line infos: %w", section, err) - } - } - - if coreHeader == nil || coreHeader.COREReloLen == 0 { - return &ExtInfos{funcInfos, lineInfos, nil}, nil - } - - var btfCORERelos map[string][]bpfCORERelo - buf = internal.NewBufferedSectionReader(r, extHeader.coreReloStart(coreHeader), int64(coreHeader.COREReloLen)) - btfCORERelos, err = parseCORERelos(buf, bo, strings) - if err != nil { - return nil, fmt.Errorf("parsing CO-RE relocation info: %w", err) - } - - coreRelos := make(map[string][]coreRelocationInfo, len(btfCORERelos)) - for section, brs := range btfCORERelos { - coreRelos[section], err = newRelocationInfos(brs, ts, strings) - if err != nil { - return nil, fmt.Errorf("section %s: CO-RE relocations: %w", section, err) - } - } - - return &ExtInfos{funcInfos, lineInfos, coreRelos}, nil -} - -type funcInfoMeta struct{} -type coreRelocationMeta struct{} - -// Assign per-section metadata from BTF to a section's instructions. -func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { - funcInfos := ei.funcInfos[section] - lineInfos := ei.lineInfos[section] - reloInfos := ei.relocationInfos[section] - - iter := insns.Iterate() - for iter.Next() { - if len(funcInfos) > 0 && funcInfos[0].offset == iter.Offset { - iter.Ins.Metadata.Set(funcInfoMeta{}, funcInfos[0].fn) - funcInfos = funcInfos[1:] - } - - if len(lineInfos) > 0 && lineInfos[0].offset == iter.Offset { - *iter.Ins = iter.Ins.WithSource(lineInfos[0].line) - lineInfos = lineInfos[1:] - } - - if len(reloInfos) > 0 && reloInfos[0].offset == iter.Offset { - iter.Ins.Metadata.Set(coreRelocationMeta{}, reloInfos[0].relo) - reloInfos = reloInfos[1:] - } - } -} - -// MarshalExtInfos encodes function and line info embedded in insns into kernel -// wire format. -func MarshalExtInfos(insns asm.Instructions, typeID func(Type) (TypeID, error)) (funcInfos, lineInfos []byte, _ error) { - iter := insns.Iterate() - var fiBuf, liBuf bytes.Buffer - for iter.Next() { - if fn := FuncMetadata(iter.Ins); fn != nil { - fi := &funcInfo{ - fn: fn, - offset: iter.Offset, - } - if err := fi.marshal(&fiBuf, typeID); err != nil { - return nil, nil, fmt.Errorf("write func info: %w", err) - } - } - - if line, ok := iter.Ins.Source().(*Line); ok { - li := &lineInfo{ - line: line, - offset: iter.Offset, - } - if err := li.marshal(&liBuf); err != nil { - return nil, nil, fmt.Errorf("write line info: %w", err) - } - } - } - return fiBuf.Bytes(), liBuf.Bytes(), nil -} - -// btfExtHeader is found at the start of the .BTF.ext section. -type btfExtHeader struct { - Magic uint16 - Version uint8 - Flags uint8 - - // HdrLen is larger than the size of struct btfExtHeader when it is - // immediately followed by a btfExtCOREHeader. - HdrLen uint32 - - FuncInfoOff uint32 - FuncInfoLen uint32 - LineInfoOff uint32 - LineInfoLen uint32 -} - -// parseBTFExtHeader parses the header of the .BTF.ext section. -func parseBTFExtHeader(r io.Reader, bo binary.ByteOrder) (*btfExtHeader, error) { - var header btfExtHeader - if err := binary.Read(r, bo, &header); err != nil { - return nil, fmt.Errorf("can't read header: %v", err) - } - - if header.Magic != btfMagic { - return nil, fmt.Errorf("incorrect magic value %v", header.Magic) - } - - if header.Version != 1 { - return nil, fmt.Errorf("unexpected version %v", header.Version) - } - - if header.Flags != 0 { - return nil, fmt.Errorf("unsupported flags %v", header.Flags) - } - - if int64(header.HdrLen) < int64(binary.Size(&header)) { - return nil, fmt.Errorf("header length shorter than btfExtHeader size") - } - - return &header, nil -} - -// funcInfoStart returns the offset from the beginning of the .BTF.ext section -// to the start of its func_info entries. -func (h *btfExtHeader) funcInfoStart() int64 { - return int64(h.HdrLen + h.FuncInfoOff) -} - -// lineInfoStart returns the offset from the beginning of the .BTF.ext section -// to the start of its line_info entries. -func (h *btfExtHeader) lineInfoStart() int64 { - return int64(h.HdrLen + h.LineInfoOff) -} - -// coreReloStart returns the offset from the beginning of the .BTF.ext section -// to the start of its CO-RE relocation entries. -func (h *btfExtHeader) coreReloStart(ch *btfExtCOREHeader) int64 { - return int64(h.HdrLen + ch.COREReloOff) -} - -// btfExtCOREHeader is found right after the btfExtHeader when its HdrLen -// field is larger than its size. -type btfExtCOREHeader struct { - COREReloOff uint32 - COREReloLen uint32 -} - -// parseBTFExtCOREHeader parses the tail of the .BTF.ext header. If additional -// header bytes are present, extHeader.HdrLen will be larger than the struct, -// indicating the presence of a CO-RE extension header. -func parseBTFExtCOREHeader(r io.Reader, bo binary.ByteOrder, extHeader *btfExtHeader) (*btfExtCOREHeader, error) { - extHdrSize := int64(binary.Size(&extHeader)) - remainder := int64(extHeader.HdrLen) - extHdrSize - - if remainder == 0 { - return nil, nil - } - - var coreHeader btfExtCOREHeader - if err := binary.Read(r, bo, &coreHeader); err != nil { - return nil, fmt.Errorf("can't read header: %v", err) - } - - return &coreHeader, nil -} - -type btfExtInfoSec struct { - SecNameOff uint32 - NumInfo uint32 -} - -// parseExtInfoSec parses a btf_ext_info_sec header within .BTF.ext, -// appearing within func_info and line_info sub-sections. -// These headers appear once for each program section in the ELF and are -// followed by one or more func/line_info records for the section. -func parseExtInfoSec(r io.Reader, bo binary.ByteOrder, strings *stringTable) (string, *btfExtInfoSec, error) { - var infoHeader btfExtInfoSec - if err := binary.Read(r, bo, &infoHeader); err != nil { - return "", nil, fmt.Errorf("read ext info header: %w", err) - } - - secName, err := strings.Lookup(infoHeader.SecNameOff) - if err != nil { - return "", nil, fmt.Errorf("get section name: %w", err) - } - if secName == "" { - return "", nil, fmt.Errorf("extinfo header refers to empty section name") - } - - if infoHeader.NumInfo == 0 { - return "", nil, fmt.Errorf("section %s has zero records", secName) - } - - return secName, &infoHeader, nil -} - -// parseExtInfoRecordSize parses the uint32 at the beginning of a func_infos -// or line_infos segment that describes the length of all extInfoRecords in -// that segment. -func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { - const maxRecordSize = 256 - - var recordSize uint32 - if err := binary.Read(r, bo, &recordSize); err != nil { - return 0, fmt.Errorf("can't read record size: %v", err) - } - - if recordSize < 4 { - // Need at least InsnOff worth of bytes per record. - return 0, errors.New("record size too short") - } - if recordSize > maxRecordSize { - return 0, fmt.Errorf("record size %v exceeds %v", recordSize, maxRecordSize) - } - - return recordSize, nil -} - -// The size of a FuncInfo in BTF wire format. -var FuncInfoSize = uint32(binary.Size(bpfFuncInfo{})) - -type funcInfo struct { - fn *Func - offset asm.RawInstructionOffset -} - -type bpfFuncInfo struct { - // Instruction offset of the function within an ELF section. - InsnOff uint32 - TypeID TypeID -} - -func newFuncInfo(fi bpfFuncInfo, ts types) (*funcInfo, error) { - typ, err := ts.ByID(fi.TypeID) - if err != nil { - return nil, err - } - - fn, ok := typ.(*Func) - if !ok { - return nil, fmt.Errorf("type ID %d is a %T, but expected a Func", fi.TypeID, typ) - } - - // C doesn't have anonymous functions, but check just in case. - if fn.Name == "" { - return nil, fmt.Errorf("func with type ID %d doesn't have a name", fi.TypeID) - } - - return &funcInfo{ - fn, - asm.RawInstructionOffset(fi.InsnOff), - }, nil -} - -func newFuncInfos(bfis []bpfFuncInfo, ts types) ([]funcInfo, error) { - fis := make([]funcInfo, 0, len(bfis)) - for _, bfi := range bfis { - fi, err := newFuncInfo(bfi, ts) - if err != nil { - return nil, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) - } - fis = append(fis, *fi) - } - sort.Slice(fis, func(i, j int) bool { - return fis[i].offset <= fis[j].offset - }) - return fis, nil -} - -// marshal into the BTF wire format. -func (fi *funcInfo) marshal(w io.Writer, typeID func(Type) (TypeID, error)) error { - id, err := typeID(fi.fn) - if err != nil { - return err - } - bfi := bpfFuncInfo{ - InsnOff: uint32(fi.offset), - TypeID: id, - } - return binary.Write(w, internal.NativeEndian, &bfi) -} - -// parseLineInfos parses a func_info sub-section within .BTF.ext ito a map of -// func infos indexed by section name. -func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfFuncInfo, error) { - recordSize, err := parseExtInfoRecordSize(r, bo) - if err != nil { - return nil, err - } - - result := make(map[string][]bpfFuncInfo) - for { - secName, infoHeader, err := parseExtInfoSec(r, bo, strings) - if errors.Is(err, io.EOF) { - return result, nil - } - if err != nil { - return nil, err - } - - records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo) - if err != nil { - return nil, fmt.Errorf("section %v: %w", secName, err) - } - - result[secName] = records - } -} - -// parseFuncInfoRecords parses a stream of func_infos into a funcInfos. -// These records appear after a btf_ext_info_sec header in the func_info -// sub-section of .BTF.ext. -func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfFuncInfo, error) { - var out []bpfFuncInfo - var fi bpfFuncInfo - - if exp, got := FuncInfoSize, recordSize; exp != got { - // BTF blob's record size is longer than we know how to parse. - return nil, fmt.Errorf("expected FuncInfo record size %d, but BTF blob contains %d", exp, got) - } - - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &fi); err != nil { - return nil, fmt.Errorf("can't read function info: %v", err) - } - - if fi.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) - } - - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - fi.InsnOff /= asm.InstructionSize - - out = append(out, fi) - } - - return out, nil -} - -var LineInfoSize = uint32(binary.Size(bpfLineInfo{})) - -// Line represents the location and contents of a single line of source -// code a BPF ELF was compiled from. -type Line struct { - fileName string - line string - lineNumber uint32 - lineColumn uint32 - - // TODO: We should get rid of the fields below, but for that we need to be - // able to write BTF. - - fileNameOff uint32 - lineOff uint32 -} - -func (li *Line) FileName() string { - return li.fileName -} - -func (li *Line) Line() string { - return li.line -} - -func (li *Line) LineNumber() uint32 { - return li.lineNumber -} - -func (li *Line) LineColumn() uint32 { - return li.lineColumn -} - -func (li *Line) String() string { - return li.line -} - -type lineInfo struct { - line *Line - offset asm.RawInstructionOffset -} - -// Constants for the format of bpfLineInfo.LineCol. -const ( - bpfLineShift = 10 - bpfLineMax = (1 << (32 - bpfLineShift)) - 1 - bpfColumnMax = (1 << bpfLineShift) - 1 -) - -type bpfLineInfo struct { - // Instruction offset of the line within the whole instruction stream, in instructions. - InsnOff uint32 - FileNameOff uint32 - LineOff uint32 - LineCol uint32 -} - -func newLineInfo(li bpfLineInfo, strings *stringTable) (*lineInfo, error) { - line, err := strings.Lookup(li.LineOff) - if err != nil { - return nil, fmt.Errorf("lookup of line: %w", err) - } - - fileName, err := strings.Lookup(li.FileNameOff) - if err != nil { - return nil, fmt.Errorf("lookup of filename: %w", err) - } - - lineNumber := li.LineCol >> bpfLineShift - lineColumn := li.LineCol & bpfColumnMax - - return &lineInfo{ - &Line{ - fileName, - line, - lineNumber, - lineColumn, - li.FileNameOff, - li.LineOff, - }, - asm.RawInstructionOffset(li.InsnOff), - }, nil -} - -func newLineInfos(blis []bpfLineInfo, strings *stringTable) ([]lineInfo, error) { - lis := make([]lineInfo, 0, len(blis)) - for _, bli := range blis { - li, err := newLineInfo(bli, strings) - if err != nil { - return nil, fmt.Errorf("offset %d: %w", bli.InsnOff, err) - } - lis = append(lis, *li) - } - sort.Slice(lis, func(i, j int) bool { - return lis[i].offset <= lis[j].offset - }) - return lis, nil -} - -// marshal writes the binary representation of the LineInfo to w. -func (li *lineInfo) marshal(w io.Writer) error { - line := li.line - if line.lineNumber > bpfLineMax { - return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) - } - - if line.lineColumn > bpfColumnMax { - return fmt.Errorf("column %d exceeds %d", line.lineColumn, bpfColumnMax) - } - - bli := bpfLineInfo{ - uint32(li.offset), - line.fileNameOff, - line.lineOff, - (line.lineNumber << bpfLineShift) | line.lineColumn, - } - return binary.Write(w, internal.NativeEndian, &bli) -} - -// parseLineInfos parses a line_info sub-section within .BTF.ext ito a map of -// line infos indexed by section name. -func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfLineInfo, error) { - recordSize, err := parseExtInfoRecordSize(r, bo) - if err != nil { - return nil, err - } - - result := make(map[string][]bpfLineInfo) - for { - secName, infoHeader, err := parseExtInfoSec(r, bo, strings) - if errors.Is(err, io.EOF) { - return result, nil - } - if err != nil { - return nil, err - } - - records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo) - if err != nil { - return nil, fmt.Errorf("section %v: %w", secName, err) - } - - result[secName] = records - } -} - -// parseLineInfoRecords parses a stream of line_infos into a lineInfos. -// These records appear after a btf_ext_info_sec header in the line_info -// sub-section of .BTF.ext. -func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfLineInfo, error) { - var out []bpfLineInfo - var li bpfLineInfo - - if exp, got := uint32(binary.Size(li)), recordSize; exp != got { - // BTF blob's record size is longer than we know how to parse. - return nil, fmt.Errorf("expected LineInfo record size %d, but BTF blob contains %d", exp, got) - } - - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &li); err != nil { - return nil, fmt.Errorf("can't read line info: %v", err) - } - - if li.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) - } - - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - li.InsnOff /= asm.InstructionSize - - out = append(out, li) - } - - return out, nil -} - -// bpfCORERelo matches the kernel's struct bpf_core_relo. -type bpfCORERelo struct { - InsnOff uint32 - TypeID TypeID - AccessStrOff uint32 - Kind coreKind -} - -type CORERelocation struct { - typ Type - accessor coreAccessor - kind coreKind -} - -func CORERelocationMetadata(ins *asm.Instruction) *CORERelocation { - relo, _ := ins.Metadata.Get(coreRelocationMeta{}).(*CORERelocation) - return relo -} - -type coreRelocationInfo struct { - relo *CORERelocation - offset asm.RawInstructionOffset -} - -func newRelocationInfo(relo bpfCORERelo, ts types, strings *stringTable) (*coreRelocationInfo, error) { - typ, err := ts.ByID(relo.TypeID) - if err != nil { - return nil, err - } - - accessorStr, err := strings.Lookup(relo.AccessStrOff) - if err != nil { - return nil, err - } - - accessor, err := parseCOREAccessor(accessorStr) - if err != nil { - return nil, fmt.Errorf("accessor %q: %s", accessorStr, err) - } - - return &coreRelocationInfo{ - &CORERelocation{ - typ, - accessor, - relo.Kind, - }, - asm.RawInstructionOffset(relo.InsnOff), - }, nil -} - -func newRelocationInfos(brs []bpfCORERelo, ts types, strings *stringTable) ([]coreRelocationInfo, error) { - rs := make([]coreRelocationInfo, 0, len(brs)) - for _, br := range brs { - relo, err := newRelocationInfo(br, ts, strings) - if err != nil { - return nil, fmt.Errorf("offset %d: %w", br.InsnOff, err) - } - rs = append(rs, *relo) - } - sort.Slice(rs, func(i, j int) bool { - return rs[i].offset < rs[j].offset - }) - return rs, nil -} - -var extInfoReloSize = binary.Size(bpfCORERelo{}) - -// parseCORERelos parses a core_relos sub-section within .BTF.ext ito a map of -// CO-RE relocations indexed by section name. -func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfCORERelo, error) { - recordSize, err := parseExtInfoRecordSize(r, bo) - if err != nil { - return nil, err - } - - if recordSize != uint32(extInfoReloSize) { - return nil, fmt.Errorf("expected record size %d, got %d", extInfoReloSize, recordSize) - } - - result := make(map[string][]bpfCORERelo) - for { - secName, infoHeader, err := parseExtInfoSec(r, bo, strings) - if errors.Is(err, io.EOF) { - return result, nil - } - if err != nil { - return nil, err - } - - records, err := parseCOREReloRecords(r, bo, recordSize, infoHeader.NumInfo) - if err != nil { - return nil, fmt.Errorf("section %v: %w", secName, err) - } - - result[secName] = records - } -} - -// parseCOREReloRecords parses a stream of CO-RE relocation entries into a -// coreRelos. These records appear after a btf_ext_info_sec header in the -// core_relos sub-section of .BTF.ext. -func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfCORERelo, error) { - var out []bpfCORERelo - - var relo bpfCORERelo - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &relo); err != nil { - return nil, fmt.Errorf("can't read CO-RE relocation: %v", err) - } - - if relo.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", relo.InsnOff) - } - - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - relo.InsnOff /= asm.InstructionSize - - out = append(out, relo) - } - - return out, nil -} diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go deleted file mode 100644 index e7688a2a6e..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ /dev/null @@ -1,319 +0,0 @@ -package btf - -import ( - "errors" - "fmt" - "strings" -) - -var errNestedTooDeep = errors.New("nested too deep") - -// GoFormatter converts a Type to Go syntax. -// -// A zero GoFormatter is valid to use. -type GoFormatter struct { - w strings.Builder - - // Types present in this map are referred to using the given name if they - // are encountered when outputting another type. - Names map[Type]string - - // Identifier is called for each field of struct-like types. By default the - // field name is used as is. - Identifier func(string) string - - // EnumIdentifier is called for each element of an enum. By default the - // name of the enum type is concatenated with Identifier(element). - EnumIdentifier func(name, element string) string -} - -// TypeDeclaration generates a Go type declaration for a BTF type. -func (gf *GoFormatter) TypeDeclaration(name string, typ Type) (string, error) { - gf.w.Reset() - if err := gf.writeTypeDecl(name, typ); err != nil { - return "", err - } - return gf.w.String(), nil -} - -func (gf *GoFormatter) identifier(s string) string { - if gf.Identifier != nil { - return gf.Identifier(s) - } - - return s -} - -func (gf *GoFormatter) enumIdentifier(name, element string) string { - if gf.EnumIdentifier != nil { - return gf.EnumIdentifier(name, element) - } - - return name + gf.identifier(element) -} - -// writeTypeDecl outputs a declaration of the given type. -// -// It encodes https://golang.org/ref/spec#Type_declarations: -// -// type foo struct { bar uint32; } -// type bar int32 -func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { - if name == "" { - return fmt.Errorf("need a name for type %s", typ) - } - - switch v := skipQualifiers(typ).(type) { - case *Enum: - fmt.Fprintf(&gf.w, "type %s ", name) - switch v.Size { - case 1: - gf.w.WriteString("int8") - case 2: - gf.w.WriteString("int16") - case 4: - gf.w.WriteString("int32") - case 8: - gf.w.WriteString("int64") - default: - return fmt.Errorf("%s: invalid enum size %d", typ, v.Size) - } - - if len(v.Values) == 0 { - return nil - } - - gf.w.WriteString("; const ( ") - for _, ev := range v.Values { - id := gf.enumIdentifier(name, ev.Name) - fmt.Fprintf(&gf.w, "%s %s = %d; ", id, name, ev.Value) - } - gf.w.WriteString(")") - - return nil - - default: - fmt.Fprintf(&gf.w, "type %s ", name) - return gf.writeTypeLit(v, 0) - } -} - -// writeType outputs the name of a named type or a literal describing the type. -// -// It encodes https://golang.org/ref/spec#Types. -// -// foo (if foo is a named type) -// uint32 -func (gf *GoFormatter) writeType(typ Type, depth int) error { - typ = skipQualifiers(typ) - - name := gf.Names[typ] - if name != "" { - gf.w.WriteString(name) - return nil - } - - return gf.writeTypeLit(typ, depth) -} - -// writeTypeLit outputs a literal describing the type. -// -// The function ignores named types. -// -// It encodes https://golang.org/ref/spec#TypeLit. -// -// struct { bar uint32; } -// uint32 -func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { - depth++ - if depth > maxTypeDepth { - return errNestedTooDeep - } - - var err error - switch v := skipQualifiers(typ).(type) { - case *Int: - gf.writeIntLit(v) - - case *Enum: - gf.w.WriteString("int32") - - case *Typedef: - err = gf.writeType(v.Type, depth) - - case *Array: - fmt.Fprintf(&gf.w, "[%d]", v.Nelems) - err = gf.writeType(v.Type, depth) - - case *Struct: - err = gf.writeStructLit(v.Size, v.Members, depth) - - case *Union: - // Always choose the first member to represent the union in Go. - err = gf.writeStructLit(v.Size, v.Members[:1], depth) - - case *Datasec: - err = gf.writeDatasecLit(v, depth) - - default: - return fmt.Errorf("type %T: %w", v, ErrNotSupported) - } - - if err != nil { - return fmt.Errorf("%s: %w", typ, err) - } - - return nil -} - -func (gf *GoFormatter) writeIntLit(i *Int) { - // NB: Encoding.IsChar is ignored. - if i.Encoding.IsBool() && i.Size == 1 { - gf.w.WriteString("bool") - return - } - - bits := i.Size * 8 - if i.Encoding.IsSigned() { - fmt.Fprintf(&gf.w, "int%d", bits) - } else { - fmt.Fprintf(&gf.w, "uint%d", bits) - } -} - -func (gf *GoFormatter) writeStructLit(size uint32, members []Member, depth int) error { - gf.w.WriteString("struct { ") - - prevOffset := uint32(0) - skippedBitfield := false - for i, m := range members { - if m.BitfieldSize > 0 { - skippedBitfield = true - continue - } - - offset := m.Offset.Bytes() - if n := offset - prevOffset; skippedBitfield && n > 0 { - fmt.Fprintf(&gf.w, "_ [%d]byte /* unsupported bitfield */; ", n) - } else { - gf.writePadding(n) - } - - size, err := Sizeof(m.Type) - if err != nil { - return fmt.Errorf("field %d: %w", i, err) - } - prevOffset = offset + uint32(size) - - if err := gf.writeStructField(m, depth); err != nil { - return fmt.Errorf("field %d: %w", i, err) - } - } - - gf.writePadding(size - prevOffset) - gf.w.WriteString("}") - return nil -} - -func (gf *GoFormatter) writeStructField(m Member, depth int) error { - if m.BitfieldSize > 0 { - return fmt.Errorf("bitfields are not supported") - } - if m.Offset%8 != 0 { - return fmt.Errorf("unsupported offset %d", m.Offset) - } - - if m.Name == "" { - // Special case a nested anonymous union like - // struct foo { union { int bar; int baz }; } - // by replacing the whole union with its first member. - union, ok := m.Type.(*Union) - if !ok { - return fmt.Errorf("anonymous fields are not supported") - - } - - if len(union.Members) == 0 { - return errors.New("empty anonymous union") - } - - depth++ - if depth > maxTypeDepth { - return errNestedTooDeep - } - - m := union.Members[0] - size, err := Sizeof(m.Type) - if err != nil { - return err - } - - if err := gf.writeStructField(m, depth); err != nil { - return err - } - - gf.writePadding(union.Size - uint32(size)) - return nil - - } - - fmt.Fprintf(&gf.w, "%s ", gf.identifier(m.Name)) - - if err := gf.writeType(m.Type, depth); err != nil { - return err - } - - gf.w.WriteString("; ") - return nil -} - -func (gf *GoFormatter) writeDatasecLit(ds *Datasec, depth int) error { - gf.w.WriteString("struct { ") - - prevOffset := uint32(0) - for i, vsi := range ds.Vars { - v := vsi.Type.(*Var) - if v.Linkage != GlobalVar { - // Ignore static, extern, etc. for now. - continue - } - - if v.Name == "" { - return fmt.Errorf("variable %d: empty name", i) - } - - gf.writePadding(vsi.Offset - prevOffset) - prevOffset = vsi.Offset + vsi.Size - - fmt.Fprintf(&gf.w, "%s ", gf.identifier(v.Name)) - - if err := gf.writeType(v.Type, depth); err != nil { - return fmt.Errorf("variable %d: %w", i, err) - } - - gf.w.WriteString("; ") - } - - gf.writePadding(ds.Size - prevOffset) - gf.w.WriteString("}") - return nil -} - -func (gf *GoFormatter) writePadding(bytes uint32) { - if bytes > 0 { - fmt.Fprintf(&gf.w, "_ [%d]byte; ", bytes) - } -} - -func skipQualifiers(typ Type) Type { - result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { - switch v := (result).(type) { - case qualifier: - result = v.qualify() - default: - return result - } - } - return &cycle{typ} -} diff --git a/vendor/github.com/cilium/ebpf/btf/handle.go b/vendor/github.com/cilium/ebpf/btf/handle.go deleted file mode 100644 index 128e9b35cf..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/handle.go +++ /dev/null @@ -1,121 +0,0 @@ -package btf - -import ( - "errors" - "fmt" - "os" - - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// HandleInfo describes a Handle. -type HandleInfo struct { - // ID of this handle in the kernel. The ID is only valid as long as the - // associated handle is kept alive. - ID ID - - // Name is an identifying name for the BTF, currently only used by the - // kernel. - Name string - - // IsKernel is true if the BTF originated with the kernel and not - // userspace. - IsKernel bool - - // Size of the raw BTF in bytes. - size uint32 -} - -func newHandleInfoFromFD(fd *sys.FD) (*HandleInfo, error) { - // We invoke the syscall once with a empty BTF and name buffers to get size - // information to allocate buffers. Then we invoke it a second time with - // buffers to receive the data. - var btfInfo sys.BtfInfo - if err := sys.ObjInfo(fd, &btfInfo); err != nil { - return nil, fmt.Errorf("get BTF info for fd %s: %w", fd, err) - } - - if btfInfo.NameLen > 0 { - // NameLen doesn't account for the terminating NUL. - btfInfo.NameLen++ - } - - // Don't pull raw BTF by default, since it may be quite large. - btfSize := btfInfo.BtfSize - btfInfo.BtfSize = 0 - - nameBuffer := make([]byte, btfInfo.NameLen) - btfInfo.Name, btfInfo.NameLen = sys.NewSlicePointerLen(nameBuffer) - if err := sys.ObjInfo(fd, &btfInfo); err != nil { - return nil, err - } - - return &HandleInfo{ - ID: ID(btfInfo.Id), - Name: unix.ByteSliceToString(nameBuffer), - IsKernel: btfInfo.KernelBtf != 0, - size: btfSize, - }, nil -} - -// IsModule returns true if the BTF is for the kernel itself. -func (i *HandleInfo) IsVmlinux() bool { - return i.IsKernel && i.Name == "vmlinux" -} - -// IsModule returns true if the BTF is for a kernel module. -func (i *HandleInfo) IsModule() bool { - return i.IsKernel && i.Name != "vmlinux" -} - -// HandleIterator allows enumerating BTF blobs loaded into the kernel. -type HandleIterator struct { - // The ID of the last retrieved handle. Only valid after a call to Next. - ID ID - err error -} - -// Next retrieves a handle for the next BTF blob. -// -// [Handle.Close] is called if *handle is non-nil to avoid leaking fds. -// -// Returns true if another BTF blob was found. Call [HandleIterator.Err] after -// the function returns false. -func (it *HandleIterator) Next(handle **Handle) bool { - if *handle != nil { - (*handle).Close() - *handle = nil - } - - id := it.ID - for { - attr := &sys.BtfGetNextIdAttr{Id: id} - err := sys.BtfGetNextId(attr) - if errors.Is(err, os.ErrNotExist) { - // There are no more BTF objects. - return false - } else if err != nil { - it.err = fmt.Errorf("get next BTF ID: %w", err) - return false - } - - id = attr.NextId - *handle, err = NewHandleFromID(id) - if errors.Is(err, os.ErrNotExist) { - // Try again with the next ID. - continue - } else if err != nil { - it.err = fmt.Errorf("retrieve handle for ID %d: %w", id, err) - return false - } - - it.ID = id - return true - } -} - -// Err returns an error if iteration failed for some reason. -func (it *HandleIterator) Err() error { - return it.err -} diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go deleted file mode 100644 index 67626e0dd1..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ /dev/null @@ -1,128 +0,0 @@ -package btf - -import ( - "bufio" - "bytes" - "errors" - "fmt" - "io" -) - -type stringTable struct { - base *stringTable - offsets []uint32 - strings []string -} - -// sizedReader is implemented by bytes.Reader, io.SectionReader, strings.Reader, etc. -type sizedReader interface { - io.Reader - Size() int64 -} - -func readStringTable(r sizedReader, base *stringTable) (*stringTable, error) { - // When parsing split BTF's string table, the first entry offset is derived - // from the last entry offset of the base BTF. - firstStringOffset := uint32(0) - if base != nil { - idx := len(base.offsets) - 1 - firstStringOffset = base.offsets[idx] + uint32(len(base.strings[idx])) + 1 - } - - // Derived from vmlinux BTF. - const averageStringLength = 16 - - n := int(r.Size() / averageStringLength) - offsets := make([]uint32, 0, n) - strings := make([]string, 0, n) - - offset := firstStringOffset - scanner := bufio.NewScanner(r) - scanner.Split(splitNull) - for scanner.Scan() { - str := scanner.Text() - offsets = append(offsets, offset) - strings = append(strings, str) - offset += uint32(len(str)) + 1 - } - if err := scanner.Err(); err != nil { - return nil, err - } - - if len(strings) == 0 { - return nil, errors.New("string table is empty") - } - - if firstStringOffset == 0 && strings[0] != "" { - return nil, errors.New("first item in string table is non-empty") - } - - return &stringTable{base, offsets, strings}, nil -} - -func splitNull(data []byte, atEOF bool) (advance int, token []byte, err error) { - i := bytes.IndexByte(data, 0) - if i == -1 { - if atEOF && len(data) > 0 { - return 0, nil, errors.New("string table isn't null terminated") - } - return 0, nil, nil - } - - return i + 1, data[:i], nil -} - -func (st *stringTable) Lookup(offset uint32) (string, error) { - if st.base != nil && offset <= st.base.offsets[len(st.base.offsets)-1] { - return st.base.lookup(offset) - } - return st.lookup(offset) -} - -func (st *stringTable) lookup(offset uint32) (string, error) { - i := search(st.offsets, offset) - if i == len(st.offsets) || st.offsets[i] != offset { - return "", fmt.Errorf("offset %d isn't start of a string", offset) - } - - return st.strings[i], nil -} - -func (st *stringTable) Length() int { - last := len(st.offsets) - 1 - return int(st.offsets[last]) + len(st.strings[last]) + 1 -} - -func (st *stringTable) Marshal(w io.Writer) error { - for _, str := range st.strings { - _, err := io.WriteString(w, str) - if err != nil { - return err - } - _, err = w.Write([]byte{0}) - if err != nil { - return err - } - } - return nil -} - -// search is a copy of sort.Search specialised for uint32. -// -// Licensed under https://go.dev/LICENSE -func search(ints []uint32, needle uint32) int { - // Define f(-1) == false and f(n) == true. - // Invariant: f(i-1) == false, f(j) == true. - i, j := 0, len(ints) - for i < j { - h := int(uint(i+j) >> 1) // avoid overflow when computing h - // i ≤ h < j - if !(ints[h] >= needle) { - i = h + 1 // preserves f(i-1) == false - } else { - j = h // preserves f(j) == true - } - } - // i == j, f(i-1) == false, and f(j) (= f(i)) == true => answer is i. - return i -} diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go deleted file mode 100644 index 402a363c28..0000000000 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ /dev/null @@ -1,1212 +0,0 @@ -package btf - -import ( - "fmt" - "io" - "math" - "reflect" - "strings" - - "github.com/cilium/ebpf/asm" -) - -const maxTypeDepth = 32 - -// TypeID identifies a type in a BTF section. -type TypeID uint32 - -// Type represents a type described by BTF. -type Type interface { - // Type can be formatted using the %s and %v verbs. %s outputs only the - // identity of the type, without any detail. %v outputs additional detail. - // - // Use the '+' flag to include the address of the type. - // - // Use the width to specify how many levels of detail to output, for example - // %1v will output detail for the root type and a short description of its - // children. %2v would output details of the root type and its children - // as well as a short description of the grandchildren. - fmt.Formatter - - // Name of the type, empty for anonymous types and types that cannot - // carry a name, like Void and Pointer. - TypeName() string - - // Make a copy of the type, without copying Type members. - copy() Type - - // Enumerate all nested Types. Repeated calls must visit nested - // types in the same order. - walk(*typeDeque) -} - -var ( - _ Type = (*Int)(nil) - _ Type = (*Struct)(nil) - _ Type = (*Union)(nil) - _ Type = (*Enum)(nil) - _ Type = (*Fwd)(nil) - _ Type = (*Func)(nil) - _ Type = (*Typedef)(nil) - _ Type = (*Var)(nil) - _ Type = (*Datasec)(nil) - _ Type = (*Float)(nil) -) - -// types is a list of Type. -// -// The order determines the ID of a type. -type types []Type - -func (ts types) ByID(id TypeID) (Type, error) { - if int(id) > len(ts) { - return nil, fmt.Errorf("type ID %d: %w", id, ErrNotFound) - } - return ts[id], nil -} - -// Void is the unit type of BTF. -type Void struct{} - -func (v *Void) Format(fs fmt.State, verb rune) { formatType(fs, verb, v) } -func (v *Void) TypeName() string { return "" } -func (v *Void) size() uint32 { return 0 } -func (v *Void) copy() Type { return (*Void)(nil) } -func (v *Void) walk(*typeDeque) {} - -type IntEncoding byte - -const ( - Signed IntEncoding = 1 << iota - Char - Bool -) - -func (ie IntEncoding) IsSigned() bool { - return ie&Signed != 0 -} - -func (ie IntEncoding) IsChar() bool { - return ie&Char != 0 -} - -func (ie IntEncoding) IsBool() bool { - return ie&Bool != 0 -} - -func (ie IntEncoding) String() string { - switch { - case ie.IsChar() && ie.IsSigned(): - return "char" - case ie.IsChar() && !ie.IsSigned(): - return "uchar" - case ie.IsBool(): - return "bool" - case ie.IsSigned(): - return "signed" - default: - return "unsigned" - } -} - -// Int is an integer of a given length. -// -// See https://www.kernel.org/doc/html/latest/bpf/btf.html#btf-kind-int -type Int struct { - Name string - - // The size of the integer in bytes. - Size uint32 - Encoding IntEncoding -} - -func (i *Int) Format(fs fmt.State, verb rune) { - formatType(fs, verb, i, i.Encoding, "size=", i.Size*8) -} - -func (i *Int) TypeName() string { return i.Name } -func (i *Int) size() uint32 { return i.Size } -func (i *Int) walk(*typeDeque) {} -func (i *Int) copy() Type { - cpy := *i - return &cpy -} - -// Pointer is a pointer to another type. -type Pointer struct { - Target Type -} - -func (p *Pointer) Format(fs fmt.State, verb rune) { - formatType(fs, verb, p, "target=", p.Target) -} - -func (p *Pointer) TypeName() string { return "" } -func (p *Pointer) size() uint32 { return 8 } -func (p *Pointer) walk(tdq *typeDeque) { tdq.push(&p.Target) } -func (p *Pointer) copy() Type { - cpy := *p - return &cpy -} - -// Array is an array with a fixed number of elements. -type Array struct { - Index Type - Type Type - Nelems uint32 -} - -func (arr *Array) Format(fs fmt.State, verb rune) { - formatType(fs, verb, arr, "index=", arr.Index, "type=", arr.Type, "n=", arr.Nelems) -} - -func (arr *Array) TypeName() string { return "" } - -func (arr *Array) walk(tdq *typeDeque) { - tdq.push(&arr.Index) - tdq.push(&arr.Type) -} - -func (arr *Array) copy() Type { - cpy := *arr - return &cpy -} - -// Struct is a compound type of consecutive members. -type Struct struct { - Name string - // The size of the struct including padding, in bytes - Size uint32 - Members []Member -} - -func (s *Struct) Format(fs fmt.State, verb rune) { - formatType(fs, verb, s, "fields=", len(s.Members)) -} - -func (s *Struct) TypeName() string { return s.Name } - -func (s *Struct) size() uint32 { return s.Size } - -func (s *Struct) walk(tdq *typeDeque) { - for i := range s.Members { - tdq.push(&s.Members[i].Type) - } -} - -func (s *Struct) copy() Type { - cpy := *s - cpy.Members = copyMembers(s.Members) - return &cpy -} - -func (s *Struct) members() []Member { - return s.Members -} - -// Union is a compound type where members occupy the same memory. -type Union struct { - Name string - // The size of the union including padding, in bytes. - Size uint32 - Members []Member -} - -func (u *Union) Format(fs fmt.State, verb rune) { - formatType(fs, verb, u, "fields=", len(u.Members)) -} - -func (u *Union) TypeName() string { return u.Name } - -func (u *Union) size() uint32 { return u.Size } - -func (u *Union) walk(tdq *typeDeque) { - for i := range u.Members { - tdq.push(&u.Members[i].Type) - } -} - -func (u *Union) copy() Type { - cpy := *u - cpy.Members = copyMembers(u.Members) - return &cpy -} - -func (u *Union) members() []Member { - return u.Members -} - -func copyMembers(orig []Member) []Member { - cpy := make([]Member, len(orig)) - copy(cpy, orig) - return cpy -} - -type composite interface { - members() []Member -} - -var ( - _ composite = (*Struct)(nil) - _ composite = (*Union)(nil) -) - -// A value in bits. -type Bits uint32 - -// Bytes converts a bit value into bytes. -func (b Bits) Bytes() uint32 { - return uint32(b / 8) -} - -// Member is part of a Struct or Union. -// -// It is not a valid Type. -type Member struct { - Name string - Type Type - Offset Bits - BitfieldSize Bits -} - -// Enum lists possible values. -type Enum struct { - Name string - // Size of the enum value in bytes. - Size uint32 - Values []EnumValue -} - -func (e *Enum) Format(fs fmt.State, verb rune) { - formatType(fs, verb, e, "size=", e.Size, "values=", len(e.Values)) -} - -func (e *Enum) TypeName() string { return e.Name } - -// EnumValue is part of an Enum -// -// Is is not a valid Type -type EnumValue struct { - Name string - Value int32 -} - -func (e *Enum) size() uint32 { return e.Size } -func (e *Enum) walk(*typeDeque) {} -func (e *Enum) copy() Type { - cpy := *e - cpy.Values = make([]EnumValue, len(e.Values)) - copy(cpy.Values, e.Values) - return &cpy -} - -// FwdKind is the type of forward declaration. -type FwdKind int - -// Valid types of forward declaration. -const ( - FwdStruct FwdKind = iota - FwdUnion -) - -func (fk FwdKind) String() string { - switch fk { - case FwdStruct: - return "struct" - case FwdUnion: - return "union" - default: - return fmt.Sprintf("%T(%d)", fk, int(fk)) - } -} - -// Fwd is a forward declaration of a Type. -type Fwd struct { - Name string - Kind FwdKind -} - -func (f *Fwd) Format(fs fmt.State, verb rune) { - formatType(fs, verb, f, f.Kind) -} - -func (f *Fwd) TypeName() string { return f.Name } - -func (f *Fwd) walk(*typeDeque) {} -func (f *Fwd) copy() Type { - cpy := *f - return &cpy -} - -// Typedef is an alias of a Type. -type Typedef struct { - Name string - Type Type -} - -func (td *Typedef) Format(fs fmt.State, verb rune) { - formatType(fs, verb, td, td.Type) -} - -func (td *Typedef) TypeName() string { return td.Name } - -func (td *Typedef) walk(tdq *typeDeque) { tdq.push(&td.Type) } -func (td *Typedef) copy() Type { - cpy := *td - return &cpy -} - -// Volatile is a qualifier. -type Volatile struct { - Type Type -} - -func (v *Volatile) Format(fs fmt.State, verb rune) { - formatType(fs, verb, v, v.Type) -} - -func (v *Volatile) TypeName() string { return "" } - -func (v *Volatile) qualify() Type { return v.Type } -func (v *Volatile) walk(tdq *typeDeque) { tdq.push(&v.Type) } -func (v *Volatile) copy() Type { - cpy := *v - return &cpy -} - -// Const is a qualifier. -type Const struct { - Type Type -} - -func (c *Const) Format(fs fmt.State, verb rune) { - formatType(fs, verb, c, c.Type) -} - -func (c *Const) TypeName() string { return "" } - -func (c *Const) qualify() Type { return c.Type } -func (c *Const) walk(tdq *typeDeque) { tdq.push(&c.Type) } -func (c *Const) copy() Type { - cpy := *c - return &cpy -} - -// Restrict is a qualifier. -type Restrict struct { - Type Type -} - -func (r *Restrict) Format(fs fmt.State, verb rune) { - formatType(fs, verb, r, r.Type) -} - -func (r *Restrict) TypeName() string { return "" } - -func (r *Restrict) qualify() Type { return r.Type } -func (r *Restrict) walk(tdq *typeDeque) { tdq.push(&r.Type) } -func (r *Restrict) copy() Type { - cpy := *r - return &cpy -} - -// Func is a function definition. -type Func struct { - Name string - Type Type - Linkage FuncLinkage -} - -func FuncMetadata(ins *asm.Instruction) *Func { - fn, _ := ins.Metadata.Get(funcInfoMeta{}).(*Func) - return fn -} - -func (f *Func) Format(fs fmt.State, verb rune) { - formatType(fs, verb, f, f.Linkage, "proto=", f.Type) -} - -func (f *Func) TypeName() string { return f.Name } - -func (f *Func) walk(tdq *typeDeque) { tdq.push(&f.Type) } -func (f *Func) copy() Type { - cpy := *f - return &cpy -} - -// FuncProto is a function declaration. -type FuncProto struct { - Return Type - Params []FuncParam -} - -func (fp *FuncProto) Format(fs fmt.State, verb rune) { - formatType(fs, verb, fp, "args=", len(fp.Params), "return=", fp.Return) -} - -func (fp *FuncProto) TypeName() string { return "" } - -func (fp *FuncProto) walk(tdq *typeDeque) { - tdq.push(&fp.Return) - for i := range fp.Params { - tdq.push(&fp.Params[i].Type) - } -} - -func (fp *FuncProto) copy() Type { - cpy := *fp - cpy.Params = make([]FuncParam, len(fp.Params)) - copy(cpy.Params, fp.Params) - return &cpy -} - -type FuncParam struct { - Name string - Type Type -} - -// Var is a global variable. -type Var struct { - Name string - Type Type - Linkage VarLinkage -} - -func (v *Var) Format(fs fmt.State, verb rune) { - formatType(fs, verb, v, v.Linkage) -} - -func (v *Var) TypeName() string { return v.Name } - -func (v *Var) walk(tdq *typeDeque) { tdq.push(&v.Type) } -func (v *Var) copy() Type { - cpy := *v - return &cpy -} - -// Datasec is a global program section containing data. -type Datasec struct { - Name string - Size uint32 - Vars []VarSecinfo -} - -func (ds *Datasec) Format(fs fmt.State, verb rune) { - formatType(fs, verb, ds) -} - -func (ds *Datasec) TypeName() string { return ds.Name } - -func (ds *Datasec) size() uint32 { return ds.Size } - -func (ds *Datasec) walk(tdq *typeDeque) { - for i := range ds.Vars { - tdq.push(&ds.Vars[i].Type) - } -} - -func (ds *Datasec) copy() Type { - cpy := *ds - cpy.Vars = make([]VarSecinfo, len(ds.Vars)) - copy(cpy.Vars, ds.Vars) - return &cpy -} - -// VarSecinfo describes variable in a Datasec. -// -// It is not a valid Type. -type VarSecinfo struct { - Type Type - Offset uint32 - Size uint32 -} - -// Float is a float of a given length. -type Float struct { - Name string - - // The size of the float in bytes. - Size uint32 -} - -func (f *Float) Format(fs fmt.State, verb rune) { - formatType(fs, verb, f, "size=", f.Size*8) -} - -func (f *Float) TypeName() string { return f.Name } -func (f *Float) size() uint32 { return f.Size } -func (f *Float) walk(*typeDeque) {} -func (f *Float) copy() Type { - cpy := *f - return &cpy -} - -// cycle is a type which had to be elided since it exceeded maxTypeDepth. -type cycle struct { - root Type -} - -func (c *cycle) ID() TypeID { return math.MaxUint32 } -func (c *cycle) Format(fs fmt.State, verb rune) { formatType(fs, verb, c, "root=", c.root) } -func (c *cycle) TypeName() string { return "" } -func (c *cycle) walk(*typeDeque) {} -func (c *cycle) copy() Type { - cpy := *c - return &cpy -} - -type sizer interface { - size() uint32 -} - -var ( - _ sizer = (*Int)(nil) - _ sizer = (*Pointer)(nil) - _ sizer = (*Struct)(nil) - _ sizer = (*Union)(nil) - _ sizer = (*Enum)(nil) - _ sizer = (*Datasec)(nil) -) - -type qualifier interface { - qualify() Type -} - -var ( - _ qualifier = (*Const)(nil) - _ qualifier = (*Restrict)(nil) - _ qualifier = (*Volatile)(nil) -) - -// Sizeof returns the size of a type in bytes. -// -// Returns an error if the size can't be computed. -func Sizeof(typ Type) (int, error) { - var ( - n = int64(1) - elem int64 - ) - - for i := 0; i < maxTypeDepth; i++ { - switch v := typ.(type) { - case *Array: - if n > 0 && int64(v.Nelems) > math.MaxInt64/n { - return 0, fmt.Errorf("type %s: overflow", typ) - } - - // Arrays may be of zero length, which allows - // n to be zero as well. - n *= int64(v.Nelems) - typ = v.Type - continue - - case sizer: - elem = int64(v.size()) - - case *Typedef: - typ = v.Type - continue - - case qualifier: - typ = v.qualify() - continue - - default: - return 0, fmt.Errorf("unsized type %T", typ) - } - - if n > 0 && elem > math.MaxInt64/n { - return 0, fmt.Errorf("type %s: overflow", typ) - } - - size := n * elem - if int64(int(size)) != size { - return 0, fmt.Errorf("type %s: overflow", typ) - } - - return int(size), nil - } - - return 0, fmt.Errorf("type %s: exceeded type depth", typ) -} - -// alignof returns the alignment of a type. -// -// Currently only supports the subset of types necessary for bitfield relocations. -func alignof(typ Type) (int, error) { - switch t := UnderlyingType(typ).(type) { - case *Enum: - return int(t.size()), nil - case *Int: - return int(t.Size), nil - default: - return 0, fmt.Errorf("can't calculate alignment of %T", t) - } -} - -// Transformer modifies a given Type and returns the result. -// -// For example, UnderlyingType removes any qualifiers or typedefs from a type. -// See the example on Copy for how to use a transform. -type Transformer func(Type) Type - -// Copy a Type recursively. -// -// typ may form a cycle. If transform is not nil, it is called with the -// to be copied type, and the returned value is copied instead. -func Copy(typ Type, transform Transformer) Type { - copies := make(copier) - copies.copy(&typ, transform) - return typ -} - -// copy a slice of Types recursively. -// -// See Copy for the semantics. -func copyTypes(types []Type, transform Transformer) []Type { - result := make([]Type, len(types)) - copy(result, types) - - copies := make(copier) - for i := range result { - copies.copy(&result[i], transform) - } - - return result -} - -type copier map[Type]Type - -func (c copier) copy(typ *Type, transform Transformer) { - var work typeDeque - for t := typ; t != nil; t = work.pop() { - // *t is the identity of the type. - if cpy := c[*t]; cpy != nil { - *t = cpy - continue - } - - var cpy Type - if transform != nil { - cpy = transform(*t).copy() - } else { - cpy = (*t).copy() - } - - c[*t] = cpy - *t = cpy - - // Mark any nested types for copying. - cpy.walk(&work) - } -} - -// typeDeque keeps track of pointers to types which still -// need to be visited. -type typeDeque struct { - types []*Type - read, write uint64 - mask uint64 -} - -func (dq *typeDeque) empty() bool { - return dq.read == dq.write -} - -// push adds a type to the stack. -func (dq *typeDeque) push(t *Type) { - if dq.write-dq.read < uint64(len(dq.types)) { - dq.types[dq.write&dq.mask] = t - dq.write++ - return - } - - new := len(dq.types) * 2 - if new == 0 { - new = 8 - } - - types := make([]*Type, new) - pivot := dq.read & dq.mask - n := copy(types, dq.types[pivot:]) - n += copy(types[n:], dq.types[:pivot]) - types[n] = t - - dq.types = types - dq.mask = uint64(new) - 1 - dq.read, dq.write = 0, uint64(n+1) -} - -// shift returns the first element or null. -func (dq *typeDeque) shift() *Type { - if dq.empty() { - return nil - } - - index := dq.read & dq.mask - t := dq.types[index] - dq.types[index] = nil - dq.read++ - return t -} - -// pop returns the last element or null. -func (dq *typeDeque) pop() *Type { - if dq.empty() { - return nil - } - - dq.write-- - index := dq.write & dq.mask - t := dq.types[index] - dq.types[index] = nil - return t -} - -// all returns all elements. -// -// The deque is empty after calling this method. -func (dq *typeDeque) all() []*Type { - length := dq.write - dq.read - types := make([]*Type, 0, length) - for t := dq.shift(); t != nil; t = dq.shift() { - types = append(types, t) - } - return types -} - -// inflateRawTypes takes a list of raw btf types linked via type IDs, and turns -// it into a graph of Types connected via pointers. -// -// If baseTypes are provided, then the raw types are -// considered to be of a split BTF (e.g., a kernel module). -// -// Returns a slice of types indexed by TypeID. Since BTF ignores compilation -// units, multiple types may share the same name. A Type may form a cyclic graph -// by pointing at itself. -func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTable) ([]Type, error) { - types := make([]Type, 0, len(rawTypes)+1) // +1 for Void added to base types - - typeIDOffset := TypeID(1) // Void is TypeID(0), so the rest starts from TypeID(1) - - if baseTypes == nil { - // Void is defined to always be type ID 0, and is thus omitted from BTF. - types = append(types, (*Void)(nil)) - } else { - // For split BTF, the next ID is max base BTF type ID + 1 - typeIDOffset = TypeID(len(baseTypes)) - } - - type fixupDef struct { - id TypeID - typ *Type - } - - var fixups []fixupDef - fixup := func(id TypeID, typ *Type) { - if id < TypeID(len(baseTypes)) { - *typ = baseTypes[id] - return - } - - idx := id - if baseTypes != nil { - idx = id - TypeID(len(baseTypes)) - } - if idx < TypeID(len(types)) { - // We've already inflated this type, fix it up immediately. - *typ = types[idx] - return - } - fixups = append(fixups, fixupDef{id, typ}) - } - - type assertion struct { - typ *Type - want reflect.Type - } - - var assertions []assertion - assert := func(typ *Type, want reflect.Type) error { - if *typ != nil { - // The type has already been fixed up, check the type immediately. - if reflect.TypeOf(*typ) != want { - return fmt.Errorf("expected %s, got %T", want, *typ) - } - return nil - } - assertions = append(assertions, assertion{typ, want}) - return nil - } - - type bitfieldFixupDef struct { - id TypeID - m *Member - } - - var ( - legacyBitfields = make(map[TypeID][2]Bits) // offset, size - bitfieldFixups []bitfieldFixupDef - ) - convertMembers := func(raw []btfMember, kindFlag bool) ([]Member, error) { - // NB: The fixup below relies on pre-allocating this array to - // work, since otherwise append might re-allocate members. - members := make([]Member, 0, len(raw)) - for i, btfMember := range raw { - name, err := rawStrings.Lookup(btfMember.NameOff) - if err != nil { - return nil, fmt.Errorf("can't get name for member %d: %w", i, err) - } - - members = append(members, Member{ - Name: name, - Offset: Bits(btfMember.Offset), - }) - - m := &members[i] - fixup(raw[i].Type, &m.Type) - - if kindFlag { - m.BitfieldSize = Bits(btfMember.Offset >> 24) - m.Offset &= 0xffffff - // We ignore legacy bitfield definitions if the current composite - // is a new-style bitfield. This is kind of safe since offset and - // size on the type of the member must be zero if kindFlat is set - // according to spec. - continue - } - - // This may be a legacy bitfield, try to fix it up. - data, ok := legacyBitfields[raw[i].Type] - if ok { - // Bingo! - m.Offset += data[0] - m.BitfieldSize = data[1] - continue - } - - if m.Type != nil { - // We couldn't find a legacy bitfield, but we know that the member's - // type has already been inflated. Hence we know that it can't be - // a legacy bitfield and there is nothing left to do. - continue - } - - // We don't have fixup data, and the type we're pointing - // at hasn't been inflated yet. No choice but to defer - // the fixup. - bitfieldFixups = append(bitfieldFixups, bitfieldFixupDef{ - raw[i].Type, - m, - }) - } - return members, nil - } - - for i, raw := range rawTypes { - var ( - id = typeIDOffset + TypeID(i) - typ Type - ) - - name, err := rawStrings.Lookup(raw.NameOff) - if err != nil { - return nil, fmt.Errorf("get name for type id %d: %w", id, err) - } - - switch raw.Kind() { - case kindInt: - size := raw.Size() - bi := raw.data.(*btfInt) - if bi.Offset() > 0 || bi.Bits().Bytes() != size { - legacyBitfields[id] = [2]Bits{bi.Offset(), bi.Bits()} - } - typ = &Int{name, raw.Size(), bi.Encoding()} - - case kindPointer: - ptr := &Pointer{nil} - fixup(raw.Type(), &ptr.Target) - typ = ptr - - case kindArray: - btfArr := raw.data.(*btfArray) - arr := &Array{nil, nil, btfArr.Nelems} - fixup(btfArr.IndexType, &arr.Index) - fixup(btfArr.Type, &arr.Type) - typ = arr - - case kindStruct: - members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag()) - if err != nil { - return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) - } - typ = &Struct{name, raw.Size(), members} - - case kindUnion: - members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag()) - if err != nil { - return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) - } - typ = &Union{name, raw.Size(), members} - - case kindEnum: - rawvals := raw.data.([]btfEnum) - vals := make([]EnumValue, 0, len(rawvals)) - for i, btfVal := range rawvals { - name, err := rawStrings.Lookup(btfVal.NameOff) - if err != nil { - return nil, fmt.Errorf("get name for enum value %d: %s", i, err) - } - vals = append(vals, EnumValue{ - Name: name, - Value: btfVal.Val, - }) - } - typ = &Enum{name, raw.Size(), vals} - - case kindForward: - if raw.KindFlag() { - typ = &Fwd{name, FwdUnion} - } else { - typ = &Fwd{name, FwdStruct} - } - - case kindTypedef: - typedef := &Typedef{name, nil} - fixup(raw.Type(), &typedef.Type) - typ = typedef - - case kindVolatile: - volatile := &Volatile{nil} - fixup(raw.Type(), &volatile.Type) - typ = volatile - - case kindConst: - cnst := &Const{nil} - fixup(raw.Type(), &cnst.Type) - typ = cnst - - case kindRestrict: - restrict := &Restrict{nil} - fixup(raw.Type(), &restrict.Type) - typ = restrict - - case kindFunc: - fn := &Func{name, nil, raw.Linkage()} - fixup(raw.Type(), &fn.Type) - if err := assert(&fn.Type, reflect.TypeOf((*FuncProto)(nil))); err != nil { - return nil, err - } - typ = fn - - case kindFuncProto: - rawparams := raw.data.([]btfParam) - params := make([]FuncParam, 0, len(rawparams)) - for i, param := range rawparams { - name, err := rawStrings.Lookup(param.NameOff) - if err != nil { - return nil, fmt.Errorf("get name for func proto parameter %d: %s", i, err) - } - params = append(params, FuncParam{ - Name: name, - }) - } - for i := range params { - fixup(rawparams[i].Type, ¶ms[i].Type) - } - - fp := &FuncProto{nil, params} - fixup(raw.Type(), &fp.Return) - typ = fp - - case kindVar: - variable := raw.data.(*btfVariable) - v := &Var{name, nil, VarLinkage(variable.Linkage)} - fixup(raw.Type(), &v.Type) - typ = v - - case kindDatasec: - btfVars := raw.data.([]btfVarSecinfo) - vars := make([]VarSecinfo, 0, len(btfVars)) - for _, btfVar := range btfVars { - vars = append(vars, VarSecinfo{ - Offset: btfVar.Offset, - Size: btfVar.Size, - }) - } - for i := range vars { - fixup(btfVars[i].Type, &vars[i].Type) - if err := assert(&vars[i].Type, reflect.TypeOf((*Var)(nil))); err != nil { - return nil, err - } - } - typ = &Datasec{name, raw.SizeType, vars} - - case kindFloat: - typ = &Float{name, raw.Size()} - - default: - return nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind()) - } - - types = append(types, typ) - } - - for _, fixup := range fixups { - i := int(fixup.id) - if i >= len(types)+len(baseTypes) { - return nil, fmt.Errorf("reference to invalid type id: %d", fixup.id) - } - if i < len(baseTypes) { - return nil, fmt.Errorf("fixup for base type id %d is not expected", i) - } - - *fixup.typ = types[i-len(baseTypes)] - } - - for _, bitfieldFixup := range bitfieldFixups { - if bitfieldFixup.id < TypeID(len(baseTypes)) { - return nil, fmt.Errorf("bitfield fixup from split to base types is not expected") - } - - data, ok := legacyBitfields[bitfieldFixup.id] - if ok { - // This is indeed a legacy bitfield, fix it up. - bitfieldFixup.m.Offset += data[0] - bitfieldFixup.m.BitfieldSize = data[1] - } - } - - for _, assertion := range assertions { - if reflect.TypeOf(*assertion.typ) != assertion.want { - return nil, fmt.Errorf("expected %s, got %T", assertion.want, *assertion.typ) - } - } - - return types, nil -} - -// essentialName represents the name of a BTF type stripped of any flavor -// suffixes after a ___ delimiter. -type essentialName string - -// newEssentialName returns name without a ___ suffix. -// -// CO-RE has the concept of 'struct flavors', which are used to deal with -// changes in kernel data structures. Anything after three underscores -// in a type name is ignored for the purpose of finding a candidate type -// in the kernel's BTF. -func newEssentialName(name string) essentialName { - if name == "" { - return "" - } - lastIdx := strings.LastIndex(name, "___") - if lastIdx > 0 { - return essentialName(name[:lastIdx]) - } - return essentialName(name) -} - -// UnderlyingType skips qualifiers and Typedefs. -func UnderlyingType(typ Type) Type { - result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { - switch v := (result).(type) { - case qualifier: - result = v.qualify() - case *Typedef: - result = v.Type - default: - return result - } - } - return &cycle{typ} -} - -type formatState struct { - fmt.State - depth int -} - -// formattableType is a subset of Type, to ease unit testing of formatType. -type formattableType interface { - fmt.Formatter - TypeName() string -} - -// formatType formats a type in a canonical form. -// -// Handles cyclical types by only printing cycles up to a certain depth. Elements -// in extra are separated by spaces unless the preceding element is a string -// ending in '='. -func formatType(f fmt.State, verb rune, t formattableType, extra ...interface{}) { - if verb != 'v' && verb != 's' { - fmt.Fprintf(f, "{UNRECOGNIZED: %c}", verb) - return - } - - // This is the same as %T, but elides the package name. Assumes that - // formattableType is implemented by a pointer receiver. - goTypeName := reflect.TypeOf(t).Elem().Name() - _, _ = io.WriteString(f, goTypeName) - - if name := t.TypeName(); name != "" { - // Output BTF type name if present. - fmt.Fprintf(f, ":%q", name) - } - - if f.Flag('+') { - // Output address if requested. - fmt.Fprintf(f, ":%#p", t) - } - - if verb == 's' { - // %s omits details. - return - } - - var depth int - if ps, ok := f.(*formatState); ok { - depth = ps.depth - f = ps.State - } - - maxDepth, ok := f.Width() - if !ok { - maxDepth = 0 - } - - if depth > maxDepth { - // We've reached the maximum depth. This avoids infinite recursion even - // for cyclical types. - return - } - - if len(extra) == 0 { - return - } - - wantSpace := false - _, _ = io.WriteString(f, "[") - for _, arg := range extra { - if wantSpace { - _, _ = io.WriteString(f, " ") - } - - switch v := arg.(type) { - case string: - _, _ = io.WriteString(f, v) - wantSpace = len(v) > 0 && v[len(v)-1] != '=' - continue - - case formattableType: - v.Format(&formatState{f, depth + 1}, verb) - - default: - fmt.Fprint(f, arg) - } - - wantSpace = true - } - _, _ = io.WriteString(f, "]") -} diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go deleted file mode 100644 index 8c2ddc3802..0000000000 --- a/vendor/github.com/cilium/ebpf/collection.go +++ /dev/null @@ -1,772 +0,0 @@ -package ebpf - -import ( - "encoding/binary" - "errors" - "fmt" - "reflect" - "strings" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/btf" -) - -// CollectionOptions control loading a collection into the kernel. -// -// Maps and Programs are passed to NewMapWithOptions and NewProgramsWithOptions. -type CollectionOptions struct { - Maps MapOptions - Programs ProgramOptions - - // MapReplacements takes a set of Maps that will be used instead of - // creating new ones when loading the CollectionSpec. - // - // For each given Map, there must be a corresponding MapSpec in - // CollectionSpec.Maps, and its type, key/value size, max entries and flags - // must match the values of the MapSpec. - // - // The given Maps are Clone()d before being used in the Collection, so the - // caller can Close() them freely when they are no longer needed. - MapReplacements map[string]*Map -} - -// CollectionSpec describes a collection. -type CollectionSpec struct { - Maps map[string]*MapSpec - Programs map[string]*ProgramSpec - - // Types holds type information about Maps and Programs. - // Modifications to Types are currently undefined behaviour. - Types *btf.Spec - - // ByteOrder specifies whether the ELF was compiled for - // big-endian or little-endian architectures. - ByteOrder binary.ByteOrder -} - -// Copy returns a recursive copy of the spec. -func (cs *CollectionSpec) Copy() *CollectionSpec { - if cs == nil { - return nil - } - - cpy := CollectionSpec{ - Maps: make(map[string]*MapSpec, len(cs.Maps)), - Programs: make(map[string]*ProgramSpec, len(cs.Programs)), - ByteOrder: cs.ByteOrder, - Types: cs.Types, - } - - for name, spec := range cs.Maps { - cpy.Maps[name] = spec.Copy() - } - - for name, spec := range cs.Programs { - cpy.Programs[name] = spec.Copy() - } - - return &cpy -} - -// RewriteMaps replaces all references to specific maps. -// -// Use this function to use pre-existing maps instead of creating new ones -// when calling NewCollection. Any named maps are removed from CollectionSpec.Maps. -// -// Returns an error if a named map isn't used in at least one program. -// -// Deprecated: Pass CollectionOptions.MapReplacements when loading the Collection -// instead. -func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error { - for symbol, m := range maps { - // have we seen a program that uses this symbol / map - seen := false - for progName, progSpec := range cs.Programs { - err := progSpec.Instructions.AssociateMap(symbol, m) - - switch { - case err == nil: - seen = true - - case errors.Is(err, asm.ErrUnreferencedSymbol): - // Not all programs need to use the map - - default: - return fmt.Errorf("program %s: %w", progName, err) - } - } - - if !seen { - return fmt.Errorf("map %s not referenced by any programs", symbol) - } - - // Prevent NewCollection from creating rewritten maps - delete(cs.Maps, symbol) - } - - return nil -} - -// RewriteConstants replaces the value of multiple constants. -// -// The constant must be defined like so in the C program: -// -// volatile const type foobar; -// volatile const type foobar = default; -// -// Replacement values must be of the same length as the C sizeof(type). -// If necessary, they are marshalled according to the same rules as -// map values. -// -// From Linux 5.5 the verifier will use constants to eliminate dead code. -// -// Returns an error if a constant doesn't exist. -func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error { - replaced := make(map[string]bool) - - for name, spec := range cs.Maps { - if !strings.HasPrefix(name, ".rodata") { - continue - } - - b, ds, err := spec.dataSection() - if errors.Is(err, errMapNoBTFValue) { - // Data sections without a BTF Datasec are valid, but don't support - // constant replacements. - continue - } - if err != nil { - return fmt.Errorf("map %s: %w", name, err) - } - - // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice - // to avoid any changes affecting other copies of the MapSpec. - cpy := make([]byte, len(b)) - copy(cpy, b) - - for _, v := range ds.Vars { - vname := v.Type.TypeName() - replacement, ok := consts[vname] - if !ok { - continue - } - - if replaced[vname] { - return fmt.Errorf("section %s: duplicate variable %s", name, vname) - } - - if int(v.Offset+v.Size) > len(cpy) { - return fmt.Errorf("section %s: offset %d(+%d) for variable %s is out of bounds", name, v.Offset, v.Size, vname) - } - - b, err := marshalBytes(replacement, int(v.Size)) - if err != nil { - return fmt.Errorf("marshaling constant replacement %s: %w", vname, err) - } - - copy(cpy[v.Offset:v.Offset+v.Size], b) - - replaced[vname] = true - } - - spec.Contents[0] = MapKV{Key: uint32(0), Value: cpy} - } - - var missing []string - for c := range consts { - if !replaced[c] { - missing = append(missing, c) - } - } - - if len(missing) != 0 { - return fmt.Errorf("spec is missing one or more constants: %s", strings.Join(missing, ",")) - } - - return nil -} - -// Assign the contents of a CollectionSpec to a struct. -// -// This function is a shortcut to manually checking the presence -// of maps and programs in a CollectionSpec. Consider using bpf2go -// if this sounds useful. -// -// 'to' must be a pointer to a struct. A field of the -// struct is updated with values from Programs or Maps if it -// has an `ebpf` tag and its type is *ProgramSpec or *MapSpec. -// The tag's value specifies the name of the program or map as -// found in the CollectionSpec. -// -// struct { -// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` -// Bar *ebpf.MapSpec `ebpf:"bar_map"` -// Ignored int -// } -// -// Returns an error if any of the eBPF objects can't be found, or -// if the same MapSpec or ProgramSpec is assigned multiple times. -func (cs *CollectionSpec) Assign(to interface{}) error { - // Assign() only supports assigning ProgramSpecs and MapSpecs, - // so doesn't load any resources into the kernel. - getValue := func(typ reflect.Type, name string) (interface{}, error) { - switch typ { - - case reflect.TypeOf((*ProgramSpec)(nil)): - if p := cs.Programs[name]; p != nil { - return p, nil - } - return nil, fmt.Errorf("missing program %q", name) - - case reflect.TypeOf((*MapSpec)(nil)): - if m := cs.Maps[name]; m != nil { - return m, nil - } - return nil, fmt.Errorf("missing map %q", name) - - default: - return nil, fmt.Errorf("unsupported type %s", typ) - } - } - - return assignValues(to, getValue) -} - -// LoadAndAssign loads Maps and Programs into the kernel and assigns them -// to a struct. -// -// Omitting Map/Program.Close() during application shutdown is an error. -// See the package documentation for details around Map and Program lifecycle. -// -// This function is a shortcut to manually checking the presence -// of maps and programs in a CollectionSpec. Consider using bpf2go -// if this sounds useful. -// -// 'to' must be a pointer to a struct. A field of the struct is updated with -// a Program or Map if it has an `ebpf` tag and its type is *Program or *Map. -// The tag's value specifies the name of the program or map as found in the -// CollectionSpec. Before updating the struct, the requested objects and their -// dependent resources are loaded into the kernel and populated with values if -// specified. -// -// struct { -// Foo *ebpf.Program `ebpf:"xdp_foo"` -// Bar *ebpf.Map `ebpf:"bar_map"` -// Ignored int -// } -// -// opts may be nil. -// -// Returns an error if any of the fields can't be found, or -// if the same Map or Program is assigned multiple times. -func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) error { - loader, err := newCollectionLoader(cs, opts) - if err != nil { - return err - } - defer loader.close() - - // Support assigning Programs and Maps, lazy-loading the required objects. - assignedMaps := make(map[string]bool) - assignedProgs := make(map[string]bool) - - getValue := func(typ reflect.Type, name string) (interface{}, error) { - switch typ { - - case reflect.TypeOf((*Program)(nil)): - assignedProgs[name] = true - return loader.loadProgram(name) - - case reflect.TypeOf((*Map)(nil)): - assignedMaps[name] = true - return loader.loadMap(name) - - default: - return nil, fmt.Errorf("unsupported type %s", typ) - } - } - - // Load the Maps and Programs requested by the annotated struct. - if err := assignValues(to, getValue); err != nil { - return err - } - - // Populate the requested maps. Has a chance of lazy-loading other dependent maps. - if err := loader.populateMaps(); err != nil { - return err - } - - // Evaluate the loader's objects after all (lazy)loading has taken place. - for n, m := range loader.maps { - switch m.typ { - case ProgramArray: - // Require all lazy-loaded ProgramArrays to be assigned to the given object. - // The kernel empties a ProgramArray once the last user space reference - // to it closes, which leads to failed tail calls. Combined with the library - // closing map fds via GC finalizers this can lead to surprising behaviour. - // Only allow unassigned ProgramArrays when the library hasn't pre-populated - // any entries from static value declarations. At this point, we know the map - // is empty and there's no way for the caller to interact with the map going - // forward. - if !assignedMaps[n] && len(cs.Maps[n].Contents) > 0 { - return fmt.Errorf("ProgramArray %s must be assigned to prevent missed tail calls", n) - } - } - } - - // Prevent loader.cleanup() from closing assigned Maps and Programs. - for m := range assignedMaps { - delete(loader.maps, m) - } - for p := range assignedProgs { - delete(loader.programs, p) - } - - return nil -} - -// Collection is a collection of Programs and Maps associated -// with their symbols -type Collection struct { - Programs map[string]*Program - Maps map[string]*Map -} - -// NewCollection creates a Collection from the given spec, creating and -// loading its declared resources into the kernel. -// -// Omitting Collection.Close() during application shutdown is an error. -// See the package documentation for details around Map and Program lifecycle. -func NewCollection(spec *CollectionSpec) (*Collection, error) { - return NewCollectionWithOptions(spec, CollectionOptions{}) -} - -// NewCollectionWithOptions creates a Collection from the given spec using -// options, creating and loading its declared resources into the kernel. -// -// Omitting Collection.Close() during application shutdown is an error. -// See the package documentation for details around Map and Program lifecycle. -func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Collection, error) { - loader, err := newCollectionLoader(spec, &opts) - if err != nil { - return nil, err - } - defer loader.close() - - // Create maps first, as their fds need to be linked into programs. - for mapName := range spec.Maps { - if _, err := loader.loadMap(mapName); err != nil { - return nil, err - } - } - - for progName, prog := range spec.Programs { - if prog.Type == UnspecifiedProgram { - continue - } - - if _, err := loader.loadProgram(progName); err != nil { - return nil, err - } - } - - // Maps can contain Program and Map stubs, so populate them after - // all Maps and Programs have been successfully loaded. - if err := loader.populateMaps(); err != nil { - return nil, err - } - - // Prevent loader.cleanup from closing maps and programs. - maps, progs := loader.maps, loader.programs - loader.maps, loader.programs = nil, nil - - return &Collection{ - progs, - maps, - }, nil -} - -type handleCache struct { - btfHandles map[*btf.Spec]*btf.Handle -} - -func newHandleCache() *handleCache { - return &handleCache{ - btfHandles: make(map[*btf.Spec]*btf.Handle), - } -} - -func (hc handleCache) btfHandle(spec *btf.Spec) (*btf.Handle, error) { - if hc.btfHandles[spec] != nil { - return hc.btfHandles[spec], nil - } - - handle, err := btf.NewHandle(spec) - if err != nil { - return nil, err - } - - hc.btfHandles[spec] = handle - return handle, nil -} - -func (hc handleCache) close() { - for _, handle := range hc.btfHandles { - handle.Close() - } -} - -type collectionLoader struct { - coll *CollectionSpec - opts *CollectionOptions - maps map[string]*Map - programs map[string]*Program - handles *handleCache -} - -func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collectionLoader, error) { - if opts == nil { - opts = &CollectionOptions{} - } - - // Check for existing MapSpecs in the CollectionSpec for all provided replacement maps. - for name, m := range opts.MapReplacements { - spec, ok := coll.Maps[name] - if !ok { - return nil, fmt.Errorf("replacement map %s not found in CollectionSpec", name) - } - - if err := spec.checkCompatibility(m); err != nil { - return nil, fmt.Errorf("using replacement map %s: %w", spec.Name, err) - } - } - - return &collectionLoader{ - coll, - opts, - make(map[string]*Map), - make(map[string]*Program), - newHandleCache(), - }, nil -} - -// close all resources left over in the collectionLoader. -func (cl *collectionLoader) close() { - cl.handles.close() - for _, m := range cl.maps { - m.Close() - } - for _, p := range cl.programs { - p.Close() - } -} - -func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { - if m := cl.maps[mapName]; m != nil { - return m, nil - } - - mapSpec := cl.coll.Maps[mapName] - if mapSpec == nil { - return nil, fmt.Errorf("missing map %s", mapName) - } - - if mapSpec.BTF != nil && cl.coll.Types != mapSpec.BTF { - return nil, fmt.Errorf("map %s: BTF doesn't match collection", mapName) - } - - if replaceMap, ok := cl.opts.MapReplacements[mapName]; ok { - // Clone the map to avoid closing user's map later on. - m, err := replaceMap.Clone() - if err != nil { - return nil, err - } - - cl.maps[mapName] = m - return m, nil - } - - m, err := newMapWithOptions(mapSpec, cl.opts.Maps, cl.handles) - if err != nil { - return nil, fmt.Errorf("map %s: %w", mapName, err) - } - - cl.maps[mapName] = m - return m, nil -} - -func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { - if prog := cl.programs[progName]; prog != nil { - return prog, nil - } - - progSpec := cl.coll.Programs[progName] - if progSpec == nil { - return nil, fmt.Errorf("unknown program %s", progName) - } - - // Bail out early if we know the kernel is going to reject the program. - // This skips loading map dependencies, saving some cleanup work later. - if progSpec.Type == UnspecifiedProgram { - return nil, fmt.Errorf("cannot load program %s: program type is unspecified", progName) - } - - if progSpec.BTF != nil && cl.coll.Types != progSpec.BTF { - return nil, fmt.Errorf("program %s: BTF doesn't match collection", progName) - } - - progSpec = progSpec.Copy() - - // Rewrite any reference to a valid map in the program's instructions, - // which includes all of its dependencies. - for i := range progSpec.Instructions { - ins := &progSpec.Instructions[i] - - if !ins.IsLoadFromMap() || ins.Reference() == "" { - continue - } - - // Don't overwrite map loads containing non-zero map fd's, - // they can be manually included by the caller. - // Map FDs/IDs are placed in the lower 32 bits of Constant. - if int32(ins.Constant) > 0 { - continue - } - - m, err := cl.loadMap(ins.Reference()) - if err != nil { - return nil, fmt.Errorf("program %s: %w", progName, err) - } - - if err := ins.AssociateMap(m); err != nil { - return nil, fmt.Errorf("program %s: map %s: %w", progName, ins.Reference(), err) - } - } - - prog, err := newProgramWithOptions(progSpec, cl.opts.Programs, cl.handles) - if err != nil { - return nil, fmt.Errorf("program %s: %w", progName, err) - } - - cl.programs[progName] = prog - return prog, nil -} - -func (cl *collectionLoader) populateMaps() error { - for mapName, m := range cl.maps { - mapSpec, ok := cl.coll.Maps[mapName] - if !ok { - return fmt.Errorf("missing map spec %s", mapName) - } - - mapSpec = mapSpec.Copy() - - // MapSpecs that refer to inner maps or programs within the same - // CollectionSpec do so using strings. These strings are used as the key - // to look up the respective object in the Maps or Programs fields. - // Resolve those references to actual Map or Program resources that - // have been loaded into the kernel. - for i, kv := range mapSpec.Contents { - if objName, ok := kv.Value.(string); ok { - switch mapSpec.Type { - case ProgramArray: - // loadProgram is idempotent and could return an existing Program. - prog, err := cl.loadProgram(objName) - if err != nil { - return fmt.Errorf("loading program %s, for map %s: %w", objName, mapName, err) - } - mapSpec.Contents[i] = MapKV{kv.Key, prog} - - case ArrayOfMaps, HashOfMaps: - // loadMap is idempotent and could return an existing Map. - innerMap, err := cl.loadMap(objName) - if err != nil { - return fmt.Errorf("loading inner map %s, for map %s: %w", objName, mapName, err) - } - mapSpec.Contents[i] = MapKV{kv.Key, innerMap} - } - } - } - - // Populate and freeze the map if specified. - if err := m.finalize(mapSpec); err != nil { - return fmt.Errorf("populating map %s: %w", mapName, err) - } - } - - return nil -} - -// LoadCollection reads an object file and creates and loads its declared -// resources into the kernel. -// -// Omitting Collection.Close() during application shutdown is an error. -// See the package documentation for details around Map and Program lifecycle. -func LoadCollection(file string) (*Collection, error) { - spec, err := LoadCollectionSpec(file) - if err != nil { - return nil, err - } - return NewCollection(spec) -} - -// Close frees all maps and programs associated with the collection. -// -// The collection mustn't be used afterwards. -func (coll *Collection) Close() { - for _, prog := range coll.Programs { - prog.Close() - } - for _, m := range coll.Maps { - m.Close() - } -} - -// DetachMap removes the named map from the Collection. -// -// This means that a later call to Close() will not affect this map. -// -// Returns nil if no map of that name exists. -func (coll *Collection) DetachMap(name string) *Map { - m := coll.Maps[name] - delete(coll.Maps, name) - return m -} - -// DetachProgram removes the named program from the Collection. -// -// This means that a later call to Close() will not affect this program. -// -// Returns nil if no program of that name exists. -func (coll *Collection) DetachProgram(name string) *Program { - p := coll.Programs[name] - delete(coll.Programs, name) - return p -} - -// structField represents a struct field containing the ebpf struct tag. -type structField struct { - reflect.StructField - value reflect.Value -} - -// ebpfFields extracts field names tagged with 'ebpf' from a struct type. -// Keep track of visited types to avoid infinite recursion. -func ebpfFields(structVal reflect.Value, visited map[reflect.Type]bool) ([]structField, error) { - if visited == nil { - visited = make(map[reflect.Type]bool) - } - - structType := structVal.Type() - if structType.Kind() != reflect.Struct { - return nil, fmt.Errorf("%s is not a struct", structType) - } - - if visited[structType] { - return nil, fmt.Errorf("recursion on type %s", structType) - } - - fields := make([]structField, 0, structType.NumField()) - for i := 0; i < structType.NumField(); i++ { - field := structField{structType.Field(i), structVal.Field(i)} - - // If the field is tagged, gather it and move on. - name := field.Tag.Get("ebpf") - if name != "" { - fields = append(fields, field) - continue - } - - // If the field does not have an ebpf tag, but is a struct or a pointer - // to a struct, attempt to gather its fields as well. - var v reflect.Value - switch field.Type.Kind() { - case reflect.Ptr: - if field.Type.Elem().Kind() != reflect.Struct { - continue - } - - if field.value.IsNil() { - return nil, fmt.Errorf("nil pointer to %s", structType) - } - - // Obtain the destination type of the pointer. - v = field.value.Elem() - - case reflect.Struct: - // Reference the value's type directly. - v = field.value - - default: - continue - } - - inner, err := ebpfFields(v, visited) - if err != nil { - return nil, fmt.Errorf("field %s: %w", field.Name, err) - } - - fields = append(fields, inner...) - } - - return fields, nil -} - -// assignValues attempts to populate all fields of 'to' tagged with 'ebpf'. -// -// getValue is called for every tagged field of 'to' and must return the value -// to be assigned to the field with the given typ and name. -func assignValues(to interface{}, - getValue func(typ reflect.Type, name string) (interface{}, error)) error { - - toValue := reflect.ValueOf(to) - if toValue.Type().Kind() != reflect.Ptr { - return fmt.Errorf("%T is not a pointer to struct", to) - } - - if toValue.IsNil() { - return fmt.Errorf("nil pointer to %T", to) - } - - fields, err := ebpfFields(toValue.Elem(), nil) - if err != nil { - return err - } - - type elem struct { - // Either *Map or *Program - typ reflect.Type - name string - } - - assigned := make(map[elem]string) - for _, field := range fields { - // Get string value the field is tagged with. - tag := field.Tag.Get("ebpf") - if strings.Contains(tag, ",") { - return fmt.Errorf("field %s: ebpf tag contains a comma", field.Name) - } - - // Check if the eBPF object with the requested - // type and tag was already assigned elsewhere. - e := elem{field.Type, tag} - if af := assigned[e]; af != "" { - return fmt.Errorf("field %s: object %q was already assigned to %s", field.Name, tag, af) - } - - // Get the eBPF object referred to by the tag. - value, err := getValue(field.Type, tag) - if err != nil { - return fmt.Errorf("field %s: %w", field.Name, err) - } - - if !field.value.CanSet() { - return fmt.Errorf("field %s: can't set value", field.Name) - } - field.value.Set(reflect.ValueOf(value)) - - assigned[e] = field.Name - } - - return nil -} diff --git a/vendor/github.com/cilium/ebpf/doc.go b/vendor/github.com/cilium/ebpf/doc.go deleted file mode 100644 index 396b3394d3..0000000000 --- a/vendor/github.com/cilium/ebpf/doc.go +++ /dev/null @@ -1,25 +0,0 @@ -// Package ebpf is a toolkit for working with eBPF programs. -// -// eBPF programs are small snippets of code which are executed directly -// in a VM in the Linux kernel, which makes them very fast and flexible. -// Many Linux subsystems now accept eBPF programs. This makes it possible -// to implement highly application specific logic inside the kernel, -// without having to modify the actual kernel itself. -// -// This package is designed for long-running processes which -// want to use eBPF to implement part of their application logic. It has no -// run-time dependencies outside of the library and the Linux kernel itself. -// eBPF code should be compiled ahead of time using clang, and shipped with -// your application as any other resource. -// -// Use the link subpackage to attach a loaded program to a hook in the kernel. -// -// Note that losing all references to Map and Program resources will cause -// their underlying file descriptors to be closed, potentially removing those -// objects from the kernel. Always retain a reference by e.g. deferring a -// Close() of a Collection or LoadAndAssign object until application exit. -// -// Special care needs to be taken when handling maps of type ProgramArray, -// as the kernel erases its contents when the last userspace or bpffs -// reference disappears, regardless of the map being in active use. -package ebpf diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go deleted file mode 100644 index df278895c6..0000000000 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ /dev/null @@ -1,1197 +0,0 @@ -package ebpf - -import ( - "bufio" - "bytes" - "debug/elf" - "encoding/binary" - "errors" - "fmt" - "io" - "math" - "os" - "strings" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/unix" -) - -// elfCode is a convenience to reduce the amount of arguments that have to -// be passed around explicitly. You should treat its contents as immutable. -type elfCode struct { - *internal.SafeELFFile - sections map[elf.SectionIndex]*elfSection - license string - version uint32 - btf *btf.Spec - extInfo *btf.ExtInfos -} - -// LoadCollectionSpec parses an ELF file into a CollectionSpec. -func LoadCollectionSpec(file string) (*CollectionSpec, error) { - f, err := os.Open(file) - if err != nil { - return nil, err - } - defer f.Close() - - spec, err := LoadCollectionSpecFromReader(f) - if err != nil { - return nil, fmt.Errorf("file %s: %w", file, err) - } - return spec, nil -} - -// LoadCollectionSpecFromReader parses an ELF file into a CollectionSpec. -func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { - f, err := internal.NewSafeELFFile(rd) - if err != nil { - return nil, err - } - - var ( - licenseSection *elf.Section - versionSection *elf.Section - sections = make(map[elf.SectionIndex]*elfSection) - relSections = make(map[elf.SectionIndex]*elf.Section) - ) - - // This is the target of relocations generated by inline assembly. - sections[elf.SHN_UNDEF] = newElfSection(new(elf.Section), undefSection) - - // Collect all the sections we're interested in. This includes relocations - // which we parse later. - for i, sec := range f.Sections { - idx := elf.SectionIndex(i) - - switch { - case strings.HasPrefix(sec.Name, "license"): - licenseSection = sec - case strings.HasPrefix(sec.Name, "version"): - versionSection = sec - case strings.HasPrefix(sec.Name, "maps"): - sections[idx] = newElfSection(sec, mapSection) - case sec.Name == ".maps": - sections[idx] = newElfSection(sec, btfMapSection) - case sec.Name == ".bss" || sec.Name == ".data" || strings.HasPrefix(sec.Name, ".rodata"): - sections[idx] = newElfSection(sec, dataSection) - case sec.Type == elf.SHT_REL: - // Store relocations under the section index of the target - relSections[elf.SectionIndex(sec.Info)] = sec - case sec.Type == elf.SHT_PROGBITS && (sec.Flags&elf.SHF_EXECINSTR) != 0 && sec.Size > 0: - sections[idx] = newElfSection(sec, programSection) - } - } - - license, err := loadLicense(licenseSection) - if err != nil { - return nil, fmt.Errorf("load license: %w", err) - } - - version, err := loadVersion(versionSection, f.ByteOrder) - if err != nil { - return nil, fmt.Errorf("load version: %w", err) - } - - btfSpec, btfExtInfo, err := btf.LoadSpecAndExtInfosFromReader(rd) - if err != nil && !errors.Is(err, btf.ErrNotFound) { - return nil, fmt.Errorf("load BTF: %w", err) - } - - ec := &elfCode{ - SafeELFFile: f, - sections: sections, - license: license, - version: version, - btf: btfSpec, - extInfo: btfExtInfo, - } - - symbols, err := f.Symbols() - if err != nil { - return nil, fmt.Errorf("load symbols: %v", err) - } - - ec.assignSymbols(symbols) - - if err := ec.loadRelocations(relSections, symbols); err != nil { - return nil, fmt.Errorf("load relocations: %w", err) - } - - // Collect all the various ways to define maps. - maps := make(map[string]*MapSpec) - if err := ec.loadMaps(maps); err != nil { - return nil, fmt.Errorf("load maps: %w", err) - } - - if err := ec.loadBTFMaps(maps); err != nil { - return nil, fmt.Errorf("load BTF maps: %w", err) - } - - if err := ec.loadDataSections(maps); err != nil { - return nil, fmt.Errorf("load data sections: %w", err) - } - - // Finally, collect programs and link them. - progs, err := ec.loadProgramSections() - if err != nil { - return nil, fmt.Errorf("load programs: %w", err) - } - - return &CollectionSpec{maps, progs, btfSpec, ec.ByteOrder}, nil -} - -func loadLicense(sec *elf.Section) (string, error) { - if sec == nil { - return "", nil - } - - data, err := sec.Data() - if err != nil { - return "", fmt.Errorf("section %s: %v", sec.Name, err) - } - return string(bytes.TrimRight(data, "\000")), nil -} - -func loadVersion(sec *elf.Section, bo binary.ByteOrder) (uint32, error) { - if sec == nil { - return 0, nil - } - - var version uint32 - if err := binary.Read(sec.Open(), bo, &version); err != nil { - return 0, fmt.Errorf("section %s: %v", sec.Name, err) - } - return version, nil -} - -type elfSectionKind int - -const ( - undefSection elfSectionKind = iota - mapSection - btfMapSection - programSection - dataSection -) - -type elfSection struct { - *elf.Section - kind elfSectionKind - // Offset from the start of the section to a symbol - symbols map[uint64]elf.Symbol - // Offset from the start of the section to a relocation, which points at - // a symbol in another section. - relocations map[uint64]elf.Symbol - // The number of relocations pointing at this section. - references int -} - -func newElfSection(section *elf.Section, kind elfSectionKind) *elfSection { - return &elfSection{ - section, - kind, - make(map[uint64]elf.Symbol), - make(map[uint64]elf.Symbol), - 0, - } -} - -// assignSymbols takes a list of symbols and assigns them to their -// respective sections, indexed by name. -func (ec *elfCode) assignSymbols(symbols []elf.Symbol) { - for _, symbol := range symbols { - symType := elf.ST_TYPE(symbol.Info) - symSection := ec.sections[symbol.Section] - if symSection == nil { - continue - } - - // Anonymous symbols only occur in debug sections which we don't process - // relocations for. Anonymous symbols are not referenced from other sections. - if symbol.Name == "" { - continue - } - - // Older versions of LLVM don't tag symbols correctly, so keep - // all NOTYPE ones. - switch symSection.kind { - case mapSection, btfMapSection, dataSection: - if symType != elf.STT_NOTYPE && symType != elf.STT_OBJECT { - continue - } - case programSection: - if symType != elf.STT_NOTYPE && symType != elf.STT_FUNC { - continue - } - // LLVM emits LBB_ (Local Basic Block) symbols that seem to be jump - // targets within sections, but BPF has no use for them. - if symType == elf.STT_NOTYPE && elf.ST_BIND(symbol.Info) == elf.STB_LOCAL && - strings.HasPrefix(symbol.Name, "LBB") { - continue - } - // Only collect symbols that occur in program/maps/data sections. - default: - continue - } - - symSection.symbols[symbol.Value] = symbol - } -} - -// loadRelocations iterates .rel* sections and extracts relocation entries for -// sections of interest. Makes sure relocations point at valid sections. -func (ec *elfCode) loadRelocations(relSections map[elf.SectionIndex]*elf.Section, symbols []elf.Symbol) error { - for idx, relSection := range relSections { - section := ec.sections[idx] - if section == nil { - continue - } - - rels, err := ec.loadSectionRelocations(relSection, symbols) - if err != nil { - return fmt.Errorf("relocation for section %q: %w", section.Name, err) - } - - for _, rel := range rels { - target := ec.sections[rel.Section] - if target == nil { - return fmt.Errorf("section %q: reference to %q in section %s: %w", section.Name, rel.Name, rel.Section, ErrNotSupported) - } - - if target.Flags&elf.SHF_STRINGS > 0 { - return fmt.Errorf("section %q: string is not stack allocated: %w", section.Name, ErrNotSupported) - } - - target.references++ - } - - section.relocations = rels - } - - return nil -} - -// loadProgramSections iterates ec's sections and emits a ProgramSpec -// for each function it finds. -// -// The resulting map is indexed by function name. -func (ec *elfCode) loadProgramSections() (map[string]*ProgramSpec, error) { - - progs := make(map[string]*ProgramSpec) - - // Generate a ProgramSpec for each function found in each program section. - var export []string - for _, sec := range ec.sections { - if sec.kind != programSection { - continue - } - - if len(sec.symbols) == 0 { - return nil, fmt.Errorf("section %v: missing symbols", sec.Name) - } - - funcs, err := ec.loadFunctions(sec) - if err != nil { - return nil, fmt.Errorf("section %v: %w", sec.Name, err) - } - - progType, attachType, progFlags, attachTo := getProgType(sec.Name) - - for name, insns := range funcs { - spec := &ProgramSpec{ - Name: name, - Type: progType, - Flags: progFlags, - AttachType: attachType, - AttachTo: attachTo, - SectionName: sec.Name, - License: ec.license, - KernelVersion: ec.version, - Instructions: insns, - ByteOrder: ec.ByteOrder, - BTF: ec.btf, - } - - // Function names must be unique within a single ELF blob. - if progs[name] != nil { - return nil, fmt.Errorf("duplicate program name %s", name) - } - progs[name] = spec - - if spec.SectionName != ".text" { - export = append(export, name) - } - } - } - - flattenPrograms(progs, export) - - // Hide programs (e.g. library functions) that were not explicitly emitted - // to an ELF section. These could be exposed in a separate CollectionSpec - // field later to allow them to be modified. - for n, p := range progs { - if p.SectionName == ".text" { - delete(progs, n) - } - } - - return progs, nil -} - -// loadFunctions extracts instruction streams from the given program section -// starting at each symbol in the section. The section's symbols must already -// be narrowed down to STT_NOTYPE (emitted by clang <8) or STT_FUNC. -// -// The resulting map is indexed by function name. -func (ec *elfCode) loadFunctions(section *elfSection) (map[string]asm.Instructions, error) { - r := bufio.NewReader(section.Open()) - - // Decode the section's instruction stream. - var insns asm.Instructions - if err := insns.Unmarshal(r, ec.ByteOrder); err != nil { - return nil, fmt.Errorf("decoding instructions for section %s: %w", section.Name, err) - } - if len(insns) == 0 { - return nil, fmt.Errorf("no instructions found in section %s", section.Name) - } - - iter := insns.Iterate() - for iter.Next() { - ins := iter.Ins - offset := iter.Offset.Bytes() - - // Tag Symbol Instructions. - if sym, ok := section.symbols[offset]; ok { - *ins = ins.WithSymbol(sym.Name) - } - - // Apply any relocations for the current instruction. - // If no relocation is present, resolve any section-relative function calls. - if rel, ok := section.relocations[offset]; ok { - if err := ec.relocateInstruction(ins, rel); err != nil { - return nil, fmt.Errorf("offset %d: relocating instruction: %w", offset, err) - } - } else { - if err := referenceRelativeJump(ins, offset, section.symbols); err != nil { - return nil, fmt.Errorf("offset %d: resolving relative jump: %w", offset, err) - } - } - } - - if ec.extInfo != nil { - ec.extInfo.Assign(insns, section.Name) - } - - return splitSymbols(insns) -} - -// referenceRelativeJump turns a relative jump to another bpf subprogram within -// the same ELF section into a Reference Instruction. -// -// Up to LLVM 9, calls to subprograms within the same ELF section are sometimes -// encoded using relative jumps instead of relocation entries. These jumps go -// out of bounds of the current program, so their targets must be memoized -// before the section's instruction stream is split. -// -// The relative jump Constant is blinded to -1 and the target Symbol is set as -// the Instruction's Reference so it can be resolved by the linker. -func referenceRelativeJump(ins *asm.Instruction, offset uint64, symbols map[uint64]elf.Symbol) error { - if !ins.IsFunctionReference() || ins.Constant == -1 { - return nil - } - - tgt := jumpTarget(offset, *ins) - sym := symbols[tgt].Name - if sym == "" { - return fmt.Errorf("no jump target found at offset %d", tgt) - } - - *ins = ins.WithReference(sym) - ins.Constant = -1 - - return nil -} - -// jumpTarget takes ins' offset within an instruction stream (in bytes) -// and returns its absolute jump destination (in bytes) within the -// instruction stream. -func jumpTarget(offset uint64, ins asm.Instruction) uint64 { - // A relative jump instruction describes the amount of raw BPF instructions - // to jump, convert the offset into bytes. - dest := ins.Constant * asm.InstructionSize - - // The starting point of the jump is the end of the current instruction. - dest += int64(offset + asm.InstructionSize) - - if dest < 0 { - return 0 - } - - return uint64(dest) -} - -func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) error { - var ( - typ = elf.ST_TYPE(rel.Info) - bind = elf.ST_BIND(rel.Info) - name = rel.Name - ) - - target := ec.sections[rel.Section] - - switch target.kind { - case mapSection, btfMapSection: - if bind != elf.STB_GLOBAL { - return fmt.Errorf("possible erroneous static qualifier on map definition: found reference to %q", name) - } - - if typ != elf.STT_OBJECT && typ != elf.STT_NOTYPE { - // STT_NOTYPE is generated on clang < 8 which doesn't tag - // relocations appropriately. - return fmt.Errorf("map load: incorrect relocation type %v", typ) - } - - ins.Src = asm.PseudoMapFD - - case dataSection: - var offset uint32 - switch typ { - case elf.STT_SECTION: - if bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported section relocation %s", name, bind) - } - - // This is really a reference to a static symbol, which clang doesn't - // emit a symbol table entry for. Instead it encodes the offset in - // the instruction itself. - offset = uint32(uint64(ins.Constant)) - - case elf.STT_OBJECT: - // LLVM 9 emits OBJECT-LOCAL symbols for anonymous constants. - if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported object relocation %s", name, bind) - } - - offset = uint32(rel.Value) - - case elf.STT_NOTYPE: - // LLVM 7 emits NOTYPE-LOCAL symbols for anonymous constants. - if bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported untyped relocation %s", name, bind) - } - - offset = uint32(rel.Value) - - default: - return fmt.Errorf("incorrect relocation type %v for direct map load", typ) - } - - // We rely on using the name of the data section as the reference. It - // would be nicer to keep the real name in case of an STT_OBJECT, but - // it's not clear how to encode that into Instruction. - name = target.Name - - // The kernel expects the offset in the second basic BPF instruction. - ins.Constant = int64(uint64(offset) << 32) - ins.Src = asm.PseudoMapValue - - case programSection: - switch opCode := ins.OpCode; { - case opCode.JumpOp() == asm.Call: - if ins.Src != asm.PseudoCall { - return fmt.Errorf("call: %s: incorrect source register", name) - } - - switch typ { - case elf.STT_NOTYPE, elf.STT_FUNC: - if bind != elf.STB_GLOBAL { - return fmt.Errorf("call: %s: unsupported binding: %s", name, bind) - } - - case elf.STT_SECTION: - if bind != elf.STB_LOCAL { - return fmt.Errorf("call: %s: unsupported binding: %s", name, bind) - } - - // The function we want to call is in the indicated section, - // at the offset encoded in the instruction itself. Reverse - // the calculation to find the real function we're looking for. - // A value of -1 references the first instruction in the section. - offset := int64(int32(ins.Constant)+1) * asm.InstructionSize - sym, ok := target.symbols[uint64(offset)] - if !ok { - return fmt.Errorf("call: no symbol at offset %d", offset) - } - - name = sym.Name - ins.Constant = -1 - - default: - return fmt.Errorf("call: %s: invalid symbol type %s", name, typ) - } - case opCode.IsDWordLoad(): - switch typ { - case elf.STT_FUNC: - if bind != elf.STB_GLOBAL { - return fmt.Errorf("load: %s: unsupported binding: %s", name, bind) - } - - case elf.STT_SECTION: - if bind != elf.STB_LOCAL { - return fmt.Errorf("load: %s: unsupported binding: %s", name, bind) - } - - // ins.Constant already contains the offset in bytes from the - // start of the section. This is different than a call to a - // static function. - - default: - return fmt.Errorf("load: %s: invalid symbol type %s", name, typ) - } - - sym, ok := target.symbols[uint64(ins.Constant)] - if !ok { - return fmt.Errorf("load: no symbol at offset %d", ins.Constant) - } - - name = sym.Name - ins.Constant = -1 - ins.Src = asm.PseudoFunc - - default: - return fmt.Errorf("neither a call nor a load instruction: %v", ins) - } - - case undefSection: - if bind != elf.STB_GLOBAL { - return fmt.Errorf("asm relocation: %s: unsupported binding: %s", name, bind) - } - - if typ != elf.STT_NOTYPE { - return fmt.Errorf("asm relocation: %s: unsupported type %s", name, typ) - } - - // There is nothing to do here but set ins.Reference. - - default: - return fmt.Errorf("relocation to %q: %w", target.Name, ErrNotSupported) - } - - *ins = ins.WithReference(name) - return nil -} - -func (ec *elfCode) loadMaps(maps map[string]*MapSpec) error { - for _, sec := range ec.sections { - if sec.kind != mapSection { - continue - } - - nSym := len(sec.symbols) - if nSym == 0 { - return fmt.Errorf("section %v: no symbols", sec.Name) - } - - if sec.Size%uint64(nSym) != 0 { - return fmt.Errorf("section %v: map descriptors are not of equal size", sec.Name) - } - - var ( - r = bufio.NewReader(sec.Open()) - size = sec.Size / uint64(nSym) - ) - for i, offset := 0, uint64(0); i < nSym; i, offset = i+1, offset+size { - mapSym, ok := sec.symbols[offset] - if !ok { - return fmt.Errorf("section %s: missing symbol for map at offset %d", sec.Name, offset) - } - - mapName := mapSym.Name - if maps[mapName] != nil { - return fmt.Errorf("section %v: map %v already exists", sec.Name, mapSym) - } - - lr := io.LimitReader(r, int64(size)) - - spec := MapSpec{ - Name: SanitizeName(mapName, -1), - } - switch { - case binary.Read(lr, ec.ByteOrder, &spec.Type) != nil: - return fmt.Errorf("map %s: missing type", mapName) - case binary.Read(lr, ec.ByteOrder, &spec.KeySize) != nil: - return fmt.Errorf("map %s: missing key size", mapName) - case binary.Read(lr, ec.ByteOrder, &spec.ValueSize) != nil: - return fmt.Errorf("map %s: missing value size", mapName) - case binary.Read(lr, ec.ByteOrder, &spec.MaxEntries) != nil: - return fmt.Errorf("map %s: missing max entries", mapName) - case binary.Read(lr, ec.ByteOrder, &spec.Flags) != nil: - return fmt.Errorf("map %s: missing flags", mapName) - } - - extra, err := io.ReadAll(lr) - if err != nil { - return fmt.Errorf("map %s: reading map tail: %w", mapName, err) - } - if len(extra) > 0 { - spec.Extra = bytes.NewReader(extra) - } - - if err := spec.clampPerfEventArraySize(); err != nil { - return fmt.Errorf("map %s: %w", mapName, err) - } - - maps[mapName] = &spec - } - } - - return nil -} - -// loadBTFMaps iterates over all ELF sections marked as BTF map sections -// (like .maps) and parses them into MapSpecs. Dump the .maps section and -// any relocations with `readelf -x .maps -r `. -func (ec *elfCode) loadBTFMaps(maps map[string]*MapSpec) error { - for _, sec := range ec.sections { - if sec.kind != btfMapSection { - continue - } - - if ec.btf == nil { - return fmt.Errorf("missing BTF") - } - - // Each section must appear as a DataSec in the ELF's BTF blob. - var ds *btf.Datasec - if err := ec.btf.TypeByName(sec.Name, &ds); err != nil { - return fmt.Errorf("cannot find section '%s' in BTF: %w", sec.Name, err) - } - - // Open a Reader to the ELF's raw section bytes so we can assert that all - // of them are zero on a per-map (per-Var) basis. For now, the section's - // sole purpose is to receive relocations, so all must be zero. - rs := sec.Open() - - for _, vs := range ds.Vars { - // BPF maps are declared as and assigned to global variables, - // so iterate over each Var in the DataSec and validate their types. - v, ok := vs.Type.(*btf.Var) - if !ok { - return fmt.Errorf("section %v: unexpected type %s", sec.Name, vs.Type) - } - name := string(v.Name) - - // The BTF metadata for each Var contains the full length of the map - // declaration, so read the corresponding amount of bytes from the ELF. - // This way, we can pinpoint which map declaration contains unexpected - // (and therefore unsupported) data. - _, err := io.Copy(internal.DiscardZeroes{}, io.LimitReader(rs, int64(vs.Size))) - if err != nil { - return fmt.Errorf("section %v: map %s: initializing BTF map definitions: %w", sec.Name, name, internal.ErrNotSupported) - } - - if maps[name] != nil { - return fmt.Errorf("section %v: map %s already exists", sec.Name, name) - } - - // Each Var representing a BTF map definition contains a Struct. - mapStruct, ok := v.Type.(*btf.Struct) - if !ok { - return fmt.Errorf("expected struct, got %s", v.Type) - } - - mapSpec, err := mapSpecFromBTF(sec, &vs, mapStruct, ec.btf, name, false) - if err != nil { - return fmt.Errorf("map %v: %w", name, err) - } - - if err := mapSpec.clampPerfEventArraySize(); err != nil { - return fmt.Errorf("map %v: %w", name, err) - } - - maps[name] = mapSpec - } - - // Drain the ELF section reader to make sure all bytes are accounted for - // with BTF metadata. - i, err := io.Copy(io.Discard, rs) - if err != nil { - return fmt.Errorf("section %v: unexpected error reading remainder of ELF section: %w", sec.Name, err) - } - if i > 0 { - return fmt.Errorf("section %v: %d unexpected remaining bytes in ELF section, invalid BTF?", sec.Name, i) - } - } - - return nil -} - -// mapSpecFromBTF produces a MapSpec based on a btf.Struct def representing -// a BTF map definition. The name and spec arguments will be copied to the -// resulting MapSpec, and inner must be true on any resursive invocations. -func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *btf.Spec, name string, inner bool) (*MapSpec, error) { - var ( - key, value btf.Type - keySize, valueSize uint32 - mapType MapType - flags, maxEntries uint32 - pinType PinType - innerMapSpec *MapSpec - contents []MapKV - err error - ) - - for i, member := range def.Members { - switch member.Name { - case "type": - mt, err := uintFromBTF(member.Type) - if err != nil { - return nil, fmt.Errorf("can't get type: %w", err) - } - mapType = MapType(mt) - - case "map_flags": - flags, err = uintFromBTF(member.Type) - if err != nil { - return nil, fmt.Errorf("can't get BTF map flags: %w", err) - } - - case "max_entries": - maxEntries, err = uintFromBTF(member.Type) - if err != nil { - return nil, fmt.Errorf("can't get BTF map max entries: %w", err) - } - - case "key": - if keySize != 0 { - return nil, errors.New("both key and key_size given") - } - - pk, ok := member.Type.(*btf.Pointer) - if !ok { - return nil, fmt.Errorf("key type is not a pointer: %T", member.Type) - } - - key = pk.Target - - size, err := btf.Sizeof(pk.Target) - if err != nil { - return nil, fmt.Errorf("can't get size of BTF key: %w", err) - } - - keySize = uint32(size) - - case "value": - if valueSize != 0 { - return nil, errors.New("both value and value_size given") - } - - vk, ok := member.Type.(*btf.Pointer) - if !ok { - return nil, fmt.Errorf("value type is not a pointer: %T", member.Type) - } - - value = vk.Target - - size, err := btf.Sizeof(vk.Target) - if err != nil { - return nil, fmt.Errorf("can't get size of BTF value: %w", err) - } - - valueSize = uint32(size) - - case "key_size": - // Key needs to be nil and keySize needs to be 0 for key_size to be - // considered a valid member. - if key != nil || keySize != 0 { - return nil, errors.New("both key and key_size given") - } - - keySize, err = uintFromBTF(member.Type) - if err != nil { - return nil, fmt.Errorf("can't get BTF key size: %w", err) - } - - case "value_size": - // Value needs to be nil and valueSize needs to be 0 for value_size to be - // considered a valid member. - if value != nil || valueSize != 0 { - return nil, errors.New("both value and value_size given") - } - - valueSize, err = uintFromBTF(member.Type) - if err != nil { - return nil, fmt.Errorf("can't get BTF value size: %w", err) - } - - case "pinning": - if inner { - return nil, errors.New("inner maps can't be pinned") - } - - pinning, err := uintFromBTF(member.Type) - if err != nil { - return nil, fmt.Errorf("can't get pinning: %w", err) - } - - pinType = PinType(pinning) - - case "values": - // The 'values' field in BTF map definitions is used for declaring map - // value types that are references to other BPF objects, like other maps - // or programs. It is always expected to be an array of pointers. - if i != len(def.Members)-1 { - return nil, errors.New("'values' must be the last member in a BTF map definition") - } - - if valueSize != 0 && valueSize != 4 { - return nil, errors.New("value_size must be 0 or 4") - } - valueSize = 4 - - valueType, err := resolveBTFArrayMacro(member.Type) - if err != nil { - return nil, fmt.Errorf("can't resolve type of member 'values': %w", err) - } - - switch t := valueType.(type) { - case *btf.Struct: - // The values member pointing to an array of structs means we're expecting - // a map-in-map declaration. - if mapType != ArrayOfMaps && mapType != HashOfMaps { - return nil, errors.New("outer map needs to be an array or a hash of maps") - } - if inner { - return nil, fmt.Errorf("nested inner maps are not supported") - } - - // This inner map spec is used as a map template, but it needs to be - // created as a traditional map before it can be used to do so. - // libbpf names the inner map template '.inner', but we - // opted for _inner to simplify validation logic. (dots only supported - // on kernels 5.2 and up) - // Pass the BTF spec from the parent object, since both parent and - // child must be created from the same BTF blob (on kernels that support BTF). - innerMapSpec, err = mapSpecFromBTF(es, vs, t, spec, name+"_inner", true) - if err != nil { - return nil, fmt.Errorf("can't parse BTF map definition of inner map: %w", err) - } - - case *btf.FuncProto: - // The values member contains an array of function pointers, meaning an - // autopopulated PROG_ARRAY. - if mapType != ProgramArray { - return nil, errors.New("map needs to be a program array") - } - - default: - return nil, fmt.Errorf("unsupported value type %q in 'values' field", t) - } - - contents, err = resolveBTFValuesContents(es, vs, member) - if err != nil { - return nil, fmt.Errorf("resolving values contents: %w", err) - } - - default: - return nil, fmt.Errorf("unrecognized field %s in BTF map definition", member.Name) - } - } - - if key == nil { - key = &btf.Void{} - } - if value == nil { - value = &btf.Void{} - } - - return &MapSpec{ - Name: SanitizeName(name, -1), - Type: MapType(mapType), - KeySize: keySize, - ValueSize: valueSize, - MaxEntries: maxEntries, - Flags: flags, - Key: key, - Value: value, - BTF: spec, - Pinning: pinType, - InnerMap: innerMapSpec, - Contents: contents, - }, nil -} - -// uintFromBTF resolves the __uint macro, which is a pointer to a sized -// array, e.g. for int (*foo)[10], this function will return 10. -func uintFromBTF(typ btf.Type) (uint32, error) { - ptr, ok := typ.(*btf.Pointer) - if !ok { - return 0, fmt.Errorf("not a pointer: %v", typ) - } - - arr, ok := ptr.Target.(*btf.Array) - if !ok { - return 0, fmt.Errorf("not a pointer to array: %v", typ) - } - - return arr.Nelems, nil -} - -// resolveBTFArrayMacro resolves the __array macro, which declares an array -// of pointers to a given type. This function returns the target Type of -// the pointers in the array. -func resolveBTFArrayMacro(typ btf.Type) (btf.Type, error) { - arr, ok := typ.(*btf.Array) - if !ok { - return nil, fmt.Errorf("not an array: %v", typ) - } - - ptr, ok := arr.Type.(*btf.Pointer) - if !ok { - return nil, fmt.Errorf("not an array of pointers: %v", typ) - } - - return ptr.Target, nil -} - -// resolveBTFValuesContents resolves relocations into ELF sections belonging -// to btf.VarSecinfo's. This can be used on the 'values' member in BTF map -// definitions to extract static declarations of map contents. -func resolveBTFValuesContents(es *elfSection, vs *btf.VarSecinfo, member btf.Member) ([]MapKV, error) { - // The elements of a .values pointer array are not encoded in BTF. - // Instead, relocations are generated into each array index. - // However, it's possible to leave certain array indices empty, so all - // indices' offsets need to be checked for emitted relocations. - - // The offset of the 'values' member within the _struct_ (in bits) - // is the starting point of the array. Convert to bytes. Add VarSecinfo - // offset to get the absolute position in the ELF blob. - start := member.Offset.Bytes() + vs.Offset - // 'values' is encoded in BTF as a zero (variable) length struct - // member, and its contents run until the end of the VarSecinfo. - // Add VarSecinfo offset to get the absolute position in the ELF blob. - end := vs.Size + vs.Offset - // The size of an address in this section. This determines the width of - // an index in the array. - align := uint32(es.SectionHeader.Addralign) - - // Check if variable-length section is aligned. - if (end-start)%align != 0 { - return nil, errors.New("unaligned static values section") - } - elems := (end - start) / align - - if elems == 0 { - return nil, nil - } - - contents := make([]MapKV, 0, elems) - - // k is the array index, off is its corresponding ELF section offset. - for k, off := uint32(0), start; k < elems; k, off = k+1, off+align { - r, ok := es.relocations[uint64(off)] - if !ok { - continue - } - - // Relocation exists for the current offset in the ELF section. - // Emit a value stub based on the type of relocation to be replaced by - // a real fd later in the pipeline before populating the map. - // Map keys are encoded in MapKV entries, so empty array indices are - // skipped here. - switch t := elf.ST_TYPE(r.Info); t { - case elf.STT_FUNC: - contents = append(contents, MapKV{uint32(k), r.Name}) - case elf.STT_OBJECT: - contents = append(contents, MapKV{uint32(k), r.Name}) - default: - return nil, fmt.Errorf("unknown relocation type %v", t) - } - } - - return contents, nil -} - -func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { - for _, sec := range ec.sections { - if sec.kind != dataSection { - continue - } - - if sec.references == 0 { - // Prune data sections which are not referenced by any - // instructions. - continue - } - - data, err := sec.Data() - if err != nil { - return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) - } - - if uint64(len(data)) > math.MaxUint32 { - return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) - } - - mapSpec := &MapSpec{ - Name: SanitizeName(sec.Name, -1), - Type: Array, - KeySize: 4, - ValueSize: uint32(len(data)), - MaxEntries: 1, - Contents: []MapKV{{uint32(0), data}}, - } - - // It is possible for a data section to exist without a corresponding BTF Datasec - // if it only contains anonymous values like macro-defined arrays. - if ec.btf != nil { - var ds *btf.Datasec - if ec.btf.TypeByName(sec.Name, &ds) == nil { - // Assign the spec's key and BTF only if the Datasec lookup was successful. - mapSpec.BTF = ec.btf - mapSpec.Key = &btf.Void{} - mapSpec.Value = ds - } - } - - switch n := sec.Name; { - case strings.HasPrefix(n, ".rodata"): - mapSpec.Flags = unix.BPF_F_RDONLY_PROG - mapSpec.Freeze = true - case n == ".bss": - // The kernel already zero-initializes the map - mapSpec.Contents = nil - } - - maps[sec.Name] = mapSpec - } - return nil -} - -func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { - types := []struct { - prefix string - progType ProgramType - attachType AttachType - progFlags uint32 - }{ - // Please update the types from libbpf.c and follow the order of it. - // https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/libbpf.c - {"socket", SocketFilter, AttachNone, 0}, - {"sk_reuseport/migrate", SkReuseport, AttachSkReuseportSelectOrMigrate, 0}, - {"sk_reuseport", SkReuseport, AttachSkReuseportSelect, 0}, - {"kprobe/", Kprobe, AttachNone, 0}, - {"uprobe/", Kprobe, AttachNone, 0}, - {"kretprobe/", Kprobe, AttachNone, 0}, - {"uretprobe/", Kprobe, AttachNone, 0}, - {"tc", SchedCLS, AttachNone, 0}, - {"classifier", SchedCLS, AttachNone, 0}, - {"action", SchedACT, AttachNone, 0}, - {"tracepoint/", TracePoint, AttachNone, 0}, - {"tp/", TracePoint, AttachNone, 0}, - {"raw_tracepoint/", RawTracepoint, AttachNone, 0}, - {"raw_tp/", RawTracepoint, AttachNone, 0}, - {"raw_tracepoint.w/", RawTracepointWritable, AttachNone, 0}, - {"raw_tp.w/", RawTracepointWritable, AttachNone, 0}, - {"tp_btf/", Tracing, AttachTraceRawTp, 0}, - {"fentry/", Tracing, AttachTraceFEntry, 0}, - {"fmod_ret/", Tracing, AttachModifyReturn, 0}, - {"fexit/", Tracing, AttachTraceFExit, 0}, - {"fentry.s/", Tracing, AttachTraceFEntry, unix.BPF_F_SLEEPABLE}, - {"fmod_ret.s/", Tracing, AttachModifyReturn, unix.BPF_F_SLEEPABLE}, - {"fexit.s/", Tracing, AttachTraceFExit, unix.BPF_F_SLEEPABLE}, - {"freplace/", Extension, AttachNone, 0}, - {"lsm/", LSM, AttachLSMMac, 0}, - {"lsm.s/", LSM, AttachLSMMac, unix.BPF_F_SLEEPABLE}, - {"iter/", Tracing, AttachTraceIter, 0}, - {"syscall", Syscall, AttachNone, 0}, - {"xdp_devmap/", XDP, AttachXDPDevMap, 0}, - {"xdp_cpumap/", XDP, AttachXDPCPUMap, 0}, - {"xdp", XDP, AttachNone, 0}, - {"perf_event", PerfEvent, AttachNone, 0}, - {"lwt_in", LWTIn, AttachNone, 0}, - {"lwt_out", LWTOut, AttachNone, 0}, - {"lwt_xmit", LWTXmit, AttachNone, 0}, - {"lwt_seg6local", LWTSeg6Local, AttachNone, 0}, - {"cgroup_skb/ingress", CGroupSKB, AttachCGroupInetIngress, 0}, - {"cgroup_skb/egress", CGroupSKB, AttachCGroupInetEgress, 0}, - {"cgroup/skb", CGroupSKB, AttachNone, 0}, - {"cgroup/sock_create", CGroupSock, AttachCGroupInetSockCreate, 0}, - {"cgroup/sock_release", CGroupSock, AttachCgroupInetSockRelease, 0}, - {"cgroup/sock", CGroupSock, AttachCGroupInetSockCreate, 0}, - {"cgroup/post_bind4", CGroupSock, AttachCGroupInet4PostBind, 0}, - {"cgroup/post_bind6", CGroupSock, AttachCGroupInet6PostBind, 0}, - {"cgroup/dev", CGroupDevice, AttachCGroupDevice, 0}, - {"sockops", SockOps, AttachCGroupSockOps, 0}, - {"sk_skb/stream_parser", SkSKB, AttachSkSKBStreamParser, 0}, - {"sk_skb/stream_verdict", SkSKB, AttachSkSKBStreamVerdict, 0}, - {"sk_skb", SkSKB, AttachNone, 0}, - {"sk_msg", SkMsg, AttachSkMsgVerdict, 0}, - {"lirc_mode2", LircMode2, AttachLircMode2, 0}, - {"flow_dissector", FlowDissector, AttachFlowDissector, 0}, - {"cgroup/bind4", CGroupSockAddr, AttachCGroupInet4Bind, 0}, - {"cgroup/bind6", CGroupSockAddr, AttachCGroupInet6Bind, 0}, - {"cgroup/connect4", CGroupSockAddr, AttachCGroupInet4Connect, 0}, - {"cgroup/connect6", CGroupSockAddr, AttachCGroupInet6Connect, 0}, - {"cgroup/sendmsg4", CGroupSockAddr, AttachCGroupUDP4Sendmsg, 0}, - {"cgroup/sendmsg6", CGroupSockAddr, AttachCGroupUDP6Sendmsg, 0}, - {"cgroup/recvmsg4", CGroupSockAddr, AttachCGroupUDP4Recvmsg, 0}, - {"cgroup/recvmsg6", CGroupSockAddr, AttachCGroupUDP6Recvmsg, 0}, - {"cgroup/getpeername4", CGroupSockAddr, AttachCgroupInet4GetPeername, 0}, - {"cgroup/getpeername6", CGroupSockAddr, AttachCgroupInet6GetPeername, 0}, - {"cgroup/getsockname4", CGroupSockAddr, AttachCgroupInet4GetSockname, 0}, - {"cgroup/getsockname6", CGroupSockAddr, AttachCgroupInet6GetSockname, 0}, - {"cgroup/sysctl", CGroupSysctl, AttachCGroupSysctl, 0}, - {"cgroup/getsockopt", CGroupSockopt, AttachCGroupGetsockopt, 0}, - {"cgroup/setsockopt", CGroupSockopt, AttachCGroupSetsockopt, 0}, - {"struct_ops+", StructOps, AttachNone, 0}, - {"sk_lookup/", SkLookup, AttachSkLookup, 0}, - - {"seccomp", SocketFilter, AttachNone, 0}, - } - - for _, t := range types { - if !strings.HasPrefix(sectionName, t.prefix) { - continue - } - - if !strings.HasSuffix(t.prefix, "/") { - return t.progType, t.attachType, t.progFlags, "" - } - - return t.progType, t.attachType, t.progFlags, sectionName[len(t.prefix):] - } - - return UnspecifiedProgram, AttachNone, 0, "" -} - -func (ec *elfCode) loadSectionRelocations(sec *elf.Section, symbols []elf.Symbol) (map[uint64]elf.Symbol, error) { - rels := make(map[uint64]elf.Symbol) - - if sec.Entsize < 16 { - return nil, fmt.Errorf("section %s: relocations are less than 16 bytes", sec.Name) - } - - r := bufio.NewReader(sec.Open()) - for off := uint64(0); off < sec.Size; off += sec.Entsize { - ent := io.LimitReader(r, int64(sec.Entsize)) - - var rel elf.Rel64 - if binary.Read(ent, ec.ByteOrder, &rel) != nil { - return nil, fmt.Errorf("can't parse relocation at offset %v", off) - } - - symNo := int(elf.R_SYM64(rel.Info) - 1) - if symNo >= len(symbols) { - return nil, fmt.Errorf("offset %d: symbol %d doesn't exist", off, symNo) - } - - symbol := symbols[symNo] - rels[rel.Off] = symbol - } - - return rels, nil -} diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go deleted file mode 100644 index ae77bc6197..0000000000 --- a/vendor/github.com/cilium/ebpf/info.go +++ /dev/null @@ -1,323 +0,0 @@ -package ebpf - -import ( - "bufio" - "bytes" - "encoding/hex" - "errors" - "fmt" - "io" - "os" - "strings" - "syscall" - "time" - "unsafe" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// MapInfo describes a map. -type MapInfo struct { - Type MapType - id MapID - KeySize uint32 - ValueSize uint32 - MaxEntries uint32 - Flags uint32 - // Name as supplied by user space at load time. Available from 4.15. - Name string -} - -func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { - var info sys.MapInfo - err := sys.ObjInfo(fd, &info) - if errors.Is(err, syscall.EINVAL) { - return newMapInfoFromProc(fd) - } - if err != nil { - return nil, err - } - - return &MapInfo{ - MapType(info.Type), - MapID(info.Id), - info.KeySize, - info.ValueSize, - info.MaxEntries, - info.MapFlags, - unix.ByteSliceToString(info.Name[:]), - }, nil -} - -func newMapInfoFromProc(fd *sys.FD) (*MapInfo, error) { - var mi MapInfo - err := scanFdInfo(fd, map[string]interface{}{ - "map_type": &mi.Type, - "key_size": &mi.KeySize, - "value_size": &mi.ValueSize, - "max_entries": &mi.MaxEntries, - "map_flags": &mi.Flags, - }) - if err != nil { - return nil, err - } - return &mi, nil -} - -// ID returns the map ID. -// -// Available from 4.13. -// -// The bool return value indicates whether this optional field is available. -func (mi *MapInfo) ID() (MapID, bool) { - return mi.id, mi.id > 0 -} - -// programStats holds statistics of a program. -type programStats struct { - // Total accumulated runtime of the program ins ns. - runtime time.Duration - // Total number of times the program was called. - runCount uint64 -} - -// ProgramInfo describes a program. -type ProgramInfo struct { - Type ProgramType - id ProgramID - // Truncated hash of the BPF bytecode. Available from 4.13. - Tag string - // Name as supplied by user space at load time. Available from 4.15. - Name string - - btf btf.ID - stats *programStats - - maps []MapID - insns []byte -} - -func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { - var info sys.ProgInfo - err := sys.ObjInfo(fd, &info) - if errors.Is(err, syscall.EINVAL) { - return newProgramInfoFromProc(fd) - } - if err != nil { - return nil, err - } - - pi := ProgramInfo{ - Type: ProgramType(info.Type), - id: ProgramID(info.Id), - Tag: hex.EncodeToString(info.Tag[:]), - Name: unix.ByteSliceToString(info.Name[:]), - btf: btf.ID(info.BtfId), - stats: &programStats{ - runtime: time.Duration(info.RunTimeNs), - runCount: info.RunCnt, - }, - } - - // Start with a clean struct for the second call, otherwise we may get EFAULT. - var info2 sys.ProgInfo - - if info.NrMapIds > 0 { - pi.maps = make([]MapID, info.NrMapIds) - info2.NrMapIds = info.NrMapIds - info2.MapIds = sys.NewPointer(unsafe.Pointer(&pi.maps[0])) - } - - if info.XlatedProgLen > 0 { - pi.insns = make([]byte, info.XlatedProgLen) - info2.XlatedProgLen = info.XlatedProgLen - info2.XlatedProgInsns = sys.NewSlicePointer(pi.insns) - } - - if info.NrMapIds > 0 || info.XlatedProgLen > 0 { - if err := sys.ObjInfo(fd, &info2); err != nil { - return nil, err - } - } - - return &pi, nil -} - -func newProgramInfoFromProc(fd *sys.FD) (*ProgramInfo, error) { - var info ProgramInfo - err := scanFdInfo(fd, map[string]interface{}{ - "prog_type": &info.Type, - "prog_tag": &info.Tag, - }) - if errors.Is(err, errMissingFields) { - return nil, &internal.UnsupportedFeatureError{ - Name: "reading program info from /proc/self/fdinfo", - MinimumVersion: internal.Version{4, 10, 0}, - } - } - if err != nil { - return nil, err - } - - return &info, nil -} - -// ID returns the program ID. -// -// Available from 4.13. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) ID() (ProgramID, bool) { - return pi.id, pi.id > 0 -} - -// BTFID returns the BTF ID associated with the program. -// -// The ID is only valid as long as the associated program is kept alive. -// Available from 5.0. -// -// The bool return value indicates whether this optional field is available and -// populated. (The field may be available but not populated if the kernel -// supports the field but the program was loaded without BTF information.) -func (pi *ProgramInfo) BTFID() (btf.ID, bool) { - return pi.btf, pi.btf > 0 -} - -// RunCount returns the total number of times the program was called. -// -// Can return 0 if the collection of statistics is not enabled. See EnableStats(). -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) RunCount() (uint64, bool) { - if pi.stats != nil { - return pi.stats.runCount, true - } - return 0, false -} - -// Runtime returns the total accumulated runtime of the program. -// -// Can return 0 if the collection of statistics is not enabled. See EnableStats(). -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) Runtime() (time.Duration, bool) { - if pi.stats != nil { - return pi.stats.runtime, true - } - return time.Duration(0), false -} - -// Instructions returns the 'xlated' instruction stream of the program -// after it has been verified and rewritten by the kernel. These instructions -// cannot be loaded back into the kernel as-is, this is mainly used for -// inspecting loaded programs for troubleshooting, dumping, etc. -// -// For example, map accesses are made to reference their kernel map IDs, -// not the FDs they had when the program was inserted. Note that before -// the introduction of bpf_insn_prepare_dump in kernel 4.16, xlated -// instructions were not sanitized, making the output even less reusable -// and less likely to round-trip or evaluate to the same program Tag. -// -// The first instruction is marked as a symbol using the Program's name. -// -// Available from 4.13. Requires CAP_BPF or equivalent. -func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { - // If the calling process is not BPF-capable or if the kernel doesn't - // support getting xlated instructions, the field will be zero. - if len(pi.insns) == 0 { - return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) - } - - r := bytes.NewReader(pi.insns) - var insns asm.Instructions - if err := insns.Unmarshal(r, internal.NativeEndian); err != nil { - return nil, fmt.Errorf("unmarshaling instructions: %w", err) - } - - // Tag the first instruction with the name of the program, if available. - insns[0] = insns[0].WithSymbol(pi.Name) - - return insns, nil -} - -// MapIDs returns the maps related to the program. -// -// Available from 4.15. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) MapIDs() ([]MapID, bool) { - return pi.maps, pi.maps != nil -} - -func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { - fh, err := os.Open(fmt.Sprintf("/proc/self/fdinfo/%d", fd.Int())) - if err != nil { - return err - } - defer fh.Close() - - if err := scanFdInfoReader(fh, fields); err != nil { - return fmt.Errorf("%s: %w", fh.Name(), err) - } - return nil -} - -var errMissingFields = errors.New("missing fields") - -func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { - var ( - scanner = bufio.NewScanner(r) - scanned int - ) - - for scanner.Scan() { - parts := strings.SplitN(scanner.Text(), "\t", 2) - if len(parts) != 2 { - continue - } - - name := strings.TrimSuffix(parts[0], ":") - field, ok := fields[string(name)] - if !ok { - continue - } - - if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { - return fmt.Errorf("can't parse field %s: %v", name, err) - } - - scanned++ - } - - if err := scanner.Err(); err != nil { - return err - } - - if len(fields) > 0 && scanned == 0 { - return ErrNotSupported - } - - if scanned != len(fields) { - return errMissingFields - } - - return nil -} - -// EnableStats starts the measuring of the runtime -// and run counts of eBPF programs. -// -// Collecting statistics can have an impact on the performance. -// -// Requires at least 5.8. -func EnableStats(which uint32) (io.Closer, error) { - fd, err := sys.EnableStats(&sys.EnableStatsAttr{ - Type: which, - }) - if err != nil { - return nil, err - } - return fd, nil -} diff --git a/vendor/github.com/cilium/ebpf/internal/align.go b/vendor/github.com/cilium/ebpf/internal/align.go deleted file mode 100644 index 8b4f2658ea..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/align.go +++ /dev/null @@ -1,6 +0,0 @@ -package internal - -// Align returns 'n' updated to 'alignment' boundary. -func Align(n, alignment int) int { - return (int(n) + alignment - 1) / alignment * alignment -} diff --git a/vendor/github.com/cilium/ebpf/internal/cpu.go b/vendor/github.com/cilium/ebpf/internal/cpu.go deleted file mode 100644 index 3affa1efb9..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/cpu.go +++ /dev/null @@ -1,62 +0,0 @@ -package internal - -import ( - "fmt" - "os" - "strings" - "sync" -) - -var sysCPU struct { - once sync.Once - err error - num int -} - -// PossibleCPUs returns the max number of CPUs a system may possibly have -// Logical CPU numbers must be of the form 0-n -func PossibleCPUs() (int, error) { - sysCPU.once.Do(func() { - sysCPU.num, sysCPU.err = parseCPUsFromFile("/sys/devices/system/cpu/possible") - }) - - return sysCPU.num, sysCPU.err -} - -func parseCPUsFromFile(path string) (int, error) { - spec, err := os.ReadFile(path) - if err != nil { - return 0, err - } - - n, err := parseCPUs(string(spec)) - if err != nil { - return 0, fmt.Errorf("can't parse %s: %v", path, err) - } - - return n, nil -} - -// parseCPUs parses the number of cpus from a string produced -// by bitmap_list_string() in the Linux kernel. -// Multiple ranges are rejected, since they can't be unified -// into a single number. -// This is the format of /sys/devices/system/cpu/possible, it -// is not suitable for /sys/devices/system/cpu/online, etc. -func parseCPUs(spec string) (int, error) { - if strings.Trim(spec, "\n") == "0" { - return 1, nil - } - - var low, high int - n, err := fmt.Sscanf(spec, "%d-%d\n", &low, &high) - if n != 2 || err != nil { - return 0, fmt.Errorf("invalid format: %s", spec) - } - if low != 0 { - return 0, fmt.Errorf("CPU spec doesn't start at zero: %s", spec) - } - - // cpus is 0 indexed - return high + 1, nil -} diff --git a/vendor/github.com/cilium/ebpf/internal/elf.go b/vendor/github.com/cilium/ebpf/internal/elf.go deleted file mode 100644 index 011581938d..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/elf.go +++ /dev/null @@ -1,102 +0,0 @@ -package internal - -import ( - "debug/elf" - "fmt" - "io" -) - -type SafeELFFile struct { - *elf.File -} - -// NewSafeELFFile reads an ELF safely. -// -// Any panic during parsing is turned into an error. This is necessary since -// there are a bunch of unfixed bugs in debug/elf. -// -// https://github.com/golang/go/issues?q=is%3Aissue+is%3Aopen+debug%2Felf+in%3Atitle -func NewSafeELFFile(r io.ReaderAt) (safe *SafeELFFile, err error) { - defer func() { - r := recover() - if r == nil { - return - } - - safe = nil - err = fmt.Errorf("reading ELF file panicked: %s", r) - }() - - file, err := elf.NewFile(r) - if err != nil { - return nil, err - } - - return &SafeELFFile{file}, nil -} - -// OpenSafeELFFile reads an ELF from a file. -// -// It works like NewSafeELFFile, with the exception that safe.Close will -// close the underlying file. -func OpenSafeELFFile(path string) (safe *SafeELFFile, err error) { - defer func() { - r := recover() - if r == nil { - return - } - - safe = nil - err = fmt.Errorf("reading ELF file panicked: %s", r) - }() - - file, err := elf.Open(path) - if err != nil { - return nil, err - } - - return &SafeELFFile{file}, nil -} - -// Symbols is the safe version of elf.File.Symbols. -func (se *SafeELFFile) Symbols() (syms []elf.Symbol, err error) { - defer func() { - r := recover() - if r == nil { - return - } - - syms = nil - err = fmt.Errorf("reading ELF symbols panicked: %s", r) - }() - - syms, err = se.File.Symbols() - return -} - -// DynamicSymbols is the safe version of elf.File.DynamicSymbols. -func (se *SafeELFFile) DynamicSymbols() (syms []elf.Symbol, err error) { - defer func() { - r := recover() - if r == nil { - return - } - - syms = nil - err = fmt.Errorf("reading ELF dynamic symbols panicked: %s", r) - }() - - syms, err = se.File.DynamicSymbols() - return -} - -// SectionsByType returns all sections in the file with the specified section type. -func (se *SafeELFFile) SectionsByType(typ elf.SectionType) []*elf.Section { - sections := make([]*elf.Section, 0, 1) - for _, section := range se.Sections { - if section.Type == typ { - sections = append(sections, section) - } - } - return sections -} diff --git a/vendor/github.com/cilium/ebpf/internal/endian_be.go b/vendor/github.com/cilium/ebpf/internal/endian_be.go deleted file mode 100644 index ad33cda851..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/endian_be.go +++ /dev/null @@ -1,13 +0,0 @@ -//go:build armbe || arm64be || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64 -// +build armbe arm64be mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64 - -package internal - -import "encoding/binary" - -// NativeEndian is set to either binary.BigEndian or binary.LittleEndian, -// depending on the host's endianness. -var NativeEndian binary.ByteOrder = binary.BigEndian - -// ClangEndian is set to either "el" or "eb" depending on the host's endianness. -const ClangEndian = "eb" diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go deleted file mode 100644 index 41a68224c8..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/endian_le.go +++ /dev/null @@ -1,13 +0,0 @@ -//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 -// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 - -package internal - -import "encoding/binary" - -// NativeEndian is set to either binary.BigEndian or binary.LittleEndian, -// depending on the host's endianness. -var NativeEndian binary.ByteOrder = binary.LittleEndian - -// ClangEndian is set to either "el" or "eb" depending on the host's endianness. -const ClangEndian = "el" diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go deleted file mode 100644 index b5ccdd7d05..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ /dev/null @@ -1,206 +0,0 @@ -package internal - -import ( - "bytes" - "fmt" - "io" - "strings" -) - -// ErrorWithLog returns an error which includes logs from the kernel verifier. -// -// The default error output is a summary of the full log. The latter can be -// accessed via VerifierError.Log or by formatting the error, see Format. -// -// A set of heuristics is used to determine whether the log has been truncated. -func ErrorWithLog(err error, log []byte) *VerifierError { - const whitespace = "\t\r\v\n " - - // Convert verifier log C string by truncating it on the first 0 byte - // and trimming trailing whitespace before interpreting as a Go string. - truncated := false - if i := bytes.IndexByte(log, 0); i != -1 { - if i == len(log)-1 && !bytes.HasSuffix(log[:i], []byte{'\n'}) { - // The null byte is at the end of the buffer and it's not preceded - // by a newline character. Most likely the buffer was too short. - truncated = true - } - - log = log[:i] - } else if len(log) > 0 { - // No null byte? Dodgy! - truncated = true - } - - log = bytes.Trim(log, whitespace) - logLines := bytes.Split(log, []byte{'\n'}) - lines := make([]string, 0, len(logLines)) - for _, line := range logLines { - // Don't remove leading white space on individual lines. We rely on it - // when outputting logs. - lines = append(lines, string(bytes.TrimRight(line, whitespace))) - } - - return &VerifierError{err, lines, truncated} -} - -// VerifierError includes information from the eBPF verifier. -// -// It summarises the log output, see Format if you want to output the full contents. -type VerifierError struct { - // The error which caused this error. - Cause error - // The verifier output split into lines. - Log []string - // Whether the log output is truncated, based on several heuristics. - Truncated bool -} - -func (le *VerifierError) Unwrap() error { - return le.Cause -} - -func (le *VerifierError) Error() string { - log := le.Log - if n := len(log); n > 0 && strings.HasPrefix(log[n-1], "processed ") { - // Get rid of "processed 39 insns (limit 1000000) ..." from summary. - log = log[:n-1] - } - - n := len(log) - if n == 0 { - return le.Cause.Error() - } - - lines := log[n-1:] - if n >= 2 && (includePreviousLine(log[n-1]) || le.Truncated) { - // Add one more line of context if it aids understanding the error. - lines = log[n-2:] - } - - var b strings.Builder - fmt.Fprintf(&b, "%s: ", le.Cause.Error()) - - for i, line := range lines { - b.WriteString(strings.TrimSpace(line)) - if i != len(lines)-1 { - b.WriteString(": ") - } - } - - omitted := len(le.Log) - len(lines) - if omitted == 0 && !le.Truncated { - return b.String() - } - - b.WriteString(" (") - if le.Truncated { - b.WriteString("truncated") - } - - if omitted > 0 { - if le.Truncated { - b.WriteString(", ") - } - fmt.Fprintf(&b, "%d line(s) omitted", omitted) - } - b.WriteString(")") - - return b.String() -} - -// includePreviousLine returns true if the given line likely is better -// understood with additional context from the preceding line. -func includePreviousLine(line string) bool { - // We need to find a good trade off between understandable error messages - // and too much complexity here. Checking the string prefix is ok, requiring - // regular expressions to do it is probably overkill. - - if strings.HasPrefix(line, "\t") { - // [13] STRUCT drm_rect size=16 vlen=4 - // \tx1 type_id=2 - return true - } - - if len(line) >= 2 && line[0] == 'R' && line[1] >= '0' && line[1] <= '9' { - // 0: (95) exit - // R0 !read_ok - return true - } - - if strings.HasPrefix(line, "invalid bpf_context access") { - // 0: (79) r6 = *(u64 *)(r1 +0) - // func '__x64_sys_recvfrom' arg0 type FWD is not a struct - // invalid bpf_context access off=0 size=8 - return true - } - - return false -} - -// Format the error. -// -// Understood verbs are %s and %v, which are equivalent to calling Error(). %v -// allows outputting additional information using the following flags: -// -// + Output the first lines, or all lines if no width is given. -// - Output the last lines, or all lines if no width is given. -// -// Use width to specify how many lines to output. Use the '-' flag to output -// lines from the end of the log instead of the beginning. -func (le *VerifierError) Format(f fmt.State, verb rune) { - switch verb { - case 's': - _, _ = io.WriteString(f, le.Error()) - - case 'v': - n, haveWidth := f.Width() - if !haveWidth || n > len(le.Log) { - n = len(le.Log) - } - - if !f.Flag('+') && !f.Flag('-') { - if haveWidth { - _, _ = io.WriteString(f, "%!v(BADWIDTH)") - return - } - - _, _ = io.WriteString(f, le.Error()) - return - } - - if f.Flag('+') && f.Flag('-') { - _, _ = io.WriteString(f, "%!v(BADFLAG)") - return - } - - fmt.Fprintf(f, "%s:", le.Cause.Error()) - - omitted := len(le.Log) - n - lines := le.Log[:n] - if f.Flag('-') { - // Print last instead of first lines. - lines = le.Log[len(le.Log)-n:] - if omitted > 0 { - fmt.Fprintf(f, "\n\t(%d line(s) omitted)", omitted) - } - } - - for _, line := range lines { - fmt.Fprintf(f, "\n\t%s", line) - } - - if !f.Flag('-') { - if omitted > 0 { - fmt.Fprintf(f, "\n\t(%d line(s) omitted)", omitted) - } - } - - if le.Truncated { - fmt.Fprintf(f, "\n\t(truncated)") - } - - default: - fmt.Fprintf(f, "%%!%c(BADVERB)", verb) - } -} diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go deleted file mode 100644 index 0a6c2d1d52..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ /dev/null @@ -1,100 +0,0 @@ -package internal - -import ( - "errors" - "fmt" - "sync" -) - -// ErrNotSupported indicates that a feature is not supported by the current kernel. -var ErrNotSupported = errors.New("not supported") - -// UnsupportedFeatureError is returned by FeatureTest() functions. -type UnsupportedFeatureError struct { - // The minimum Linux mainline version required for this feature. - // Used for the error string, and for sanity checking during testing. - MinimumVersion Version - - // The name of the feature that isn't supported. - Name string -} - -func (ufe *UnsupportedFeatureError) Error() string { - if ufe.MinimumVersion.Unspecified() { - return fmt.Sprintf("%s not supported", ufe.Name) - } - return fmt.Sprintf("%s not supported (requires >= %s)", ufe.Name, ufe.MinimumVersion) -} - -// Is indicates that UnsupportedFeatureError is ErrNotSupported. -func (ufe *UnsupportedFeatureError) Is(target error) bool { - return target == ErrNotSupported -} - -type featureTest struct { - sync.RWMutex - successful bool - result error -} - -// FeatureTestFn is used to determine whether the kernel supports -// a certain feature. -// -// The return values have the following semantics: -// -// err == ErrNotSupported: the feature is not available -// err == nil: the feature is available -// err != nil: the test couldn't be executed -type FeatureTestFn func() error - -// FeatureTest wraps a function so that it is run at most once. -// -// name should identify the tested feature, while version must be in the -// form Major.Minor[.Patch]. -// -// Returns an error wrapping ErrNotSupported if the feature is not supported. -func FeatureTest(name, version string, fn FeatureTestFn) func() error { - ft := new(featureTest) - return func() error { - ft.RLock() - if ft.successful { - defer ft.RUnlock() - return ft.result - } - ft.RUnlock() - ft.Lock() - defer ft.Unlock() - // check one more time on the off - // chance that two go routines - // were able to call into the write - // lock - if ft.successful { - return ft.result - } - err := fn() - switch { - case errors.Is(err, ErrNotSupported): - v, err := NewVersion(version) - if err != nil { - return err - } - - ft.result = &UnsupportedFeatureError{ - MinimumVersion: v, - Name: name, - } - fallthrough - - case err == nil: - ft.successful = true - - default: - // We couldn't execute the feature test to a point - // where it could make a determination. - // Don't cache the result, just return it. - return fmt.Errorf("detect support for %s: %w", name, err) - } - - return ft.result - } -} diff --git a/vendor/github.com/cilium/ebpf/internal/io.go b/vendor/github.com/cilium/ebpf/internal/io.go deleted file mode 100644 index 30b6641f07..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/io.go +++ /dev/null @@ -1,62 +0,0 @@ -package internal - -import ( - "bufio" - "compress/gzip" - "errors" - "io" - "os" -) - -// NewBufferedSectionReader wraps an io.ReaderAt in an appropriately-sized -// buffered reader. It is a convenience function for reading subsections of -// ELF sections while minimizing the amount of read() syscalls made. -// -// Syscall overhead is non-negligible in continuous integration context -// where ELFs might be accessed over virtual filesystems with poor random -// access performance. Buffering reads makes sense because (sub)sections -// end up being read completely anyway. -// -// Use instead of the r.Seek() + io.LimitReader() pattern. -func NewBufferedSectionReader(ra io.ReaderAt, off, n int64) *bufio.Reader { - // Clamp the size of the buffer to one page to avoid slurping large parts - // of a file into memory. bufio.NewReader uses a hardcoded default buffer - // of 4096. Allow arches with larger pages to allocate more, but don't - // allocate a fixed 4k buffer if we only need to read a small segment. - buf := n - if ps := int64(os.Getpagesize()); n > ps { - buf = ps - } - - return bufio.NewReaderSize(io.NewSectionReader(ra, off, n), int(buf)) -} - -// DiscardZeroes makes sure that all written bytes are zero -// before discarding them. -type DiscardZeroes struct{} - -func (DiscardZeroes) Write(p []byte) (int, error) { - for _, b := range p { - if b != 0 { - return 0, errors.New("encountered non-zero byte") - } - } - return len(p), nil -} - -// ReadAllCompressed decompresses a gzipped file into memory. -func ReadAllCompressed(file string) ([]byte, error) { - fh, err := os.Open(file) - if err != nil { - return nil, err - } - defer fh.Close() - - gz, err := gzip.NewReader(fh) - if err != nil { - return nil, err - } - defer gz.Close() - - return io.ReadAll(gz) -} diff --git a/vendor/github.com/cilium/ebpf/internal/output.go b/vendor/github.com/cilium/ebpf/internal/output.go deleted file mode 100644 index aeab37fcfa..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/output.go +++ /dev/null @@ -1,84 +0,0 @@ -package internal - -import ( - "bytes" - "errors" - "go/format" - "go/scanner" - "io" - "strings" - "unicode" -) - -// Identifier turns a C style type or field name into an exportable Go equivalent. -func Identifier(str string) string { - prev := rune(-1) - return strings.Map(func(r rune) rune { - // See https://golang.org/ref/spec#Identifiers - switch { - case unicode.IsLetter(r): - if prev == -1 { - r = unicode.ToUpper(r) - } - - case r == '_': - switch { - // The previous rune was deleted, or we are at the - // beginning of the string. - case prev == -1: - fallthrough - - // The previous rune is a lower case letter or a digit. - case unicode.IsDigit(prev) || (unicode.IsLetter(prev) && unicode.IsLower(prev)): - // delete the current rune, and force the - // next character to be uppercased. - r = -1 - } - - case unicode.IsDigit(r): - - default: - // Delete the current rune. prev is unchanged. - return -1 - } - - prev = r - return r - }, str) -} - -// WriteFormatted outputs a formatted src into out. -// -// If formatting fails it returns an informative error message. -func WriteFormatted(src []byte, out io.Writer) error { - formatted, err := format.Source(src) - if err == nil { - _, err = out.Write(formatted) - return err - } - - var el scanner.ErrorList - if !errors.As(err, &el) { - return err - } - - var nel scanner.ErrorList - for _, err := range el { - if !err.Pos.IsValid() { - nel = append(nel, err) - continue - } - - buf := src[err.Pos.Offset:] - nl := bytes.IndexRune(buf, '\n') - if nl == -1 { - nel = append(nel, err) - continue - } - - err.Msg += ": " + string(buf[:nl]) - nel = append(nel, err) - } - - return nel -} diff --git a/vendor/github.com/cilium/ebpf/internal/pinning.go b/vendor/github.com/cilium/ebpf/internal/pinning.go deleted file mode 100644 index c711353c3e..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/pinning.go +++ /dev/null @@ -1,77 +0,0 @@ -package internal - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "runtime" - "unsafe" - - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -func Pin(currentPath, newPath string, fd *sys.FD) error { - const bpfFSType = 0xcafe4a11 - - if newPath == "" { - return errors.New("given pinning path cannot be empty") - } - if currentPath == newPath { - return nil - } - - var statfs unix.Statfs_t - if err := unix.Statfs(filepath.Dir(newPath), &statfs); err != nil { - return err - } - - fsType := int64(statfs.Type) - if unsafe.Sizeof(statfs.Type) == 4 { - // We're on a 32 bit arch, where statfs.Type is int32. bpfFSType is a - // negative number when interpreted as int32 so we need to cast via - // uint32 to avoid sign extension. - fsType = int64(uint32(statfs.Type)) - } - - if fsType != bpfFSType { - return fmt.Errorf("%s is not on a bpf filesystem", newPath) - } - - defer runtime.KeepAlive(fd) - - if currentPath == "" { - return sys.ObjPin(&sys.ObjPinAttr{ - Pathname: sys.NewStringPointer(newPath), - BpfFd: fd.Uint(), - }) - } - - // Renameat2 is used instead of os.Rename to disallow the new path replacing - // an existing path. - err := unix.Renameat2(unix.AT_FDCWD, currentPath, unix.AT_FDCWD, newPath, unix.RENAME_NOREPLACE) - if err == nil { - // Object is now moved to the new pinning path. - return nil - } - if !os.IsNotExist(err) { - return fmt.Errorf("unable to move pinned object to new path %v: %w", newPath, err) - } - // Internal state not in sync with the file system so let's fix it. - return sys.ObjPin(&sys.ObjPinAttr{ - Pathname: sys.NewStringPointer(newPath), - BpfFd: fd.Uint(), - }) -} - -func Unpin(pinnedPath string) error { - if pinnedPath == "" { - return nil - } - err := os.Remove(pinnedPath) - if err == nil || os.IsNotExist(err) { - return nil - } - return err -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/doc.go b/vendor/github.com/cilium/ebpf/internal/sys/doc.go deleted file mode 100644 index dfe174448e..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/doc.go +++ /dev/null @@ -1,6 +0,0 @@ -// Package sys contains bindings for the BPF syscall. -package sys - -// Regenerate types.go by invoking go generate in the current directory. - -//go:generate go run github.com/cilium/ebpf/internal/cmd/gentypes ../../btf/testdata/vmlinux.btf.gz diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd.go b/vendor/github.com/cilium/ebpf/internal/sys/fd.go deleted file mode 100644 index 65517d45e2..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd.go +++ /dev/null @@ -1,96 +0,0 @@ -package sys - -import ( - "fmt" - "math" - "os" - "runtime" - "strconv" - - "github.com/cilium/ebpf/internal/unix" -) - -var ErrClosedFd = unix.EBADF - -type FD struct { - raw int -} - -func newFD(value int) *FD { - fd := &FD{value} - runtime.SetFinalizer(fd, (*FD).Close) - return fd -} - -// NewFD wraps a raw fd with a finalizer. -// -// You must not use the raw fd after calling this function, since the underlying -// file descriptor number may change. This is because the BPF UAPI assumes that -// zero is not a valid fd value. -func NewFD(value int) (*FD, error) { - if value < 0 { - return nil, fmt.Errorf("invalid fd %d", value) - } - - fd := newFD(value) - if value != 0 { - return fd, nil - } - - dup, err := fd.Dup() - _ = fd.Close() - return dup, err -} - -func (fd *FD) String() string { - return strconv.FormatInt(int64(fd.raw), 10) -} - -func (fd *FD) Int() int { - return fd.raw -} - -func (fd *FD) Uint() uint32 { - if fd.raw < 0 || int64(fd.raw) > math.MaxUint32 { - // Best effort: this is the number most likely to be an invalid file - // descriptor. It is equal to -1 (on two's complement arches). - return math.MaxUint32 - } - return uint32(fd.raw) -} - -func (fd *FD) Close() error { - if fd.raw < 0 { - return nil - } - - value := int(fd.raw) - fd.raw = -1 - - fd.Forget() - return unix.Close(value) -} - -func (fd *FD) Forget() { - runtime.SetFinalizer(fd, nil) -} - -func (fd *FD) Dup() (*FD, error) { - if fd.raw < 0 { - return nil, ErrClosedFd - } - - // Always require the fd to be larger than zero: the BPF API treats the value - // as "no argument provided". - dup, err := unix.FcntlInt(uintptr(fd.raw), unix.F_DUPFD_CLOEXEC, 1) - if err != nil { - return nil, fmt.Errorf("can't dup fd: %v", err) - } - - return newFD(dup), nil -} - -func (fd *FD) File(name string) *os.File { - fd.Forget() - return os.NewFile(uintptr(fd.raw), name) -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go deleted file mode 100644 index a221006888..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go +++ /dev/null @@ -1,38 +0,0 @@ -package sys - -import ( - "unsafe" - - "github.com/cilium/ebpf/internal/unix" -) - -// NewPointer creates a 64-bit pointer from an unsafe Pointer. -func NewPointer(ptr unsafe.Pointer) Pointer { - return Pointer{ptr: ptr} -} - -// NewSlicePointer creates a 64-bit pointer from a byte slice. -func NewSlicePointer(buf []byte) Pointer { - if len(buf) == 0 { - return Pointer{} - } - - return Pointer{ptr: unsafe.Pointer(&buf[0])} -} - -// NewSlicePointer creates a 64-bit pointer from a byte slice. -// -// Useful to assign both the pointer and the length in one go. -func NewSlicePointerLen(buf []byte) (Pointer, uint32) { - return NewSlicePointer(buf), uint32(len(buf)) -} - -// NewStringPointer creates a 64-bit pointer from a string. -func NewStringPointer(str string) Pointer { - p, err := unix.BytePtrFromString(str) - if err != nil { - return Pointer{} - } - - return Pointer{ptr: unsafe.Pointer(p)} -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go deleted file mode 100644 index df903d780b..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go +++ /dev/null @@ -1,15 +0,0 @@ -//go:build armbe || mips || mips64p32 -// +build armbe mips mips64p32 - -package sys - -import ( - "unsafe" -) - -// Pointer wraps an unsafe.Pointer to be 64bit to -// conform to the syscall specification. -type Pointer struct { - pad uint32 - ptr unsafe.Pointer -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go deleted file mode 100644 index a6a51edb6e..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go +++ /dev/null @@ -1,15 +0,0 @@ -//go:build 386 || amd64p32 || arm || mipsle || mips64p32le -// +build 386 amd64p32 arm mipsle mips64p32le - -package sys - -import ( - "unsafe" -) - -// Pointer wraps an unsafe.Pointer to be 64bit to -// conform to the syscall specification. -type Pointer struct { - ptr unsafe.Pointer - pad uint32 -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go deleted file mode 100644 index 7c0279e487..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go +++ /dev/null @@ -1,14 +0,0 @@ -//go:build !386 && !amd64p32 && !arm && !mipsle && !mips64p32le && !armbe && !mips && !mips64p32 -// +build !386,!amd64p32,!arm,!mipsle,!mips64p32le,!armbe,!mips,!mips64p32 - -package sys - -import ( - "unsafe" -) - -// Pointer wraps an unsafe.Pointer to be 64bit to -// conform to the syscall specification. -type Pointer struct { - ptr unsafe.Pointer -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go deleted file mode 100644 index 2a5935dc91..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ /dev/null @@ -1,126 +0,0 @@ -package sys - -import ( - "runtime" - "syscall" - "unsafe" - - "github.com/cilium/ebpf/internal/unix" -) - -// BPF wraps SYS_BPF. -// -// Any pointers contained in attr must use the Pointer type from this package. -func BPF(cmd Cmd, attr unsafe.Pointer, size uintptr) (uintptr, error) { - for { - r1, _, errNo := unix.Syscall(unix.SYS_BPF, uintptr(cmd), uintptr(attr), size) - runtime.KeepAlive(attr) - - // As of ~4.20 the verifier can be interrupted by a signal, - // and returns EAGAIN in that case. - if errNo == unix.EAGAIN && cmd == BPF_PROG_LOAD { - continue - } - - var err error - if errNo != 0 { - err = wrappedErrno{errNo} - } - - return r1, err - } -} - -// Info is implemented by all structs that can be passed to the ObjInfo syscall. -// -// MapInfo -// ProgInfo -// LinkInfo -// BtfInfo -type Info interface { - info() (unsafe.Pointer, uint32) -} - -var _ Info = (*MapInfo)(nil) - -func (i *MapInfo) info() (unsafe.Pointer, uint32) { - return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) -} - -var _ Info = (*ProgInfo)(nil) - -func (i *ProgInfo) info() (unsafe.Pointer, uint32) { - return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) -} - -var _ Info = (*LinkInfo)(nil) - -func (i *LinkInfo) info() (unsafe.Pointer, uint32) { - return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) -} - -var _ Info = (*BtfInfo)(nil) - -func (i *BtfInfo) info() (unsafe.Pointer, uint32) { - return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) -} - -// ObjInfo retrieves information about a BPF Fd. -// -// info may be one of MapInfo, ProgInfo, LinkInfo and BtfInfo. -func ObjInfo(fd *FD, info Info) error { - ptr, len := info.info() - err := ObjGetInfoByFd(&ObjGetInfoByFdAttr{ - BpfFd: fd.Uint(), - InfoLen: len, - Info: NewPointer(ptr), - }) - runtime.KeepAlive(fd) - return err -} - -// BPFObjName is a null-terminated string made up of -// 'A-Za-z0-9_' characters. -type ObjName [unix.BPF_OBJ_NAME_LEN]byte - -// NewObjName truncates the result if it is too long. -func NewObjName(name string) ObjName { - var result ObjName - copy(result[:unix.BPF_OBJ_NAME_LEN-1], name) - return result -} - -// LinkID uniquely identifies a bpf_link. -type LinkID uint32 - -// BTFID uniquely identifies a BTF blob loaded into the kernel. -type BTFID uint32 - -// wrappedErrno wraps syscall.Errno to prevent direct comparisons with -// syscall.E* or unix.E* constants. -// -// You should never export an error of this type. -type wrappedErrno struct { - syscall.Errno -} - -func (we wrappedErrno) Unwrap() error { - return we.Errno -} - -type syscallError struct { - error - errno syscall.Errno -} - -func Error(err error, errno syscall.Errno) error { - return &syscallError{err, errno} -} - -func (se *syscallError) Is(target error) bool { - return target == se.error -} - -func (se *syscallError) Unwrap() error { - return se.errno -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go deleted file mode 100644 index 291e3a6196..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ /dev/null @@ -1,1052 +0,0 @@ -// Code generated by internal/cmd/gentypes; DO NOT EDIT. - -package sys - -import ( - "unsafe" -) - -type AdjRoomMode int32 - -const ( - BPF_ADJ_ROOM_NET AdjRoomMode = 0 - BPF_ADJ_ROOM_MAC AdjRoomMode = 1 -) - -type AttachType int32 - -const ( - BPF_CGROUP_INET_INGRESS AttachType = 0 - BPF_CGROUP_INET_EGRESS AttachType = 1 - BPF_CGROUP_INET_SOCK_CREATE AttachType = 2 - BPF_CGROUP_SOCK_OPS AttachType = 3 - BPF_SK_SKB_STREAM_PARSER AttachType = 4 - BPF_SK_SKB_STREAM_VERDICT AttachType = 5 - BPF_CGROUP_DEVICE AttachType = 6 - BPF_SK_MSG_VERDICT AttachType = 7 - BPF_CGROUP_INET4_BIND AttachType = 8 - BPF_CGROUP_INET6_BIND AttachType = 9 - BPF_CGROUP_INET4_CONNECT AttachType = 10 - BPF_CGROUP_INET6_CONNECT AttachType = 11 - BPF_CGROUP_INET4_POST_BIND AttachType = 12 - BPF_CGROUP_INET6_POST_BIND AttachType = 13 - BPF_CGROUP_UDP4_SENDMSG AttachType = 14 - BPF_CGROUP_UDP6_SENDMSG AttachType = 15 - BPF_LIRC_MODE2 AttachType = 16 - BPF_FLOW_DISSECTOR AttachType = 17 - BPF_CGROUP_SYSCTL AttachType = 18 - BPF_CGROUP_UDP4_RECVMSG AttachType = 19 - BPF_CGROUP_UDP6_RECVMSG AttachType = 20 - BPF_CGROUP_GETSOCKOPT AttachType = 21 - BPF_CGROUP_SETSOCKOPT AttachType = 22 - BPF_TRACE_RAW_TP AttachType = 23 - BPF_TRACE_FENTRY AttachType = 24 - BPF_TRACE_FEXIT AttachType = 25 - BPF_MODIFY_RETURN AttachType = 26 - BPF_LSM_MAC AttachType = 27 - BPF_TRACE_ITER AttachType = 28 - BPF_CGROUP_INET4_GETPEERNAME AttachType = 29 - BPF_CGROUP_INET6_GETPEERNAME AttachType = 30 - BPF_CGROUP_INET4_GETSOCKNAME AttachType = 31 - BPF_CGROUP_INET6_GETSOCKNAME AttachType = 32 - BPF_XDP_DEVMAP AttachType = 33 - BPF_CGROUP_INET_SOCK_RELEASE AttachType = 34 - BPF_XDP_CPUMAP AttachType = 35 - BPF_SK_LOOKUP AttachType = 36 - BPF_XDP AttachType = 37 - BPF_SK_SKB_VERDICT AttachType = 38 - BPF_SK_REUSEPORT_SELECT AttachType = 39 - BPF_SK_REUSEPORT_SELECT_OR_MIGRATE AttachType = 40 - BPF_PERF_EVENT AttachType = 41 - BPF_TRACE_KPROBE_MULTI AttachType = 42 - __MAX_BPF_ATTACH_TYPE AttachType = 43 -) - -type Cmd int32 - -const ( - BPF_MAP_CREATE Cmd = 0 - BPF_MAP_LOOKUP_ELEM Cmd = 1 - BPF_MAP_UPDATE_ELEM Cmd = 2 - BPF_MAP_DELETE_ELEM Cmd = 3 - BPF_MAP_GET_NEXT_KEY Cmd = 4 - BPF_PROG_LOAD Cmd = 5 - BPF_OBJ_PIN Cmd = 6 - BPF_OBJ_GET Cmd = 7 - BPF_PROG_ATTACH Cmd = 8 - BPF_PROG_DETACH Cmd = 9 - BPF_PROG_TEST_RUN Cmd = 10 - BPF_PROG_RUN Cmd = 10 - BPF_PROG_GET_NEXT_ID Cmd = 11 - BPF_MAP_GET_NEXT_ID Cmd = 12 - BPF_PROG_GET_FD_BY_ID Cmd = 13 - BPF_MAP_GET_FD_BY_ID Cmd = 14 - BPF_OBJ_GET_INFO_BY_FD Cmd = 15 - BPF_PROG_QUERY Cmd = 16 - BPF_RAW_TRACEPOINT_OPEN Cmd = 17 - BPF_BTF_LOAD Cmd = 18 - BPF_BTF_GET_FD_BY_ID Cmd = 19 - BPF_TASK_FD_QUERY Cmd = 20 - BPF_MAP_LOOKUP_AND_DELETE_ELEM Cmd = 21 - BPF_MAP_FREEZE Cmd = 22 - BPF_BTF_GET_NEXT_ID Cmd = 23 - BPF_MAP_LOOKUP_BATCH Cmd = 24 - BPF_MAP_LOOKUP_AND_DELETE_BATCH Cmd = 25 - BPF_MAP_UPDATE_BATCH Cmd = 26 - BPF_MAP_DELETE_BATCH Cmd = 27 - BPF_LINK_CREATE Cmd = 28 - BPF_LINK_UPDATE Cmd = 29 - BPF_LINK_GET_FD_BY_ID Cmd = 30 - BPF_LINK_GET_NEXT_ID Cmd = 31 - BPF_ENABLE_STATS Cmd = 32 - BPF_ITER_CREATE Cmd = 33 - BPF_LINK_DETACH Cmd = 34 - BPF_PROG_BIND_MAP Cmd = 35 -) - -type FunctionId int32 - -const ( - BPF_FUNC_unspec FunctionId = 0 - BPF_FUNC_map_lookup_elem FunctionId = 1 - BPF_FUNC_map_update_elem FunctionId = 2 - BPF_FUNC_map_delete_elem FunctionId = 3 - BPF_FUNC_probe_read FunctionId = 4 - BPF_FUNC_ktime_get_ns FunctionId = 5 - BPF_FUNC_trace_printk FunctionId = 6 - BPF_FUNC_get_prandom_u32 FunctionId = 7 - BPF_FUNC_get_smp_processor_id FunctionId = 8 - BPF_FUNC_skb_store_bytes FunctionId = 9 - BPF_FUNC_l3_csum_replace FunctionId = 10 - BPF_FUNC_l4_csum_replace FunctionId = 11 - BPF_FUNC_tail_call FunctionId = 12 - BPF_FUNC_clone_redirect FunctionId = 13 - BPF_FUNC_get_current_pid_tgid FunctionId = 14 - BPF_FUNC_get_current_uid_gid FunctionId = 15 - BPF_FUNC_get_current_comm FunctionId = 16 - BPF_FUNC_get_cgroup_classid FunctionId = 17 - BPF_FUNC_skb_vlan_push FunctionId = 18 - BPF_FUNC_skb_vlan_pop FunctionId = 19 - BPF_FUNC_skb_get_tunnel_key FunctionId = 20 - BPF_FUNC_skb_set_tunnel_key FunctionId = 21 - BPF_FUNC_perf_event_read FunctionId = 22 - BPF_FUNC_redirect FunctionId = 23 - BPF_FUNC_get_route_realm FunctionId = 24 - BPF_FUNC_perf_event_output FunctionId = 25 - BPF_FUNC_skb_load_bytes FunctionId = 26 - BPF_FUNC_get_stackid FunctionId = 27 - BPF_FUNC_csum_diff FunctionId = 28 - BPF_FUNC_skb_get_tunnel_opt FunctionId = 29 - BPF_FUNC_skb_set_tunnel_opt FunctionId = 30 - BPF_FUNC_skb_change_proto FunctionId = 31 - BPF_FUNC_skb_change_type FunctionId = 32 - BPF_FUNC_skb_under_cgroup FunctionId = 33 - BPF_FUNC_get_hash_recalc FunctionId = 34 - BPF_FUNC_get_current_task FunctionId = 35 - BPF_FUNC_probe_write_user FunctionId = 36 - BPF_FUNC_current_task_under_cgroup FunctionId = 37 - BPF_FUNC_skb_change_tail FunctionId = 38 - BPF_FUNC_skb_pull_data FunctionId = 39 - BPF_FUNC_csum_update FunctionId = 40 - BPF_FUNC_set_hash_invalid FunctionId = 41 - BPF_FUNC_get_numa_node_id FunctionId = 42 - BPF_FUNC_skb_change_head FunctionId = 43 - BPF_FUNC_xdp_adjust_head FunctionId = 44 - BPF_FUNC_probe_read_str FunctionId = 45 - BPF_FUNC_get_socket_cookie FunctionId = 46 - BPF_FUNC_get_socket_uid FunctionId = 47 - BPF_FUNC_set_hash FunctionId = 48 - BPF_FUNC_setsockopt FunctionId = 49 - BPF_FUNC_skb_adjust_room FunctionId = 50 - BPF_FUNC_redirect_map FunctionId = 51 - BPF_FUNC_sk_redirect_map FunctionId = 52 - BPF_FUNC_sock_map_update FunctionId = 53 - BPF_FUNC_xdp_adjust_meta FunctionId = 54 - BPF_FUNC_perf_event_read_value FunctionId = 55 - BPF_FUNC_perf_prog_read_value FunctionId = 56 - BPF_FUNC_getsockopt FunctionId = 57 - BPF_FUNC_override_return FunctionId = 58 - BPF_FUNC_sock_ops_cb_flags_set FunctionId = 59 - BPF_FUNC_msg_redirect_map FunctionId = 60 - BPF_FUNC_msg_apply_bytes FunctionId = 61 - BPF_FUNC_msg_cork_bytes FunctionId = 62 - BPF_FUNC_msg_pull_data FunctionId = 63 - BPF_FUNC_bind FunctionId = 64 - BPF_FUNC_xdp_adjust_tail FunctionId = 65 - BPF_FUNC_skb_get_xfrm_state FunctionId = 66 - BPF_FUNC_get_stack FunctionId = 67 - BPF_FUNC_skb_load_bytes_relative FunctionId = 68 - BPF_FUNC_fib_lookup FunctionId = 69 - BPF_FUNC_sock_hash_update FunctionId = 70 - BPF_FUNC_msg_redirect_hash FunctionId = 71 - BPF_FUNC_sk_redirect_hash FunctionId = 72 - BPF_FUNC_lwt_push_encap FunctionId = 73 - BPF_FUNC_lwt_seg6_store_bytes FunctionId = 74 - BPF_FUNC_lwt_seg6_adjust_srh FunctionId = 75 - BPF_FUNC_lwt_seg6_action FunctionId = 76 - BPF_FUNC_rc_repeat FunctionId = 77 - BPF_FUNC_rc_keydown FunctionId = 78 - BPF_FUNC_skb_cgroup_id FunctionId = 79 - BPF_FUNC_get_current_cgroup_id FunctionId = 80 - BPF_FUNC_get_local_storage FunctionId = 81 - BPF_FUNC_sk_select_reuseport FunctionId = 82 - BPF_FUNC_skb_ancestor_cgroup_id FunctionId = 83 - BPF_FUNC_sk_lookup_tcp FunctionId = 84 - BPF_FUNC_sk_lookup_udp FunctionId = 85 - BPF_FUNC_sk_release FunctionId = 86 - BPF_FUNC_map_push_elem FunctionId = 87 - BPF_FUNC_map_pop_elem FunctionId = 88 - BPF_FUNC_map_peek_elem FunctionId = 89 - BPF_FUNC_msg_push_data FunctionId = 90 - BPF_FUNC_msg_pop_data FunctionId = 91 - BPF_FUNC_rc_pointer_rel FunctionId = 92 - BPF_FUNC_spin_lock FunctionId = 93 - BPF_FUNC_spin_unlock FunctionId = 94 - BPF_FUNC_sk_fullsock FunctionId = 95 - BPF_FUNC_tcp_sock FunctionId = 96 - BPF_FUNC_skb_ecn_set_ce FunctionId = 97 - BPF_FUNC_get_listener_sock FunctionId = 98 - BPF_FUNC_skc_lookup_tcp FunctionId = 99 - BPF_FUNC_tcp_check_syncookie FunctionId = 100 - BPF_FUNC_sysctl_get_name FunctionId = 101 - BPF_FUNC_sysctl_get_current_value FunctionId = 102 - BPF_FUNC_sysctl_get_new_value FunctionId = 103 - BPF_FUNC_sysctl_set_new_value FunctionId = 104 - BPF_FUNC_strtol FunctionId = 105 - BPF_FUNC_strtoul FunctionId = 106 - BPF_FUNC_sk_storage_get FunctionId = 107 - BPF_FUNC_sk_storage_delete FunctionId = 108 - BPF_FUNC_send_signal FunctionId = 109 - BPF_FUNC_tcp_gen_syncookie FunctionId = 110 - BPF_FUNC_skb_output FunctionId = 111 - BPF_FUNC_probe_read_user FunctionId = 112 - BPF_FUNC_probe_read_kernel FunctionId = 113 - BPF_FUNC_probe_read_user_str FunctionId = 114 - BPF_FUNC_probe_read_kernel_str FunctionId = 115 - BPF_FUNC_tcp_send_ack FunctionId = 116 - BPF_FUNC_send_signal_thread FunctionId = 117 - BPF_FUNC_jiffies64 FunctionId = 118 - BPF_FUNC_read_branch_records FunctionId = 119 - BPF_FUNC_get_ns_current_pid_tgid FunctionId = 120 - BPF_FUNC_xdp_output FunctionId = 121 - BPF_FUNC_get_netns_cookie FunctionId = 122 - BPF_FUNC_get_current_ancestor_cgroup_id FunctionId = 123 - BPF_FUNC_sk_assign FunctionId = 124 - BPF_FUNC_ktime_get_boot_ns FunctionId = 125 - BPF_FUNC_seq_printf FunctionId = 126 - BPF_FUNC_seq_write FunctionId = 127 - BPF_FUNC_sk_cgroup_id FunctionId = 128 - BPF_FUNC_sk_ancestor_cgroup_id FunctionId = 129 - BPF_FUNC_ringbuf_output FunctionId = 130 - BPF_FUNC_ringbuf_reserve FunctionId = 131 - BPF_FUNC_ringbuf_submit FunctionId = 132 - BPF_FUNC_ringbuf_discard FunctionId = 133 - BPF_FUNC_ringbuf_query FunctionId = 134 - BPF_FUNC_csum_level FunctionId = 135 - BPF_FUNC_skc_to_tcp6_sock FunctionId = 136 - BPF_FUNC_skc_to_tcp_sock FunctionId = 137 - BPF_FUNC_skc_to_tcp_timewait_sock FunctionId = 138 - BPF_FUNC_skc_to_tcp_request_sock FunctionId = 139 - BPF_FUNC_skc_to_udp6_sock FunctionId = 140 - BPF_FUNC_get_task_stack FunctionId = 141 - BPF_FUNC_load_hdr_opt FunctionId = 142 - BPF_FUNC_store_hdr_opt FunctionId = 143 - BPF_FUNC_reserve_hdr_opt FunctionId = 144 - BPF_FUNC_inode_storage_get FunctionId = 145 - BPF_FUNC_inode_storage_delete FunctionId = 146 - BPF_FUNC_d_path FunctionId = 147 - BPF_FUNC_copy_from_user FunctionId = 148 - BPF_FUNC_snprintf_btf FunctionId = 149 - BPF_FUNC_seq_printf_btf FunctionId = 150 - BPF_FUNC_skb_cgroup_classid FunctionId = 151 - BPF_FUNC_redirect_neigh FunctionId = 152 - BPF_FUNC_per_cpu_ptr FunctionId = 153 - BPF_FUNC_this_cpu_ptr FunctionId = 154 - BPF_FUNC_redirect_peer FunctionId = 155 - BPF_FUNC_task_storage_get FunctionId = 156 - BPF_FUNC_task_storage_delete FunctionId = 157 - BPF_FUNC_get_current_task_btf FunctionId = 158 - BPF_FUNC_bprm_opts_set FunctionId = 159 - BPF_FUNC_ktime_get_coarse_ns FunctionId = 160 - BPF_FUNC_ima_inode_hash FunctionId = 161 - BPF_FUNC_sock_from_file FunctionId = 162 - BPF_FUNC_check_mtu FunctionId = 163 - BPF_FUNC_for_each_map_elem FunctionId = 164 - BPF_FUNC_snprintf FunctionId = 165 - BPF_FUNC_sys_bpf FunctionId = 166 - BPF_FUNC_btf_find_by_name_kind FunctionId = 167 - BPF_FUNC_sys_close FunctionId = 168 - BPF_FUNC_timer_init FunctionId = 169 - BPF_FUNC_timer_set_callback FunctionId = 170 - BPF_FUNC_timer_start FunctionId = 171 - BPF_FUNC_timer_cancel FunctionId = 172 - BPF_FUNC_get_func_ip FunctionId = 173 - BPF_FUNC_get_attach_cookie FunctionId = 174 - BPF_FUNC_task_pt_regs FunctionId = 175 - BPF_FUNC_get_branch_snapshot FunctionId = 176 - BPF_FUNC_trace_vprintk FunctionId = 177 - BPF_FUNC_skc_to_unix_sock FunctionId = 178 - BPF_FUNC_kallsyms_lookup_name FunctionId = 179 - BPF_FUNC_find_vma FunctionId = 180 - BPF_FUNC_loop FunctionId = 181 - BPF_FUNC_strncmp FunctionId = 182 - BPF_FUNC_get_func_arg FunctionId = 183 - BPF_FUNC_get_func_ret FunctionId = 184 - BPF_FUNC_get_func_arg_cnt FunctionId = 185 - BPF_FUNC_get_retval FunctionId = 186 - BPF_FUNC_set_retval FunctionId = 187 - BPF_FUNC_xdp_get_buff_len FunctionId = 188 - BPF_FUNC_xdp_load_bytes FunctionId = 189 - BPF_FUNC_xdp_store_bytes FunctionId = 190 - BPF_FUNC_copy_from_user_task FunctionId = 191 - BPF_FUNC_skb_set_tstamp FunctionId = 192 - BPF_FUNC_ima_file_hash FunctionId = 193 - __BPF_FUNC_MAX_ID FunctionId = 194 -) - -type HdrStartOff int32 - -const ( - BPF_HDR_START_MAC HdrStartOff = 0 - BPF_HDR_START_NET HdrStartOff = 1 -) - -type LinkType int32 - -const ( - BPF_LINK_TYPE_UNSPEC LinkType = 0 - BPF_LINK_TYPE_RAW_TRACEPOINT LinkType = 1 - BPF_LINK_TYPE_TRACING LinkType = 2 - BPF_LINK_TYPE_CGROUP LinkType = 3 - BPF_LINK_TYPE_ITER LinkType = 4 - BPF_LINK_TYPE_NETNS LinkType = 5 - BPF_LINK_TYPE_XDP LinkType = 6 - BPF_LINK_TYPE_PERF_EVENT LinkType = 7 - BPF_LINK_TYPE_KPROBE_MULTI LinkType = 8 - MAX_BPF_LINK_TYPE LinkType = 9 -) - -type MapType int32 - -const ( - BPF_MAP_TYPE_UNSPEC MapType = 0 - BPF_MAP_TYPE_HASH MapType = 1 - BPF_MAP_TYPE_ARRAY MapType = 2 - BPF_MAP_TYPE_PROG_ARRAY MapType = 3 - BPF_MAP_TYPE_PERF_EVENT_ARRAY MapType = 4 - BPF_MAP_TYPE_PERCPU_HASH MapType = 5 - BPF_MAP_TYPE_PERCPU_ARRAY MapType = 6 - BPF_MAP_TYPE_STACK_TRACE MapType = 7 - BPF_MAP_TYPE_CGROUP_ARRAY MapType = 8 - BPF_MAP_TYPE_LRU_HASH MapType = 9 - BPF_MAP_TYPE_LRU_PERCPU_HASH MapType = 10 - BPF_MAP_TYPE_LPM_TRIE MapType = 11 - BPF_MAP_TYPE_ARRAY_OF_MAPS MapType = 12 - BPF_MAP_TYPE_HASH_OF_MAPS MapType = 13 - BPF_MAP_TYPE_DEVMAP MapType = 14 - BPF_MAP_TYPE_SOCKMAP MapType = 15 - BPF_MAP_TYPE_CPUMAP MapType = 16 - BPF_MAP_TYPE_XSKMAP MapType = 17 - BPF_MAP_TYPE_SOCKHASH MapType = 18 - BPF_MAP_TYPE_CGROUP_STORAGE MapType = 19 - BPF_MAP_TYPE_REUSEPORT_SOCKARRAY MapType = 20 - BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE MapType = 21 - BPF_MAP_TYPE_QUEUE MapType = 22 - BPF_MAP_TYPE_STACK MapType = 23 - BPF_MAP_TYPE_SK_STORAGE MapType = 24 - BPF_MAP_TYPE_DEVMAP_HASH MapType = 25 - BPF_MAP_TYPE_STRUCT_OPS MapType = 26 - BPF_MAP_TYPE_RINGBUF MapType = 27 - BPF_MAP_TYPE_INODE_STORAGE MapType = 28 - BPF_MAP_TYPE_TASK_STORAGE MapType = 29 - BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 -) - -type ProgType int32 - -const ( - BPF_PROG_TYPE_UNSPEC ProgType = 0 - BPF_PROG_TYPE_SOCKET_FILTER ProgType = 1 - BPF_PROG_TYPE_KPROBE ProgType = 2 - BPF_PROG_TYPE_SCHED_CLS ProgType = 3 - BPF_PROG_TYPE_SCHED_ACT ProgType = 4 - BPF_PROG_TYPE_TRACEPOINT ProgType = 5 - BPF_PROG_TYPE_XDP ProgType = 6 - BPF_PROG_TYPE_PERF_EVENT ProgType = 7 - BPF_PROG_TYPE_CGROUP_SKB ProgType = 8 - BPF_PROG_TYPE_CGROUP_SOCK ProgType = 9 - BPF_PROG_TYPE_LWT_IN ProgType = 10 - BPF_PROG_TYPE_LWT_OUT ProgType = 11 - BPF_PROG_TYPE_LWT_XMIT ProgType = 12 - BPF_PROG_TYPE_SOCK_OPS ProgType = 13 - BPF_PROG_TYPE_SK_SKB ProgType = 14 - BPF_PROG_TYPE_CGROUP_DEVICE ProgType = 15 - BPF_PROG_TYPE_SK_MSG ProgType = 16 - BPF_PROG_TYPE_RAW_TRACEPOINT ProgType = 17 - BPF_PROG_TYPE_CGROUP_SOCK_ADDR ProgType = 18 - BPF_PROG_TYPE_LWT_SEG6LOCAL ProgType = 19 - BPF_PROG_TYPE_LIRC_MODE2 ProgType = 20 - BPF_PROG_TYPE_SK_REUSEPORT ProgType = 21 - BPF_PROG_TYPE_FLOW_DISSECTOR ProgType = 22 - BPF_PROG_TYPE_CGROUP_SYSCTL ProgType = 23 - BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE ProgType = 24 - BPF_PROG_TYPE_CGROUP_SOCKOPT ProgType = 25 - BPF_PROG_TYPE_TRACING ProgType = 26 - BPF_PROG_TYPE_STRUCT_OPS ProgType = 27 - BPF_PROG_TYPE_EXT ProgType = 28 - BPF_PROG_TYPE_LSM ProgType = 29 - BPF_PROG_TYPE_SK_LOOKUP ProgType = 30 - BPF_PROG_TYPE_SYSCALL ProgType = 31 -) - -type RetCode int32 - -const ( - BPF_OK RetCode = 0 - BPF_DROP RetCode = 2 - BPF_REDIRECT RetCode = 7 - BPF_LWT_REROUTE RetCode = 128 -) - -type SkAction int32 - -const ( - SK_DROP SkAction = 0 - SK_PASS SkAction = 1 -) - -type StackBuildIdStatus int32 - -const ( - BPF_STACK_BUILD_ID_EMPTY StackBuildIdStatus = 0 - BPF_STACK_BUILD_ID_VALID StackBuildIdStatus = 1 - BPF_STACK_BUILD_ID_IP StackBuildIdStatus = 2 -) - -type StatsType int32 - -const ( - BPF_STATS_RUN_TIME StatsType = 0 -) - -type XdpAction int32 - -const ( - XDP_ABORTED XdpAction = 0 - XDP_DROP XdpAction = 1 - XDP_PASS XdpAction = 2 - XDP_TX XdpAction = 3 - XDP_REDIRECT XdpAction = 4 -) - -type BtfInfo struct { - Btf Pointer - BtfSize uint32 - Id BTFID - Name Pointer - NameLen uint32 - KernelBtf uint32 -} - -type FuncInfo struct { - InsnOff uint32 - TypeId uint32 -} - -type LineInfo struct { - InsnOff uint32 - FileNameOff uint32 - LineOff uint32 - LineCol uint32 -} - -type LinkInfo struct { - Type LinkType - Id LinkID - ProgId uint32 - _ [4]byte - Extra [16]uint8 -} - -type MapInfo struct { - Type uint32 - Id uint32 - KeySize uint32 - ValueSize uint32 - MaxEntries uint32 - MapFlags uint32 - Name ObjName - Ifindex uint32 - BtfVmlinuxValueTypeId uint32 - NetnsDev uint64 - NetnsIno uint64 - BtfId uint32 - BtfKeyTypeId uint32 - BtfValueTypeId uint32 - _ [4]byte - MapExtra uint64 -} - -type ProgInfo struct { - Type uint32 - Id uint32 - Tag [8]uint8 - JitedProgLen uint32 - XlatedProgLen uint32 - JitedProgInsns uint64 - XlatedProgInsns Pointer - LoadTime uint64 - CreatedByUid uint32 - NrMapIds uint32 - MapIds Pointer - Name ObjName - Ifindex uint32 - _ [4]byte /* unsupported bitfield */ - NetnsDev uint64 - NetnsIno uint64 - NrJitedKsyms uint32 - NrJitedFuncLens uint32 - JitedKsyms uint64 - JitedFuncLens uint64 - BtfId uint32 - FuncInfoRecSize uint32 - FuncInfo uint64 - NrFuncInfo uint32 - NrLineInfo uint32 - LineInfo uint64 - JitedLineInfo uint64 - NrJitedLineInfo uint32 - LineInfoRecSize uint32 - JitedLineInfoRecSize uint32 - NrProgTags uint32 - ProgTags uint64 - RunTimeNs uint64 - RunCnt uint64 - RecursionMisses uint64 - VerifiedInsns uint32 - _ [4]byte -} - -type SkLookup struct { - Cookie uint64 - Family uint32 - Protocol uint32 - RemoteIp4 [4]uint8 - RemoteIp6 [16]uint8 - RemotePort uint16 - _ [2]byte - LocalIp4 [4]uint8 - LocalIp6 [16]uint8 - LocalPort uint32 - IngressIfindex uint32 - _ [4]byte -} - -type XdpMd struct { - Data uint32 - DataEnd uint32 - DataMeta uint32 - IngressIfindex uint32 - RxQueueIndex uint32 - EgressIfindex uint32 -} - -type BtfGetFdByIdAttr struct{ Id uint32 } - -func BtfGetFdById(attr *BtfGetFdByIdAttr) (*FD, error) { - fd, err := BPF(BPF_BTF_GET_FD_BY_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type BtfGetNextIdAttr struct { - Id BTFID - NextId BTFID -} - -func BtfGetNextId(attr *BtfGetNextIdAttr) error { - _, err := BPF(BPF_BTF_GET_NEXT_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type BtfLoadAttr struct { - Btf Pointer - BtfLogBuf Pointer - BtfSize uint32 - BtfLogSize uint32 - BtfLogLevel uint32 - _ [4]byte -} - -func BtfLoad(attr *BtfLoadAttr) (*FD, error) { - fd, err := BPF(BPF_BTF_LOAD, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type EnableStatsAttr struct{ Type uint32 } - -func EnableStats(attr *EnableStatsAttr) (*FD, error) { - fd, err := BPF(BPF_ENABLE_STATS, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type IterCreateAttr struct { - LinkFd uint32 - Flags uint32 -} - -func IterCreate(attr *IterCreateAttr) (*FD, error) { - fd, err := BPF(BPF_ITER_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type LinkCreateAttr struct { - ProgFd uint32 - TargetFd uint32 - AttachType AttachType - Flags uint32 - TargetBtfId uint32 - _ [28]byte -} - -func LinkCreate(attr *LinkCreateAttr) (*FD, error) { - fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type LinkCreateIterAttr struct { - ProgFd uint32 - TargetFd uint32 - AttachType AttachType - Flags uint32 - IterInfo Pointer - IterInfoLen uint32 - _ [20]byte -} - -func LinkCreateIter(attr *LinkCreateIterAttr) (*FD, error) { - fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type LinkCreatePerfEventAttr struct { - ProgFd uint32 - TargetFd uint32 - AttachType AttachType - Flags uint32 - BpfCookie uint64 - _ [24]byte -} - -func LinkCreatePerfEvent(attr *LinkCreatePerfEventAttr) (*FD, error) { - fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type LinkUpdateAttr struct { - LinkFd uint32 - NewProgFd uint32 - Flags uint32 - OldProgFd uint32 -} - -func LinkUpdate(attr *LinkUpdateAttr) error { - _, err := BPF(BPF_LINK_UPDATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapCreateAttr struct { - MapType MapType - KeySize uint32 - ValueSize uint32 - MaxEntries uint32 - MapFlags uint32 - InnerMapFd uint32 - NumaNode uint32 - MapName ObjName - MapIfindex uint32 - BtfFd uint32 - BtfKeyTypeId uint32 - BtfValueTypeId uint32 - BtfVmlinuxValueTypeId uint32 - MapExtra uint64 -} - -func MapCreate(attr *MapCreateAttr) (*FD, error) { - fd, err := BPF(BPF_MAP_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type MapDeleteBatchAttr struct { - InBatch Pointer - OutBatch Pointer - Keys Pointer - Values Pointer - Count uint32 - MapFd uint32 - ElemFlags uint64 - Flags uint64 -} - -func MapDeleteBatch(attr *MapDeleteBatchAttr) error { - _, err := BPF(BPF_MAP_DELETE_BATCH, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapDeleteElemAttr struct { - MapFd uint32 - _ [4]byte - Key Pointer - Value Pointer - Flags uint64 -} - -func MapDeleteElem(attr *MapDeleteElemAttr) error { - _, err := BPF(BPF_MAP_DELETE_ELEM, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapFreezeAttr struct{ MapFd uint32 } - -func MapFreeze(attr *MapFreezeAttr) error { - _, err := BPF(BPF_MAP_FREEZE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapGetFdByIdAttr struct{ Id uint32 } - -func MapGetFdById(attr *MapGetFdByIdAttr) (*FD, error) { - fd, err := BPF(BPF_MAP_GET_FD_BY_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type MapGetNextIdAttr struct { - Id uint32 - NextId uint32 -} - -func MapGetNextId(attr *MapGetNextIdAttr) error { - _, err := BPF(BPF_MAP_GET_NEXT_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapGetNextKeyAttr struct { - MapFd uint32 - _ [4]byte - Key Pointer - NextKey Pointer -} - -func MapGetNextKey(attr *MapGetNextKeyAttr) error { - _, err := BPF(BPF_MAP_GET_NEXT_KEY, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapLookupAndDeleteBatchAttr struct { - InBatch Pointer - OutBatch Pointer - Keys Pointer - Values Pointer - Count uint32 - MapFd uint32 - ElemFlags uint64 - Flags uint64 -} - -func MapLookupAndDeleteBatch(attr *MapLookupAndDeleteBatchAttr) error { - _, err := BPF(BPF_MAP_LOOKUP_AND_DELETE_BATCH, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapLookupAndDeleteElemAttr struct { - MapFd uint32 - _ [4]byte - Key Pointer - Value Pointer - Flags uint64 -} - -func MapLookupAndDeleteElem(attr *MapLookupAndDeleteElemAttr) error { - _, err := BPF(BPF_MAP_LOOKUP_AND_DELETE_ELEM, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapLookupBatchAttr struct { - InBatch Pointer - OutBatch Pointer - Keys Pointer - Values Pointer - Count uint32 - MapFd uint32 - ElemFlags uint64 - Flags uint64 -} - -func MapLookupBatch(attr *MapLookupBatchAttr) error { - _, err := BPF(BPF_MAP_LOOKUP_BATCH, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapLookupElemAttr struct { - MapFd uint32 - _ [4]byte - Key Pointer - Value Pointer - Flags uint64 -} - -func MapLookupElem(attr *MapLookupElemAttr) error { - _, err := BPF(BPF_MAP_LOOKUP_ELEM, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapUpdateBatchAttr struct { - InBatch Pointer - OutBatch Pointer - Keys Pointer - Values Pointer - Count uint32 - MapFd uint32 - ElemFlags uint64 - Flags uint64 -} - -func MapUpdateBatch(attr *MapUpdateBatchAttr) error { - _, err := BPF(BPF_MAP_UPDATE_BATCH, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type MapUpdateElemAttr struct { - MapFd uint32 - _ [4]byte - Key Pointer - Value Pointer - Flags uint64 -} - -func MapUpdateElem(attr *MapUpdateElemAttr) error { - _, err := BPF(BPF_MAP_UPDATE_ELEM, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ObjGetAttr struct { - Pathname Pointer - BpfFd uint32 - FileFlags uint32 -} - -func ObjGet(attr *ObjGetAttr) (*FD, error) { - fd, err := BPF(BPF_OBJ_GET, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type ObjGetInfoByFdAttr struct { - BpfFd uint32 - InfoLen uint32 - Info Pointer -} - -func ObjGetInfoByFd(attr *ObjGetInfoByFdAttr) error { - _, err := BPF(BPF_OBJ_GET_INFO_BY_FD, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ObjPinAttr struct { - Pathname Pointer - BpfFd uint32 - FileFlags uint32 -} - -func ObjPin(attr *ObjPinAttr) error { - _, err := BPF(BPF_OBJ_PIN, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ProgAttachAttr struct { - TargetFd uint32 - AttachBpfFd uint32 - AttachType uint32 - AttachFlags uint32 - ReplaceBpfFd uint32 -} - -func ProgAttach(attr *ProgAttachAttr) error { - _, err := BPF(BPF_PROG_ATTACH, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ProgBindMapAttr struct { - ProgFd uint32 - MapFd uint32 - Flags uint32 -} - -func ProgBindMap(attr *ProgBindMapAttr) error { - _, err := BPF(BPF_PROG_BIND_MAP, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ProgDetachAttr struct { - TargetFd uint32 - AttachBpfFd uint32 - AttachType uint32 -} - -func ProgDetach(attr *ProgDetachAttr) error { - _, err := BPF(BPF_PROG_DETACH, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ProgGetFdByIdAttr struct{ Id uint32 } - -func ProgGetFdById(attr *ProgGetFdByIdAttr) (*FD, error) { - fd, err := BPF(BPF_PROG_GET_FD_BY_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type ProgGetNextIdAttr struct { - Id uint32 - NextId uint32 -} - -func ProgGetNextId(attr *ProgGetNextIdAttr) error { - _, err := BPF(BPF_PROG_GET_NEXT_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type ProgLoadAttr struct { - ProgType ProgType - InsnCnt uint32 - Insns Pointer - License Pointer - LogLevel uint32 - LogSize uint32 - LogBuf Pointer - KernVersion uint32 - ProgFlags uint32 - ProgName ObjName - ProgIfindex uint32 - ExpectedAttachType AttachType - ProgBtfFd uint32 - FuncInfoRecSize uint32 - FuncInfo Pointer - FuncInfoCnt uint32 - LineInfoRecSize uint32 - LineInfo Pointer - LineInfoCnt uint32 - AttachBtfId uint32 - AttachProgFd uint32 - CoreReloCnt uint32 - FdArray Pointer - CoreRelos Pointer - CoreReloRecSize uint32 - _ [4]byte -} - -func ProgLoad(attr *ProgLoadAttr) (*FD, error) { - fd, err := BPF(BPF_PROG_LOAD, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type ProgRunAttr struct { - ProgFd uint32 - Retval uint32 - DataSizeIn uint32 - DataSizeOut uint32 - DataIn Pointer - DataOut Pointer - Repeat uint32 - Duration uint32 - CtxSizeIn uint32 - CtxSizeOut uint32 - CtxIn Pointer - CtxOut Pointer - Flags uint32 - Cpu uint32 - BatchSize uint32 - _ [4]byte -} - -func ProgRun(attr *ProgRunAttr) error { - _, err := BPF(BPF_PROG_TEST_RUN, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - return err -} - -type RawTracepointOpenAttr struct { - Name Pointer - ProgFd uint32 - _ [4]byte -} - -func RawTracepointOpen(attr *RawTracepointOpenAttr) (*FD, error) { - fd, err := BPF(BPF_RAW_TRACEPOINT_OPEN, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) - if err != nil { - return nil, err - } - return NewFD(int(fd)) -} - -type CgroupLinkInfo struct { - CgroupId uint64 - AttachType AttachType - _ [4]byte -} - -type IterLinkInfo struct { - TargetName Pointer - TargetNameLen uint32 -} - -type NetNsLinkInfo struct { - NetnsIno uint32 - AttachType AttachType -} - -type RawTracepointLinkInfo struct { - TpName Pointer - TpNameLen uint32 - _ [4]byte -} - -type TracingLinkInfo struct { - AttachType AttachType - TargetObjId uint32 - TargetBtfId uint32 -} - -type XDPLinkInfo struct{ Ifindex uint32 } diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go deleted file mode 100644 index db4a1f5bf9..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ /dev/null @@ -1,210 +0,0 @@ -//go:build linux -// +build linux - -package unix - -import ( - "syscall" - - linux "golang.org/x/sys/unix" -) - -const ( - ENOENT = linux.ENOENT - EEXIST = linux.EEXIST - EAGAIN = linux.EAGAIN - ENOSPC = linux.ENOSPC - EINVAL = linux.EINVAL - EPOLLIN = linux.EPOLLIN - EINTR = linux.EINTR - EPERM = linux.EPERM - ESRCH = linux.ESRCH - ENODEV = linux.ENODEV - EBADF = linux.EBADF - E2BIG = linux.E2BIG - EFAULT = linux.EFAULT - EACCES = linux.EACCES - // ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP - ENOTSUPP = syscall.Errno(0x20c) - - BPF_F_NO_PREALLOC = linux.BPF_F_NO_PREALLOC - BPF_F_NUMA_NODE = linux.BPF_F_NUMA_NODE - BPF_F_RDONLY = linux.BPF_F_RDONLY - BPF_F_WRONLY = linux.BPF_F_WRONLY - BPF_F_RDONLY_PROG = linux.BPF_F_RDONLY_PROG - BPF_F_WRONLY_PROG = linux.BPF_F_WRONLY_PROG - BPF_F_SLEEPABLE = linux.BPF_F_SLEEPABLE - BPF_F_MMAPABLE = linux.BPF_F_MMAPABLE - BPF_F_INNER_MAP = linux.BPF_F_INNER_MAP - BPF_OBJ_NAME_LEN = linux.BPF_OBJ_NAME_LEN - BPF_TAG_SIZE = linux.BPF_TAG_SIZE - BPF_RINGBUF_BUSY_BIT = linux.BPF_RINGBUF_BUSY_BIT - BPF_RINGBUF_DISCARD_BIT = linux.BPF_RINGBUF_DISCARD_BIT - BPF_RINGBUF_HDR_SZ = linux.BPF_RINGBUF_HDR_SZ - SYS_BPF = linux.SYS_BPF - F_DUPFD_CLOEXEC = linux.F_DUPFD_CLOEXEC - EPOLL_CTL_ADD = linux.EPOLL_CTL_ADD - EPOLL_CLOEXEC = linux.EPOLL_CLOEXEC - O_CLOEXEC = linux.O_CLOEXEC - O_NONBLOCK = linux.O_NONBLOCK - PROT_READ = linux.PROT_READ - PROT_WRITE = linux.PROT_WRITE - MAP_SHARED = linux.MAP_SHARED - PERF_ATTR_SIZE_VER1 = linux.PERF_ATTR_SIZE_VER1 - PERF_TYPE_SOFTWARE = linux.PERF_TYPE_SOFTWARE - PERF_TYPE_TRACEPOINT = linux.PERF_TYPE_TRACEPOINT - PERF_COUNT_SW_BPF_OUTPUT = linux.PERF_COUNT_SW_BPF_OUTPUT - PERF_EVENT_IOC_DISABLE = linux.PERF_EVENT_IOC_DISABLE - PERF_EVENT_IOC_ENABLE = linux.PERF_EVENT_IOC_ENABLE - PERF_EVENT_IOC_SET_BPF = linux.PERF_EVENT_IOC_SET_BPF - PerfBitWatermark = linux.PerfBitWatermark - PERF_SAMPLE_RAW = linux.PERF_SAMPLE_RAW - PERF_FLAG_FD_CLOEXEC = linux.PERF_FLAG_FD_CLOEXEC - RLIM_INFINITY = linux.RLIM_INFINITY - RLIMIT_MEMLOCK = linux.RLIMIT_MEMLOCK - BPF_STATS_RUN_TIME = linux.BPF_STATS_RUN_TIME - PERF_RECORD_LOST = linux.PERF_RECORD_LOST - PERF_RECORD_SAMPLE = linux.PERF_RECORD_SAMPLE - AT_FDCWD = linux.AT_FDCWD - RENAME_NOREPLACE = linux.RENAME_NOREPLACE - SO_ATTACH_BPF = linux.SO_ATTACH_BPF - SO_DETACH_BPF = linux.SO_DETACH_BPF - SOL_SOCKET = linux.SOL_SOCKET -) - -// Statfs_t is a wrapper -type Statfs_t = linux.Statfs_t - -type Stat_t = linux.Stat_t - -// Rlimit is a wrapper -type Rlimit = linux.Rlimit - -// Syscall is a wrapper -func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { - return linux.Syscall(trap, a1, a2, a3) -} - -// FcntlInt is a wrapper -func FcntlInt(fd uintptr, cmd, arg int) (int, error) { - return linux.FcntlInt(fd, cmd, arg) -} - -// IoctlSetInt is a wrapper -func IoctlSetInt(fd int, req uint, value int) error { - return linux.IoctlSetInt(fd, req, value) -} - -// Statfs is a wrapper -func Statfs(path string, buf *Statfs_t) (err error) { - return linux.Statfs(path, buf) -} - -// Close is a wrapper -func Close(fd int) (err error) { - return linux.Close(fd) -} - -// EpollEvent is a wrapper -type EpollEvent = linux.EpollEvent - -// EpollWait is a wrapper -func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { - return linux.EpollWait(epfd, events, msec) -} - -// EpollCtl is a wrapper -func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { - return linux.EpollCtl(epfd, op, fd, event) -} - -// Eventfd is a wrapper -func Eventfd(initval uint, flags int) (fd int, err error) { - return linux.Eventfd(initval, flags) -} - -// Write is a wrapper -func Write(fd int, p []byte) (n int, err error) { - return linux.Write(fd, p) -} - -// EpollCreate1 is a wrapper -func EpollCreate1(flag int) (fd int, err error) { - return linux.EpollCreate1(flag) -} - -// PerfEventMmapPage is a wrapper -type PerfEventMmapPage linux.PerfEventMmapPage - -// SetNonblock is a wrapper -func SetNonblock(fd int, nonblocking bool) (err error) { - return linux.SetNonblock(fd, nonblocking) -} - -// Mmap is a wrapper -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return linux.Mmap(fd, offset, length, prot, flags) -} - -// Munmap is a wrapper -func Munmap(b []byte) (err error) { - return linux.Munmap(b) -} - -// PerfEventAttr is a wrapper -type PerfEventAttr = linux.PerfEventAttr - -// PerfEventOpen is a wrapper -func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { - return linux.PerfEventOpen(attr, pid, cpu, groupFd, flags) -} - -// Utsname is a wrapper -type Utsname = linux.Utsname - -// Uname is a wrapper -func Uname(buf *Utsname) (err error) { - return linux.Uname(buf) -} - -// Getpid is a wrapper -func Getpid() int { - return linux.Getpid() -} - -// Gettid is a wrapper -func Gettid() int { - return linux.Gettid() -} - -// Tgkill is a wrapper -func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { - return linux.Tgkill(tgid, tid, sig) -} - -// BytePtrFromString is a wrapper -func BytePtrFromString(s string) (*byte, error) { - return linux.BytePtrFromString(s) -} - -// ByteSliceToString is a wrapper -func ByteSliceToString(s []byte) string { - return linux.ByteSliceToString(s) -} - -// Renameat2 is a wrapper -func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error { - return linux.Renameat2(olddirfd, oldpath, newdirfd, newpath, flags) -} - -func Prlimit(pid, resource int, new, old *Rlimit) error { - return linux.Prlimit(pid, resource, new, old) -} - -func Open(path string, mode int, perm uint32) (int, error) { - return linux.Open(path, mode, perm) -} - -func Fstat(fd int, stat *Stat_t) error { - return linux.Fstat(fd, stat) -} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go deleted file mode 100644 index 133c267dbc..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ /dev/null @@ -1,278 +0,0 @@ -//go:build !linux -// +build !linux - -package unix - -import ( - "fmt" - "runtime" - "syscall" -) - -var errNonLinux = fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH) - -const ( - ENOENT = syscall.ENOENT - EEXIST = syscall.EEXIST - EAGAIN = syscall.EAGAIN - ENOSPC = syscall.ENOSPC - EINVAL = syscall.EINVAL - EINTR = syscall.EINTR - EPERM = syscall.EPERM - ESRCH = syscall.ESRCH - ENODEV = syscall.ENODEV - EBADF = syscall.Errno(0) - E2BIG = syscall.Errno(0) - EFAULT = syscall.EFAULT - EACCES = syscall.Errno(0) - // ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP - ENOTSUPP = syscall.Errno(0x20c) - - BPF_F_NO_PREALLOC = 0 - BPF_F_NUMA_NODE = 0 - BPF_F_RDONLY = 0 - BPF_F_WRONLY = 0 - BPF_F_RDONLY_PROG = 0 - BPF_F_WRONLY_PROG = 0 - BPF_F_SLEEPABLE = 0 - BPF_F_MMAPABLE = 0 - BPF_F_INNER_MAP = 0 - BPF_OBJ_NAME_LEN = 0x10 - BPF_TAG_SIZE = 0x8 - BPF_RINGBUF_BUSY_BIT = 0 - BPF_RINGBUF_DISCARD_BIT = 0 - BPF_RINGBUF_HDR_SZ = 0 - SYS_BPF = 321 - F_DUPFD_CLOEXEC = 0x406 - EPOLLIN = 0x1 - EPOLL_CTL_ADD = 0x1 - EPOLL_CLOEXEC = 0x80000 - O_CLOEXEC = 0x80000 - O_NONBLOCK = 0x800 - PROT_READ = 0x1 - PROT_WRITE = 0x2 - MAP_SHARED = 0x1 - PERF_ATTR_SIZE_VER1 = 0 - PERF_TYPE_SOFTWARE = 0x1 - PERF_TYPE_TRACEPOINT = 0 - PERF_COUNT_SW_BPF_OUTPUT = 0xa - PERF_EVENT_IOC_DISABLE = 0 - PERF_EVENT_IOC_ENABLE = 0 - PERF_EVENT_IOC_SET_BPF = 0 - PerfBitWatermark = 0x4000 - PERF_SAMPLE_RAW = 0x400 - PERF_FLAG_FD_CLOEXEC = 0x8 - RLIM_INFINITY = 0x7fffffffffffffff - RLIMIT_MEMLOCK = 8 - BPF_STATS_RUN_TIME = 0 - PERF_RECORD_LOST = 2 - PERF_RECORD_SAMPLE = 9 - AT_FDCWD = -0x2 - RENAME_NOREPLACE = 0x1 - SO_ATTACH_BPF = 0x32 - SO_DETACH_BPF = 0x1b - SOL_SOCKET = 0x1 -) - -// Statfs_t is a wrapper -type Statfs_t struct { - Type int64 - Bsize int64 - Blocks uint64 - Bfree uint64 - Bavail uint64 - Files uint64 - Ffree uint64 - Fsid [2]int32 - Namelen int64 - Frsize int64 - Flags int64 - Spare [4]int64 -} - -type Stat_t struct{} - -// Rlimit is a wrapper -type Rlimit struct { - Cur uint64 - Max uint64 -} - -// Syscall is a wrapper -func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { - return 0, 0, syscall.Errno(1) -} - -// FcntlInt is a wrapper -func FcntlInt(fd uintptr, cmd, arg int) (int, error) { - return -1, errNonLinux -} - -// IoctlSetInt is a wrapper -func IoctlSetInt(fd int, req uint, value int) error { - return errNonLinux -} - -// Statfs is a wrapper -func Statfs(path string, buf *Statfs_t) error { - return errNonLinux -} - -// Close is a wrapper -func Close(fd int) (err error) { - return errNonLinux -} - -// EpollEvent is a wrapper -type EpollEvent struct { - Events uint32 - Fd int32 - Pad int32 -} - -// EpollWait is a wrapper -func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { - return 0, errNonLinux -} - -// EpollCtl is a wrapper -func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { - return errNonLinux -} - -// Eventfd is a wrapper -func Eventfd(initval uint, flags int) (fd int, err error) { - return 0, errNonLinux -} - -// Write is a wrapper -func Write(fd int, p []byte) (n int, err error) { - return 0, errNonLinux -} - -// EpollCreate1 is a wrapper -func EpollCreate1(flag int) (fd int, err error) { - return 0, errNonLinux -} - -// PerfEventMmapPage is a wrapper -type PerfEventMmapPage struct { - Version uint32 - Compat_version uint32 - Lock uint32 - Index uint32 - Offset int64 - Time_enabled uint64 - Time_running uint64 - Capabilities uint64 - Pmc_width uint16 - Time_shift uint16 - Time_mult uint32 - Time_offset uint64 - Time_zero uint64 - Size uint32 - - Data_head uint64 - Data_tail uint64 - Data_offset uint64 - Data_size uint64 - Aux_head uint64 - Aux_tail uint64 - Aux_offset uint64 - Aux_size uint64 -} - -// SetNonblock is a wrapper -func SetNonblock(fd int, nonblocking bool) (err error) { - return errNonLinux -} - -// Mmap is a wrapper -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return []byte{}, errNonLinux -} - -// Munmap is a wrapper -func Munmap(b []byte) (err error) { - return errNonLinux -} - -// PerfEventAttr is a wrapper -type PerfEventAttr struct { - Type uint32 - Size uint32 - Config uint64 - Sample uint64 - Sample_type uint64 - Read_format uint64 - Bits uint64 - Wakeup uint32 - Bp_type uint32 - Ext1 uint64 - Ext2 uint64 - Branch_sample_type uint64 - Sample_regs_user uint64 - Sample_stack_user uint32 - Clockid int32 - Sample_regs_intr uint64 - Aux_watermark uint32 - Sample_max_stack uint16 -} - -// PerfEventOpen is a wrapper -func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { - return 0, errNonLinux -} - -// Utsname is a wrapper -type Utsname struct { - Release [65]byte - Version [65]byte -} - -// Uname is a wrapper -func Uname(buf *Utsname) (err error) { - return errNonLinux -} - -// Getpid is a wrapper -func Getpid() int { - return -1 -} - -// Gettid is a wrapper -func Gettid() int { - return -1 -} - -// Tgkill is a wrapper -func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { - return errNonLinux -} - -// BytePtrFromString is a wrapper -func BytePtrFromString(s string) (*byte, error) { - return nil, errNonLinux -} - -// ByteSliceToString is a wrapper -func ByteSliceToString(s []byte) string { - return "" -} - -// Renameat2 is a wrapper -func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error { - return errNonLinux -} - -func Prlimit(pid, resource int, new, old *Rlimit) error { - return errNonLinux -} - -func Open(path string, mode int, perm uint32) (int, error) { - return -1, errNonLinux -} - -func Fstat(fd int, stat *Stat_t) error { - return errNonLinux -} diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go deleted file mode 100644 index ae4821de20..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ /dev/null @@ -1,150 +0,0 @@ -package internal - -import ( - "debug/elf" - "encoding/binary" - "errors" - "fmt" - "io" - "math" - "os" - - "github.com/cilium/ebpf/internal/unix" -) - -var ( - errAuxvNoVDSO = errors.New("no vdso address found in auxv") -) - -// vdsoVersion returns the LINUX_VERSION_CODE embedded in the vDSO library -// linked into the current process image. -func vdsoVersion() (uint32, error) { - // Read data from the auxiliary vector, which is normally passed directly - // to the process. Go does not expose that data, so we must read it from procfs. - // https://man7.org/linux/man-pages/man3/getauxval.3.html - av, err := os.Open("/proc/self/auxv") - if err != nil { - return 0, fmt.Errorf("opening auxv: %w", err) - } - defer av.Close() - - vdsoAddr, err := vdsoMemoryAddress(av) - if err != nil { - return 0, fmt.Errorf("finding vDSO memory address: %w", err) - } - - // Use /proc/self/mem rather than unsafe.Pointer tricks. - mem, err := os.Open("/proc/self/mem") - if err != nil { - return 0, fmt.Errorf("opening mem: %w", err) - } - defer mem.Close() - - // Open ELF at provided memory address, as offset into /proc/self/mem. - c, err := vdsoLinuxVersionCode(io.NewSectionReader(mem, int64(vdsoAddr), math.MaxInt64)) - if err != nil { - return 0, fmt.Errorf("reading linux version code: %w", err) - } - - return c, nil -} - -// vdsoMemoryAddress returns the memory address of the vDSO library -// linked into the current process image. r is an io.Reader into an auxv blob. -func vdsoMemoryAddress(r io.Reader) (uint64, error) { - const ( - _AT_NULL = 0 // End of vector - _AT_SYSINFO_EHDR = 33 // Offset to vDSO blob in process image - ) - - // Loop through all tag/value pairs in auxv until we find `AT_SYSINFO_EHDR`, - // the address of a page containing the virtual Dynamic Shared Object (vDSO). - aux := struct{ Tag, Val uint64 }{} - for { - if err := binary.Read(r, NativeEndian, &aux); err != nil { - return 0, fmt.Errorf("reading auxv entry: %w", err) - } - - switch aux.Tag { - case _AT_SYSINFO_EHDR: - if aux.Val != 0 { - return aux.Val, nil - } - return 0, fmt.Errorf("invalid vDSO address in auxv") - // _AT_NULL is always the last tag/val pair in the aux vector - // and can be treated like EOF. - case _AT_NULL: - return 0, errAuxvNoVDSO - } - } -} - -// format described at https://www.man7.org/linux/man-pages/man5/elf.5.html in section 'Notes (Nhdr)' -type elfNoteHeader struct { - NameSize int32 - DescSize int32 - Type int32 -} - -// vdsoLinuxVersionCode returns the LINUX_VERSION_CODE embedded in -// the ELF notes section of the binary provided by the reader. -func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { - hdr, err := NewSafeELFFile(r) - if err != nil { - return 0, fmt.Errorf("reading vDSO ELF: %w", err) - } - - sections := hdr.SectionsByType(elf.SHT_NOTE) - if len(sections) == 0 { - return 0, fmt.Errorf("no note section found in vDSO ELF") - } - - for _, sec := range sections { - sr := sec.Open() - var n elfNoteHeader - - // Read notes until we find one named 'Linux'. - for { - if err := binary.Read(sr, hdr.ByteOrder, &n); err != nil { - if errors.Is(err, io.EOF) { - // We looked at all the notes in this section - break - } - return 0, fmt.Errorf("reading note header: %w", err) - } - - // If a note name is defined, it follows the note header. - var name string - if n.NameSize > 0 { - // Read the note name, aligned to 4 bytes. - buf := make([]byte, Align(int(n.NameSize), 4)) - if err := binary.Read(sr, hdr.ByteOrder, &buf); err != nil { - return 0, fmt.Errorf("reading note name: %w", err) - } - - // Read nul-terminated string. - name = unix.ByteSliceToString(buf[:n.NameSize]) - } - - // If a note descriptor is defined, it follows the name. - // It is possible for a note to have a descriptor but not a name. - if n.DescSize > 0 { - // LINUX_VERSION_CODE is a uint32 value. - if name == "Linux" && n.DescSize == 4 && n.Type == 0 { - var version uint32 - if err := binary.Read(sr, hdr.ByteOrder, &version); err != nil { - return 0, fmt.Errorf("reading note descriptor: %w", err) - } - return version, nil - } - - // Discard the note descriptor if it exists but we're not interested in it. - if _, err := io.CopyN(io.Discard, sr, int64(Align(int(n.DescSize), 4))); err != nil { - return 0, err - } - } - } - } - - return 0, fmt.Errorf("no Linux note in ELF") -} diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go deleted file mode 100644 index 370e01e444..0000000000 --- a/vendor/github.com/cilium/ebpf/internal/version.go +++ /dev/null @@ -1,122 +0,0 @@ -package internal - -import ( - "fmt" - "sync" - - "github.com/cilium/ebpf/internal/unix" -) - -const ( - // Version constant used in ELF binaries indicating that the loader needs to - // substitute the eBPF program's version with the value of the kernel's - // KERNEL_VERSION compile-time macro. Used for compatibility with BCC, gobpf - // and RedSift. - MagicKernelVersion = 0xFFFFFFFE -) - -var ( - kernelVersion = struct { - once sync.Once - version Version - err error - }{} -) - -// A Version in the form Major.Minor.Patch. -type Version [3]uint16 - -// NewVersion creates a version from a string like "Major.Minor.Patch". -// -// Patch is optional. -func NewVersion(ver string) (Version, error) { - var major, minor, patch uint16 - n, _ := fmt.Sscanf(ver, "%d.%d.%d", &major, &minor, &patch) - if n < 2 { - return Version{}, fmt.Errorf("invalid version: %s", ver) - } - return Version{major, minor, patch}, nil -} - -// NewVersionFromCode creates a version from a LINUX_VERSION_CODE. -func NewVersionFromCode(code uint32) Version { - return Version{ - uint16(uint8(code >> 16)), - uint16(uint8(code >> 8)), - uint16(uint8(code)), - } -} - -func (v Version) String() string { - if v[2] == 0 { - return fmt.Sprintf("v%d.%d", v[0], v[1]) - } - return fmt.Sprintf("v%d.%d.%d", v[0], v[1], v[2]) -} - -// Less returns true if the version is less than another version. -func (v Version) Less(other Version) bool { - for i, a := range v { - if a == other[i] { - continue - } - return a < other[i] - } - return false -} - -// Unspecified returns true if the version is all zero. -func (v Version) Unspecified() bool { - return v[0] == 0 && v[1] == 0 && v[2] == 0 -} - -// Kernel implements the kernel's KERNEL_VERSION macro from linux/version.h. -// It represents the kernel version and patch level as a single value. -func (v Version) Kernel() uint32 { - - // Kernels 4.4 and 4.9 have their SUBLEVEL clamped to 255 to avoid - // overflowing into PATCHLEVEL. - // See kernel commit 9b82f13e7ef3 ("kbuild: clamp SUBLEVEL to 255"). - s := v[2] - if s > 255 { - s = 255 - } - - // Truncate members to uint8 to prevent them from spilling over into - // each other when overflowing 8 bits. - return uint32(uint8(v[0]))<<16 | uint32(uint8(v[1]))<<8 | uint32(uint8(s)) -} - -// KernelVersion returns the version of the currently running kernel. -func KernelVersion() (Version, error) { - kernelVersion.once.Do(func() { - kernelVersion.version, kernelVersion.err = detectKernelVersion() - }) - - if kernelVersion.err != nil { - return Version{}, kernelVersion.err - } - return kernelVersion.version, nil -} - -// detectKernelVersion returns the version of the running kernel. -func detectKernelVersion() (Version, error) { - vc, err := vdsoVersion() - if err != nil { - return Version{}, err - } - return NewVersionFromCode(vc), nil -} - -// KernelRelease returns the release string of the running kernel. -// Its format depends on the Linux distribution and corresponds to directory -// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and -// 4.19.0-16-amd64. -func KernelRelease() (string, error) { - var uname unix.Utsname - if err := unix.Uname(&uname); err != nil { - return "", fmt.Errorf("uname failed: %w", err) - } - - return unix.ByteSliceToString(uname.Release[:]), nil -} diff --git a/vendor/github.com/cilium/ebpf/link/cgroup.go b/vendor/github.com/cilium/ebpf/link/cgroup.go deleted file mode 100644 index 003b0638e8..0000000000 --- a/vendor/github.com/cilium/ebpf/link/cgroup.go +++ /dev/null @@ -1,165 +0,0 @@ -package link - -import ( - "errors" - "fmt" - "os" - - "github.com/cilium/ebpf" -) - -type cgroupAttachFlags uint32 - -// cgroup attach flags -const ( - flagAllowOverride cgroupAttachFlags = 1 << iota - flagAllowMulti - flagReplace -) - -type CgroupOptions struct { - // Path to a cgroupv2 folder. - Path string - // One of the AttachCgroup* constants - Attach ebpf.AttachType - // Program must be of type CGroup*, and the attach type must match Attach. - Program *ebpf.Program -} - -// AttachCgroup links a BPF program to a cgroup. -func AttachCgroup(opts CgroupOptions) (Link, error) { - cgroup, err := os.Open(opts.Path) - if err != nil { - return nil, fmt.Errorf("can't open cgroup: %s", err) - } - - clone, err := opts.Program.Clone() - if err != nil { - cgroup.Close() - return nil, err - } - - var cg Link - cg, err = newLinkCgroup(cgroup, opts.Attach, clone) - if errors.Is(err, ErrNotSupported) { - cg, err = newProgAttachCgroup(cgroup, opts.Attach, clone, flagAllowMulti) - } - if errors.Is(err, ErrNotSupported) { - cg, err = newProgAttachCgroup(cgroup, opts.Attach, clone, flagAllowOverride) - } - if err != nil { - cgroup.Close() - clone.Close() - return nil, err - } - - return cg, nil -} - -type progAttachCgroup struct { - cgroup *os.File - current *ebpf.Program - attachType ebpf.AttachType - flags cgroupAttachFlags -} - -var _ Link = (*progAttachCgroup)(nil) - -func (cg *progAttachCgroup) isLink() {} - -func newProgAttachCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program, flags cgroupAttachFlags) (*progAttachCgroup, error) { - if flags&flagAllowMulti > 0 { - if err := haveProgAttachReplace(); err != nil { - return nil, fmt.Errorf("can't support multiple programs: %w", err) - } - } - - err := RawAttachProgram(RawAttachProgramOptions{ - Target: int(cgroup.Fd()), - Program: prog, - Flags: uint32(flags), - Attach: attach, - }) - if err != nil { - return nil, fmt.Errorf("cgroup: %w", err) - } - - return &progAttachCgroup{cgroup, prog, attach, flags}, nil -} - -func (cg *progAttachCgroup) Close() error { - defer cg.cgroup.Close() - defer cg.current.Close() - - err := RawDetachProgram(RawDetachProgramOptions{ - Target: int(cg.cgroup.Fd()), - Program: cg.current, - Attach: cg.attachType, - }) - if err != nil { - return fmt.Errorf("close cgroup: %s", err) - } - return nil -} - -func (cg *progAttachCgroup) Update(prog *ebpf.Program) error { - new, err := prog.Clone() - if err != nil { - return err - } - - args := RawAttachProgramOptions{ - Target: int(cg.cgroup.Fd()), - Program: prog, - Attach: cg.attachType, - Flags: uint32(cg.flags), - } - - if cg.flags&flagAllowMulti > 0 { - // Atomically replacing multiple programs requires at least - // 5.5 (commit 7dd68b3279f17921 "bpf: Support replacing cgroup-bpf - // program in MULTI mode") - args.Flags |= uint32(flagReplace) - args.Replace = cg.current - } - - if err := RawAttachProgram(args); err != nil { - new.Close() - return fmt.Errorf("can't update cgroup: %s", err) - } - - cg.current.Close() - cg.current = new - return nil -} - -func (cg *progAttachCgroup) Pin(string) error { - return fmt.Errorf("can't pin cgroup: %w", ErrNotSupported) -} - -func (cg *progAttachCgroup) Unpin() error { - return fmt.Errorf("can't pin cgroup: %w", ErrNotSupported) -} - -func (cg *progAttachCgroup) Info() (*Info, error) { - return nil, fmt.Errorf("can't get cgroup info: %w", ErrNotSupported) -} - -type linkCgroup struct { - RawLink -} - -var _ Link = (*linkCgroup)(nil) - -func newLinkCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program) (*linkCgroup, error) { - link, err := AttachRawLink(RawLinkOptions{ - Target: int(cgroup.Fd()), - Program: prog, - Attach: attach, - }) - if err != nil { - return nil, err - } - - return &linkCgroup{*link}, err -} diff --git a/vendor/github.com/cilium/ebpf/link/doc.go b/vendor/github.com/cilium/ebpf/link/doc.go deleted file mode 100644 index 2bde35ed7a..0000000000 --- a/vendor/github.com/cilium/ebpf/link/doc.go +++ /dev/null @@ -1,2 +0,0 @@ -// Package link allows attaching eBPF programs to various kernel hooks. -package link diff --git a/vendor/github.com/cilium/ebpf/link/iter.go b/vendor/github.com/cilium/ebpf/link/iter.go deleted file mode 100644 index d2b32ef331..0000000000 --- a/vendor/github.com/cilium/ebpf/link/iter.go +++ /dev/null @@ -1,85 +0,0 @@ -package link - -import ( - "fmt" - "io" - "unsafe" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal/sys" -) - -type IterOptions struct { - // Program must be of type Tracing with attach type - // AttachTraceIter. The kind of iterator to attach to is - // determined at load time via the AttachTo field. - // - // AttachTo requires the kernel to include BTF of itself, - // and it to be compiled with a recent pahole (>= 1.16). - Program *ebpf.Program - - // Map specifies the target map for bpf_map_elem and sockmap iterators. - // It may be nil. - Map *ebpf.Map -} - -// AttachIter attaches a BPF seq_file iterator. -func AttachIter(opts IterOptions) (*Iter, error) { - if err := haveBPFLink(); err != nil { - return nil, err - } - - progFd := opts.Program.FD() - if progFd < 0 { - return nil, fmt.Errorf("invalid program: %s", sys.ErrClosedFd) - } - - var info bpfIterLinkInfoMap - if opts.Map != nil { - mapFd := opts.Map.FD() - if mapFd < 0 { - return nil, fmt.Errorf("invalid map: %w", sys.ErrClosedFd) - } - info.map_fd = uint32(mapFd) - } - - attr := sys.LinkCreateIterAttr{ - ProgFd: uint32(progFd), - AttachType: sys.AttachType(ebpf.AttachTraceIter), - IterInfo: sys.NewPointer(unsafe.Pointer(&info)), - IterInfoLen: uint32(unsafe.Sizeof(info)), - } - - fd, err := sys.LinkCreateIter(&attr) - if err != nil { - return nil, fmt.Errorf("can't link iterator: %w", err) - } - - return &Iter{RawLink{fd, ""}}, err -} - -// Iter represents an attached bpf_iter. -type Iter struct { - RawLink -} - -// Open creates a new instance of the iterator. -// -// Reading from the returned reader triggers the BPF program. -func (it *Iter) Open() (io.ReadCloser, error) { - attr := &sys.IterCreateAttr{ - LinkFd: it.fd.Uint(), - } - - fd, err := sys.IterCreate(attr) - if err != nil { - return nil, fmt.Errorf("can't create iterator: %w", err) - } - - return fd.File("bpf_iter"), nil -} - -// union bpf_iter_link_info.map -type bpfIterLinkInfoMap struct { - map_fd uint32 -} diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go deleted file mode 100644 index fdf622a0c0..0000000000 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ /dev/null @@ -1,568 +0,0 @@ -package link - -import ( - "bytes" - "crypto/rand" - "errors" - "fmt" - "os" - "path/filepath" - "runtime" - "strings" - "sync" - "syscall" - "unsafe" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -var ( - kprobeEventsPath = filepath.Join(tracefsPath, "kprobe_events") - - kprobeRetprobeBit = struct { - once sync.Once - value uint64 - err error - }{} -) - -type probeType uint8 - -type probeArgs struct { - symbol, group, path string - offset, refCtrOffset, cookie uint64 - pid int - ret bool -} - -// KprobeOptions defines additional parameters that will be used -// when loading Kprobes. -type KprobeOptions struct { - // Arbitrary value that can be fetched from an eBPF program - // via `bpf_get_attach_cookie()`. - // - // Needs kernel 5.15+. - Cookie uint64 - // Offset of the kprobe relative to the traced symbol. - // Can be used to insert kprobes at arbitrary offsets in kernel functions, - // e.g. in places where functions have been inlined. - Offset uint64 -} - -const ( - kprobeType probeType = iota - uprobeType -) - -func (pt probeType) String() string { - if pt == kprobeType { - return "kprobe" - } - return "uprobe" -} - -func (pt probeType) EventsPath() string { - if pt == kprobeType { - return kprobeEventsPath - } - return uprobeEventsPath -} - -func (pt probeType) PerfEventType(ret bool) perfEventType { - if pt == kprobeType { - if ret { - return kretprobeEvent - } - return kprobeEvent - } - if ret { - return uretprobeEvent - } - return uprobeEvent -} - -func (pt probeType) RetprobeBit() (uint64, error) { - if pt == kprobeType { - return kretprobeBit() - } - return uretprobeBit() -} - -// Kprobe attaches the given eBPF program to a perf event that fires when the -// given kernel symbol starts executing. See /proc/kallsyms for available -// symbols. For example, printk(): -// -// kp, err := Kprobe("printk", prog, nil) -// -// Losing the reference to the resulting Link (kp) will close the Kprobe -// and prevent further execution of prog. The Link must be Closed during -// program shutdown to avoid leaking system resources. -func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { - k, err := kprobe(symbol, prog, opts, false) - if err != nil { - return nil, err - } - - lnk, err := attachPerfEvent(k, prog) - if err != nil { - k.Close() - return nil, err - } - - return lnk, nil -} - -// Kretprobe attaches the given eBPF program to a perf event that fires right -// before the given kernel symbol exits, with the function stack left intact. -// See /proc/kallsyms for available symbols. For example, printk(): -// -// kp, err := Kretprobe("printk", prog, nil) -// -// Losing the reference to the resulting Link (kp) will close the Kretprobe -// and prevent further execution of prog. The Link must be Closed during -// program shutdown to avoid leaking system resources. -func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { - k, err := kprobe(symbol, prog, opts, true) - if err != nil { - return nil, err - } - - lnk, err := attachPerfEvent(k, prog) - if err != nil { - k.Close() - return nil, err - } - - return lnk, nil -} - -// isValidKprobeSymbol implements the equivalent of a regex match -// against "^[a-zA-Z_][0-9a-zA-Z_.]*$". -func isValidKprobeSymbol(s string) bool { - if len(s) < 1 { - return false - } - - for i, c := range []byte(s) { - switch { - case c >= 'a' && c <= 'z': - case c >= 'A' && c <= 'Z': - case c == '_': - case i > 0 && c >= '0' && c <= '9': - - // Allow `.` in symbol name. GCC-compiled kernel may change symbol name - // to have a `.isra.$n` suffix, like `udp_send_skb.isra.52`. - // See: https://gcc.gnu.org/gcc-10/changes.html - case i > 0 && c == '.': - - default: - return false - } - } - - return true -} - -// kprobe opens a perf event on the given symbol and attaches prog to it. -// If ret is true, create a kretprobe. -func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (*perfEvent, error) { - if symbol == "" { - return nil, fmt.Errorf("symbol name cannot be empty: %w", errInvalidInput) - } - if prog == nil { - return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) - } - if !isValidKprobeSymbol(symbol) { - return nil, fmt.Errorf("symbol '%s' must be a valid symbol in /proc/kallsyms: %w", symbol, errInvalidInput) - } - if prog.Type() != ebpf.Kprobe { - return nil, fmt.Errorf("eBPF program type %s is not a Kprobe: %w", prog.Type(), errInvalidInput) - } - - args := probeArgs{ - pid: perfAllThreads, - symbol: symbol, - ret: ret, - } - - if opts != nil { - args.cookie = opts.Cookie - args.offset = opts.Offset - } - - // Use kprobe PMU if the kernel has it available. - tp, err := pmuKprobe(args) - if errors.Is(err, os.ErrNotExist) { - args.symbol = platformPrefix(symbol) - tp, err = pmuKprobe(args) - } - if err == nil { - return tp, nil - } - if err != nil && !errors.Is(err, ErrNotSupported) { - return nil, fmt.Errorf("creating perf_kprobe PMU: %w", err) - } - - // Use tracefs if kprobe PMU is missing. - args.symbol = symbol - tp, err = tracefsKprobe(args) - if errors.Is(err, os.ErrNotExist) { - args.symbol = platformPrefix(symbol) - tp, err = tracefsKprobe(args) - } - if err != nil { - return nil, fmt.Errorf("creating trace event '%s' in tracefs: %w", symbol, err) - } - - return tp, nil -} - -// pmuKprobe opens a perf event based on the kprobe PMU. -// Returns os.ErrNotExist if the given symbol does not exist in the kernel. -func pmuKprobe(args probeArgs) (*perfEvent, error) { - return pmuProbe(kprobeType, args) -} - -// pmuProbe opens a perf event based on a Performance Monitoring Unit. -// -// Requires at least a 4.17 kernel. -// e12f03d7031a "perf/core: Implement the 'perf_kprobe' PMU" -// 33ea4b24277b "perf/core: Implement the 'perf_uprobe' PMU" -// -// Returns ErrNotSupported if the kernel doesn't support perf_[k,u]probe PMU -func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { - // Getting the PMU type will fail if the kernel doesn't support - // the perf_[k,u]probe PMU. - et, err := getPMUEventType(typ) - if err != nil { - return nil, err - } - - var config uint64 - if args.ret { - bit, err := typ.RetprobeBit() - if err != nil { - return nil, err - } - config |= 1 << bit - } - - var ( - attr unix.PerfEventAttr - sp unsafe.Pointer - ) - switch typ { - case kprobeType: - // Create a pointer to a NUL-terminated string for the kernel. - sp, err = unsafeStringPtr(args.symbol) - if err != nil { - return nil, err - } - - attr = unix.PerfEventAttr{ - // The minimum size required for PMU kprobes is PERF_ATTR_SIZE_VER1, - // since it added the config2 (Ext2) field. Use Ext2 as probe_offset. - Size: unix.PERF_ATTR_SIZE_VER1, - Type: uint32(et), // PMU event type read from sysfs - Ext1: uint64(uintptr(sp)), // Kernel symbol to trace - Ext2: args.offset, // Kernel symbol offset - Config: config, // Retprobe flag - } - case uprobeType: - sp, err = unsafeStringPtr(args.path) - if err != nil { - return nil, err - } - - if args.refCtrOffset != 0 { - config |= args.refCtrOffset << uprobeRefCtrOffsetShift - } - - attr = unix.PerfEventAttr{ - // The minimum size required for PMU uprobes is PERF_ATTR_SIZE_VER1, - // since it added the config2 (Ext2) field. The Size field controls the - // size of the internal buffer the kernel allocates for reading the - // perf_event_attr argument from userspace. - Size: unix.PERF_ATTR_SIZE_VER1, - Type: uint32(et), // PMU event type read from sysfs - Ext1: uint64(uintptr(sp)), // Uprobe path - Ext2: args.offset, // Uprobe offset - Config: config, // RefCtrOffset, Retprobe flag - } - } - - rawFd, err := unix.PerfEventOpen(&attr, args.pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) - - // On some old kernels, kprobe PMU doesn't allow `.` in symbol names and - // return -EINVAL. Return ErrNotSupported to allow falling back to tracefs. - // https://github.com/torvalds/linux/blob/94710cac0ef4/kernel/trace/trace_kprobe.c#L340-L343 - if errors.Is(err, unix.EINVAL) && strings.Contains(args.symbol, ".") { - return nil, fmt.Errorf("symbol '%s+%#x': older kernels don't accept dots: %w", args.symbol, args.offset, ErrNotSupported) - } - // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL - // when trying to create a kretprobe for a missing symbol. Make sure ENOENT - // is returned to the caller. - if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("symbol '%s+%#x' not found: %w", args.symbol, args.offset, os.ErrNotExist) - } - // Since commit ab105a4fb894, -EILSEQ is returned when a kprobe sym+offset is resolved - // to an invalid insn boundary. - if errors.Is(err, syscall.EILSEQ) { - return nil, fmt.Errorf("symbol '%s+%#x' not found (bad insn boundary): %w", args.symbol, args.offset, os.ErrNotExist) - } - // Since at least commit cb9a19fe4aa51, ENOTSUPP is returned - // when attempting to set a uprobe on a trap instruction. - if errors.Is(err, unix.ENOTSUPP) { - return nil, fmt.Errorf("failed setting uprobe on offset %#x (possible trap insn): %w", args.offset, err) - } - if err != nil { - return nil, fmt.Errorf("opening perf event: %w", err) - } - - // Ensure the string pointer is not collected before PerfEventOpen returns. - runtime.KeepAlive(sp) - - fd, err := sys.NewFD(rawFd) - if err != nil { - return nil, err - } - - // Kernel has perf_[k,u]probe PMU available, initialize perf event. - return &perfEvent{ - typ: typ.PerfEventType(args.ret), - name: args.symbol, - pmuID: et, - cookie: args.cookie, - fd: fd, - }, nil -} - -// tracefsKprobe creates a Kprobe tracefs entry. -func tracefsKprobe(args probeArgs) (*perfEvent, error) { - return tracefsProbe(kprobeType, args) -} - -// tracefsProbe creates a trace event by writing an entry to /[k,u]probe_events. -// A new trace event group name is generated on every call to support creating -// multiple trace events for the same kernel or userspace symbol. -// Path and offset are only set in the case of uprobe(s) and are used to set -// the executable/library path on the filesystem and the offset where the probe is inserted. -// A perf event is then opened on the newly-created trace event and returned to the caller. -func tracefsProbe(typ probeType, args probeArgs) (_ *perfEvent, err error) { - // Generate a random string for each trace event we attempt to create. - // This value is used as the 'group' token in tracefs to allow creating - // multiple kprobe trace events with the same name. - group, err := randomGroup("ebpf") - if err != nil { - return nil, fmt.Errorf("randomizing group name: %w", err) - } - args.group = group - - // Before attempting to create a trace event through tracefs, - // check if an event with the same group and name already exists. - // Kernels 4.x and earlier don't return os.ErrExist on writing a duplicate - // entry, so we need to rely on reads for detecting uniqueness. - _, err = getTraceEventID(group, args.symbol) - if err == nil { - return nil, fmt.Errorf("trace event already exists: %s/%s", group, args.symbol) - } - if err != nil && !errors.Is(err, os.ErrNotExist) { - return nil, fmt.Errorf("checking trace event %s/%s: %w", group, args.symbol, err) - } - - // Create the [k,u]probe trace event using tracefs. - if err := createTraceFSProbeEvent(typ, args); err != nil { - return nil, fmt.Errorf("creating probe entry on tracefs: %w", err) - } - defer func() { - if err != nil { - // Make sure we clean up the created tracefs event when we return error. - // If a livepatch handler is already active on the symbol, the write to - // tracefs will succeed, a trace event will show up, but creating the - // perf event will fail with EBUSY. - _ = closeTraceFSProbeEvent(typ, args.group, args.symbol) - } - }() - - // Get the newly-created trace event's id. - tid, err := getTraceEventID(group, args.symbol) - if err != nil { - return nil, fmt.Errorf("getting trace event id: %w", err) - } - - // Kprobes are ephemeral tracepoints and share the same perf event type. - fd, err := openTracepointPerfEvent(tid, args.pid) - if err != nil { - return nil, err - } - - return &perfEvent{ - typ: typ.PerfEventType(args.ret), - group: group, - name: args.symbol, - tracefsID: tid, - cookie: args.cookie, - fd: fd, - }, nil -} - -// createTraceFSProbeEvent creates a new ephemeral trace event by writing to -// /[k,u]probe_events. Returns os.ErrNotExist if symbol is not a valid -// kernel symbol, or if it is not traceable with kprobes. Returns os.ErrExist -// if a probe with the same group and symbol already exists. -func createTraceFSProbeEvent(typ probeType, args probeArgs) error { - // Open the kprobe_events file in tracefs. - f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666) - if err != nil { - return fmt.Errorf("error opening '%s': %w", typ.EventsPath(), err) - } - defer f.Close() - - var pe, token string - switch typ { - case kprobeType: - // The kprobe_events syntax is as follows (see Documentation/trace/kprobetrace.txt): - // p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS] : Set a probe - // r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS] : Set a return probe - // -:[GRP/]EVENT : Clear a probe - // - // Some examples: - // r:ebpf_1234/r_my_kretprobe nf_conntrack_destroy - // p:ebpf_5678/p_my_kprobe __x64_sys_execve - // - // Leaving the kretprobe's MAXACTIVE set to 0 (or absent) will make the - // kernel default to NR_CPUS. This is desired in most eBPF cases since - // subsampling or rate limiting logic can be more accurately implemented in - // the eBPF program itself. - // See Documentation/kprobes.txt for more details. - token = kprobeToken(args) - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, sanitizeSymbol(args.symbol), token) - case uprobeType: - // The uprobe_events syntax is as follows: - // p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe - // r[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a return probe - // -:[GRP/]EVENT : Clear a probe - // - // Some examples: - // r:ebpf_1234/readline /bin/bash:0x12345 - // p:ebpf_5678/main_mySymbol /bin/mybin:0x12345(0x123) - // - // See Documentation/trace/uprobetracer.txt for more details. - token = uprobeToken(args) - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, token) - } - _, err = f.WriteString(pe) - // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL - // when trying to create a kretprobe for a missing symbol. Make sure ENOENT - // is returned to the caller. - // EINVAL is also returned on pre-5.2 kernels when the `SYM[+offs]` token - // is resolved to an invalid insn boundary. - if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - return fmt.Errorf("token %s: %w", token, os.ErrNotExist) - } - // Since commit ab105a4fb894, -EILSEQ is returned when a kprobe sym+offset is resolved - // to an invalid insn boundary. - if errors.Is(err, syscall.EILSEQ) { - return fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) - } - // ERANGE is returned when the `SYM[+offs]` token is too big and cannot - // be resolved. - if errors.Is(err, syscall.ERANGE) { - return fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) - } - if err != nil { - return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err) - } - - return nil -} - -// closeTraceFSProbeEvent removes the [k,u]probe with the given type, group and symbol -// from /[k,u]probe_events. -func closeTraceFSProbeEvent(typ probeType, group, symbol string) error { - f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666) - if err != nil { - return fmt.Errorf("error opening %s: %w", typ.EventsPath(), err) - } - defer f.Close() - - // See [k,u]probe_events syntax above. The probe type does not need to be specified - // for removals. - pe := fmt.Sprintf("-:%s/%s", group, sanitizeSymbol(symbol)) - if _, err = f.WriteString(pe); err != nil { - return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err) - } - - return nil -} - -// randomGroup generates a pseudorandom string for use as a tracefs group name. -// Returns an error when the output string would exceed 63 characters (kernel -// limitation), when rand.Read() fails or when prefix contains characters not -// allowed by isValidTraceID. -func randomGroup(prefix string) (string, error) { - if !isValidTraceID(prefix) { - return "", fmt.Errorf("prefix '%s' must be alphanumeric or underscore: %w", prefix, errInvalidInput) - } - - b := make([]byte, 8) - if _, err := rand.Read(b); err != nil { - return "", fmt.Errorf("reading random bytes: %w", err) - } - - group := fmt.Sprintf("%s_%x", prefix, b) - if len(group) > 63 { - return "", fmt.Errorf("group name '%s' cannot be longer than 63 characters: %w", group, errInvalidInput) - } - - return group, nil -} - -func probePrefix(ret bool) string { - if ret { - return "r" - } - return "p" -} - -// determineRetprobeBit reads a Performance Monitoring Unit's retprobe bit -// from /sys/bus/event_source/devices//format/retprobe. -func determineRetprobeBit(typ probeType) (uint64, error) { - p := filepath.Join("/sys/bus/event_source/devices/", typ.String(), "/format/retprobe") - - data, err := os.ReadFile(p) - if err != nil { - return 0, err - } - - var rp uint64 - n, err := fmt.Sscanf(string(bytes.TrimSpace(data)), "config:%d", &rp) - if err != nil { - return 0, fmt.Errorf("parse retprobe bit: %w", err) - } - if n != 1 { - return 0, fmt.Errorf("parse retprobe bit: expected 1 item, got %d", n) - } - - return rp, nil -} - -func kretprobeBit() (uint64, error) { - kprobeRetprobeBit.once.Do(func() { - kprobeRetprobeBit.value, kprobeRetprobeBit.err = determineRetprobeBit(kprobeType) - }) - return kprobeRetprobeBit.value, kprobeRetprobeBit.err -} - -// kprobeToken creates the SYM[+offs] token for the tracefs api. -func kprobeToken(args probeArgs) string { - po := args.symbol - - if args.offset != 0 { - po += fmt.Sprintf("+%#x", args.offset) - } - - return po -} diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go deleted file mode 100644 index 067d0101aa..0000000000 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ /dev/null @@ -1,313 +0,0 @@ -package link - -import ( - "bytes" - "encoding/binary" - "fmt" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" -) - -var ErrNotSupported = internal.ErrNotSupported - -// Link represents a Program attached to a BPF hook. -type Link interface { - // Replace the current program with a new program. - // - // Passing a nil program is an error. May return an error wrapping ErrNotSupported. - Update(*ebpf.Program) error - - // Persist a link by pinning it into a bpffs. - // - // May return an error wrapping ErrNotSupported. - Pin(string) error - - // Undo a previous call to Pin. - // - // May return an error wrapping ErrNotSupported. - Unpin() error - - // Close frees resources. - // - // The link will be broken unless it has been successfully pinned. - // A link may continue past the lifetime of the process if Close is - // not called. - Close() error - - // Info returns metadata on a link. - // - // May return an error wrapping ErrNotSupported. - Info() (*Info, error) - - // Prevent external users from implementing this interface. - isLink() -} - -// LoadPinnedLink loads a link that was persisted into a bpffs. -func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { - raw, err := loadPinnedRawLink(fileName, opts) - if err != nil { - return nil, err - } - - return wrapRawLink(raw) -} - -// wrap a RawLink in a more specific type if possible. -// -// The function takes ownership of raw and closes it on error. -func wrapRawLink(raw *RawLink) (Link, error) { - info, err := raw.Info() - if err != nil { - raw.Close() - return nil, err - } - - switch info.Type { - case RawTracepointType: - return &rawTracepoint{*raw}, nil - case TracingType: - return &tracing{*raw}, nil - case CgroupType: - return &linkCgroup{*raw}, nil - case IterType: - return &Iter{*raw}, nil - case NetNsType: - return &NetNsLink{*raw}, nil - default: - return raw, nil - } -} - -// ID uniquely identifies a BPF link. -type ID = sys.LinkID - -// RawLinkOptions control the creation of a raw link. -type RawLinkOptions struct { - // File descriptor to attach to. This differs for each attach type. - Target int - // Program to attach. - Program *ebpf.Program - // Attach must match the attach type of Program. - Attach ebpf.AttachType - // BTF is the BTF of the attachment target. - BTF btf.TypeID - // Flags control the attach behaviour. - Flags uint32 -} - -// Info contains metadata on a link. -type Info struct { - Type Type - ID ID - Program ebpf.ProgramID - extra interface{} -} - -type TracingInfo sys.TracingLinkInfo -type CgroupInfo sys.CgroupLinkInfo -type NetNsInfo sys.NetNsLinkInfo -type XDPInfo sys.XDPLinkInfo - -// Tracing returns tracing type-specific link info. -// -// Returns nil if the type-specific link info isn't available. -func (r Info) Tracing() *TracingInfo { - e, _ := r.extra.(*TracingInfo) - return e -} - -// Cgroup returns cgroup type-specific link info. -// -// Returns nil if the type-specific link info isn't available. -func (r Info) Cgroup() *CgroupInfo { - e, _ := r.extra.(*CgroupInfo) - return e -} - -// NetNs returns netns type-specific link info. -// -// Returns nil if the type-specific link info isn't available. -func (r Info) NetNs() *NetNsInfo { - e, _ := r.extra.(*NetNsInfo) - return e -} - -// ExtraNetNs returns XDP type-specific link info. -// -// Returns nil if the type-specific link info isn't available. -func (r Info) XDP() *XDPInfo { - e, _ := r.extra.(*XDPInfo) - return e -} - -// RawLink is the low-level API to bpf_link. -// -// You should consider using the higher level interfaces in this -// package instead. -type RawLink struct { - fd *sys.FD - pinnedPath string -} - -// AttachRawLink creates a raw link. -func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { - if err := haveBPFLink(); err != nil { - return nil, err - } - - if opts.Target < 0 { - return nil, fmt.Errorf("invalid target: %s", sys.ErrClosedFd) - } - - progFd := opts.Program.FD() - if progFd < 0 { - return nil, fmt.Errorf("invalid program: %s", sys.ErrClosedFd) - } - - attr := sys.LinkCreateAttr{ - TargetFd: uint32(opts.Target), - ProgFd: uint32(progFd), - AttachType: sys.AttachType(opts.Attach), - TargetBtfId: uint32(opts.BTF), - Flags: opts.Flags, - } - fd, err := sys.LinkCreate(&attr) - if err != nil { - return nil, fmt.Errorf("can't create link: %s", err) - } - - return &RawLink{fd, ""}, nil -} - -func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ - Pathname: sys.NewStringPointer(fileName), - FileFlags: opts.Marshal(), - }) - if err != nil { - return nil, fmt.Errorf("load pinned link: %w", err) - } - - return &RawLink{fd, fileName}, nil -} - -func (l *RawLink) isLink() {} - -// FD returns the raw file descriptor. -func (l *RawLink) FD() int { - return l.fd.Int() -} - -// Close breaks the link. -// -// Use Pin if you want to make the link persistent. -func (l *RawLink) Close() error { - return l.fd.Close() -} - -// Pin persists a link past the lifetime of the process. -// -// Calling Close on a pinned Link will not break the link -// until the pin is removed. -func (l *RawLink) Pin(fileName string) error { - if err := internal.Pin(l.pinnedPath, fileName, l.fd); err != nil { - return err - } - l.pinnedPath = fileName - return nil -} - -// Unpin implements the Link interface. -func (l *RawLink) Unpin() error { - if err := internal.Unpin(l.pinnedPath); err != nil { - return err - } - l.pinnedPath = "" - return nil -} - -// Update implements the Link interface. -func (l *RawLink) Update(new *ebpf.Program) error { - return l.UpdateArgs(RawLinkUpdateOptions{ - New: new, - }) -} - -// RawLinkUpdateOptions control the behaviour of RawLink.UpdateArgs. -type RawLinkUpdateOptions struct { - New *ebpf.Program - Old *ebpf.Program - Flags uint32 -} - -// UpdateArgs updates a link based on args. -func (l *RawLink) UpdateArgs(opts RawLinkUpdateOptions) error { - newFd := opts.New.FD() - if newFd < 0 { - return fmt.Errorf("invalid program: %s", sys.ErrClosedFd) - } - - var oldFd int - if opts.Old != nil { - oldFd = opts.Old.FD() - if oldFd < 0 { - return fmt.Errorf("invalid replacement program: %s", sys.ErrClosedFd) - } - } - - attr := sys.LinkUpdateAttr{ - LinkFd: l.fd.Uint(), - NewProgFd: uint32(newFd), - OldProgFd: uint32(oldFd), - Flags: opts.Flags, - } - return sys.LinkUpdate(&attr) -} - -// Info returns metadata about the link. -func (l *RawLink) Info() (*Info, error) { - var info sys.LinkInfo - - if err := sys.ObjInfo(l.fd, &info); err != nil { - return nil, fmt.Errorf("link info: %s", err) - } - - var extra interface{} - switch info.Type { - case CgroupType: - extra = &CgroupInfo{} - case IterType: - // not supported - case NetNsType: - extra = &NetNsInfo{} - case RawTracepointType: - // not supported - case TracingType: - extra = &TracingInfo{} - case XDPType: - extra = &XDPInfo{} - case PerfEventType: - // no extra - default: - return nil, fmt.Errorf("unknown link info type: %d", info.Type) - } - - if info.Type != RawTracepointType && info.Type != IterType && info.Type != PerfEventType { - buf := bytes.NewReader(info.Extra[:]) - err := binary.Read(buf, internal.NativeEndian, extra) - if err != nil { - return nil, fmt.Errorf("can not read extra link info: %w", err) - } - } - - return &Info{ - info.Type, - info.Id, - ebpf.ProgramID(info.ProgId), - extra, - }, nil -} diff --git a/vendor/github.com/cilium/ebpf/link/netns.go b/vendor/github.com/cilium/ebpf/link/netns.go deleted file mode 100644 index 344ecced6b..0000000000 --- a/vendor/github.com/cilium/ebpf/link/netns.go +++ /dev/null @@ -1,36 +0,0 @@ -package link - -import ( - "fmt" - - "github.com/cilium/ebpf" -) - -// NetNsLink is a program attached to a network namespace. -type NetNsLink struct { - RawLink -} - -// AttachNetNs attaches a program to a network namespace. -func AttachNetNs(ns int, prog *ebpf.Program) (*NetNsLink, error) { - var attach ebpf.AttachType - switch t := prog.Type(); t { - case ebpf.FlowDissector: - attach = ebpf.AttachFlowDissector - case ebpf.SkLookup: - attach = ebpf.AttachSkLookup - default: - return nil, fmt.Errorf("can't attach %v to network namespace", t) - } - - link, err := AttachRawLink(RawLinkOptions{ - Target: ns, - Program: prog, - Attach: attach, - }) - if err != nil { - return nil, err - } - - return &NetNsLink{*link}, nil -} diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go deleted file mode 100644 index 0e5bd47911..0000000000 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ /dev/null @@ -1,394 +0,0 @@ -package link - -import ( - "bytes" - "errors" - "fmt" - "os" - "path/filepath" - "runtime" - "strconv" - "strings" - "unsafe" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// Getting the terminology right is usually the hardest part. For posterity and -// for staying sane during implementation: -// -// - trace event: Representation of a kernel runtime hook. Filesystem entries -// under /events. Can be tracepoints (static), kprobes or uprobes. -// Can be instantiated into perf events (see below). -// - tracepoint: A predetermined hook point in the kernel. Exposed as trace -// events in (sub)directories under /events. Cannot be closed or -// removed, they are static. -// - k(ret)probe: Ephemeral trace events based on entry or exit points of -// exported kernel symbols. kprobe-based (tracefs) trace events can be -// created system-wide by writing to the /kprobe_events file, or -// they can be scoped to the current process by creating PMU perf events. -// - u(ret)probe: Ephemeral trace events based on user provides ELF binaries -// and offsets. uprobe-based (tracefs) trace events can be -// created system-wide by writing to the /uprobe_events file, or -// they can be scoped to the current process by creating PMU perf events. -// - perf event: An object instantiated based on an existing trace event or -// kernel symbol. Referred to by fd in userspace. -// Exactly one eBPF program can be attached to a perf event. Multiple perf -// events can be created from a single trace event. Closing a perf event -// stops any further invocations of the attached eBPF program. - -var ( - tracefsPath = "/sys/kernel/debug/tracing" - - errInvalidInput = errors.New("invalid input") -) - -const ( - perfAllThreads = -1 -) - -type perfEventType uint8 - -const ( - tracepointEvent perfEventType = iota - kprobeEvent - kretprobeEvent - uprobeEvent - uretprobeEvent -) - -// A perfEvent represents a perf event kernel object. Exactly one eBPF program -// can be attached to it. It is created based on a tracefs trace event or a -// Performance Monitoring Unit (PMU). -type perfEvent struct { - // The event type determines the types of programs that can be attached. - typ perfEventType - - // Group and name of the tracepoint/kprobe/uprobe. - group string - name string - - // PMU event ID read from sysfs. Valid IDs are non-zero. - pmuID uint64 - // ID of the trace event read from tracefs. Valid IDs are non-zero. - tracefsID uint64 - - // User provided arbitrary value. - cookie uint64 - - // This is the perf event FD. - fd *sys.FD -} - -func (pe *perfEvent) Close() error { - if err := pe.fd.Close(); err != nil { - return fmt.Errorf("closing perf event fd: %w", err) - } - - switch pe.typ { - case kprobeEvent, kretprobeEvent: - // Clean up kprobe tracefs entry. - if pe.tracefsID != 0 { - return closeTraceFSProbeEvent(kprobeType, pe.group, pe.name) - } - case uprobeEvent, uretprobeEvent: - // Clean up uprobe tracefs entry. - if pe.tracefsID != 0 { - return closeTraceFSProbeEvent(uprobeType, pe.group, pe.name) - } - case tracepointEvent: - // Tracepoint trace events don't hold any extra resources. - return nil - } - - return nil -} - -// perfEventLink represents a bpf perf link. -type perfEventLink struct { - RawLink - pe *perfEvent -} - -func (pl *perfEventLink) isLink() {} - -// Pinning requires the underlying perf event FD to stay open. -// -// | PerfEvent FD | BpfLink FD | Works | -// |--------------|------------|-------| -// | Open | Open | Yes | -// | Closed | Open | No | -// | Open | Closed | No (Pin() -> EINVAL) | -// | Closed | Closed | No (Pin() -> EINVAL) | -// -// There is currently no pretty way to recover the perf event FD -// when loading a pinned link, so leave as not supported for now. -func (pl *perfEventLink) Pin(string) error { - return fmt.Errorf("perf event link pin: %w", ErrNotSupported) -} - -func (pl *perfEventLink) Unpin() error { - return fmt.Errorf("perf event link unpin: %w", ErrNotSupported) -} - -func (pl *perfEventLink) Close() error { - if err := pl.pe.Close(); err != nil { - return fmt.Errorf("perf event link close: %w", err) - } - return pl.fd.Close() -} - -func (pl *perfEventLink) Update(prog *ebpf.Program) error { - return fmt.Errorf("perf event link update: %w", ErrNotSupported) -} - -// perfEventIoctl implements Link and handles the perf event lifecycle -// via ioctl(). -type perfEventIoctl struct { - *perfEvent -} - -func (pi *perfEventIoctl) isLink() {} - -// Since 4.15 (e87c6bc3852b "bpf: permit multiple bpf attachments for a single perf event"), -// calling PERF_EVENT_IOC_SET_BPF appends the given program to a prog_array -// owned by the perf event, which means multiple programs can be attached -// simultaneously. -// -// Before 4.15, calling PERF_EVENT_IOC_SET_BPF more than once on a perf event -// returns EEXIST. -// -// Detaching a program from a perf event is currently not possible, so a -// program replacement mechanism cannot be implemented for perf events. -func (pi *perfEventIoctl) Update(prog *ebpf.Program) error { - return fmt.Errorf("perf event ioctl update: %w", ErrNotSupported) -} - -func (pi *perfEventIoctl) Pin(string) error { - return fmt.Errorf("perf event ioctl pin: %w", ErrNotSupported) -} - -func (pi *perfEventIoctl) Unpin() error { - return fmt.Errorf("perf event ioctl unpin: %w", ErrNotSupported) -} - -func (pi *perfEventIoctl) Info() (*Info, error) { - return nil, fmt.Errorf("perf event ioctl info: %w", ErrNotSupported) -} - -// attach the given eBPF prog to the perf event stored in pe. -// pe must contain a valid perf event fd. -// prog's type must match the program type stored in pe. -func attachPerfEvent(pe *perfEvent, prog *ebpf.Program) (Link, error) { - if prog == nil { - return nil, errors.New("cannot attach a nil program") - } - if prog.FD() < 0 { - return nil, fmt.Errorf("invalid program: %w", sys.ErrClosedFd) - } - - switch pe.typ { - case kprobeEvent, kretprobeEvent, uprobeEvent, uretprobeEvent: - if t := prog.Type(); t != ebpf.Kprobe { - return nil, fmt.Errorf("invalid program type (expected %s): %s", ebpf.Kprobe, t) - } - case tracepointEvent: - if t := prog.Type(); t != ebpf.TracePoint { - return nil, fmt.Errorf("invalid program type (expected %s): %s", ebpf.TracePoint, t) - } - default: - return nil, fmt.Errorf("unknown perf event type: %d", pe.typ) - } - - if err := haveBPFLinkPerfEvent(); err == nil { - return attachPerfEventLink(pe, prog) - } - return attachPerfEventIoctl(pe, prog) -} - -func attachPerfEventIoctl(pe *perfEvent, prog *ebpf.Program) (*perfEventIoctl, error) { - if pe.cookie != 0 { - return nil, fmt.Errorf("cookies are not supported: %w", ErrNotSupported) - } - - // Assign the eBPF program to the perf event. - err := unix.IoctlSetInt(pe.fd.Int(), unix.PERF_EVENT_IOC_SET_BPF, prog.FD()) - if err != nil { - return nil, fmt.Errorf("setting perf event bpf program: %w", err) - } - - // PERF_EVENT_IOC_ENABLE and _DISABLE ignore their given values. - if err := unix.IoctlSetInt(pe.fd.Int(), unix.PERF_EVENT_IOC_ENABLE, 0); err != nil { - return nil, fmt.Errorf("enable perf event: %s", err) - } - - pi := &perfEventIoctl{pe} - - // Close the perf event when its reference is lost to avoid leaking system resources. - runtime.SetFinalizer(pi, (*perfEventIoctl).Close) - return pi, nil -} - -// Use the bpf api to attach the perf event (BPF_LINK_TYPE_PERF_EVENT, 5.15+). -// -// https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -func attachPerfEventLink(pe *perfEvent, prog *ebpf.Program) (*perfEventLink, error) { - fd, err := sys.LinkCreatePerfEvent(&sys.LinkCreatePerfEventAttr{ - ProgFd: uint32(prog.FD()), - TargetFd: pe.fd.Uint(), - AttachType: sys.BPF_PERF_EVENT, - BpfCookie: pe.cookie, - }) - if err != nil { - return nil, fmt.Errorf("cannot create bpf perf link: %v", err) - } - - pl := &perfEventLink{RawLink{fd: fd}, pe} - - // Close the perf event when its reference is lost to avoid leaking system resources. - runtime.SetFinalizer(pl, (*perfEventLink).Close) - return pl, nil -} - -// unsafeStringPtr returns an unsafe.Pointer to a NUL-terminated copy of str. -func unsafeStringPtr(str string) (unsafe.Pointer, error) { - p, err := unix.BytePtrFromString(str) - if err != nil { - return nil, err - } - return unsafe.Pointer(p), nil -} - -// getTraceEventID reads a trace event's ID from tracefs given its group and name. -// The kernel requires group and name to be alphanumeric or underscore. -// -// name automatically has its invalid symbols converted to underscores so the caller -// can pass a raw symbol name, e.g. a kernel symbol containing dots. -func getTraceEventID(group, name string) (uint64, error) { - name = sanitizeSymbol(name) - tid, err := uint64FromFile(tracefsPath, "events", group, name, "id") - if errors.Is(err, os.ErrNotExist) { - return 0, fmt.Errorf("trace event %s/%s: %w", group, name, os.ErrNotExist) - } - if err != nil { - return 0, fmt.Errorf("reading trace event ID of %s/%s: %w", group, name, err) - } - - return tid, nil -} - -// getPMUEventType reads a Performance Monitoring Unit's type (numeric identifier) -// from /sys/bus/event_source/devices//type. -// -// Returns ErrNotSupported if the pmu type is not supported. -func getPMUEventType(typ probeType) (uint64, error) { - et, err := uint64FromFile("/sys/bus/event_source/devices", typ.String(), "type") - if errors.Is(err, os.ErrNotExist) { - return 0, fmt.Errorf("pmu type %s: %w", typ, ErrNotSupported) - } - if err != nil { - return 0, fmt.Errorf("reading pmu type %s: %w", typ, err) - } - - return et, nil -} - -// openTracepointPerfEvent opens a tracepoint-type perf event. System-wide -// [k,u]probes created by writing to /[k,u]probe_events are tracepoints -// behind the scenes, and can be attached to using these perf events. -func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { - attr := unix.PerfEventAttr{ - Type: unix.PERF_TYPE_TRACEPOINT, - Config: tid, - Sample_type: unix.PERF_SAMPLE_RAW, - Sample: 1, - Wakeup: 1, - } - - fd, err := unix.PerfEventOpen(&attr, pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) - if err != nil { - return nil, fmt.Errorf("opening tracepoint perf event: %w", err) - } - - return sys.NewFD(fd) -} - -// uint64FromFile reads a uint64 from a file. All elements of path are sanitized -// and joined onto base. Returns error if base no longer prefixes the path after -// joining all components. -func uint64FromFile(base string, path ...string) (uint64, error) { - l := filepath.Join(path...) - p := filepath.Join(base, l) - if !strings.HasPrefix(p, base) { - return 0, fmt.Errorf("path '%s' attempts to escape base path '%s': %w", l, base, errInvalidInput) - } - - data, err := os.ReadFile(p) - if err != nil { - return 0, fmt.Errorf("reading file %s: %w", p, err) - } - - et := bytes.TrimSpace(data) - return strconv.ParseUint(string(et), 10, 64) -} - -// Probe BPF perf link. -// -// https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 -// https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -var haveBPFLinkPerfEvent = internal.FeatureTest("bpf_link_perf_event", "5.15", func() error { - prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ - Name: "probe_bpf_perf_link", - Type: ebpf.Kprobe, - Instructions: asm.Instructions{ - asm.Mov.Imm(asm.R0, 0), - asm.Return(), - }, - License: "MIT", - }) - if err != nil { - return err - } - defer prog.Close() - - _, err = sys.LinkCreatePerfEvent(&sys.LinkCreatePerfEventAttr{ - ProgFd: uint32(prog.FD()), - AttachType: sys.BPF_PERF_EVENT, - }) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - if errors.Is(err, unix.EBADF) { - return nil - } - return err -}) - -// isValidTraceID implements the equivalent of a regex match -// against "^[a-zA-Z_][0-9a-zA-Z_]*$". -// -// Trace event groups, names and kernel symbols must adhere to this set -// of characters. Non-empty, first character must not be a number, all -// characters must be alphanumeric or underscore. -func isValidTraceID(s string) bool { - if len(s) < 1 { - return false - } - for i, c := range []byte(s) { - switch { - case c >= 'a' && c <= 'z': - case c >= 'A' && c <= 'Z': - case c == '_': - case i > 0 && c >= '0' && c <= '9': - - default: - return false - } - } - - return true -} diff --git a/vendor/github.com/cilium/ebpf/link/platform.go b/vendor/github.com/cilium/ebpf/link/platform.go deleted file mode 100644 index eb6f7b7a37..0000000000 --- a/vendor/github.com/cilium/ebpf/link/platform.go +++ /dev/null @@ -1,25 +0,0 @@ -package link - -import ( - "fmt" - "runtime" -) - -func platformPrefix(symbol string) string { - - prefix := runtime.GOARCH - - // per https://github.com/golang/go/blob/master/src/go/build/syslist.go - switch prefix { - case "386": - prefix = "ia32" - case "amd64", "amd64p32": - prefix = "x64" - case "arm64", "arm64be": - prefix = "arm64" - default: - return symbol - } - - return fmt.Sprintf("__%s_%s", prefix, symbol) -} diff --git a/vendor/github.com/cilium/ebpf/link/program.go b/vendor/github.com/cilium/ebpf/link/program.go deleted file mode 100644 index ea31817377..0000000000 --- a/vendor/github.com/cilium/ebpf/link/program.go +++ /dev/null @@ -1,76 +0,0 @@ -package link - -import ( - "fmt" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal/sys" -) - -type RawAttachProgramOptions struct { - // File descriptor to attach to. This differs for each attach type. - Target int - // Program to attach. - Program *ebpf.Program - // Program to replace (cgroups). - Replace *ebpf.Program - // Attach must match the attach type of Program (and Replace). - Attach ebpf.AttachType - // Flags control the attach behaviour. This differs for each attach type. - Flags uint32 -} - -// RawAttachProgram is a low level wrapper around BPF_PROG_ATTACH. -// -// You should use one of the higher level abstractions available in this -// package if possible. -func RawAttachProgram(opts RawAttachProgramOptions) error { - if err := haveProgAttach(); err != nil { - return err - } - - var replaceFd uint32 - if opts.Replace != nil { - replaceFd = uint32(opts.Replace.FD()) - } - - attr := sys.ProgAttachAttr{ - TargetFd: uint32(opts.Target), - AttachBpfFd: uint32(opts.Program.FD()), - ReplaceBpfFd: replaceFd, - AttachType: uint32(opts.Attach), - AttachFlags: uint32(opts.Flags), - } - - if err := sys.ProgAttach(&attr); err != nil { - return fmt.Errorf("can't attach program: %w", err) - } - return nil -} - -type RawDetachProgramOptions struct { - Target int - Program *ebpf.Program - Attach ebpf.AttachType -} - -// RawDetachProgram is a low level wrapper around BPF_PROG_DETACH. -// -// You should use one of the higher level abstractions available in this -// package if possible. -func RawDetachProgram(opts RawDetachProgramOptions) error { - if err := haveProgAttach(); err != nil { - return err - } - - attr := sys.ProgDetachAttr{ - TargetFd: uint32(opts.Target), - AttachBpfFd: uint32(opts.Program.FD()), - AttachType: uint32(opts.Attach), - } - if err := sys.ProgDetach(&attr); err != nil { - return fmt.Errorf("can't detach program: %w", err) - } - - return nil -} diff --git a/vendor/github.com/cilium/ebpf/link/raw_tracepoint.go b/vendor/github.com/cilium/ebpf/link/raw_tracepoint.go deleted file mode 100644 index 925e621cbb..0000000000 --- a/vendor/github.com/cilium/ebpf/link/raw_tracepoint.go +++ /dev/null @@ -1,87 +0,0 @@ -package link - -import ( - "errors" - "fmt" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal/sys" -) - -type RawTracepointOptions struct { - // Tracepoint name. - Name string - // Program must be of type RawTracepoint* - Program *ebpf.Program -} - -// AttachRawTracepoint links a BPF program to a raw_tracepoint. -// -// Requires at least Linux 4.17. -func AttachRawTracepoint(opts RawTracepointOptions) (Link, error) { - if t := opts.Program.Type(); t != ebpf.RawTracepoint && t != ebpf.RawTracepointWritable { - return nil, fmt.Errorf("invalid program type %s, expected RawTracepoint(Writable)", t) - } - if opts.Program.FD() < 0 { - return nil, fmt.Errorf("invalid program: %w", sys.ErrClosedFd) - } - - fd, err := sys.RawTracepointOpen(&sys.RawTracepointOpenAttr{ - Name: sys.NewStringPointer(opts.Name), - ProgFd: uint32(opts.Program.FD()), - }) - if err != nil { - return nil, err - } - - err = haveBPFLink() - if errors.Is(err, ErrNotSupported) { - // Prior to commit 70ed506c3bbc ("bpf: Introduce pinnable bpf_link abstraction") - // raw_tracepoints are just a plain fd. - return &simpleRawTracepoint{fd}, nil - } - - if err != nil { - return nil, err - } - - return &rawTracepoint{RawLink{fd: fd}}, nil -} - -type simpleRawTracepoint struct { - fd *sys.FD -} - -var _ Link = (*simpleRawTracepoint)(nil) - -func (frt *simpleRawTracepoint) isLink() {} - -func (frt *simpleRawTracepoint) Close() error { - return frt.fd.Close() -} - -func (frt *simpleRawTracepoint) Update(_ *ebpf.Program) error { - return fmt.Errorf("update raw_tracepoint: %w", ErrNotSupported) -} - -func (frt *simpleRawTracepoint) Pin(string) error { - return fmt.Errorf("pin raw_tracepoint: %w", ErrNotSupported) -} - -func (frt *simpleRawTracepoint) Unpin() error { - return fmt.Errorf("unpin raw_tracepoint: %w", ErrNotSupported) -} - -func (frt *simpleRawTracepoint) Info() (*Info, error) { - return nil, fmt.Errorf("can't get raw_tracepoint info: %w", ErrNotSupported) -} - -type rawTracepoint struct { - RawLink -} - -var _ Link = (*rawTracepoint)(nil) - -func (rt *rawTracepoint) Update(_ *ebpf.Program) error { - return fmt.Errorf("update raw_tracepoint: %w", ErrNotSupported) -} diff --git a/vendor/github.com/cilium/ebpf/link/socket_filter.go b/vendor/github.com/cilium/ebpf/link/socket_filter.go deleted file mode 100644 index 94f3958cc4..0000000000 --- a/vendor/github.com/cilium/ebpf/link/socket_filter.go +++ /dev/null @@ -1,40 +0,0 @@ -package link - -import ( - "syscall" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal/unix" -) - -// AttachSocketFilter attaches a SocketFilter BPF program to a socket. -func AttachSocketFilter(conn syscall.Conn, program *ebpf.Program) error { - rawConn, err := conn.SyscallConn() - if err != nil { - return err - } - var ssoErr error - err = rawConn.Control(func(fd uintptr) { - ssoErr = syscall.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_ATTACH_BPF, program.FD()) - }) - if ssoErr != nil { - return ssoErr - } - return err -} - -// DetachSocketFilter detaches a SocketFilter BPF program from a socket. -func DetachSocketFilter(conn syscall.Conn) error { - rawConn, err := conn.SyscallConn() - if err != nil { - return err - } - var ssoErr error - err = rawConn.Control(func(fd uintptr) { - ssoErr = syscall.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_DETACH_BPF, 0) - }) - if ssoErr != nil { - return ssoErr - } - return err -} diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go deleted file mode 100644 index a661395b36..0000000000 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ /dev/null @@ -1,103 +0,0 @@ -package link - -import ( - "errors" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// Type is the kind of link. -type Type = sys.LinkType - -// Valid link types. -const ( - UnspecifiedType = sys.BPF_LINK_TYPE_UNSPEC - RawTracepointType = sys.BPF_LINK_TYPE_RAW_TRACEPOINT - TracingType = sys.BPF_LINK_TYPE_TRACING - CgroupType = sys.BPF_LINK_TYPE_CGROUP - IterType = sys.BPF_LINK_TYPE_ITER - NetNsType = sys.BPF_LINK_TYPE_NETNS - XDPType = sys.BPF_LINK_TYPE_XDP - PerfEventType = sys.BPF_LINK_TYPE_PERF_EVENT -) - -var haveProgAttach = internal.FeatureTest("BPF_PROG_ATTACH", "4.10", func() error { - prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ - Type: ebpf.CGroupSKB, - License: "MIT", - Instructions: asm.Instructions{ - asm.Mov.Imm(asm.R0, 0), - asm.Return(), - }, - }) - if err != nil { - return internal.ErrNotSupported - } - - // BPF_PROG_ATTACH was introduced at the same time as CGgroupSKB, - // so being able to load the program is enough to infer that we - // have the syscall. - prog.Close() - return nil -}) - -var haveProgAttachReplace = internal.FeatureTest("BPF_PROG_ATTACH atomic replacement", "5.5", func() error { - if err := haveProgAttach(); err != nil { - return err - } - - prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ - Type: ebpf.CGroupSKB, - AttachType: ebpf.AttachCGroupInetIngress, - License: "MIT", - Instructions: asm.Instructions{ - asm.Mov.Imm(asm.R0, 0), - asm.Return(), - }, - }) - if err != nil { - return internal.ErrNotSupported - } - defer prog.Close() - - // We know that we have BPF_PROG_ATTACH since we can load CGroupSKB programs. - // If passing BPF_F_REPLACE gives us EINVAL we know that the feature isn't - // present. - attr := sys.ProgAttachAttr{ - // We rely on this being checked after attachFlags. - TargetFd: ^uint32(0), - AttachBpfFd: uint32(prog.FD()), - AttachType: uint32(ebpf.AttachCGroupInetIngress), - AttachFlags: uint32(flagReplace), - } - - err = sys.ProgAttach(&attr) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - if errors.Is(err, unix.EBADF) { - return nil - } - return err -}) - -var haveBPFLink = internal.FeatureTest("bpf_link", "5.7", func() error { - attr := sys.LinkCreateAttr{ - // This is a hopefully invalid file descriptor, which triggers EBADF. - TargetFd: ^uint32(0), - ProgFd: ^uint32(0), - AttachType: sys.AttachType(ebpf.AttachCGroupInetIngress), - } - _, err := sys.LinkCreate(&attr) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - if errors.Is(err, unix.EBADF) { - return nil - } - return err -}) diff --git a/vendor/github.com/cilium/ebpf/link/tracepoint.go b/vendor/github.com/cilium/ebpf/link/tracepoint.go deleted file mode 100644 index a59ef9d1c5..0000000000 --- a/vendor/github.com/cilium/ebpf/link/tracepoint.go +++ /dev/null @@ -1,77 +0,0 @@ -package link - -import ( - "fmt" - - "github.com/cilium/ebpf" -) - -// TracepointOptions defines additional parameters that will be used -// when loading Tracepoints. -type TracepointOptions struct { - // Arbitrary value that can be fetched from an eBPF program - // via `bpf_get_attach_cookie()`. - // - // Needs kernel 5.15+. - Cookie uint64 -} - -// Tracepoint attaches the given eBPF program to the tracepoint with the given -// group and name. See /sys/kernel/debug/tracing/events to find available -// tracepoints. The top-level directory is the group, the event's subdirectory -// is the name. Example: -// -// tp, err := Tracepoint("syscalls", "sys_enter_fork", prog, nil) -// -// Losing the reference to the resulting Link (tp) will close the Tracepoint -// and prevent further execution of prog. The Link must be Closed during -// program shutdown to avoid leaking system resources. -// -// Note that attaching eBPF programs to syscalls (sys_enter_*/sys_exit_*) is -// only possible as of kernel 4.14 (commit cf5f5ce). -func Tracepoint(group, name string, prog *ebpf.Program, opts *TracepointOptions) (Link, error) { - if group == "" || name == "" { - return nil, fmt.Errorf("group and name cannot be empty: %w", errInvalidInput) - } - if prog == nil { - return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) - } - if !isValidTraceID(group) || !isValidTraceID(name) { - return nil, fmt.Errorf("group and name '%s/%s' must be alphanumeric or underscore: %w", group, name, errInvalidInput) - } - if prog.Type() != ebpf.TracePoint { - return nil, fmt.Errorf("eBPF program type %s is not a Tracepoint: %w", prog.Type(), errInvalidInput) - } - - tid, err := getTraceEventID(group, name) - if err != nil { - return nil, err - } - - fd, err := openTracepointPerfEvent(tid, perfAllThreads) - if err != nil { - return nil, err - } - - var cookie uint64 - if opts != nil { - cookie = opts.Cookie - } - - pe := &perfEvent{ - typ: tracepointEvent, - group: group, - name: name, - tracefsID: tid, - cookie: cookie, - fd: fd, - } - - lnk, err := attachPerfEvent(pe, prog) - if err != nil { - pe.Close() - return nil, err - } - - return lnk, nil -} diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go deleted file mode 100644 index e47e61a3b8..0000000000 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ /dev/null @@ -1,141 +0,0 @@ -package link - -import ( - "fmt" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal/sys" -) - -type tracing struct { - RawLink -} - -func (f *tracing) Update(new *ebpf.Program) error { - return fmt.Errorf("tracing update: %w", ErrNotSupported) -} - -// AttachFreplace attaches the given eBPF program to the function it replaces. -// -// The program and name can either be provided at link time, or can be provided -// at program load time. If they were provided at load time, they should be nil -// and empty respectively here, as they will be ignored by the kernel. -// Examples: -// -// AttachFreplace(dispatcher, "function", replacement) -// AttachFreplace(nil, "", replacement) -func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) (Link, error) { - if (name == "") != (targetProg == nil) { - return nil, fmt.Errorf("must provide both or neither of name and targetProg: %w", errInvalidInput) - } - if prog == nil { - return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) - } - if prog.Type() != ebpf.Extension { - return nil, fmt.Errorf("eBPF program type %s is not an Extension: %w", prog.Type(), errInvalidInput) - } - - var ( - target int - typeID btf.TypeID - ) - if targetProg != nil { - btfHandle, err := targetProg.Handle() - if err != nil { - return nil, err - } - defer btfHandle.Close() - - spec, err := btfHandle.Spec(nil) - if err != nil { - return nil, err - } - - var function *btf.Func - if err := spec.TypeByName(name, &function); err != nil { - return nil, err - } - - target = targetProg.FD() - typeID, err = spec.TypeID(function) - if err != nil { - return nil, err - } - } - - link, err := AttachRawLink(RawLinkOptions{ - Target: target, - Program: prog, - Attach: ebpf.AttachNone, - BTF: typeID, - }) - if err != nil { - return nil, err - } - - return &tracing{*link}, nil -} - -type TracingOptions struct { - // Program must be of type Tracing with attach type - // AttachTraceFEntry/AttachTraceFExit/AttachModifyReturn or - // AttachTraceRawTp. - Program *ebpf.Program -} - -type LSMOptions struct { - // Program must be of type LSM with attach type - // AttachLSMMac. - Program *ebpf.Program -} - -// attachBTFID links all BPF program types (Tracing/LSM) that they attach to a btf_id. -func attachBTFID(program *ebpf.Program) (Link, error) { - if program.FD() < 0 { - return nil, fmt.Errorf("invalid program %w", sys.ErrClosedFd) - } - - fd, err := sys.RawTracepointOpen(&sys.RawTracepointOpenAttr{ - ProgFd: uint32(program.FD()), - }) - if err != nil { - return nil, err - } - - raw := RawLink{fd: fd} - info, err := raw.Info() - if err != nil { - raw.Close() - return nil, err - } - - if info.Type == RawTracepointType { - // Sadness upon sadness: a Tracing program with AttachRawTp returns - // a raw_tracepoint link. Other types return a tracing link. - return &rawTracepoint{raw}, nil - } - - return &tracing{RawLink: RawLink{fd: fd}}, nil -} - -// AttachTracing links a tracing (fentry/fexit/fmod_ret) BPF program or -// a BTF-powered raw tracepoint (tp_btf) BPF Program to a BPF hook defined -// in kernel modules. -func AttachTracing(opts TracingOptions) (Link, error) { - if t := opts.Program.Type(); t != ebpf.Tracing { - return nil, fmt.Errorf("invalid program type %s, expected Tracing", t) - } - - return attachBTFID(opts.Program) -} - -// AttachLSM links a Linux security module (LSM) BPF Program to a BPF -// hook defined in kernel modules. -func AttachLSM(opts LSMOptions) (Link, error) { - if t := opts.Program.Type(); t != ebpf.LSM { - return nil, fmt.Errorf("invalid program type %s, expected LSM", t) - } - - return attachBTFID(opts.Program) -} diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go deleted file mode 100644 index edf925b570..0000000000 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ /dev/null @@ -1,373 +0,0 @@ -package link - -import ( - "debug/elf" - "errors" - "fmt" - "os" - "path/filepath" - "strings" - "sync" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal" -) - -var ( - uprobeEventsPath = filepath.Join(tracefsPath, "uprobe_events") - - uprobeRetprobeBit = struct { - once sync.Once - value uint64 - err error - }{} - - uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" - // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 - uprobeRefCtrOffsetShift = 32 - haveRefCtrOffsetPMU = internal.FeatureTest("RefCtrOffsetPMU", "4.20", func() error { - _, err := os.Stat(uprobeRefCtrOffsetPMUPath) - if err != nil { - return internal.ErrNotSupported - } - return nil - }) - - // ErrNoSymbol indicates that the given symbol was not found - // in the ELF symbols table. - ErrNoSymbol = errors.New("not found") -) - -// Executable defines an executable program on the filesystem. -type Executable struct { - // Path of the executable on the filesystem. - path string - // Parsed ELF and dynamic symbols' addresses. - addresses map[string]uint64 -} - -// UprobeOptions defines additional parameters that will be used -// when loading Uprobes. -type UprobeOptions struct { - // Symbol address. Must be provided in case of external symbols (shared libs). - // If set, overrides the address eventually parsed from the executable. - Address uint64 - // The offset relative to given symbol. Useful when tracing an arbitrary point - // inside the frame of given symbol. - // - // Note: this field changed from being an absolute offset to being relative - // to Address. - Offset uint64 - // Only set the uprobe on the given process ID. Useful when tracing - // shared library calls or programs that have many running instances. - PID int - // Automatically manage SDT reference counts (semaphores). - // - // If this field is set, the Kernel will increment/decrement the - // semaphore located in the process memory at the provided address on - // probe attach/detach. - // - // See also: - // sourceware.org/systemtap/wiki/UserSpaceProbeImplementation (Semaphore Handling) - // github.com/torvalds/linux/commit/1cc33161a83d - // github.com/torvalds/linux/commit/a6ca88b241d5 - RefCtrOffset uint64 - // Arbitrary value that can be fetched from an eBPF program - // via `bpf_get_attach_cookie()`. - // - // Needs kernel 5.15+. - Cookie uint64 -} - -// To open a new Executable, use: -// -// OpenExecutable("/bin/bash") -// -// The returned value can then be used to open Uprobe(s). -func OpenExecutable(path string) (*Executable, error) { - if path == "" { - return nil, fmt.Errorf("path cannot be empty") - } - - f, err := os.Open(path) - if err != nil { - return nil, fmt.Errorf("open file '%s': %w", path, err) - } - defer f.Close() - - se, err := internal.NewSafeELFFile(f) - if err != nil { - return nil, fmt.Errorf("parse ELF file: %w", err) - } - - if se.Type != elf.ET_EXEC && se.Type != elf.ET_DYN { - // ELF is not an executable or a shared object. - return nil, errors.New("the given file is not an executable or a shared object") - } - - ex := Executable{ - path: path, - addresses: make(map[string]uint64), - } - - if err := ex.load(se); err != nil { - return nil, err - } - - return &ex, nil -} - -func (ex *Executable) load(f *internal.SafeELFFile) error { - syms, err := f.Symbols() - if err != nil && !errors.Is(err, elf.ErrNoSymbols) { - return err - } - - dynsyms, err := f.DynamicSymbols() - if err != nil && !errors.Is(err, elf.ErrNoSymbols) { - return err - } - - syms = append(syms, dynsyms...) - - for _, s := range syms { - if elf.ST_TYPE(s.Info) != elf.STT_FUNC { - // Symbol not associated with a function or other executable code. - continue - } - - address := s.Value - - // Loop over ELF segments. - for _, prog := range f.Progs { - // Skip uninteresting segments. - if prog.Type != elf.PT_LOAD || (prog.Flags&elf.PF_X) == 0 { - continue - } - - if prog.Vaddr <= s.Value && s.Value < (prog.Vaddr+prog.Memsz) { - // If the symbol value is contained in the segment, calculate - // the symbol offset. - // - // fn symbol offset = fn symbol VA - .text VA + .text offset - // - // stackoverflow.com/a/40249502 - address = s.Value - prog.Vaddr + prog.Off - break - } - } - - ex.addresses[s.Name] = address - } - - return nil -} - -// address calculates the address of a symbol in the executable. -// -// opts must not be nil. -func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error) { - if opts.Address > 0 { - return opts.Address + opts.Offset, nil - } - - address, ok := ex.addresses[symbol] - if !ok { - return 0, fmt.Errorf("symbol %s: %w", symbol, ErrNoSymbol) - } - - // Symbols with location 0 from section undef are shared library calls and - // are relocated before the binary is executed. Dynamic linking is not - // implemented by the library, so mark this as unsupported for now. - // - // Since only offset values are stored and not elf.Symbol, if the value is 0, - // assume it's an external symbol. - if address == 0 { - return 0, fmt.Errorf("cannot resolve %s library call '%s': %w "+ - "(consider providing UprobeOptions.Address)", ex.path, symbol, ErrNotSupported) - } - - return address + opts.Offset, nil -} - -// Uprobe attaches the given eBPF program to a perf event that fires when the -// given symbol starts executing in the given Executable. -// For example, /bin/bash::main(): -// -// ex, _ = OpenExecutable("/bin/bash") -// ex.Uprobe("main", prog, nil) -// -// When using symbols which belongs to shared libraries, -// an offset must be provided via options: -// -// up, err := ex.Uprobe("main", prog, &UprobeOptions{Offset: 0x123}) -// -// Note: Setting the Offset field in the options supersedes the symbol's offset. -// -// Losing the reference to the resulting Link (up) will close the Uprobe -// and prevent further execution of prog. The Link must be Closed during -// program shutdown to avoid leaking system resources. -// -// Functions provided by shared libraries can currently not be traced and -// will result in an ErrNotSupported. -func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions) (Link, error) { - u, err := ex.uprobe(symbol, prog, opts, false) - if err != nil { - return nil, err - } - - lnk, err := attachPerfEvent(u, prog) - if err != nil { - u.Close() - return nil, err - } - - return lnk, nil -} - -// Uretprobe attaches the given eBPF program to a perf event that fires right -// before the given symbol exits. For example, /bin/bash::main(): -// -// ex, _ = OpenExecutable("/bin/bash") -// ex.Uretprobe("main", prog, nil) -// -// When using symbols which belongs to shared libraries, -// an offset must be provided via options: -// -// up, err := ex.Uretprobe("main", prog, &UprobeOptions{Offset: 0x123}) -// -// Note: Setting the Offset field in the options supersedes the symbol's offset. -// -// Losing the reference to the resulting Link (up) will close the Uprobe -// and prevent further execution of prog. The Link must be Closed during -// program shutdown to avoid leaking system resources. -// -// Functions provided by shared libraries can currently not be traced and -// will result in an ErrNotSupported. -func (ex *Executable) Uretprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions) (Link, error) { - u, err := ex.uprobe(symbol, prog, opts, true) - if err != nil { - return nil, err - } - - lnk, err := attachPerfEvent(u, prog) - if err != nil { - u.Close() - return nil, err - } - - return lnk, nil -} - -// uprobe opens a perf event for the given binary/symbol and attaches prog to it. -// If ret is true, create a uretprobe. -func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions, ret bool) (*perfEvent, error) { - if prog == nil { - return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) - } - if prog.Type() != ebpf.Kprobe { - return nil, fmt.Errorf("eBPF program type %s is not Kprobe: %w", prog.Type(), errInvalidInput) - } - if opts == nil { - opts = &UprobeOptions{} - } - - offset, err := ex.address(symbol, opts) - if err != nil { - return nil, err - } - - pid := opts.PID - if pid == 0 { - pid = perfAllThreads - } - - if opts.RefCtrOffset != 0 { - if err := haveRefCtrOffsetPMU(); err != nil { - return nil, fmt.Errorf("uprobe ref_ctr_offset: %w", err) - } - } - - args := probeArgs{ - symbol: symbol, - path: ex.path, - offset: offset, - pid: pid, - refCtrOffset: opts.RefCtrOffset, - ret: ret, - cookie: opts.Cookie, - } - - // Use uprobe PMU if the kernel has it available. - tp, err := pmuUprobe(args) - if err == nil { - return tp, nil - } - if err != nil && !errors.Is(err, ErrNotSupported) { - return nil, fmt.Errorf("creating perf_uprobe PMU: %w", err) - } - - // Use tracefs if uprobe PMU is missing. - args.symbol = sanitizeSymbol(symbol) - tp, err = tracefsUprobe(args) - if err != nil { - return nil, fmt.Errorf("creating trace event '%s:%s' in tracefs: %w", ex.path, symbol, err) - } - - return tp, nil -} - -// pmuUprobe opens a perf event based on the uprobe PMU. -func pmuUprobe(args probeArgs) (*perfEvent, error) { - return pmuProbe(uprobeType, args) -} - -// tracefsUprobe creates a Uprobe tracefs entry. -func tracefsUprobe(args probeArgs) (*perfEvent, error) { - return tracefsProbe(uprobeType, args) -} - -// sanitizeSymbol replaces every invalid character for the tracefs api with an underscore. -// It is equivalent to calling regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString("_"). -func sanitizeSymbol(s string) string { - var b strings.Builder - b.Grow(len(s)) - var skip bool - for _, c := range []byte(s) { - switch { - case c >= 'a' && c <= 'z', - c >= 'A' && c <= 'Z', - c >= '0' && c <= '9': - skip = false - b.WriteByte(c) - - default: - if !skip { - b.WriteByte('_') - skip = true - } - } - } - - return b.String() -} - -// uprobeToken creates the PATH:OFFSET(REF_CTR_OFFSET) token for the tracefs api. -func uprobeToken(args probeArgs) string { - po := fmt.Sprintf("%s:%#x", args.path, args.offset) - - if args.refCtrOffset != 0 { - // This is not documented in Documentation/trace/uprobetracer.txt. - // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/trace/trace.c#L5564 - po += fmt.Sprintf("(%#x)", args.refCtrOffset) - } - - return po -} - -func uretprobeBit() (uint64, error) { - uprobeRetprobeBit.once.Do(func() { - uprobeRetprobeBit.value, uprobeRetprobeBit.err = determineRetprobeBit(uprobeType) - }) - return uprobeRetprobeBit.value, uprobeRetprobeBit.err -} diff --git a/vendor/github.com/cilium/ebpf/link/xdp.go b/vendor/github.com/cilium/ebpf/link/xdp.go deleted file mode 100644 index aa8dd3a4cb..0000000000 --- a/vendor/github.com/cilium/ebpf/link/xdp.go +++ /dev/null @@ -1,54 +0,0 @@ -package link - -import ( - "fmt" - - "github.com/cilium/ebpf" -) - -// XDPAttachFlags represents how XDP program will be attached to interface. -type XDPAttachFlags uint32 - -const ( - // XDPGenericMode (SKB) links XDP BPF program for drivers which do - // not yet support native XDP. - XDPGenericMode XDPAttachFlags = 1 << (iota + 1) - // XDPDriverMode links XDP BPF program into the driver’s receive path. - XDPDriverMode - // XDPOffloadMode offloads the entire XDP BPF program into hardware. - XDPOffloadMode -) - -type XDPOptions struct { - // Program must be an XDP BPF program. - Program *ebpf.Program - - // Interface is the interface index to attach program to. - Interface int - - // Flags is one of XDPAttachFlags (optional). - // - // Only one XDP mode should be set, without flag defaults - // to driver/generic mode (best effort). - Flags XDPAttachFlags -} - -// AttachXDP links an XDP BPF program to an XDP hook. -func AttachXDP(opts XDPOptions) (Link, error) { - if t := opts.Program.Type(); t != ebpf.XDP { - return nil, fmt.Errorf("invalid program type %s, expected XDP", t) - } - - if opts.Interface < 1 { - return nil, fmt.Errorf("invalid interface index: %d", opts.Interface) - } - - rawLink, err := AttachRawLink(RawLinkOptions{ - Program: opts.Program, - Attach: ebpf.AttachXDP, - Target: opts.Interface, - Flags: uint32(opts.Flags), - }) - - return rawLink, err -} diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go deleted file mode 100644 index e6276b1829..0000000000 --- a/vendor/github.com/cilium/ebpf/linker.go +++ /dev/null @@ -1,238 +0,0 @@ -package ebpf - -import ( - "errors" - "fmt" - "sync" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/btf" -) - -// splitSymbols splits insns into subsections delimited by Symbol Instructions. -// insns cannot be empty and must start with a Symbol Instruction. -// -// The resulting map is indexed by Symbol name. -func splitSymbols(insns asm.Instructions) (map[string]asm.Instructions, error) { - if len(insns) == 0 { - return nil, errors.New("insns is empty") - } - - if insns[0].Symbol() == "" { - return nil, errors.New("insns must start with a Symbol") - } - - var name string - progs := make(map[string]asm.Instructions) - for _, ins := range insns { - if sym := ins.Symbol(); sym != "" { - if progs[sym] != nil { - return nil, fmt.Errorf("insns contains duplicate Symbol %s", sym) - } - name = sym - } - - progs[name] = append(progs[name], ins) - } - - return progs, nil -} - -// The linker is responsible for resolving bpf-to-bpf calls between programs -// within an ELF. Each BPF program must be a self-contained binary blob, -// so when an instruction in one ELF program section wants to jump to -// a function in another, the linker needs to pull in the bytecode -// (and BTF info) of the target function and concatenate the instruction -// streams. -// -// Later on in the pipeline, all call sites are fixed up with relative jumps -// within this newly-created instruction stream to then finally hand off to -// the kernel with BPF_PROG_LOAD. -// -// Each function is denoted by an ELF symbol and the compiler takes care of -// register setup before each jump instruction. - -// hasFunctionReferences returns true if insns contains one or more bpf2bpf -// function references. -func hasFunctionReferences(insns asm.Instructions) bool { - for _, i := range insns { - if i.IsFunctionReference() { - return true - } - } - return false -} - -// applyRelocations collects and applies any CO-RE relocations in insns. -// -// Passing a nil target will relocate against the running kernel. insns are -// modified in place. -func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error { - var relos []*btf.CORERelocation - var reloInsns []*asm.Instruction - iter := insns.Iterate() - for iter.Next() { - if relo := btf.CORERelocationMetadata(iter.Ins); relo != nil { - relos = append(relos, relo) - reloInsns = append(reloInsns, iter.Ins) - } - } - - if len(relos) == 0 { - return nil - } - - target, err := maybeLoadKernelBTF(target) - if err != nil { - return err - } - - fixups, err := btf.CORERelocate(local, target, relos) - if err != nil { - return err - } - - for i, fixup := range fixups { - if err := fixup.Apply(reloInsns[i]); err != nil { - return fmt.Errorf("apply fixup %s: %w", &fixup, err) - } - } - - return nil -} - -// flattenPrograms resolves bpf-to-bpf calls for a set of programs. -// -// Links all programs in names by modifying their ProgramSpec in progs. -func flattenPrograms(progs map[string]*ProgramSpec, names []string) { - // Pre-calculate all function references. - refs := make(map[*ProgramSpec][]string) - for _, prog := range progs { - refs[prog] = prog.Instructions.FunctionReferences() - } - - // Create a flattened instruction stream, but don't modify progs yet to - // avoid linking multiple times. - flattened := make([]asm.Instructions, 0, len(names)) - for _, name := range names { - flattened = append(flattened, flattenInstructions(name, progs, refs)) - } - - // Finally, assign the flattened instructions. - for i, name := range names { - progs[name].Instructions = flattened[i] - } -} - -// flattenInstructions resolves bpf-to-bpf calls for a single program. -// -// Flattens the instructions of prog by concatenating the instructions of all -// direct and indirect dependencies. -// -// progs contains all referenceable programs, while refs contain the direct -// dependencies of each program. -func flattenInstructions(name string, progs map[string]*ProgramSpec, refs map[*ProgramSpec][]string) asm.Instructions { - prog := progs[name] - - insns := make(asm.Instructions, len(prog.Instructions)) - copy(insns, prog.Instructions) - - // Add all direct references of prog to the list of to be linked programs. - pending := make([]string, len(refs[prog])) - copy(pending, refs[prog]) - - // All references for which we've appended instructions. - linked := make(map[string]bool) - - // Iterate all pending references. We can't use a range since pending is - // modified in the body below. - for len(pending) > 0 { - var ref string - ref, pending = pending[0], pending[1:] - - if linked[ref] { - // We've already linked this ref, don't append instructions again. - continue - } - - progRef := progs[ref] - if progRef == nil { - // We don't have instructions that go with this reference. This - // happens when calling extern functions. - continue - } - - insns = append(insns, progRef.Instructions...) - linked[ref] = true - - // Make sure we link indirect references. - pending = append(pending, refs[progRef]...) - } - - return insns -} - -// fixupAndValidate is called by the ELF reader right before marshaling the -// instruction stream. It performs last-minute adjustments to the program and -// runs some sanity checks before sending it off to the kernel. -func fixupAndValidate(insns asm.Instructions) error { - iter := insns.Iterate() - for iter.Next() { - ins := iter.Ins - - // Map load was tagged with a Reference, but does not contain a Map pointer. - if ins.IsLoadFromMap() && ins.Reference() != "" && ins.Map() == nil { - return fmt.Errorf("instruction %d: map %s: %w", iter.Index, ins.Reference(), asm.ErrUnsatisfiedMapReference) - } - - fixupProbeReadKernel(ins) - } - - return nil -} - -// fixupProbeReadKernel replaces calls to bpf_probe_read_{kernel,user}(_str) -// with bpf_probe_read(_str) on kernels that don't support it yet. -func fixupProbeReadKernel(ins *asm.Instruction) { - if !ins.IsBuiltinCall() { - return - } - - // Kernel supports bpf_probe_read_kernel, nothing to do. - if haveProbeReadKernel() == nil { - return - } - - switch asm.BuiltinFunc(ins.Constant) { - case asm.FnProbeReadKernel, asm.FnProbeReadUser: - ins.Constant = int64(asm.FnProbeRead) - case asm.FnProbeReadKernelStr, asm.FnProbeReadUserStr: - ins.Constant = int64(asm.FnProbeReadStr) - } -} - -var kernelBTF struct { - sync.Mutex - spec *btf.Spec -} - -// maybeLoadKernelBTF loads the current kernel's BTF if spec is nil, otherwise -// it returns spec unchanged. -// -// The kernel BTF is cached for the lifetime of the process. -func maybeLoadKernelBTF(spec *btf.Spec) (*btf.Spec, error) { - if spec != nil { - return spec, nil - } - - kernelBTF.Lock() - defer kernelBTF.Unlock() - - if kernelBTF.spec != nil { - return kernelBTF.spec, nil - } - - var err error - kernelBTF.spec, err = btf.LoadKernelSpec() - return kernelBTF.spec, err -} diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go deleted file mode 100644 index e4a6c87e92..0000000000 --- a/vendor/github.com/cilium/ebpf/map.go +++ /dev/null @@ -1,1424 +0,0 @@ -package ebpf - -import ( - "bytes" - "errors" - "fmt" - "io" - "math/rand" - "path/filepath" - "reflect" - "time" - "unsafe" - - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// Errors returned by Map and MapIterator methods. -var ( - ErrKeyNotExist = errors.New("key does not exist") - ErrKeyExist = errors.New("key already exists") - ErrIterationAborted = errors.New("iteration aborted") - ErrMapIncompatible = errors.New("map spec is incompatible with existing map") - errMapNoBTFValue = errors.New("map spec does not contain a BTF Value") -) - -// MapOptions control loading a map into the kernel. -type MapOptions struct { - // The base path to pin maps in if requested via PinByName. - // Existing maps will be re-used if they are compatible, otherwise an - // error is returned. - PinPath string - LoadPinOptions LoadPinOptions -} - -// MapID represents the unique ID of an eBPF map -type MapID uint32 - -// MapSpec defines a Map. -type MapSpec struct { - // Name is passed to the kernel as a debug aid. Must only contain - // alpha numeric and '_' characters. - Name string - Type MapType - KeySize uint32 - ValueSize uint32 - MaxEntries uint32 - - // Flags is passed to the kernel and specifies additional map - // creation attributes. - Flags uint32 - - // Automatically pin and load a map from MapOptions.PinPath. - // Generates an error if an existing pinned map is incompatible with the MapSpec. - Pinning PinType - - // Specify numa node during map creation - // (effective only if unix.BPF_F_NUMA_NODE flag is set, - // which can be imported from golang.org/x/sys/unix) - NumaNode uint32 - - // The initial contents of the map. May be nil. - Contents []MapKV - - // Whether to freeze a map after setting its initial contents. - Freeze bool - - // InnerMap is used as a template for ArrayOfMaps and HashOfMaps - InnerMap *MapSpec - - // Extra trailing bytes found in the ELF map definition when using structs - // larger than libbpf's bpf_map_def. nil if no trailing bytes were present. - // Must be nil or empty before instantiating the MapSpec into a Map. - Extra *bytes.Reader - - // The key and value type of this map. May be nil. - Key, Value btf.Type - - // The BTF associated with this map. - BTF *btf.Spec -} - -func (ms *MapSpec) String() string { - return fmt.Sprintf("%s(keySize=%d, valueSize=%d, maxEntries=%d, flags=%d)", ms.Type, ms.KeySize, ms.ValueSize, ms.MaxEntries, ms.Flags) -} - -// Copy returns a copy of the spec. -// -// MapSpec.Contents is a shallow copy. -func (ms *MapSpec) Copy() *MapSpec { - if ms == nil { - return nil - } - - cpy := *ms - - cpy.Contents = make([]MapKV, len(ms.Contents)) - copy(cpy.Contents, ms.Contents) - - cpy.InnerMap = ms.InnerMap.Copy() - - return &cpy -} - -// hasBTF returns true if the MapSpec has a valid BTF spec and if its -// map type supports associated BTF metadata in the kernel. -func (ms *MapSpec) hasBTF() bool { - return ms.BTF != nil && ms.Type.hasBTF() -} - -func (ms *MapSpec) clampPerfEventArraySize() error { - if ms.Type != PerfEventArray { - return nil - } - - n, err := internal.PossibleCPUs() - if err != nil { - return fmt.Errorf("perf event array: %w", err) - } - - if n := uint32(n); ms.MaxEntries > n { - ms.MaxEntries = n - } - - return nil -} - -// dataSection returns the contents and BTF Datasec descriptor of the spec. -func (ms *MapSpec) dataSection() ([]byte, *btf.Datasec, error) { - - if ms.Value == nil { - return nil, nil, errMapNoBTFValue - } - - ds, ok := ms.Value.(*btf.Datasec) - if !ok { - return nil, nil, fmt.Errorf("map value BTF is a %T, not a *btf.Datasec", ms.Value) - } - - if n := len(ms.Contents); n != 1 { - return nil, nil, fmt.Errorf("expected one key, found %d", n) - } - - kv := ms.Contents[0] - value, ok := kv.Value.([]byte) - if !ok { - return nil, nil, fmt.Errorf("value at first map key is %T, not []byte", kv.Value) - } - - return value, ds, nil -} - -// MapKV is used to initialize the contents of a Map. -type MapKV struct { - Key interface{} - Value interface{} -} - -func (ms *MapSpec) checkCompatibility(m *Map) error { - switch { - case m.typ != ms.Type: - return fmt.Errorf("expected type %v, got %v: %w", ms.Type, m.typ, ErrMapIncompatible) - - case m.keySize != ms.KeySize: - return fmt.Errorf("expected key size %v, got %v: %w", ms.KeySize, m.keySize, ErrMapIncompatible) - - case m.valueSize != ms.ValueSize: - return fmt.Errorf("expected value size %v, got %v: %w", ms.ValueSize, m.valueSize, ErrMapIncompatible) - - case !(ms.Type == PerfEventArray && ms.MaxEntries == 0) && - m.maxEntries != ms.MaxEntries: - return fmt.Errorf("expected max entries %v, got %v: %w", ms.MaxEntries, m.maxEntries, ErrMapIncompatible) - - case m.flags != ms.Flags: - return fmt.Errorf("expected flags %v, got %v: %w", ms.Flags, m.flags, ErrMapIncompatible) - } - return nil -} - -// Map represents a Map file descriptor. -// -// It is not safe to close a map which is used by other goroutines. -// -// Methods which take interface{} arguments by default encode -// them using binary.Read/Write in the machine's native endianness. -// -// Implement encoding.BinaryMarshaler or encoding.BinaryUnmarshaler -// if you require custom encoding. -type Map struct { - name string - fd *sys.FD - typ MapType - keySize uint32 - valueSize uint32 - maxEntries uint32 - flags uint32 - pinnedPath string - // Per CPU maps return values larger than the size in the spec - fullValueSize int -} - -// NewMapFromFD creates a map from a raw fd. -// -// You should not use fd after calling this function. -func NewMapFromFD(fd int) (*Map, error) { - f, err := sys.NewFD(fd) - if err != nil { - return nil, err - } - - return newMapFromFD(f) -} - -func newMapFromFD(fd *sys.FD) (*Map, error) { - info, err := newMapInfoFromFd(fd) - if err != nil { - fd.Close() - return nil, fmt.Errorf("get map info: %w", err) - } - - return newMap(fd, info.Name, info.Type, info.KeySize, info.ValueSize, info.MaxEntries, info.Flags) -} - -// NewMap creates a new Map. -// -// It's equivalent to calling NewMapWithOptions with default options. -func NewMap(spec *MapSpec) (*Map, error) { - return NewMapWithOptions(spec, MapOptions{}) -} - -// NewMapWithOptions creates a new Map. -// -// Creating a map for the first time will perform feature detection -// by creating small, temporary maps. -// -// The caller is responsible for ensuring the process' rlimit is set -// sufficiently high for locking memory during map creation. This can be done -// by calling rlimit.RemoveMemlock() prior to calling NewMapWithOptions. -// -// May return an error wrapping ErrMapIncompatible. -func NewMapWithOptions(spec *MapSpec, opts MapOptions) (*Map, error) { - handles := newHandleCache() - defer handles.close() - - m, err := newMapWithOptions(spec, opts, handles) - if err != nil { - return nil, fmt.Errorf("creating map: %w", err) - } - - if err := m.finalize(spec); err != nil { - m.Close() - return nil, fmt.Errorf("populating map: %w", err) - } - - return m, nil -} - -func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ *Map, err error) { - closeOnError := func(c io.Closer) { - if err != nil { - c.Close() - } - } - - switch spec.Pinning { - case PinByName: - if spec.Name == "" { - return nil, fmt.Errorf("pin by name: missing Name") - } - - if opts.PinPath == "" { - return nil, fmt.Errorf("pin by name: missing MapOptions.PinPath") - } - - path := filepath.Join(opts.PinPath, spec.Name) - m, err := LoadPinnedMap(path, &opts.LoadPinOptions) - if errors.Is(err, unix.ENOENT) { - break - } - if err != nil { - return nil, fmt.Errorf("load pinned map: %w", err) - } - defer closeOnError(m) - - if err := spec.checkCompatibility(m); err != nil { - return nil, fmt.Errorf("use pinned map %s: %w", spec.Name, err) - } - - return m, nil - - case PinNone: - // Nothing to do here - - default: - return nil, fmt.Errorf("pin type %d: %w", int(spec.Pinning), ErrNotSupported) - } - - var innerFd *sys.FD - if spec.Type == ArrayOfMaps || spec.Type == HashOfMaps { - if spec.InnerMap == nil { - return nil, fmt.Errorf("%s requires InnerMap", spec.Type) - } - - if spec.InnerMap.Pinning != PinNone { - return nil, errors.New("inner maps cannot be pinned") - } - - template, err := spec.InnerMap.createMap(nil, opts, handles) - if err != nil { - return nil, fmt.Errorf("inner map: %w", err) - } - defer template.Close() - - // Intentionally skip populating and freezing (finalizing) - // the inner map template since it will be removed shortly. - - innerFd = template.fd - } - - m, err := spec.createMap(innerFd, opts, handles) - if err != nil { - return nil, err - } - defer closeOnError(m) - - if spec.Pinning == PinByName { - path := filepath.Join(opts.PinPath, spec.Name) - if err := m.Pin(path); err != nil { - return nil, fmt.Errorf("pin map: %w", err) - } - } - - return m, nil -} - -// createMap validates the spec's properties and creates the map in the kernel -// using the given opts. It does not populate or freeze the map. -func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCache) (_ *Map, err error) { - closeOnError := func(closer io.Closer) { - if err != nil { - closer.Close() - } - } - - spec = spec.Copy() - - // Kernels 4.13 through 5.4 used a struct bpf_map_def that contained - // additional 'inner_map_idx' and later 'numa_node' fields. - // In order to support loading these definitions, tolerate the presence of - // extra bytes, but require them to be zeroes. - if spec.Extra != nil { - if _, err := io.Copy(internal.DiscardZeroes{}, spec.Extra); err != nil { - return nil, errors.New("extra contains unhandled non-zero bytes, drain before creating map") - } - } - - switch spec.Type { - case ArrayOfMaps, HashOfMaps: - if err := haveNestedMaps(); err != nil { - return nil, err - } - - if spec.ValueSize != 0 && spec.ValueSize != 4 { - return nil, errors.New("ValueSize must be zero or four for map of map") - } - spec.ValueSize = 4 - - case PerfEventArray: - if spec.KeySize != 0 && spec.KeySize != 4 { - return nil, errors.New("KeySize must be zero or four for perf event array") - } - spec.KeySize = 4 - - if spec.ValueSize != 0 && spec.ValueSize != 4 { - return nil, errors.New("ValueSize must be zero or four for perf event array") - } - spec.ValueSize = 4 - - if spec.MaxEntries == 0 { - n, err := internal.PossibleCPUs() - if err != nil { - return nil, fmt.Errorf("perf event array: %w", err) - } - spec.MaxEntries = uint32(n) - } - } - - if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze { - if err := haveMapMutabilityModifiers(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - if spec.Flags&unix.BPF_F_MMAPABLE > 0 { - if err := haveMmapableMaps(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - if spec.Flags&unix.BPF_F_INNER_MAP > 0 { - if err := haveInnerMaps(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - if spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { - if err := haveNoPreallocMaps(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - - attr := sys.MapCreateAttr{ - MapType: sys.MapType(spec.Type), - KeySize: spec.KeySize, - ValueSize: spec.ValueSize, - MaxEntries: spec.MaxEntries, - MapFlags: spec.Flags, - NumaNode: spec.NumaNode, - } - - if inner != nil { - attr.InnerMapFd = inner.Uint() - } - - if haveObjName() == nil { - attr.MapName = sys.NewObjName(spec.Name) - } - - if spec.hasBTF() { - handle, err := handles.btfHandle(spec.BTF) - if err != nil && !errors.Is(err, btf.ErrNotSupported) { - return nil, fmt.Errorf("load BTF: %w", err) - } - - if handle != nil { - keyTypeID, err := spec.BTF.TypeID(spec.Key) - if err != nil { - return nil, err - } - - valueTypeID, err := spec.BTF.TypeID(spec.Value) - if err != nil { - return nil, err - } - - attr.BtfFd = uint32(handle.FD()) - attr.BtfKeyTypeId = uint32(keyTypeID) - attr.BtfValueTypeId = uint32(valueTypeID) - } - } - - fd, err := sys.MapCreate(&attr) - if err != nil { - if errors.Is(err, unix.EPERM) { - return nil, fmt.Errorf("map create: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) - } - if !spec.hasBTF() { - return nil, fmt.Errorf("map create without BTF: %w", err) - } - if errors.Is(err, unix.EINVAL) && attr.MaxEntries == 0 { - return nil, fmt.Errorf("map create: %w (MaxEntries may be incorrectly set to zero)", err) - } - return nil, fmt.Errorf("map create: %w", err) - } - defer closeOnError(fd) - - m, err := newMap(fd, spec.Name, spec.Type, spec.KeySize, spec.ValueSize, spec.MaxEntries, spec.Flags) - if err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - - return m, nil -} - -// newMap allocates and returns a new Map structure. -// Sets the fullValueSize on per-CPU maps. -func newMap(fd *sys.FD, name string, typ MapType, keySize, valueSize, maxEntries, flags uint32) (*Map, error) { - m := &Map{ - name, - fd, - typ, - keySize, - valueSize, - maxEntries, - flags, - "", - int(valueSize), - } - - if !typ.hasPerCPUValue() { - return m, nil - } - - possibleCPUs, err := internal.PossibleCPUs() - if err != nil { - return nil, err - } - - m.fullValueSize = internal.Align(int(valueSize), 8) * possibleCPUs - return m, nil -} - -func (m *Map) String() string { - if m.name != "" { - return fmt.Sprintf("%s(%s)#%v", m.typ, m.name, m.fd) - } - return fmt.Sprintf("%s#%v", m.typ, m.fd) -} - -// Type returns the underlying type of the map. -func (m *Map) Type() MapType { - return m.typ -} - -// KeySize returns the size of the map key in bytes. -func (m *Map) KeySize() uint32 { - return m.keySize -} - -// ValueSize returns the size of the map value in bytes. -func (m *Map) ValueSize() uint32 { - return m.valueSize -} - -// MaxEntries returns the maximum number of elements the map can hold. -func (m *Map) MaxEntries() uint32 { - return m.maxEntries -} - -// Flags returns the flags of the map. -func (m *Map) Flags() uint32 { - return m.flags -} - -// Info returns metadata about the map. -func (m *Map) Info() (*MapInfo, error) { - return newMapInfoFromFd(m.fd) -} - -// MapLookupFlags controls the behaviour of the map lookup calls. -type MapLookupFlags uint64 - -// LookupLock look up the value of a spin-locked map. -const LookupLock MapLookupFlags = 4 - -// Lookup retrieves a value from a Map. -// -// Calls Close() on valueOut if it is of type **Map or **Program, -// and *valueOut is not nil. -// -// Returns an error if the key doesn't exist, see ErrKeyNotExist. -func (m *Map) Lookup(key, valueOut interface{}) error { - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) - if err := m.lookup(key, valuePtr, 0); err != nil { - return err - } - - return m.unmarshalValue(valueOut, valueBytes) -} - -// LookupWithFlags retrieves a value from a Map with flags. -// -// Passing LookupLock flag will look up the value of a spin-locked -// map without returning the lock. This must be specified if the -// elements contain a spinlock. -// -// Calls Close() on valueOut if it is of type **Map or **Program, -// and *valueOut is not nil. -// -// Returns an error if the key doesn't exist, see ErrKeyNotExist. -func (m *Map) LookupWithFlags(key, valueOut interface{}, flags MapLookupFlags) error { - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) - if err := m.lookup(key, valuePtr, flags); err != nil { - return err - } - - return m.unmarshalValue(valueOut, valueBytes) -} - -// LookupAndDelete retrieves and deletes a value from a Map. -// -// Returns ErrKeyNotExist if the key doesn't exist. -func (m *Map) LookupAndDelete(key, valueOut interface{}) error { - return m.lookupAndDelete(key, valueOut, 0) -} - -// LookupAndDeleteWithFlags retrieves and deletes a value from a Map. -// -// Passing LookupLock flag will look up and delete the value of a spin-locked -// map without returning the lock. This must be specified if the elements -// contain a spinlock. -// -// Returns ErrKeyNotExist if the key doesn't exist. -func (m *Map) LookupAndDeleteWithFlags(key, valueOut interface{}, flags MapLookupFlags) error { - return m.lookupAndDelete(key, valueOut, flags) -} - -// LookupBytes gets a value from Map. -// -// Returns a nil value if a key doesn't exist. -func (m *Map) LookupBytes(key interface{}) ([]byte, error) { - valueBytes := make([]byte, m.fullValueSize) - valuePtr := sys.NewSlicePointer(valueBytes) - - err := m.lookup(key, valuePtr, 0) - if errors.Is(err, ErrKeyNotExist) { - return nil, nil - } - - return valueBytes, err -} - -func (m *Map) lookup(key interface{}, valueOut sys.Pointer, flags MapLookupFlags) error { - keyPtr, err := m.marshalKey(key) - if err != nil { - return fmt.Errorf("can't marshal key: %w", err) - } - - attr := sys.MapLookupElemAttr{ - MapFd: m.fd.Uint(), - Key: keyPtr, - Value: valueOut, - Flags: uint64(flags), - } - - if err = sys.MapLookupElem(&attr); err != nil { - return fmt.Errorf("lookup: %w", wrapMapError(err)) - } - return nil -} - -func (m *Map) lookupAndDelete(key, valueOut interface{}, flags MapLookupFlags) error { - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) - - keyPtr, err := m.marshalKey(key) - if err != nil { - return fmt.Errorf("can't marshal key: %w", err) - } - - attr := sys.MapLookupAndDeleteElemAttr{ - MapFd: m.fd.Uint(), - Key: keyPtr, - Value: valuePtr, - Flags: uint64(flags), - } - - if err := sys.MapLookupAndDeleteElem(&attr); err != nil { - return fmt.Errorf("lookup and delete: %w", wrapMapError(err)) - } - - return m.unmarshalValue(valueOut, valueBytes) -} - -// MapUpdateFlags controls the behaviour of the Map.Update call. -// -// The exact semantics depend on the specific MapType. -type MapUpdateFlags uint64 - -const ( - // UpdateAny creates a new element or update an existing one. - UpdateAny MapUpdateFlags = iota - // UpdateNoExist creates a new element. - UpdateNoExist MapUpdateFlags = 1 << (iota - 1) - // UpdateExist updates an existing element. - UpdateExist - // UpdateLock updates elements under bpf_spin_lock. - UpdateLock -) - -// Put replaces or creates a value in map. -// -// It is equivalent to calling Update with UpdateAny. -func (m *Map) Put(key, value interface{}) error { - return m.Update(key, value, UpdateAny) -} - -// Update changes the value of a key. -func (m *Map) Update(key, value interface{}, flags MapUpdateFlags) error { - keyPtr, err := m.marshalKey(key) - if err != nil { - return fmt.Errorf("can't marshal key: %w", err) - } - - valuePtr, err := m.marshalValue(value) - if err != nil { - return fmt.Errorf("can't marshal value: %w", err) - } - - attr := sys.MapUpdateElemAttr{ - MapFd: m.fd.Uint(), - Key: keyPtr, - Value: valuePtr, - Flags: uint64(flags), - } - - if err = sys.MapUpdateElem(&attr); err != nil { - return fmt.Errorf("update: %w", wrapMapError(err)) - } - - return nil -} - -// Delete removes a value. -// -// Returns ErrKeyNotExist if the key does not exist. -func (m *Map) Delete(key interface{}) error { - keyPtr, err := m.marshalKey(key) - if err != nil { - return fmt.Errorf("can't marshal key: %w", err) - } - - attr := sys.MapDeleteElemAttr{ - MapFd: m.fd.Uint(), - Key: keyPtr, - } - - if err = sys.MapDeleteElem(&attr); err != nil { - return fmt.Errorf("delete: %w", wrapMapError(err)) - } - return nil -} - -// NextKey finds the key following an initial key. -// -// See NextKeyBytes for details. -// -// Returns ErrKeyNotExist if there is no next key. -func (m *Map) NextKey(key, nextKeyOut interface{}) error { - nextKeyPtr, nextKeyBytes := makeBuffer(nextKeyOut, int(m.keySize)) - - if err := m.nextKey(key, nextKeyPtr); err != nil { - return err - } - - if err := m.unmarshalKey(nextKeyOut, nextKeyBytes); err != nil { - return fmt.Errorf("can't unmarshal next key: %w", err) - } - return nil -} - -// NextKeyBytes returns the key following an initial key as a byte slice. -// -// Passing nil will return the first key. -// -// Use Iterate if you want to traverse all entries in the map. -// -// Returns nil if there are no more keys. -func (m *Map) NextKeyBytes(key interface{}) ([]byte, error) { - nextKey := make([]byte, m.keySize) - nextKeyPtr := sys.NewSlicePointer(nextKey) - - err := m.nextKey(key, nextKeyPtr) - if errors.Is(err, ErrKeyNotExist) { - return nil, nil - } - - return nextKey, err -} - -func (m *Map) nextKey(key interface{}, nextKeyOut sys.Pointer) error { - var ( - keyPtr sys.Pointer - err error - ) - - if key != nil { - keyPtr, err = m.marshalKey(key) - if err != nil { - return fmt.Errorf("can't marshal key: %w", err) - } - } - - attr := sys.MapGetNextKeyAttr{ - MapFd: m.fd.Uint(), - Key: keyPtr, - NextKey: nextKeyOut, - } - - if err = sys.MapGetNextKey(&attr); err != nil { - // Kernels 4.4.131 and earlier return EFAULT instead of a pointer to the - // first map element when a nil key pointer is specified. - if key == nil && errors.Is(err, unix.EFAULT) { - var guessKey []byte - guessKey, err = m.guessNonExistentKey() - if err != nil { - return err - } - - // Retry the syscall with a valid non-existing key. - attr.Key = sys.NewSlicePointer(guessKey) - if err = sys.MapGetNextKey(&attr); err == nil { - return nil - } - } - - return fmt.Errorf("next key: %w", wrapMapError(err)) - } - - return nil -} - -// guessNonExistentKey attempts to perform a map lookup that returns ENOENT. -// This is necessary on kernels before 4.4.132, since those don't support -// iterating maps from the start by providing an invalid key pointer. -func (m *Map) guessNonExistentKey() ([]byte, error) { - // Provide an invalid value pointer to prevent a copy on the kernel side. - valuePtr := sys.NewPointer(unsafe.Pointer(^uintptr(0))) - randKey := make([]byte, int(m.keySize)) - - for i := 0; i < 4; i++ { - switch i { - // For hash maps, the 0 key is less likely to be occupied. They're often - // used for storing data related to pointers, and their access pattern is - // generally scattered across the keyspace. - case 0: - // An all-0xff key is guaranteed to be out of bounds of any array, since - // those have a fixed key size of 4 bytes. The only corner case being - // arrays with 2^32 max entries, but those are prohibitively expensive - // in many environments. - case 1: - for r := range randKey { - randKey[r] = 0xff - } - // Inspired by BCC, 0x55 is an alternating binary pattern (0101), so - // is unlikely to be taken. - case 2: - for r := range randKey { - randKey[r] = 0x55 - } - // Last ditch effort, generate a random key. - case 3: - rand.New(rand.NewSource(time.Now().UnixNano())).Read(randKey) - } - - err := m.lookup(randKey, valuePtr, 0) - if errors.Is(err, ErrKeyNotExist) { - return randKey, nil - } - } - - return nil, errors.New("couldn't find non-existing key") -} - -// BatchLookup looks up many elements in a map at once. -// -// "keysOut" and "valuesOut" must be of type slice, a pointer -// to a slice or buffer will not work. -// "prevKey" is the key to start the batch lookup from, it will -// *not* be included in the results. Use nil to start at the first key. -// -// ErrKeyNotExist is returned when the batch lookup has reached -// the end of all possible results, even when partial results -// are returned. It should be used to evaluate when lookup is "done". -func (m *Map) BatchLookup(prevKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { - return m.batchLookup(sys.BPF_MAP_LOOKUP_BATCH, prevKey, nextKeyOut, keysOut, valuesOut, opts) -} - -// BatchLookupAndDelete looks up many elements in a map at once, -// -// It then deletes all those elements. -// "keysOut" and "valuesOut" must be of type slice, a pointer -// to a slice or buffer will not work. -// "prevKey" is the key to start the batch lookup from, it will -// *not* be included in the results. Use nil to start at the first key. -// -// ErrKeyNotExist is returned when the batch lookup has reached -// the end of all possible results, even when partial results -// are returned. It should be used to evaluate when lookup is "done". -func (m *Map) BatchLookupAndDelete(prevKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { - return m.batchLookup(sys.BPF_MAP_LOOKUP_AND_DELETE_BATCH, prevKey, nextKeyOut, keysOut, valuesOut, opts) -} - -func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { - if err := haveBatchAPI(); err != nil { - return 0, err - } - if m.typ.hasPerCPUValue() { - return 0, ErrNotSupported - } - keysValue := reflect.ValueOf(keysOut) - if keysValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("keys must be a slice") - } - valuesValue := reflect.ValueOf(valuesOut) - if valuesValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("valuesOut must be a slice") - } - count := keysValue.Len() - if count != valuesValue.Len() { - return 0, fmt.Errorf("keysOut and valuesOut must be the same length") - } - keyBuf := make([]byte, count*int(m.keySize)) - keyPtr := sys.NewSlicePointer(keyBuf) - valueBuf := make([]byte, count*int(m.fullValueSize)) - valuePtr := sys.NewSlicePointer(valueBuf) - nextPtr, nextBuf := makeBuffer(nextKeyOut, int(m.keySize)) - - attr := sys.MapLookupBatchAttr{ - MapFd: m.fd.Uint(), - Keys: keyPtr, - Values: valuePtr, - Count: uint32(count), - OutBatch: nextPtr, - } - - if opts != nil { - attr.ElemFlags = opts.ElemFlags - attr.Flags = opts.Flags - } - - var err error - if startKey != nil { - attr.InBatch, err = marshalPtr(startKey, int(m.keySize)) - if err != nil { - return 0, err - } - } - - _, sysErr := sys.BPF(cmd, unsafe.Pointer(&attr), unsafe.Sizeof(attr)) - sysErr = wrapMapError(sysErr) - if sysErr != nil && !errors.Is(sysErr, unix.ENOENT) { - return 0, sysErr - } - - err = m.unmarshalKey(nextKeyOut, nextBuf) - if err != nil { - return 0, err - } - err = unmarshalBytes(keysOut, keyBuf) - if err != nil { - return 0, err - } - err = unmarshalBytes(valuesOut, valueBuf) - if err != nil { - return 0, err - } - - return int(attr.Count), sysErr -} - -// BatchUpdate updates the map with multiple keys and values -// simultaneously. -// "keys" and "values" must be of type slice, a pointer -// to a slice or buffer will not work. -func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, error) { - if err := haveBatchAPI(); err != nil { - return 0, err - } - if m.typ.hasPerCPUValue() { - return 0, ErrNotSupported - } - keysValue := reflect.ValueOf(keys) - if keysValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("keys must be a slice") - } - valuesValue := reflect.ValueOf(values) - if valuesValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("values must be a slice") - } - var ( - count = keysValue.Len() - valuePtr sys.Pointer - err error - ) - if count != valuesValue.Len() { - return 0, fmt.Errorf("keys and values must be the same length") - } - keyPtr, err := marshalPtr(keys, count*int(m.keySize)) - if err != nil { - return 0, err - } - valuePtr, err = marshalPtr(values, count*int(m.valueSize)) - if err != nil { - return 0, err - } - - attr := sys.MapUpdateBatchAttr{ - MapFd: m.fd.Uint(), - Keys: keyPtr, - Values: valuePtr, - Count: uint32(count), - } - if opts != nil { - attr.ElemFlags = opts.ElemFlags - attr.Flags = opts.Flags - } - - err = sys.MapUpdateBatch(&attr) - if err != nil { - return int(attr.Count), fmt.Errorf("batch update: %w", wrapMapError(err)) - } - - return int(attr.Count), nil -} - -// BatchDelete batch deletes entries in the map by keys. -// "keys" must be of type slice, a pointer to a slice or buffer will not work. -func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) { - if err := haveBatchAPI(); err != nil { - return 0, err - } - if m.typ.hasPerCPUValue() { - return 0, ErrNotSupported - } - keysValue := reflect.ValueOf(keys) - if keysValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("keys must be a slice") - } - count := keysValue.Len() - keyPtr, err := marshalPtr(keys, count*int(m.keySize)) - if err != nil { - return 0, fmt.Errorf("cannot marshal keys: %v", err) - } - - attr := sys.MapDeleteBatchAttr{ - MapFd: m.fd.Uint(), - Keys: keyPtr, - Count: uint32(count), - } - - if opts != nil { - attr.ElemFlags = opts.ElemFlags - attr.Flags = opts.Flags - } - - if err = sys.MapDeleteBatch(&attr); err != nil { - return int(attr.Count), fmt.Errorf("batch delete: %w", wrapMapError(err)) - } - - return int(attr.Count), nil -} - -// Iterate traverses a map. -// -// It's safe to create multiple iterators at the same time. -// -// It's not possible to guarantee that all keys in a map will be -// returned if there are concurrent modifications to the map. -func (m *Map) Iterate() *MapIterator { - return newMapIterator(m) -} - -// Close the Map's underlying file descriptor, which could unload the -// Map from the kernel if it is not pinned or in use by a loaded Program. -func (m *Map) Close() error { - if m == nil { - // This makes it easier to clean up when iterating maps - // of maps / programs. - return nil - } - - return m.fd.Close() -} - -// FD gets the file descriptor of the Map. -// -// Calling this function is invalid after Close has been called. -func (m *Map) FD() int { - return m.fd.Int() -} - -// Clone creates a duplicate of the Map. -// -// Closing the duplicate does not affect the original, and vice versa. -// Changes made to the map are reflected by both instances however. -// If the original map was pinned, the cloned map will not be pinned by default. -// -// Cloning a nil Map returns nil. -func (m *Map) Clone() (*Map, error) { - if m == nil { - return nil, nil - } - - dup, err := m.fd.Dup() - if err != nil { - return nil, fmt.Errorf("can't clone map: %w", err) - } - - return &Map{ - m.name, - dup, - m.typ, - m.keySize, - m.valueSize, - m.maxEntries, - m.flags, - "", - m.fullValueSize, - }, nil -} - -// Pin persists the map on the BPF virtual file system past the lifetime of -// the process that created it . -// -// Calling Pin on a previously pinned map will overwrite the path, except when -// the new path already exists. Re-pinning across filesystems is not supported. -// You can Clone a map to pin it to a different path. -// -// This requires bpffs to be mounted above fileName. See https://docs.cilium.io/en/k8s-doc/admin/#admin-mount-bpffs -func (m *Map) Pin(fileName string) error { - if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil { - return err - } - m.pinnedPath = fileName - return nil -} - -// Unpin removes the persisted state for the map from the BPF virtual filesystem. -// -// Failed calls to Unpin will not alter the state returned by IsPinned. -// -// Unpinning an unpinned Map returns nil. -func (m *Map) Unpin() error { - if err := internal.Unpin(m.pinnedPath); err != nil { - return err - } - m.pinnedPath = "" - return nil -} - -// IsPinned returns true if the map has a non-empty pinned path. -func (m *Map) IsPinned() bool { - return m.pinnedPath != "" -} - -// Freeze prevents a map to be modified from user space. -// -// It makes no changes to kernel-side restrictions. -func (m *Map) Freeze() error { - if err := haveMapMutabilityModifiers(); err != nil { - return fmt.Errorf("can't freeze map: %w", err) - } - - attr := sys.MapFreezeAttr{ - MapFd: m.fd.Uint(), - } - - if err := sys.MapFreeze(&attr); err != nil { - return fmt.Errorf("can't freeze map: %w", err) - } - return nil -} - -// finalize populates the Map according to the Contents specified -// in spec and freezes the Map if requested by spec. -func (m *Map) finalize(spec *MapSpec) error { - for _, kv := range spec.Contents { - if err := m.Put(kv.Key, kv.Value); err != nil { - return fmt.Errorf("putting value: key %v: %w", kv.Key, err) - } - } - - if spec.Freeze { - if err := m.Freeze(); err != nil { - return fmt.Errorf("freezing map: %w", err) - } - } - - return nil -} - -func (m *Map) marshalKey(data interface{}) (sys.Pointer, error) { - if data == nil { - if m.keySize == 0 { - // Queues have a key length of zero, so passing nil here is valid. - return sys.NewPointer(nil), nil - } - return sys.Pointer{}, errors.New("can't use nil as key of map") - } - - return marshalPtr(data, int(m.keySize)) -} - -func (m *Map) unmarshalKey(data interface{}, buf []byte) error { - if buf == nil { - // This is from a makeBuffer call, nothing do do here. - return nil - } - - return unmarshalBytes(data, buf) -} - -func (m *Map) marshalValue(data interface{}) (sys.Pointer, error) { - if m.typ.hasPerCPUValue() { - return marshalPerCPUValue(data, int(m.valueSize)) - } - - var ( - buf []byte - err error - ) - - switch value := data.(type) { - case *Map: - if !m.typ.canStoreMap() { - return sys.Pointer{}, fmt.Errorf("can't store map in %s", m.typ) - } - buf, err = marshalMap(value, int(m.valueSize)) - - case *Program: - if !m.typ.canStoreProgram() { - return sys.Pointer{}, fmt.Errorf("can't store program in %s", m.typ) - } - buf, err = marshalProgram(value, int(m.valueSize)) - - default: - return marshalPtr(data, int(m.valueSize)) - } - - if err != nil { - return sys.Pointer{}, err - } - - return sys.NewSlicePointer(buf), nil -} - -func (m *Map) unmarshalValue(value interface{}, buf []byte) error { - if buf == nil { - // This is from a makeBuffer call, nothing do do here. - return nil - } - - if m.typ.hasPerCPUValue() { - return unmarshalPerCPUValue(value, int(m.valueSize), buf) - } - - switch value := value.(type) { - case **Map: - if !m.typ.canStoreMap() { - return fmt.Errorf("can't read a map from %s", m.typ) - } - - other, err := unmarshalMap(buf) - if err != nil { - return err - } - - // The caller might close the map externally, so ignore errors. - _ = (*value).Close() - - *value = other - return nil - - case *Map: - if !m.typ.canStoreMap() { - return fmt.Errorf("can't read a map from %s", m.typ) - } - return errors.New("require pointer to *Map") - - case **Program: - if !m.typ.canStoreProgram() { - return fmt.Errorf("can't read a program from %s", m.typ) - } - - other, err := unmarshalProgram(buf) - if err != nil { - return err - } - - // The caller might close the program externally, so ignore errors. - _ = (*value).Close() - - *value = other - return nil - - case *Program: - if !m.typ.canStoreProgram() { - return fmt.Errorf("can't read a program from %s", m.typ) - } - return errors.New("require pointer to *Program") - } - - return unmarshalBytes(value, buf) -} - -// LoadPinnedMap loads a Map from a BPF file. -func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ - Pathname: sys.NewStringPointer(fileName), - FileFlags: opts.Marshal(), - }) - if err != nil { - return nil, err - } - - m, err := newMapFromFD(fd) - if err == nil { - m.pinnedPath = fileName - } - - return m, err -} - -// unmarshalMap creates a map from a map ID encoded in host endianness. -func unmarshalMap(buf []byte) (*Map, error) { - if len(buf) != 4 { - return nil, errors.New("map id requires 4 byte value") - } - - id := internal.NativeEndian.Uint32(buf) - return NewMapFromID(MapID(id)) -} - -// marshalMap marshals the fd of a map into a buffer in host endianness. -func marshalMap(m *Map, length int) ([]byte, error) { - if length != 4 { - return nil, fmt.Errorf("can't marshal map to %d bytes", length) - } - - buf := make([]byte, 4) - internal.NativeEndian.PutUint32(buf, m.fd.Uint()) - return buf, nil -} - -// MapIterator iterates a Map. -// -// See Map.Iterate. -type MapIterator struct { - target *Map - prevKey interface{} - prevBytes []byte - count, maxEntries uint32 - done bool - err error -} - -func newMapIterator(target *Map) *MapIterator { - return &MapIterator{ - target: target, - maxEntries: target.maxEntries, - prevBytes: make([]byte, target.keySize), - } -} - -// Next decodes the next key and value. -// -// Iterating a hash map from which keys are being deleted is not -// safe. You may see the same key multiple times. Iteration may -// also abort with an error, see IsIterationAborted. -// -// Returns false if there are no more entries. You must check -// the result of Err afterwards. -// -// See Map.Get for further caveats around valueOut. -func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { - if mi.err != nil || mi.done { - return false - } - - // For array-like maps NextKeyBytes returns nil only on after maxEntries - // iterations. - for mi.count <= mi.maxEntries { - var nextBytes []byte - nextBytes, mi.err = mi.target.NextKeyBytes(mi.prevKey) - if mi.err != nil { - return false - } - - if nextBytes == nil { - mi.done = true - return false - } - - // The user can get access to nextBytes since unmarshalBytes - // does not copy when unmarshaling into a []byte. - // Make a copy to prevent accidental corruption of - // iterator state. - copy(mi.prevBytes, nextBytes) - mi.prevKey = mi.prevBytes - - mi.count++ - mi.err = mi.target.Lookup(nextBytes, valueOut) - if errors.Is(mi.err, ErrKeyNotExist) { - // Even though the key should be valid, we couldn't look up - // its value. If we're iterating a hash map this is probably - // because a concurrent delete removed the value before we - // could get it. This means that the next call to NextKeyBytes - // is very likely to restart iteration. - // If we're iterating one of the fd maps like - // ProgramArray it means that a given slot doesn't have - // a valid fd associated. It's OK to continue to the next slot. - continue - } - if mi.err != nil { - return false - } - - mi.err = mi.target.unmarshalKey(keyOut, nextBytes) - return mi.err == nil - } - - mi.err = fmt.Errorf("%w", ErrIterationAborted) - return false -} - -// Err returns any encountered error. -// -// The method must be called after Next returns nil. -// -// Returns ErrIterationAborted if it wasn't possible to do a full iteration. -func (mi *MapIterator) Err() error { - return mi.err -} - -// MapGetNextID returns the ID of the next eBPF map. -// -// Returns ErrNotExist, if there is no next eBPF map. -func MapGetNextID(startID MapID) (MapID, error) { - attr := &sys.MapGetNextIdAttr{Id: uint32(startID)} - return MapID(attr.NextId), sys.MapGetNextId(attr) -} - -// NewMapFromID returns the map for a given id. -// -// Returns ErrNotExist, if there is no eBPF map with the given id. -func NewMapFromID(id MapID) (*Map, error) { - fd, err := sys.MapGetFdById(&sys.MapGetFdByIdAttr{ - Id: uint32(id), - }) - if err != nil { - return nil, err - } - - return newMapFromFD(fd) -} diff --git a/vendor/github.com/cilium/ebpf/marshalers.go b/vendor/github.com/cilium/ebpf/marshalers.go deleted file mode 100644 index 544d17f35e..0000000000 --- a/vendor/github.com/cilium/ebpf/marshalers.go +++ /dev/null @@ -1,247 +0,0 @@ -package ebpf - -import ( - "bytes" - "encoding" - "encoding/binary" - "errors" - "fmt" - "reflect" - "runtime" - "sync" - "unsafe" - - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" -) - -// marshalPtr converts an arbitrary value into a pointer suitable -// to be passed to the kernel. -// -// As an optimization, it returns the original value if it is an -// unsafe.Pointer. -func marshalPtr(data interface{}, length int) (sys.Pointer, error) { - if ptr, ok := data.(unsafe.Pointer); ok { - return sys.NewPointer(ptr), nil - } - - buf, err := marshalBytes(data, length) - if err != nil { - return sys.Pointer{}, err - } - - return sys.NewSlicePointer(buf), nil -} - -// marshalBytes converts an arbitrary value into a byte buffer. -// -// Prefer using Map.marshalKey and Map.marshalValue if possible, since -// those have special cases that allow more types to be encoded. -// -// Returns an error if the given value isn't representable in exactly -// length bytes. -func marshalBytes(data interface{}, length int) (buf []byte, err error) { - if data == nil { - return nil, errors.New("can't marshal a nil value") - } - - switch value := data.(type) { - case encoding.BinaryMarshaler: - buf, err = value.MarshalBinary() - case string: - buf = []byte(value) - case []byte: - buf = value - case unsafe.Pointer: - err = errors.New("can't marshal from unsafe.Pointer") - case Map, *Map, Program, *Program: - err = fmt.Errorf("can't marshal %T", value) - default: - var wr bytes.Buffer - err = binary.Write(&wr, internal.NativeEndian, value) - if err != nil { - err = fmt.Errorf("encoding %T: %v", value, err) - } - buf = wr.Bytes() - } - if err != nil { - return nil, err - } - - if len(buf) != length { - return nil, fmt.Errorf("%T doesn't marshal to %d bytes", data, length) - } - return buf, nil -} - -func makeBuffer(dst interface{}, length int) (sys.Pointer, []byte) { - if ptr, ok := dst.(unsafe.Pointer); ok { - return sys.NewPointer(ptr), nil - } - - buf := make([]byte, length) - return sys.NewSlicePointer(buf), buf -} - -var bytesReaderPool = sync.Pool{ - New: func() interface{} { - return new(bytes.Reader) - }, -} - -// unmarshalBytes converts a byte buffer into an arbitrary value. -// -// Prefer using Map.unmarshalKey and Map.unmarshalValue if possible, since -// those have special cases that allow more types to be encoded. -// -// The common int32 and int64 types are directly handled to avoid -// unnecessary heap allocations as happening in the default case. -func unmarshalBytes(data interface{}, buf []byte) error { - switch value := data.(type) { - case unsafe.Pointer: - dst := unsafe.Slice((*byte)(value), len(buf)) - copy(dst, buf) - runtime.KeepAlive(value) - return nil - case Map, *Map, Program, *Program: - return fmt.Errorf("can't unmarshal into %T", value) - case encoding.BinaryUnmarshaler: - return value.UnmarshalBinary(buf) - case *string: - *value = string(buf) - return nil - case *[]byte: - *value = buf - return nil - case *int32: - if len(buf) < 4 { - return errors.New("int32 requires 4 bytes") - } - *value = int32(internal.NativeEndian.Uint32(buf)) - return nil - case *uint32: - if len(buf) < 4 { - return errors.New("uint32 requires 4 bytes") - } - *value = internal.NativeEndian.Uint32(buf) - return nil - case *int64: - if len(buf) < 8 { - return errors.New("int64 requires 8 bytes") - } - *value = int64(internal.NativeEndian.Uint64(buf)) - return nil - case *uint64: - if len(buf) < 8 { - return errors.New("uint64 requires 8 bytes") - } - *value = internal.NativeEndian.Uint64(buf) - return nil - case string: - return errors.New("require pointer to string") - case []byte: - return errors.New("require pointer to []byte") - default: - rd := bytesReaderPool.Get().(*bytes.Reader) - rd.Reset(buf) - defer bytesReaderPool.Put(rd) - if err := binary.Read(rd, internal.NativeEndian, value); err != nil { - return fmt.Errorf("decoding %T: %v", value, err) - } - return nil - } -} - -// marshalPerCPUValue encodes a slice containing one value per -// possible CPU into a buffer of bytes. -// -// Values are initialized to zero if the slice has less elements than CPUs. -// -// slice must have a type like []elementType. -func marshalPerCPUValue(slice interface{}, elemLength int) (sys.Pointer, error) { - sliceType := reflect.TypeOf(slice) - if sliceType.Kind() != reflect.Slice { - return sys.Pointer{}, errors.New("per-CPU value requires slice") - } - - possibleCPUs, err := internal.PossibleCPUs() - if err != nil { - return sys.Pointer{}, err - } - - sliceValue := reflect.ValueOf(slice) - sliceLen := sliceValue.Len() - if sliceLen > possibleCPUs { - return sys.Pointer{}, fmt.Errorf("per-CPU value exceeds number of CPUs") - } - - alignedElemLength := internal.Align(elemLength, 8) - buf := make([]byte, alignedElemLength*possibleCPUs) - - for i := 0; i < sliceLen; i++ { - elem := sliceValue.Index(i).Interface() - elemBytes, err := marshalBytes(elem, elemLength) - if err != nil { - return sys.Pointer{}, err - } - - offset := i * alignedElemLength - copy(buf[offset:offset+elemLength], elemBytes) - } - - return sys.NewSlicePointer(buf), nil -} - -// unmarshalPerCPUValue decodes a buffer into a slice containing one value per -// possible CPU. -// -// valueOut must have a type like *[]elementType -func unmarshalPerCPUValue(slicePtr interface{}, elemLength int, buf []byte) error { - slicePtrType := reflect.TypeOf(slicePtr) - if slicePtrType.Kind() != reflect.Ptr || slicePtrType.Elem().Kind() != reflect.Slice { - return fmt.Errorf("per-cpu value requires pointer to slice") - } - - possibleCPUs, err := internal.PossibleCPUs() - if err != nil { - return err - } - - sliceType := slicePtrType.Elem() - slice := reflect.MakeSlice(sliceType, possibleCPUs, possibleCPUs) - - sliceElemType := sliceType.Elem() - sliceElemIsPointer := sliceElemType.Kind() == reflect.Ptr - if sliceElemIsPointer { - sliceElemType = sliceElemType.Elem() - } - - step := len(buf) / possibleCPUs - if step < elemLength { - return fmt.Errorf("per-cpu element length is larger than available data") - } - for i := 0; i < possibleCPUs; i++ { - var elem interface{} - if sliceElemIsPointer { - newElem := reflect.New(sliceElemType) - slice.Index(i).Set(newElem) - elem = newElem.Interface() - } else { - elem = slice.Index(i).Addr().Interface() - } - - // Make a copy, since unmarshal can hold on to itemBytes - elemBytes := make([]byte, elemLength) - copy(elemBytes, buf[:elemLength]) - - err := unmarshalBytes(elem, elemBytes) - if err != nil { - return fmt.Errorf("cpu %d: %w", i, err) - } - - buf = buf[step:] - } - - reflect.ValueOf(slicePtr).Elem().Set(slice) - return nil -} diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go deleted file mode 100644 index 675edc711d..0000000000 --- a/vendor/github.com/cilium/ebpf/prog.go +++ /dev/null @@ -1,875 +0,0 @@ -package ebpf - -import ( - "bytes" - "encoding/binary" - "errors" - "fmt" - "math" - "path/filepath" - "runtime" - "strings" - "time" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// ErrNotSupported is returned whenever the kernel doesn't support a feature. -var ErrNotSupported = internal.ErrNotSupported - -// ProgramID represents the unique ID of an eBPF program. -type ProgramID uint32 - -const ( - // Number of bytes to pad the output buffer for BPF_PROG_TEST_RUN. - // This is currently the maximum of spare space allocated for SKB - // and XDP programs, and equal to XDP_PACKET_HEADROOM + NET_IP_ALIGN. - outputPad = 256 + 2 -) - -// DefaultVerifierLogSize is the default number of bytes allocated for the -// verifier log. -const DefaultVerifierLogSize = 64 * 1024 - -// ProgramOptions control loading a program into the kernel. -type ProgramOptions struct { - // Controls the detail emitted by the kernel verifier. Set to non-zero - // to enable logging. - LogLevel uint32 - // Controls the output buffer size for the verifier. Defaults to - // DefaultVerifierLogSize. - LogSize int - // Type information used for CO-RE relocations and when attaching to - // kernel functions. - // - // This is useful in environments where the kernel BTF is not available - // (containers) or where it is in a non-standard location. Defaults to - // use the kernel BTF from a well-known location if nil. - KernelTypes *btf.Spec -} - -// ProgramSpec defines a Program. -type ProgramSpec struct { - // Name is passed to the kernel as a debug aid. Must only contain - // alpha numeric and '_' characters. - Name string - - // Type determines at which hook in the kernel a program will run. - Type ProgramType - - // AttachType of the program, needed to differentiate allowed context - // accesses in some newer program types like CGroupSockAddr. - // - // Available on kernels 4.17 and later. - AttachType AttachType - - // Name of a kernel data structure or function to attach to. Its - // interpretation depends on Type and AttachType. - AttachTo string - - // The program to attach to. Must be provided manually. - AttachTarget *Program - - // The name of the ELF section this program orininated from. - SectionName string - - Instructions asm.Instructions - - // Flags is passed to the kernel and specifies additional program - // load attributes. - Flags uint32 - - // License of the program. Some helpers are only available if - // the license is deemed compatible with the GPL. - // - // See https://www.kernel.org/doc/html/latest/process/license-rules.html#id1 - License string - - // Version used by Kprobe programs. - // - // Deprecated on kernels 5.0 and later. Leave empty to let the library - // detect this value automatically. - KernelVersion uint32 - - // The BTF associated with this program. Changing Instructions - // will most likely invalidate the contained data, and may - // result in errors when attempting to load it into the kernel. - BTF *btf.Spec - - // The byte order this program was compiled for, may be nil. - ByteOrder binary.ByteOrder -} - -// Copy returns a copy of the spec. -func (ps *ProgramSpec) Copy() *ProgramSpec { - if ps == nil { - return nil - } - - cpy := *ps - cpy.Instructions = make(asm.Instructions, len(ps.Instructions)) - copy(cpy.Instructions, ps.Instructions) - return &cpy -} - -// Tag calculates the kernel tag for a series of instructions. -// -// Use asm.Instructions.Tag if you need to calculate for non-native endianness. -func (ps *ProgramSpec) Tag() (string, error) { - return ps.Instructions.Tag(internal.NativeEndian) -} - -type VerifierError = internal.VerifierError - -// Program represents BPF program loaded into the kernel. -// -// It is not safe to close a Program which is used by other goroutines. -type Program struct { - // Contains the output of the kernel verifier if enabled, - // otherwise it is empty. - VerifierLog string - - fd *sys.FD - name string - pinnedPath string - typ ProgramType -} - -// NewProgram creates a new Program. -// -// See NewProgramWithOptions for details. -func NewProgram(spec *ProgramSpec) (*Program, error) { - return NewProgramWithOptions(spec, ProgramOptions{}) -} - -// NewProgramWithOptions creates a new Program. -// -// Loading a program for the first time will perform -// feature detection by loading small, temporary programs. -// -// Returns an error wrapping VerifierError if the program or its BTF is rejected -// by the kernel. -func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) { - if spec == nil { - return nil, errors.New("can't load a program from a nil spec") - } - - handles := newHandleCache() - defer handles.close() - - prog, err := newProgramWithOptions(spec, opts, handles) - if errors.Is(err, asm.ErrUnsatisfiedMapReference) { - return nil, fmt.Errorf("cannot load program without loading its whole collection: %w", err) - } - return prog, err -} - -func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *handleCache) (*Program, error) { - if len(spec.Instructions) == 0 { - return nil, errors.New("instructions cannot be empty") - } - - if spec.Type == UnspecifiedProgram { - return nil, errors.New("can't load program of unspecified type") - } - - if spec.ByteOrder != nil && spec.ByteOrder != internal.NativeEndian { - return nil, fmt.Errorf("can't load %s program on %s", spec.ByteOrder, internal.NativeEndian) - } - - // Kernels before 5.0 (6c4fc209fcf9 "bpf: remove useless version check for prog load") - // require the version field to be set to the value of the KERNEL_VERSION - // macro for kprobe-type programs. - // Overwrite Kprobe program version if set to zero or the magic version constant. - kv := spec.KernelVersion - if spec.Type == Kprobe && (kv == 0 || kv == internal.MagicKernelVersion) { - v, err := internal.KernelVersion() - if err != nil { - return nil, fmt.Errorf("detecting kernel version: %w", err) - } - kv = v.Kernel() - } - - attr := &sys.ProgLoadAttr{ - ProgType: sys.ProgType(spec.Type), - ProgFlags: spec.Flags, - ExpectedAttachType: sys.AttachType(spec.AttachType), - License: sys.NewStringPointer(spec.License), - KernVersion: kv, - } - - if haveObjName() == nil { - attr.ProgName = sys.NewObjName(spec.Name) - } - - kernelTypes := opts.KernelTypes - - insns := make(asm.Instructions, len(spec.Instructions)) - copy(insns, spec.Instructions) - - var btfDisabled bool - if spec.BTF != nil { - if err := applyRelocations(insns, spec.BTF, kernelTypes); err != nil { - return nil, fmt.Errorf("apply CO-RE relocations: %w", err) - } - - handle, err := handles.btfHandle(spec.BTF) - btfDisabled = errors.Is(err, btf.ErrNotSupported) - if err != nil && !btfDisabled { - return nil, fmt.Errorf("load BTF: %w", err) - } - - if handle != nil { - attr.ProgBtfFd = uint32(handle.FD()) - - fib, lib, err := btf.MarshalExtInfos(insns, spec.BTF.TypeID) - if err != nil { - return nil, err - } - - attr.FuncInfoRecSize = btf.FuncInfoSize - attr.FuncInfoCnt = uint32(len(fib)) / btf.FuncInfoSize - attr.FuncInfo = sys.NewSlicePointer(fib) - - attr.LineInfoRecSize = btf.LineInfoSize - attr.LineInfoCnt = uint32(len(lib)) / btf.LineInfoSize - attr.LineInfo = sys.NewSlicePointer(lib) - } - } - - if err := fixupAndValidate(insns); err != nil { - return nil, err - } - - buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) - err := insns.Marshal(buf, internal.NativeEndian) - if err != nil { - return nil, err - } - - bytecode := buf.Bytes() - attr.Insns = sys.NewSlicePointer(bytecode) - attr.InsnCnt = uint32(len(bytecode) / asm.InstructionSize) - - if spec.AttachTarget != nil { - targetID, err := findTargetInProgram(spec.AttachTarget, spec.AttachTo, spec.Type, spec.AttachType) - if err != nil { - return nil, fmt.Errorf("attach %s/%s: %w", spec.Type, spec.AttachType, err) - } - - attr.AttachBtfId = uint32(targetID) - attr.AttachProgFd = uint32(spec.AttachTarget.FD()) - defer runtime.KeepAlive(spec.AttachTarget) - } else if spec.AttachTo != "" { - targetID, err := findTargetInKernel(kernelTypes, spec.AttachTo, spec.Type, spec.AttachType) - if err != nil && !errors.Is(err, errUnrecognizedAttachType) { - // We ignore errUnrecognizedAttachType since AttachTo may be non-empty - // for programs that don't attach anywhere. - return nil, fmt.Errorf("attach %s/%s: %w", spec.Type, spec.AttachType, err) - } - - attr.AttachBtfId = uint32(targetID) - } - - logSize := DefaultVerifierLogSize - if opts.LogSize > 0 { - logSize = opts.LogSize - } - - var logBuf []byte - if opts.LogLevel > 0 { - logBuf = make([]byte, logSize) - attr.LogLevel = opts.LogLevel - attr.LogSize = uint32(len(logBuf)) - attr.LogBuf = sys.NewSlicePointer(logBuf) - } - - fd, err := sys.ProgLoad(attr) - if err == nil { - return &Program{unix.ByteSliceToString(logBuf), fd, spec.Name, "", spec.Type}, nil - } - - if opts.LogLevel == 0 && opts.LogSize >= 0 { - // Re-run with the verifier enabled to get better error messages. - logBuf = make([]byte, logSize) - attr.LogLevel = 1 - attr.LogSize = uint32(len(logBuf)) - attr.LogBuf = sys.NewSlicePointer(logBuf) - _, _ = sys.ProgLoad(attr) - } - - switch { - case errors.Is(err, unix.EPERM): - if len(logBuf) > 0 && logBuf[0] == 0 { - // EPERM due to RLIMIT_MEMLOCK happens before the verifier, so we can - // check that the log is empty to reduce false positives. - return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) - } - - fallthrough - - case errors.Is(err, unix.EINVAL): - if hasFunctionReferences(spec.Instructions) { - if err := haveBPFToBPFCalls(); err != nil { - return nil, fmt.Errorf("load program: %w", err) - } - } - } - - err = internal.ErrorWithLog(err, logBuf) - if btfDisabled { - return nil, fmt.Errorf("load program: %w (BTF disabled)", err) - } - return nil, fmt.Errorf("load program: %w", err) -} - -// NewProgramFromFD creates a program from a raw fd. -// -// You should not use fd after calling this function. -// -// Requires at least Linux 4.10. -func NewProgramFromFD(fd int) (*Program, error) { - f, err := sys.NewFD(fd) - if err != nil { - return nil, err - } - - return newProgramFromFD(f) -} - -// NewProgramFromID returns the program for a given id. -// -// Returns ErrNotExist, if there is no eBPF program with the given id. -func NewProgramFromID(id ProgramID) (*Program, error) { - fd, err := sys.ProgGetFdById(&sys.ProgGetFdByIdAttr{ - Id: uint32(id), - }) - if err != nil { - return nil, fmt.Errorf("get program by id: %w", err) - } - - return newProgramFromFD(fd) -} - -func newProgramFromFD(fd *sys.FD) (*Program, error) { - info, err := newProgramInfoFromFd(fd) - if err != nil { - fd.Close() - return nil, fmt.Errorf("discover program type: %w", err) - } - - return &Program{"", fd, "", "", info.Type}, nil -} - -func (p *Program) String() string { - if p.name != "" { - return fmt.Sprintf("%s(%s)#%v", p.typ, p.name, p.fd) - } - return fmt.Sprintf("%s(%v)", p.typ, p.fd) -} - -// Type returns the underlying type of the program. -func (p *Program) Type() ProgramType { - return p.typ -} - -// Info returns metadata about the program. -// -// Requires at least 4.10. -func (p *Program) Info() (*ProgramInfo, error) { - return newProgramInfoFromFd(p.fd) -} - -// Handle returns a reference to the program's type information in the kernel. -// -// Returns ErrNotSupported if the kernel has no BTF support, or if there is no -// BTF associated with the program. -func (p *Program) Handle() (*btf.Handle, error) { - info, err := p.Info() - if err != nil { - return nil, err - } - - id, ok := info.BTFID() - if !ok { - return nil, fmt.Errorf("program %s: retrieve BTF ID: %w", p, ErrNotSupported) - } - - return btf.NewHandleFromID(id) -} - -// FD gets the file descriptor of the Program. -// -// It is invalid to call this function after Close has been called. -func (p *Program) FD() int { - return p.fd.Int() -} - -// Clone creates a duplicate of the Program. -// -// Closing the duplicate does not affect the original, and vice versa. -// -// Cloning a nil Program returns nil. -func (p *Program) Clone() (*Program, error) { - if p == nil { - return nil, nil - } - - dup, err := p.fd.Dup() - if err != nil { - return nil, fmt.Errorf("can't clone program: %w", err) - } - - return &Program{p.VerifierLog, dup, p.name, "", p.typ}, nil -} - -// Pin persists the Program on the BPF virtual file system past the lifetime of -// the process that created it -// -// Calling Pin on a previously pinned program will overwrite the path, except when -// the new path already exists. Re-pinning across filesystems is not supported. -// -// This requires bpffs to be mounted above fileName. See https://docs.cilium.io/en/k8s-doc/admin/#admin-mount-bpffs -func (p *Program) Pin(fileName string) error { - if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil { - return err - } - p.pinnedPath = fileName - return nil -} - -// Unpin removes the persisted state for the Program from the BPF virtual filesystem. -// -// Failed calls to Unpin will not alter the state returned by IsPinned. -// -// Unpinning an unpinned Program returns nil. -func (p *Program) Unpin() error { - if err := internal.Unpin(p.pinnedPath); err != nil { - return err - } - p.pinnedPath = "" - return nil -} - -// IsPinned returns true if the Program has a non-empty pinned path. -func (p *Program) IsPinned() bool { - return p.pinnedPath != "" -} - -// Close the Program's underlying file descriptor, which could unload -// the program from the kernel if it is not pinned or attached to a -// kernel hook. -func (p *Program) Close() error { - if p == nil { - return nil - } - - return p.fd.Close() -} - -// Various options for Run'ing a Program -type RunOptions struct { - // Program's data input. Required field. - Data []byte - // Program's data after Program has run. Caller must allocate. Optional field. - DataOut []byte - // Program's context input. Optional field. - Context interface{} - // Program's context after Program has run. Must be a pointer or slice. Optional field. - ContextOut interface{} - // Number of times to run Program. Optional field. Defaults to 1. - Repeat uint32 - // Optional flags. - Flags uint32 - // CPU to run Program on. Optional field. - // Note not all program types support this field. - CPU uint32 - // Called whenever the syscall is interrupted, and should be set to testing.B.ResetTimer - // or similar. Typically used during benchmarking. Optional field. - Reset func() -} - -// Test runs the Program in the kernel with the given input and returns the -// value returned by the eBPF program. outLen may be zero. -// -// Note: the kernel expects at least 14 bytes input for an ethernet header for -// XDP and SKB programs. -// -// This function requires at least Linux 4.12. -func (p *Program) Test(in []byte) (uint32, []byte, error) { - // Older kernels ignore the dataSizeOut argument when copying to user space. - // Combined with things like bpf_xdp_adjust_head() we don't really know what the final - // size will be. Hence we allocate an output buffer which we hope will always be large - // enough, and panic if the kernel wrote past the end of the allocation. - // See https://patchwork.ozlabs.org/cover/1006822/ - var out []byte - if len(in) > 0 { - out = make([]byte, len(in)+outputPad) - } - - opts := RunOptions{ - Data: in, - DataOut: out, - Repeat: 1, - } - - ret, _, err := p.testRun(&opts) - if err != nil { - return ret, nil, fmt.Errorf("can't test program: %w", err) - } - return ret, opts.DataOut, nil -} - -// Run runs the Program in kernel with given RunOptions. -// -// Note: the same restrictions from Test apply. -func (p *Program) Run(opts *RunOptions) (uint32, error) { - ret, _, err := p.testRun(opts) - if err != nil { - return ret, fmt.Errorf("can't test program: %w", err) - } - return ret, nil -} - -// Benchmark runs the Program with the given input for a number of times -// and returns the time taken per iteration. -// -// Returns the result of the last execution of the program and the time per -// run or an error. reset is called whenever the benchmark syscall is -// interrupted, and should be set to testing.B.ResetTimer or similar. -// -// Note: profiling a call to this function will skew it's results, see -// https://github.com/cilium/ebpf/issues/24 -// -// This function requires at least Linux 4.12. -func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.Duration, error) { - if uint(repeat) > math.MaxUint32 { - return 0, 0, fmt.Errorf("repeat is too high") - } - - opts := RunOptions{ - Data: in, - Repeat: uint32(repeat), - Reset: reset, - } - - ret, total, err := p.testRun(&opts) - if err != nil { - return ret, total, fmt.Errorf("can't benchmark program: %w", err) - } - return ret, total, nil -} - -var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() error { - prog, err := NewProgram(&ProgramSpec{ - // SocketFilter does not require privileges on newer kernels. - Type: SocketFilter, - Instructions: asm.Instructions{ - asm.LoadImm(asm.R0, 0, asm.DWord), - asm.Return(), - }, - License: "MIT", - }) - if err != nil { - // This may be because we lack sufficient permissions, etc. - return err - } - defer prog.Close() - - // Programs require at least 14 bytes input - in := make([]byte, 14) - attr := sys.ProgRunAttr{ - ProgFd: uint32(prog.FD()), - DataSizeIn: uint32(len(in)), - DataIn: sys.NewSlicePointer(in), - } - - err = sys.ProgRun(&attr) - switch { - case errors.Is(err, unix.EINVAL): - // Check for EINVAL specifically, rather than err != nil since we - // otherwise misdetect due to insufficient permissions. - return internal.ErrNotSupported - - case errors.Is(err, unix.EINTR): - // We know that PROG_TEST_RUN is supported if we get EINTR. - return nil - - case errors.Is(err, unix.ENOTSUPP): - // The first PROG_TEST_RUN patches shipped in 4.12 didn't include - // a test runner for SocketFilter. ENOTSUPP means PROG_TEST_RUN is - // supported, but not for the program type used in the probe. - return nil - } - - return err -}) - -func (p *Program) testRun(opts *RunOptions) (uint32, time.Duration, error) { - if uint(len(opts.Data)) > math.MaxUint32 { - return 0, 0, fmt.Errorf("input is too long") - } - - if err := haveProgTestRun(); err != nil { - return 0, 0, err - } - - var ctxBytes []byte - if opts.Context != nil { - ctx := new(bytes.Buffer) - if err := binary.Write(ctx, internal.NativeEndian, opts.Context); err != nil { - return 0, 0, fmt.Errorf("cannot serialize context: %v", err) - } - ctxBytes = ctx.Bytes() - } - - var ctxOut []byte - if opts.ContextOut != nil { - ctxOut = make([]byte, binary.Size(opts.ContextOut)) - } - - attr := sys.ProgRunAttr{ - ProgFd: p.fd.Uint(), - DataSizeIn: uint32(len(opts.Data)), - DataSizeOut: uint32(len(opts.DataOut)), - DataIn: sys.NewSlicePointer(opts.Data), - DataOut: sys.NewSlicePointer(opts.DataOut), - Repeat: uint32(opts.Repeat), - CtxSizeIn: uint32(len(ctxBytes)), - CtxSizeOut: uint32(len(ctxOut)), - CtxIn: sys.NewSlicePointer(ctxBytes), - CtxOut: sys.NewSlicePointer(ctxOut), - Flags: opts.Flags, - Cpu: opts.CPU, - } - - for { - err := sys.ProgRun(&attr) - if err == nil { - break - } - - if errors.Is(err, unix.EINTR) { - if opts.Reset != nil { - opts.Reset() - } - continue - } - - if errors.Is(err, unix.ENOTSUPP) { - return 0, 0, fmt.Errorf("kernel doesn't support testing program type %s: %w", p.Type(), ErrNotSupported) - } - - return 0, 0, fmt.Errorf("can't run test: %w", err) - } - - if opts.DataOut != nil { - if int(attr.DataSizeOut) > cap(opts.DataOut) { - // Houston, we have a problem. The program created more data than we allocated, - // and the kernel wrote past the end of our buffer. - panic("kernel wrote past end of output buffer") - } - opts.DataOut = opts.DataOut[:int(attr.DataSizeOut)] - } - - if len(ctxOut) != 0 { - b := bytes.NewReader(ctxOut) - if err := binary.Read(b, internal.NativeEndian, opts.ContextOut); err != nil { - return 0, 0, fmt.Errorf("failed to decode ContextOut: %v", err) - } - } - - total := time.Duration(attr.Duration) * time.Nanosecond - return attr.Retval, total, nil -} - -func unmarshalProgram(buf []byte) (*Program, error) { - if len(buf) != 4 { - return nil, errors.New("program id requires 4 byte value") - } - - // Looking up an entry in a nested map or prog array returns an id, - // not an fd. - id := internal.NativeEndian.Uint32(buf) - return NewProgramFromID(ProgramID(id)) -} - -func marshalProgram(p *Program, length int) ([]byte, error) { - if length != 4 { - return nil, fmt.Errorf("can't marshal program to %d bytes", length) - } - - buf := make([]byte, 4) - internal.NativeEndian.PutUint32(buf, p.fd.Uint()) - return buf, nil -} - -// LoadPinnedProgram loads a Program from a BPF file. -// -// Requires at least Linux 4.11. -func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ - Pathname: sys.NewStringPointer(fileName), - FileFlags: opts.Marshal(), - }) - if err != nil { - return nil, err - } - - info, err := newProgramInfoFromFd(fd) - if err != nil { - _ = fd.Close() - return nil, fmt.Errorf("info for %s: %w", fileName, err) - } - - return &Program{"", fd, filepath.Base(fileName), fileName, info.Type}, nil -} - -// SanitizeName replaces all invalid characters in name with replacement. -// Passing a negative value for replacement will delete characters instead -// of replacing them. Use this to automatically generate valid names for maps -// and programs at runtime. -// -// The set of allowed characters depends on the running kernel version. -// Dots are only allowed as of kernel 5.2. -func SanitizeName(name string, replacement rune) string { - return strings.Map(func(char rune) rune { - if invalidBPFObjNameChar(char) { - return replacement - } - return char - }, name) -} - -// ProgramGetNextID returns the ID of the next eBPF program. -// -// Returns ErrNotExist, if there is no next eBPF program. -func ProgramGetNextID(startID ProgramID) (ProgramID, error) { - attr := &sys.ProgGetNextIdAttr{Id: uint32(startID)} - return ProgramID(attr.NextId), sys.ProgGetNextId(attr) -} - -// BindMap binds map to the program and is only released once program is released. -// -// This may be used in cases where metadata should be associated with the program -// which otherwise does not contain any references to the map. -func (p *Program) BindMap(m *Map) error { - attr := &sys.ProgBindMapAttr{ - ProgFd: uint32(p.FD()), - MapFd: uint32(m.FD()), - } - - return sys.ProgBindMap(attr) -} - -var errUnrecognizedAttachType = errors.New("unrecognized attach type") - -// find an attach target type in the kernel. -// -// spec may be nil and defaults to the canonical kernel BTF. name together with -// progType and attachType determine which type we need to attach to. -// -// Returns errUnrecognizedAttachType. -func findTargetInKernel(spec *btf.Spec, name string, progType ProgramType, attachType AttachType) (btf.TypeID, error) { - type match struct { - p ProgramType - a AttachType - } - - var ( - typeName, featureName string - isBTFTypeFunc = true - ) - - switch (match{progType, attachType}) { - case match{LSM, AttachLSMMac}: - typeName = "bpf_lsm_" + name - featureName = name + " LSM hook" - case match{Tracing, AttachTraceIter}: - typeName = "bpf_iter_" + name - featureName = name + " iterator" - case match{Tracing, AttachTraceFEntry}: - typeName = name - featureName = fmt.Sprintf("fentry %s", name) - case match{Tracing, AttachTraceFExit}: - typeName = name - featureName = fmt.Sprintf("fexit %s", name) - case match{Tracing, AttachModifyReturn}: - typeName = name - featureName = fmt.Sprintf("fmod_ret %s", name) - case match{Tracing, AttachTraceRawTp}: - typeName = fmt.Sprintf("btf_trace_%s", name) - featureName = fmt.Sprintf("raw_tp %s", name) - isBTFTypeFunc = false - default: - return 0, errUnrecognizedAttachType - } - - spec, err := maybeLoadKernelBTF(spec) - if err != nil { - return 0, fmt.Errorf("load kernel spec: %w", err) - } - - var target btf.Type - if isBTFTypeFunc { - var targetFunc *btf.Func - err = spec.TypeByName(typeName, &targetFunc) - target = targetFunc - } else { - var targetTypedef *btf.Typedef - err = spec.TypeByName(typeName, &targetTypedef) - target = targetTypedef - } - - if err != nil { - if errors.Is(err, btf.ErrNotFound) { - return 0, &internal.UnsupportedFeatureError{ - Name: featureName, - } - } - return 0, fmt.Errorf("find target for %s: %w", featureName, err) - } - - return spec.TypeID(target) -} - -// find an attach target type in a program. -// -// Returns errUnrecognizedAttachType. -func findTargetInProgram(prog *Program, name string, progType ProgramType, attachType AttachType) (btf.TypeID, error) { - type match struct { - p ProgramType - a AttachType - } - - var typeName string - switch (match{progType, attachType}) { - case match{Extension, AttachNone}: - typeName = name - default: - return 0, errUnrecognizedAttachType - } - - btfHandle, err := prog.Handle() - if err != nil { - return 0, fmt.Errorf("load target BTF: %w", err) - } - defer btfHandle.Close() - - spec, err := btfHandle.Spec(nil) - if err != nil { - return 0, err - } - - var targetFunc *btf.Func - err = spec.TypeByName(typeName, &targetFunc) - if err != nil { - return 0, fmt.Errorf("find target %s: %w", typeName, err) - } - - return spec.TypeID(targetFunc) -} diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh deleted file mode 100644 index c21cca9e5e..0000000000 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/env bash -# Test the current package under a different kernel. -# Requires virtme and qemu to be installed. -# Examples: -# Run all tests on a 5.4 kernel -# $ ./run-tests.sh 5.4 -# Run a subset of tests: -# $ ./run-tests.sh 5.4 ./link - -set -euo pipefail - -script="$(realpath "$0")" -readonly script - -# This script is a bit like a Matryoshka doll since it keeps re-executing itself -# in various different contexts: -# -# 1. invoked by the user like run-tests.sh 5.4 -# 2. invoked by go test like run-tests.sh --exec-vm -# 3. invoked by init in the vm like run-tests.sh --exec-test -# -# This allows us to use all available CPU on the host machine to compile our -# code, and then only use the VM to execute the test. This is because the VM -# is usually slower at compiling than the host. -if [[ "${1:-}" = "--exec-vm" ]]; then - shift - - input="$1" - shift - - # Use sudo if /dev/kvm isn't accessible by the current user. - sudo="" - if [[ ! -r /dev/kvm || ! -w /dev/kvm ]]; then - sudo="sudo" - fi - readonly sudo - - testdir="$(dirname "$1")" - output="$(mktemp -d)" - printf -v cmd "%q " "$@" - - if [[ "$(stat -c '%t:%T' -L /proc/$$/fd/0)" == "1:3" ]]; then - # stdin is /dev/null, which doesn't play well with qemu. Use a fifo as a - # blocking substitute. - mkfifo "${output}/fake-stdin" - # Open for reading and writing to avoid blocking. - exec 0<> "${output}/fake-stdin" - rm "${output}/fake-stdin" - fi - - for ((i = 0; i < 3; i++)); do - if ! $sudo virtme-run --kimg "${input}/bzImage" --memory 768M --pwd \ - --rwdir="${testdir}=${testdir}" \ - --rodir=/run/input="${input}" \ - --rwdir=/run/output="${output}" \ - --script-sh "PATH=\"$PATH\" CI_MAX_KERNEL_VERSION="${CI_MAX_KERNEL_VERSION:-}" \"$script\" --exec-test $cmd" \ - --kopt possible_cpus=2; then # need at least two CPUs for some tests - exit 23 - fi - - if [[ -e "${output}/status" ]]; then - break - fi - - if [[ -v CI ]]; then - echo "Retrying test run due to qemu crash" - continue - fi - - exit 42 - done - - rc=$(<"${output}/status") - $sudo rm -r "$output" - exit $rc -elif [[ "${1:-}" = "--exec-test" ]]; then - shift - - mount -t bpf bpf /sys/fs/bpf - mount -t tracefs tracefs /sys/kernel/debug/tracing - - if [[ -d "/run/input/bpf" ]]; then - export KERNEL_SELFTESTS="/run/input/bpf" - fi - - if [[ -f "/run/input/bpf/bpf_testmod/bpf_testmod.ko" ]]; then - insmod "/run/input/bpf/bpf_testmod/bpf_testmod.ko" - fi - - dmesg --clear - rc=0 - "$@" || rc=$? - dmesg - echo $rc > "/run/output/status" - exit $rc # this return code is "swallowed" by qemu -fi - -readonly kernel_version="${1:-}" -if [[ -z "${kernel_version}" ]]; then - echo "Expecting kernel version as first argument" - exit 1 -fi -shift - -readonly kernel="linux-${kernel_version}.bz" -readonly selftests="linux-${kernel_version}-selftests-bpf.tgz" -readonly input="$(mktemp -d)" -readonly tmp_dir="${TMPDIR:-/tmp}" -readonly branch="${BRANCH:-master}" - -fetch() { - echo Fetching "${1}" - pushd "${tmp_dir}" > /dev/null - curl -s -L -O --fail --etag-compare "${1}.etag" --etag-save "${1}.etag" "https://github.com/cilium/ci-kernels/raw/${branch}/${1}" - local ret=$? - popd > /dev/null - return $ret -} - -fetch "${kernel}" -cp "${tmp_dir}/${kernel}" "${input}/bzImage" - -if fetch "${selftests}"; then - echo "Decompressing selftests" - mkdir "${input}/bpf" - tar --strip-components=4 -xf "${tmp_dir}/${selftests}" -C "${input}/bpf" -else - echo "No selftests found, disabling" -fi - -args=(-short -coverpkg=./... -coverprofile=coverage.out -count 1 ./...) -if (( $# > 0 )); then - args=("$@") -fi - -export GOFLAGS=-mod=readonly -export CGO_ENABLED=0 -# LINUX_VERSION_CODE test compares this to discovered value. -export KERNEL_VERSION="${kernel_version}" - -echo Testing on "${kernel_version}" -go test -exec "$script --exec-vm $input" "${args[@]}" -echo "Test successful on ${kernel_version}" - -rm -r "${input}" diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go deleted file mode 100644 index e5c270a558..0000000000 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ /dev/null @@ -1,264 +0,0 @@ -package ebpf - -import ( - "bytes" - "errors" - "fmt" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// invalidBPFObjNameChar returns true if char may not appear in -// a BPF object name. -func invalidBPFObjNameChar(char rune) bool { - dotAllowed := objNameAllowsDot() == nil - - switch { - case char >= 'A' && char <= 'Z': - return false - case char >= 'a' && char <= 'z': - return false - case char >= '0' && char <= '9': - return false - case dotAllowed && char == '.': - return false - case char == '_': - return false - default: - return true - } -} - -func progLoad(insns asm.Instructions, typ ProgramType, license string) (*sys.FD, error) { - buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) - if err := insns.Marshal(buf, internal.NativeEndian); err != nil { - return nil, err - } - bytecode := buf.Bytes() - - return sys.ProgLoad(&sys.ProgLoadAttr{ - ProgType: sys.ProgType(typ), - License: sys.NewStringPointer(license), - Insns: sys.NewSlicePointer(bytecode), - InsnCnt: uint32(len(bytecode) / asm.InstructionSize), - }) -} - -var haveNestedMaps = internal.FeatureTest("nested maps", "4.12", func() error { - _, err := sys.MapCreate(&sys.MapCreateAttr{ - MapType: sys.MapType(ArrayOfMaps), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - // Invalid file descriptor. - InnerMapFd: ^uint32(0), - }) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - if errors.Is(err, unix.EBADF) { - return nil - } - return err -}) - -var haveMapMutabilityModifiers = internal.FeatureTest("read- and write-only maps", "5.2", func() error { - // This checks BPF_F_RDONLY_PROG and BPF_F_WRONLY_PROG. Since - // BPF_MAP_FREEZE appeared in 5.2 as well we don't do a separate check. - m, err := sys.MapCreate(&sys.MapCreateAttr{ - MapType: sys.MapType(Array), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - MapFlags: unix.BPF_F_RDONLY_PROG, - }) - if err != nil { - return internal.ErrNotSupported - } - _ = m.Close() - return nil -}) - -var haveMmapableMaps = internal.FeatureTest("mmapable maps", "5.5", func() error { - // This checks BPF_F_MMAPABLE, which appeared in 5.5 for array maps. - m, err := sys.MapCreate(&sys.MapCreateAttr{ - MapType: sys.MapType(Array), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - MapFlags: unix.BPF_F_MMAPABLE, - }) - if err != nil { - return internal.ErrNotSupported - } - _ = m.Close() - return nil -}) - -var haveInnerMaps = internal.FeatureTest("inner maps", "5.10", func() error { - // This checks BPF_F_INNER_MAP, which appeared in 5.10. - m, err := sys.MapCreate(&sys.MapCreateAttr{ - MapType: sys.MapType(Array), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - MapFlags: unix.BPF_F_INNER_MAP, - }) - if err != nil { - return internal.ErrNotSupported - } - _ = m.Close() - return nil -}) - -var haveNoPreallocMaps = internal.FeatureTest("prealloc maps", "4.6", func() error { - // This checks BPF_F_NO_PREALLOC, which appeared in 4.6. - m, err := sys.MapCreate(&sys.MapCreateAttr{ - MapType: sys.MapType(Hash), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - MapFlags: unix.BPF_F_NO_PREALLOC, - }) - if err != nil { - return internal.ErrNotSupported - } - _ = m.Close() - return nil -}) - -func wrapMapError(err error) error { - if err == nil { - return nil - } - - if errors.Is(err, unix.ENOENT) { - return sys.Error(ErrKeyNotExist, unix.ENOENT) - } - - if errors.Is(err, unix.EEXIST) { - return sys.Error(ErrKeyExist, unix.EEXIST) - } - - if errors.Is(err, unix.ENOTSUPP) { - return sys.Error(ErrNotSupported, unix.ENOTSUPP) - } - - if errors.Is(err, unix.E2BIG) { - return fmt.Errorf("key too big for map: %w", err) - } - - return err -} - -var haveObjName = internal.FeatureTest("object names", "4.15", func() error { - attr := sys.MapCreateAttr{ - MapType: sys.MapType(Array), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - MapName: sys.NewObjName("feature_test"), - } - - fd, err := sys.MapCreate(&attr) - if err != nil { - return internal.ErrNotSupported - } - - _ = fd.Close() - return nil -}) - -var objNameAllowsDot = internal.FeatureTest("dot in object names", "5.2", func() error { - if err := haveObjName(); err != nil { - return err - } - - attr := sys.MapCreateAttr{ - MapType: sys.MapType(Array), - KeySize: 4, - ValueSize: 4, - MaxEntries: 1, - MapName: sys.NewObjName(".test"), - } - - fd, err := sys.MapCreate(&attr) - if err != nil { - return internal.ErrNotSupported - } - - _ = fd.Close() - return nil -}) - -var haveBatchAPI = internal.FeatureTest("map batch api", "5.6", func() error { - var maxEntries uint32 = 2 - attr := sys.MapCreateAttr{ - MapType: sys.MapType(Hash), - KeySize: 4, - ValueSize: 4, - MaxEntries: maxEntries, - } - - fd, err := sys.MapCreate(&attr) - if err != nil { - return internal.ErrNotSupported - } - defer fd.Close() - - keys := []uint32{1, 2} - values := []uint32{3, 4} - kp, _ := marshalPtr(keys, 8) - vp, _ := marshalPtr(values, 8) - - err = sys.MapUpdateBatch(&sys.MapUpdateBatchAttr{ - MapFd: fd.Uint(), - Keys: kp, - Values: vp, - Count: maxEntries, - }) - if err != nil { - return internal.ErrNotSupported - } - return nil -}) - -var haveProbeReadKernel = internal.FeatureTest("bpf_probe_read_kernel", "5.5", func() error { - insns := asm.Instructions{ - asm.Mov.Reg(asm.R1, asm.R10), - asm.Add.Imm(asm.R1, -8), - asm.Mov.Imm(asm.R2, 8), - asm.Mov.Imm(asm.R3, 0), - asm.FnProbeReadKernel.Call(), - asm.Return(), - } - - fd, err := progLoad(insns, Kprobe, "GPL") - if err != nil { - return internal.ErrNotSupported - } - _ = fd.Close() - return nil -}) - -var haveBPFToBPFCalls = internal.FeatureTest("bpf2bpf calls", "4.16", func() error { - insns := asm.Instructions{ - asm.Call.Label("prog2").WithSymbol("prog1"), - asm.Return(), - asm.Mov.Imm(asm.R0, 0).WithSymbol("prog2"), - asm.Return(), - } - - fd, err := progLoad(insns, SocketFilter, "MIT") - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - if err != nil { - return err - } - _ = fd.Close() - return nil -}) diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go deleted file mode 100644 index a27b442474..0000000000 --- a/vendor/github.com/cilium/ebpf/types.go +++ /dev/null @@ -1,284 +0,0 @@ -package ebpf - -import ( - "github.com/cilium/ebpf/internal/unix" -) - -//go:generate stringer -output types_string.go -type=MapType,ProgramType,PinType - -// MapType indicates the type map structure -// that will be initialized in the kernel. -type MapType uint32 - -// Max returns the latest supported MapType. -func (MapType) Max() MapType { - return maxMapType - 1 -} - -// All the various map types that can be created -const ( - UnspecifiedMap MapType = iota - // Hash is a hash map - Hash - // Array is an array map - Array - // ProgramArray - A program array map is a special kind of array map whose map - // values contain only file descriptors referring to other eBPF - // programs. Thus, both the key_size and value_size must be - // exactly four bytes. This map is used in conjunction with the - // TailCall helper. - ProgramArray - // PerfEventArray - A perf event array is used in conjunction with PerfEventRead - // and PerfEventOutput calls, to read the raw bpf_perf_data from the registers. - PerfEventArray - // PerCPUHash - This data structure is useful for people who have high performance - // network needs and can reconcile adds at the end of some cycle, so that - // hashes can be lock free without the use of XAdd, which can be costly. - PerCPUHash - // PerCPUArray - This data structure is useful for people who have high performance - // network needs and can reconcile adds at the end of some cycle, so that - // hashes can be lock free without the use of XAdd, which can be costly. - // Each CPU gets a copy of this hash, the contents of all of which can be reconciled - // later. - PerCPUArray - // StackTrace - This holds whole user and kernel stack traces, it can be retrieved with - // GetStackID - StackTrace - // CGroupArray - This is a very niche structure used to help SKBInCGroup determine - // if an skb is from a socket belonging to a specific cgroup - CGroupArray - // LRUHash - This allows you to create a small hash structure that will purge the - // least recently used items rather than thow an error when you run out of memory - LRUHash - // LRUCPUHash - This is NOT like PerCPUHash, this structure is shared among the CPUs, - // it has more to do with including the CPU id with the LRU calculation so that if a - // particular CPU is using a value over-and-over again, then it will be saved, but if - // a value is being retrieved a lot but sparsely across CPUs it is not as important, basically - // giving weight to CPU locality over overall usage. - LRUCPUHash - // LPMTrie - This is an implementation of Longest-Prefix-Match Trie structure. It is useful, - // for storing things like IP addresses which can be bit masked allowing for keys of differing - // values to refer to the same reference based on their masks. See wikipedia for more details. - LPMTrie - // ArrayOfMaps - Each item in the array is another map. The inner map mustn't be a map of maps - // itself. - ArrayOfMaps - // HashOfMaps - Each item in the hash map is another map. The inner map mustn't be a map of maps - // itself. - HashOfMaps - // DevMap - Specialized map to store references to network devices. - DevMap - // SockMap - Specialized map to store references to sockets. - SockMap - // CPUMap - Specialized map to store references to CPUs. - CPUMap - // XSKMap - Specialized map for XDP programs to store references to open sockets. - XSKMap - // SockHash - Specialized hash to store references to sockets. - SockHash - // CGroupStorage - Special map for CGroups. - CGroupStorage - // ReusePortSockArray - Specialized map to store references to sockets that can be reused. - ReusePortSockArray - // PerCPUCGroupStorage - Special per CPU map for CGroups. - PerCPUCGroupStorage - // Queue - FIFO storage for BPF programs. - Queue - // Stack - LIFO storage for BPF programs. - Stack - // SkStorage - Specialized map for local storage at SK for BPF programs. - SkStorage - // DevMapHash - Hash-based indexing scheme for references to network devices. - DevMapHash - // StructOpsMap - This map holds a kernel struct with its function pointer implemented in a BPF - // program. - StructOpsMap - // RingBuf - Similar to PerfEventArray, but shared across all CPUs. - RingBuf - // InodeStorage - Specialized local storage map for inodes. - InodeStorage - // TaskStorage - Specialized local storage map for task_struct. - TaskStorage - // maxMapType - Bound enum of MapTypes, has to be last in enum. - maxMapType -) - -// hasPerCPUValue returns true if the Map stores a value per CPU. -func (mt MapType) hasPerCPUValue() bool { - return mt == PerCPUHash || mt == PerCPUArray || mt == LRUCPUHash || mt == PerCPUCGroupStorage -} - -// canStoreMap returns true if the map type accepts a map fd -// for update and returns a map id for lookup. -func (mt MapType) canStoreMap() bool { - return mt == ArrayOfMaps || mt == HashOfMaps -} - -// canStoreProgram returns true if the map type accepts a program fd -// for update and returns a program id for lookup. -func (mt MapType) canStoreProgram() bool { - return mt == ProgramArray -} - -// hasBTF returns true if the map type supports BTF key/value metadata. -func (mt MapType) hasBTF() bool { - switch mt { - case PerfEventArray, CGroupArray, StackTrace, ArrayOfMaps, HashOfMaps, DevMap, - DevMapHash, CPUMap, XSKMap, SockMap, SockHash, Queue, Stack, RingBuf: - return false - default: - return true - } -} - -// ProgramType of the eBPF program -type ProgramType uint32 - -// Max return the latest supported ProgramType. -func (ProgramType) Max() ProgramType { - return maxProgramType - 1 -} - -// eBPF program types -const ( - UnspecifiedProgram ProgramType = iota - SocketFilter - Kprobe - SchedCLS - SchedACT - TracePoint - XDP - PerfEvent - CGroupSKB - CGroupSock - LWTIn - LWTOut - LWTXmit - SockOps - SkSKB - CGroupDevice - SkMsg - RawTracepoint - CGroupSockAddr - LWTSeg6Local - LircMode2 - SkReuseport - FlowDissector - CGroupSysctl - RawTracepointWritable - CGroupSockopt - Tracing - StructOps - Extension - LSM - SkLookup - Syscall - maxProgramType -) - -// AttachType of the eBPF program, needed to differentiate allowed context accesses in -// some newer program types like CGroupSockAddr. Should be set to AttachNone if not required. -// Will cause invalid argument (EINVAL) at program load time if set incorrectly. -type AttachType uint32 - -//go:generate stringer -type AttachType -trimprefix Attach - -// AttachNone is an alias for AttachCGroupInetIngress for readability reasons. -const AttachNone AttachType = 0 - -const ( - AttachCGroupInetIngress AttachType = iota - AttachCGroupInetEgress - AttachCGroupInetSockCreate - AttachCGroupSockOps - AttachSkSKBStreamParser - AttachSkSKBStreamVerdict - AttachCGroupDevice - AttachSkMsgVerdict - AttachCGroupInet4Bind - AttachCGroupInet6Bind - AttachCGroupInet4Connect - AttachCGroupInet6Connect - AttachCGroupInet4PostBind - AttachCGroupInet6PostBind - AttachCGroupUDP4Sendmsg - AttachCGroupUDP6Sendmsg - AttachLircMode2 - AttachFlowDissector - AttachCGroupSysctl - AttachCGroupUDP4Recvmsg - AttachCGroupUDP6Recvmsg - AttachCGroupGetsockopt - AttachCGroupSetsockopt - AttachTraceRawTp - AttachTraceFEntry - AttachTraceFExit - AttachModifyReturn - AttachLSMMac - AttachTraceIter - AttachCgroupInet4GetPeername - AttachCgroupInet6GetPeername - AttachCgroupInet4GetSockname - AttachCgroupInet6GetSockname - AttachXDPDevMap - AttachCgroupInetSockRelease - AttachXDPCPUMap - AttachSkLookup - AttachXDP - AttachSkSKBVerdict - AttachSkReuseportSelect - AttachSkReuseportSelectOrMigrate - AttachPerfEvent -) - -// AttachFlags of the eBPF program used in BPF_PROG_ATTACH command -type AttachFlags uint32 - -// PinType determines whether a map is pinned into a BPFFS. -type PinType int - -// Valid pin types. -// -// Mirrors enum libbpf_pin_type. -const ( - PinNone PinType = iota - // Pin an object by using its name as the filename. - PinByName -) - -// LoadPinOptions control how a pinned object is loaded. -type LoadPinOptions struct { - // Request a read-only or write-only object. The default is a read-write - // object. Only one of the flags may be set. - ReadOnly bool - WriteOnly bool - - // Raw flags for the syscall. Other fields of this struct take precedence. - Flags uint32 -} - -// Marshal returns a value suitable for BPF_OBJ_GET syscall file_flags parameter. -func (lpo *LoadPinOptions) Marshal() uint32 { - if lpo == nil { - return 0 - } - - flags := lpo.Flags - if lpo.ReadOnly { - flags |= unix.BPF_F_RDONLY - } - if lpo.WriteOnly { - flags |= unix.BPF_F_WRONLY - } - return flags -} - -// BatchOptions batch map operations options -// -// Mirrors libbpf struct bpf_map_batch_opts -// Currently BPF_F_FLAG is the only supported -// flag (for ElemFlags). -type BatchOptions struct { - ElemFlags uint64 - Flags uint64 -} diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go deleted file mode 100644 index e80b948b09..0000000000 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ /dev/null @@ -1,120 +0,0 @@ -// Code generated by "stringer -output types_string.go -type=MapType,ProgramType,PinType"; DO NOT EDIT. - -package ebpf - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[UnspecifiedMap-0] - _ = x[Hash-1] - _ = x[Array-2] - _ = x[ProgramArray-3] - _ = x[PerfEventArray-4] - _ = x[PerCPUHash-5] - _ = x[PerCPUArray-6] - _ = x[StackTrace-7] - _ = x[CGroupArray-8] - _ = x[LRUHash-9] - _ = x[LRUCPUHash-10] - _ = x[LPMTrie-11] - _ = x[ArrayOfMaps-12] - _ = x[HashOfMaps-13] - _ = x[DevMap-14] - _ = x[SockMap-15] - _ = x[CPUMap-16] - _ = x[XSKMap-17] - _ = x[SockHash-18] - _ = x[CGroupStorage-19] - _ = x[ReusePortSockArray-20] - _ = x[PerCPUCGroupStorage-21] - _ = x[Queue-22] - _ = x[Stack-23] - _ = x[SkStorage-24] - _ = x[DevMapHash-25] - _ = x[StructOpsMap-26] - _ = x[RingBuf-27] - _ = x[InodeStorage-28] - _ = x[TaskStorage-29] - _ = x[maxMapType-30] -} - -const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStoragemaxMapType" - -var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290, 300} - -func (i MapType) String() string { - if i >= MapType(len(_MapType_index)-1) { - return "MapType(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _MapType_name[_MapType_index[i]:_MapType_index[i+1]] -} -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[UnspecifiedProgram-0] - _ = x[SocketFilter-1] - _ = x[Kprobe-2] - _ = x[SchedCLS-3] - _ = x[SchedACT-4] - _ = x[TracePoint-5] - _ = x[XDP-6] - _ = x[PerfEvent-7] - _ = x[CGroupSKB-8] - _ = x[CGroupSock-9] - _ = x[LWTIn-10] - _ = x[LWTOut-11] - _ = x[LWTXmit-12] - _ = x[SockOps-13] - _ = x[SkSKB-14] - _ = x[CGroupDevice-15] - _ = x[SkMsg-16] - _ = x[RawTracepoint-17] - _ = x[CGroupSockAddr-18] - _ = x[LWTSeg6Local-19] - _ = x[LircMode2-20] - _ = x[SkReuseport-21] - _ = x[FlowDissector-22] - _ = x[CGroupSysctl-23] - _ = x[RawTracepointWritable-24] - _ = x[CGroupSockopt-25] - _ = x[Tracing-26] - _ = x[StructOps-27] - _ = x[Extension-28] - _ = x[LSM-29] - _ = x[SkLookup-30] - _ = x[Syscall-31] - _ = x[maxProgramType-32] -} - -const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscallmaxProgramType" - -var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301, 315} - -func (i ProgramType) String() string { - if i >= ProgramType(len(_ProgramType_index)-1) { - return "ProgramType(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _ProgramType_name[_ProgramType_index[i]:_ProgramType_index[i+1]] -} -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[PinNone-0] - _ = x[PinByName-1] -} - -const _PinType_name = "PinNonePinByName" - -var _PinType_index = [...]uint8{0, 7, 16} - -func (i PinType) String() string { - if i < 0 || i >= PinType(len(_PinType_index)-1) { - return "PinType(" + strconv.FormatInt(int64(i), 10) + ")" - } - return _PinType_name[_PinType_index[i]:_PinType_index[i+1]] -} diff --git a/vendor/github.com/containerd/cgroups/v3/.gitignore b/vendor/github.com/containerd/cgroups/v3/.gitignore deleted file mode 100644 index 3465c14cf7..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -example/example -cmd/cgctl/cgctl diff --git a/vendor/github.com/containerd/cgroups/v3/LICENSE b/vendor/github.com/containerd/cgroups/v3/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/containerd/cgroups/v3/Makefile b/vendor/github.com/containerd/cgroups/v3/Makefile deleted file mode 100644 index 088572980d..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright The containerd Authors. - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -PACKAGES=$(shell go list ./... | grep -v /vendor/) - -all: cgutil - go build -v - -cgutil: - cd cmd/cgctl && go build -v - -proto: - protobuild --quiet ${PACKAGES} - # Keep them Go-idiomatic and backward-compatible with the gogo/protobuf era. - go-fix-acronym -w -a '(Cpu|Tcp|Rss)' $(shell find cgroup1/stats/ cgroup2/stats/ -name '*.pb.go') diff --git a/vendor/github.com/containerd/cgroups/v3/Protobuild.toml b/vendor/github.com/containerd/cgroups/v3/Protobuild.toml deleted file mode 100644 index cf94b1c1ab..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/Protobuild.toml +++ /dev/null @@ -1,31 +0,0 @@ -version = "2" -generators = ["go"] - -# Control protoc include paths. Below are usually some good defaults, but feel -# free to try it without them if it works for your project. -[includes] - # Include paths that will be added before all others. Typically, you want to - # treat the root of the project as an include, but this may not be necessary. - # before = ["."] - - # Paths that will be added untouched to the end of the includes. We use - # `/usr/local/include` to pickup the common install location of protobuf. - # This is the default. - after = ["/usr/local/include", "/usr/include"] - -# Aggregrate the API descriptors to lock down API changes. -[[descriptors]] -prefix = "github.com/containerd/cgroups/cgroup1/stats" -target = "cgroup1/stats/metrics.pb.txt" -ignore_files = [ - "google/protobuf/descriptor.proto", -] -[[descriptors]] -prefix = "github.com/containerd/cgroups/cgroup2/stats" -target = "cgroup2/stats/metrics.pb.txt" -ignore_files = [ - "google/protobuf/descriptor.proto", -] - -[parameters.go] -paths = "source_relative" diff --git a/vendor/github.com/containerd/cgroups/v3/README.md b/vendor/github.com/containerd/cgroups/v3/README.md deleted file mode 100644 index c7f37c612f..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/README.md +++ /dev/null @@ -1,238 +0,0 @@ -# cgroups - -[![Build Status](https://github.com/containerd/cgroups/workflows/CI/badge.svg)](https://github.com/containerd/cgroups/actions?query=workflow%3ACI) -[![codecov](https://codecov.io/gh/containerd/cgroups/branch/main/graph/badge.svg)](https://codecov.io/gh/containerd/cgroups) -[![GoDoc](https://godoc.org/github.com/containerd/cgroups?status.svg)](https://godoc.org/github.com/containerd/cgroups) -[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cgroups)](https://goreportcard.com/report/github.com/containerd/cgroups) - -Go package for creating, managing, inspecting, and destroying cgroups. -The resources format for settings on the cgroup uses the OCI runtime-spec found -[here](https://github.com/opencontainers/runtime-spec). - -## Examples (v1) - -### Create a new cgroup - -This creates a new cgroup using a static path for all subsystems under `/test`. - -* /sys/fs/cgroup/cpu/test -* /sys/fs/cgroup/memory/test -* etc.... - -It uses a single hierarchy and specifies cpu shares as a resource constraint and -uses the v1 implementation of cgroups. - - -```go -shares := uint64(100) -control, err := cgroup1.New(cgroup1.StaticPath("/test"), &specs.LinuxResources{ - CPU: &specs.LinuxCPU{ - Shares: &shares, - }, -}) -defer control.Delete() -``` - -### Create with systemd slice support - - -```go -control, err := cgroup1.New(cgroup1.Systemd, cgroup1.Slice("system.slice", "runc-test"), &specs.LinuxResources{ - CPU: &specs.CPU{ - Shares: &shares, - }, -}) - -``` - -### Load an existing cgroup - -```go -control, err = cgroup1.Load(cgroup1.Default, cgroups.StaticPath("/test")) -``` - -### Add a process to the cgroup - -```go -if err := control.Add(cgroup1.Process{Pid:1234}); err != nil { -} -``` - -### Update the cgroup - -To update the resources applied in the cgroup - -```go -shares = uint64(200) -if err := control.Update(&specs.LinuxResources{ - CPU: &specs.LinuxCPU{ - Shares: &shares, - }, -}); err != nil { -} -``` - -### Freeze and Thaw the cgroup - -```go -if err := control.Freeze(); err != nil { -} -if err := control.Thaw(); err != nil { -} -``` - -### List all processes in the cgroup or recursively - -```go -processes, err := control.Processes(cgroup1.Devices, recursive) -``` - -### Get Stats on the cgroup - -```go -stats, err := control.Stat() -``` - -By adding `cgroups.IgnoreNotExist` all non-existent files will be ignored, e.g. swap memory stats without swap enabled -```go -stats, err := control.Stat(cgroup1.IgnoreNotExist) -``` - -### Move process across cgroups - -This allows you to take processes from one cgroup and move them to another. - -```go -err := control.MoveTo(destination) -``` - -### Create subcgroup - -```go -subCgroup, err := control.New("child", resources) -``` - -### Registering for memory events - -This allows you to get notified by an eventfd for v1 memory cgroups events. - -```go -event := cgroup1.MemoryThresholdEvent(50 * 1024 * 1024, false) -efd, err := control.RegisterMemoryEvent(event) -``` - -```go -event := cgroup1.MemoryPressureEvent(cgroup1.MediumPressure, cgroup1.DefaultMode) -efd, err := control.RegisterMemoryEvent(event) -``` - -```go -efd, err := control.OOMEventFD() -// or by using RegisterMemoryEvent -event := cgroup1.OOMEvent() -efd, err := control.RegisterMemoryEvent(event) -``` - -## Examples (v2/unified) - -### Check that the current system is running cgroups v2 - -```go -var cgroupV2 bool -if cgroups.Mode() == cgroups.Unified { - cgroupV2 = true -} -``` - -### Create a new cgroup - -This creates a new systemd v2 cgroup slice. Systemd slices consider ["-" a special character](https://www.freedesktop.org/software/systemd/man/systemd.slice.html), -so the resulting slice would be located here on disk: - -* /sys/fs/cgroup/my.slice/my-cgroup.slice/my-cgroup-abc.slice - -```go -import ( - "github.com/containerd/cgroups/v3/cgroup2" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -res := cgroup2.Resources{} -// dummy PID of -1 is used for creating a "general slice" to be used as a parent cgroup. -// see https://github.com/containerd/cgroups/blob/1df78138f1e1e6ee593db155c6b369466f577651/v2/manager.go#L732-L735 -m, err := cgroup2.NewSystemd("/", "my-cgroup-abc.slice", -1, &res) -if err != nil { - return err -} -``` - -### Load an existing cgroup - -```go -m, err := cgroup2.LoadSystemd("/", "my-cgroup-abc.slice") -if err != nil { - return err -} -``` - -### Delete a cgroup - -```go -m, err := cgroup2.LoadSystemd("/", "my-cgroup-abc.slice") -if err != nil { - return err -} -err = m.DeleteSystemd() -if err != nil { - return err -} -``` - -### Kill all processes in a cgroup - -```go -m, err := cgroup2.LoadSystemd("/", "my-cgroup-abc.slice") -if err != nil { - return err -} -err = m.Kill() -if err != nil { - return err -} -``` - - -### Get and set cgroup type -```go -m, err := cgroup2.LoadSystemd("/", "my-cgroup-abc.slice") -if err != nil { - return err -} - -// https://www.kernel.org/doc/html/v5.0/admin-guide/cgroup-v2.html#threads -cgType, err := m.GetType() -if err != nil { - return err -} -fmt.Println(cgType) - -err = m.SetType(cgroup2.Threaded) -if err != nil { - return err -} -``` - -### Attention - -All static path should not include `/sys/fs/cgroup/` prefix, it should start with your own cgroups name - -## Project details - -Cgroups is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE). -As a containerd sub-project, you will find the: - - * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md), - * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS), - * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md) - -information in our [`containerd/project`](https://github.com/containerd/project) repository. diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/blkio.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/blkio.go deleted file mode 100644 index 3be884c7e6..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/blkio.go +++ /dev/null @@ -1,361 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bufio" - "fmt" - "io" - "os" - "path/filepath" - "strconv" - "strings" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -// NewBlkio returns a Blkio controller given the root folder of cgroups. -// It may optionally accept other configuration options, such as ProcRoot(path) -func NewBlkio(root string, options ...func(controller *blkioController)) *blkioController { - ctrl := &blkioController{ - root: filepath.Join(root, string(Blkio)), - procRoot: "/proc", - } - for _, opt := range options { - opt(ctrl) - } - return ctrl -} - -// ProcRoot overrides the default location of the "/proc" filesystem -func ProcRoot(path string) func(controller *blkioController) { - return func(c *blkioController) { - c.procRoot = path - } -} - -type blkioController struct { - root string - procRoot string -} - -func (b *blkioController) Name() Name { - return Blkio -} - -func (b *blkioController) Path(path string) string { - return filepath.Join(b.root, path) -} - -func (b *blkioController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(b.Path(path), defaultDirPerm); err != nil { - return err - } - if resources.BlockIO == nil { - return nil - } - for _, t := range createBlkioSettings(resources.BlockIO) { - if t.value != nil { - if err := os.WriteFile( - filepath.Join(b.Path(path), "blkio."+t.name), - t.format(t.value), - defaultFilePerm, - ); err != nil { - return err - } - } - } - return nil -} - -func (b *blkioController) Update(path string, resources *specs.LinuxResources) error { - return b.Create(path, resources) -} - -func (b *blkioController) Stat(path string, stats *v1.Metrics) error { - stats.Blkio = &v1.BlkIOStat{} - - var settings []blkioStatSettings - - // Try to read CFQ stats available on all CFQ enabled kernels first - if _, err := os.Lstat(filepath.Join(b.Path(path), "blkio.io_serviced_recursive")); err == nil { - settings = []blkioStatSettings{ - { - name: "sectors_recursive", - entry: &stats.Blkio.SectorsRecursive, - }, - { - name: "io_service_bytes_recursive", - entry: &stats.Blkio.IoServiceBytesRecursive, - }, - { - name: "io_serviced_recursive", - entry: &stats.Blkio.IoServicedRecursive, - }, - { - name: "io_queued_recursive", - entry: &stats.Blkio.IoQueuedRecursive, - }, - { - name: "io_service_time_recursive", - entry: &stats.Blkio.IoServiceTimeRecursive, - }, - { - name: "io_wait_time_recursive", - entry: &stats.Blkio.IoWaitTimeRecursive, - }, - { - name: "io_merged_recursive", - entry: &stats.Blkio.IoMergedRecursive, - }, - { - name: "time_recursive", - entry: &stats.Blkio.IoTimeRecursive, - }, - } - } - - f, err := os.Open(filepath.Join(b.procRoot, "partitions")) - if err != nil { - return err - } - defer f.Close() - - devices, err := getDevices(f) - if err != nil { - return err - } - - var size int - for _, t := range settings { - if err := b.readEntry(devices, path, t.name, t.entry); err != nil { - return err - } - size += len(*t.entry) - } - if size > 0 { - return nil - } - - // Even the kernel is compiled with the CFQ scheduler, the cgroup may not use - // block devices with the CFQ scheduler. If so, we should fallback to throttle.* files. - settings = []blkioStatSettings{ - { - name: "throttle.io_serviced", - entry: &stats.Blkio.IoServicedRecursive, - }, - { - name: "throttle.io_service_bytes", - entry: &stats.Blkio.IoServiceBytesRecursive, - }, - } - for _, t := range settings { - if err := b.readEntry(devices, path, t.name, t.entry); err != nil { - return err - } - } - return nil -} - -func (b *blkioController) readEntry(devices map[deviceKey]string, path, name string, entry *[]*v1.BlkIOEntry) error { - f, err := os.Open(filepath.Join(b.Path(path), "blkio."+name)) - if err != nil { - return err - } - defer f.Close() - sc := bufio.NewScanner(f) - for sc.Scan() { - // format: dev type amount - fields := strings.FieldsFunc(sc.Text(), splitBlkIOStatLine) - if len(fields) < 3 { - if len(fields) == 2 && fields[0] == "Total" { - // skip total line - continue - } else { - return fmt.Errorf("invalid line found while parsing %s: %s", path, sc.Text()) - } - } - major, err := strconv.ParseUint(fields[0], 10, 64) - if err != nil { - return err - } - minor, err := strconv.ParseUint(fields[1], 10, 64) - if err != nil { - return err - } - op := "" - valueField := 2 - if len(fields) == 4 { - op = fields[2] - valueField = 3 - } - v, err := strconv.ParseUint(fields[valueField], 10, 64) - if err != nil { - return err - } - *entry = append(*entry, &v1.BlkIOEntry{ - Device: devices[deviceKey{major, minor}], - Major: major, - Minor: minor, - Op: op, - Value: v, - }) - } - return sc.Err() -} - -func createBlkioSettings(blkio *specs.LinuxBlockIO) []blkioSettings { - settings := []blkioSettings{} - - if blkio.Weight != nil { - settings = append(settings, - blkioSettings{ - name: "weight", - value: blkio.Weight, - format: uintf, - }) - } - if blkio.LeafWeight != nil { - settings = append(settings, - blkioSettings{ - name: "leaf_weight", - value: blkio.LeafWeight, - format: uintf, - }) - } - for _, wd := range blkio.WeightDevice { - if wd.Weight != nil { - settings = append(settings, - blkioSettings{ - name: "weight_device", - value: wd, - format: weightdev, - }) - } - if wd.LeafWeight != nil { - settings = append(settings, - blkioSettings{ - name: "leaf_weight_device", - value: wd, - format: weightleafdev, - }) - } - } - for _, t := range []struct { - name string - list []specs.LinuxThrottleDevice - }{ - { - name: "throttle.read_bps_device", - list: blkio.ThrottleReadBpsDevice, - }, - { - name: "throttle.read_iops_device", - list: blkio.ThrottleReadIOPSDevice, - }, - { - name: "throttle.write_bps_device", - list: blkio.ThrottleWriteBpsDevice, - }, - { - name: "throttle.write_iops_device", - list: blkio.ThrottleWriteIOPSDevice, - }, - } { - for _, td := range t.list { - settings = append(settings, blkioSettings{ - name: t.name, - value: td, - format: throttleddev, - }) - } - } - return settings -} - -type blkioSettings struct { - name string - value interface{} - format func(v interface{}) []byte -} - -type blkioStatSettings struct { - name string - entry *[]*v1.BlkIOEntry -} - -func uintf(v interface{}) []byte { - return []byte(strconv.FormatUint(uint64(*v.(*uint16)), 10)) -} - -func weightdev(v interface{}) []byte { - wd := v.(specs.LinuxWeightDevice) - return []byte(fmt.Sprintf("%d:%d %d", wd.Major, wd.Minor, *wd.Weight)) -} - -func weightleafdev(v interface{}) []byte { - wd := v.(specs.LinuxWeightDevice) - return []byte(fmt.Sprintf("%d:%d %d", wd.Major, wd.Minor, *wd.LeafWeight)) -} - -func throttleddev(v interface{}) []byte { - td := v.(specs.LinuxThrottleDevice) - return []byte(fmt.Sprintf("%d:%d %d", td.Major, td.Minor, td.Rate)) -} - -func splitBlkIOStatLine(r rune) bool { - return r == ' ' || r == ':' -} - -type deviceKey struct { - major, minor uint64 -} - -// getDevices makes a best effort attempt to read all the devices into a map -// keyed by major and minor number. Since devices may be mapped multiple times, -// we err on taking the first occurrence. -func getDevices(r io.Reader) (map[deviceKey]string, error) { - var ( - s = bufio.NewScanner(r) - devices = make(map[deviceKey]string) - ) - for i := 0; s.Scan(); i++ { - if i < 2 { - continue - } - fields := strings.Fields(s.Text()) - major, err := strconv.Atoi(fields[0]) - if err != nil { - return nil, err - } - minor, err := strconv.Atoi(fields[1]) - if err != nil { - return nil, err - } - key := deviceKey{ - major: uint64(major), - minor: uint64(minor), - } - if _, ok := devices[key]; ok { - continue - } - devices[key] = filepath.Join("/dev", fields[3]) - } - return devices, s.Err() -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/cgroup.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/cgroup.go deleted file mode 100644 index eae04f05bc..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/cgroup.go +++ /dev/null @@ -1,575 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "errors" - "fmt" - "io/fs" - "os" - "path/filepath" - "strconv" - "strings" - "sync" - "syscall" - "time" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - - "github.com/opencontainers/runtime-spec/specs-go" -) - -// New returns a new control via the cgroup cgroups interface -func New(path Path, resources *specs.LinuxResources, opts ...InitOpts) (Cgroup, error) { - config := newInitConfig() - for _, o := range opts { - if err := o(config); err != nil { - return nil, err - } - } - subsystems, err := config.hierarchy() - if err != nil { - return nil, err - } - var active []Subsystem - for _, s := range subsystems { - // check if subsystem exists - if err := initializeSubsystem(s, path, resources); err != nil { - if err == ErrControllerNotActive { - if config.InitCheck != nil { - if skerr := config.InitCheck(s, path, err); skerr != nil { - if skerr != ErrIgnoreSubsystem { - return nil, skerr - } - } - } - continue - } - return nil, err - } - active = append(active, s) - } - return &cgroup{ - path: path, - subsystems: active, - }, nil -} - -// Load will load an existing cgroup and allow it to be controlled -// All static path should not include `/sys/fs/cgroup/` prefix, it should start with your own cgroups name -func Load(path Path, opts ...InitOpts) (Cgroup, error) { - config := newInitConfig() - for _, o := range opts { - if err := o(config); err != nil { - return nil, err - } - } - var activeSubsystems []Subsystem - subsystems, err := config.hierarchy() - if err != nil { - return nil, err - } - // check that the subsystems still exist, and keep only those that actually exist - for _, s := range pathers(subsystems) { - p, err := path(s.Name()) - if err != nil { - if errors.Is(err, os.ErrNotExist) { - return nil, ErrCgroupDeleted - } - if err == ErrControllerNotActive { - if config.InitCheck != nil { - if skerr := config.InitCheck(s, path, err); skerr != nil { - if skerr != ErrIgnoreSubsystem { - return nil, skerr - } - } - } - continue - } - return nil, err - } - if _, err := os.Lstat(s.Path(p)); err != nil { - if os.IsNotExist(err) { - continue - } - return nil, err - } - activeSubsystems = append(activeSubsystems, s) - } - // if we do not have any active systems then the cgroup is deleted - if len(activeSubsystems) == 0 { - return nil, ErrCgroupDeleted - } - return &cgroup{ - path: path, - subsystems: activeSubsystems, - }, nil -} - -type cgroup struct { - path Path - - subsystems []Subsystem - mu sync.Mutex - err error -} - -// New returns a new sub cgroup -func (c *cgroup) New(name string, resources *specs.LinuxResources) (Cgroup, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return nil, c.err - } - path := subPath(c.path, name) - for _, s := range c.subsystems { - if err := initializeSubsystem(s, path, resources); err != nil { - return nil, err - } - } - return &cgroup{ - path: path, - subsystems: c.subsystems, - }, nil -} - -// Subsystems returns all the subsystems that are currently being -// consumed by the group -func (c *cgroup) Subsystems() []Subsystem { - return c.subsystems -} - -func (c *cgroup) subsystemsFilter(subsystems ...Name) []Subsystem { - if len(subsystems) == 0 { - return c.subsystems - } - - filteredSubsystems := []Subsystem{} - for _, s := range c.subsystems { - for _, f := range subsystems { - if s.Name() == f { - filteredSubsystems = append(filteredSubsystems, s) - break - } - } - } - - return filteredSubsystems -} - -// Add moves the provided process into the new cgroup. -// Without additional arguments, the process is added to all the cgroup subsystems. -// When giving Add a list of subsystem names, the process is only added to those -// subsystems, provided that they are active in the targeted cgroup. -func (c *cgroup) Add(process Process, subsystems ...Name) error { - return c.add(process, cgroupProcs, subsystems...) -} - -// AddProc moves the provided process id into the new cgroup. -// Without additional arguments, the process with the given id is added to all -// the cgroup subsystems. When giving AddProc a list of subsystem names, the process -// id is only added to those subsystems, provided that they are active in the targeted -// cgroup. -func (c *cgroup) AddProc(pid uint64, subsystems ...Name) error { - return c.add(Process{Pid: int(pid)}, cgroupProcs, subsystems...) -} - -// AddTask moves the provided tasks (threads) into the new cgroup. -// Without additional arguments, the task is added to all the cgroup subsystems. -// When giving AddTask a list of subsystem names, the task is only added to those -// subsystems, provided that they are active in the targeted cgroup. -func (c *cgroup) AddTask(process Process, subsystems ...Name) error { - return c.add(process, cgroupTasks, subsystems...) -} - -// writeCgroupsProcs writes to the file, but retries on EINVAL. -func writeCgroupProcs(path string, content []byte, perm fs.FileMode) error { - f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, perm) - if err != nil { - return err - } - defer f.Close() - - for i := 0; i < 5; i++ { - _, err = f.Write(content) - if err == nil { - return nil - } - // If the process's associated task's state is TASK_NEW, the kernel - // returns EINVAL. The function will retry on the error like runc. - // https://github.com/torvalds/linux/blob/v6.0/kernel/sched/core.c#L10308-L10337 - // https://github.com/opencontainers/runc/pull/1950 - if !errors.Is(err, syscall.EINVAL) { - return err - } - time.Sleep(30 * time.Millisecond) - } - return err -} - -func (c *cgroup) add(process Process, pType procType, subsystems ...Name) error { - if process.Pid <= 0 { - return ErrInvalidPid - } - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - for _, s := range pathers(c.subsystemsFilter(subsystems...)) { - p, err := c.path(s.Name()) - if err != nil { - return err - } - err = writeCgroupProcs( - filepath.Join(s.Path(p), pType), - []byte(strconv.Itoa(process.Pid)), - defaultFilePerm, - ) - if err != nil { - return err - } - } - return nil -} - -// Delete will remove the control group from each of the subsystems registered -func (c *cgroup) Delete() error { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - var errs []string - for _, s := range c.subsystems { - // kernel prevents cgroups with running process from being removed, check the tree is empty - procs, err := c.processes(s.Name(), true, cgroupProcs) - if err != nil { - // if the control group does not exist within a subsystem, then proceed to the next subsystem - if errors.Is(err, os.ErrNotExist) { - continue - } - return err - } - if len(procs) > 0 { - errs = append(errs, fmt.Sprintf("%s (contains running processes)", string(s.Name()))) - continue - } - if d, ok := s.(deleter); ok { - sp, err := c.path(s.Name()) - if err != nil { - return err - } - if err := d.Delete(sp); err != nil { - errs = append(errs, string(s.Name())) - } - continue - } - if p, ok := s.(pather); ok { - sp, err := c.path(s.Name()) - if err != nil { - return err - } - path := p.Path(sp) - if err := remove(path); err != nil { - errs = append(errs, path) - } - continue - } - } - if len(errs) > 0 { - return fmt.Errorf("cgroups: unable to remove paths %s", strings.Join(errs, ", ")) - } - c.err = ErrCgroupDeleted - return nil -} - -// Stat returns the current metrics for the cgroup -func (c *cgroup) Stat(handlers ...ErrorHandler) (*v1.Metrics, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return nil, c.err - } - if len(handlers) == 0 { - handlers = append(handlers, errPassthrough) - } - var ( - stats = &v1.Metrics{ - CPU: &v1.CPUStat{ - Throttling: &v1.Throttle{}, - Usage: &v1.CPUUsage{}, - }, - } - wg = &sync.WaitGroup{} - errs = make(chan error, len(c.subsystems)) - ) - for _, s := range c.subsystems { - if ss, ok := s.(stater); ok { - sp, err := c.path(s.Name()) - if err != nil { - return nil, err - } - wg.Add(1) - go func() { - defer wg.Done() - if err := ss.Stat(sp, stats); err != nil { - for _, eh := range handlers { - if herr := eh(err); herr != nil { - errs <- herr - } - } - } - }() - } - } - wg.Wait() - close(errs) - for err := range errs { - return nil, err - } - return stats, nil -} - -// Update updates the cgroup with the new resource values provided -// -// Be prepared to handle EBUSY when trying to update a cgroup with -// live processes and other operations like Stats being performed at the -// same time -func (c *cgroup) Update(resources *specs.LinuxResources) error { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - for _, s := range c.subsystems { - if u, ok := s.(updater); ok { - sp, err := c.path(s.Name()) - if err != nil { - return err - } - if err := u.Update(sp, resources); err != nil { - return err - } - } - } - return nil -} - -// Processes returns the processes running inside the cgroup along -// with the subsystem used, pid, and path -func (c *cgroup) Processes(subsystem Name, recursive bool) ([]Process, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return nil, c.err - } - return c.processes(subsystem, recursive, cgroupProcs) -} - -// Tasks returns the tasks running inside the cgroup along -// with the subsystem used, pid, and path -func (c *cgroup) Tasks(subsystem Name, recursive bool) ([]Task, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return nil, c.err - } - return c.processes(subsystem, recursive, cgroupTasks) -} - -func (c *cgroup) processes(subsystem Name, recursive bool, pType procType) ([]Process, error) { - s := c.getSubsystem(subsystem) - sp, err := c.path(subsystem) - if err != nil { - return nil, err - } - if s == nil { - return nil, fmt.Errorf("cgroups: %s doesn't exist in %s subsystem", sp, subsystem) - } - path := s.(pather).Path(sp) - var processes []Process - err = filepath.Walk(path, func(p string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if !recursive && info.IsDir() { - if p == path { - return nil - } - return filepath.SkipDir - } - dir, name := filepath.Split(p) - if name != pType { - return nil - } - procs, err := readPids(dir, subsystem, pType) - if err != nil { - return err - } - processes = append(processes, procs...) - return nil - }) - return processes, err -} - -// Freeze freezes the entire cgroup and all the processes inside it -func (c *cgroup) Freeze() error { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - s := c.getSubsystem(Freezer) - if s == nil { - return ErrFreezerNotSupported - } - sp, err := c.path(Freezer) - if err != nil { - return err - } - return s.(*freezerController).Freeze(sp) -} - -// Thaw thaws out the cgroup and all the processes inside it -func (c *cgroup) Thaw() error { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - s := c.getSubsystem(Freezer) - if s == nil { - return ErrFreezerNotSupported - } - sp, err := c.path(Freezer) - if err != nil { - return err - } - return s.(*freezerController).Thaw(sp) -} - -// OOMEventFD returns the memory cgroup's out of memory event fd that triggers -// when processes inside the cgroup receive an oom event. Returns -// ErrMemoryNotSupported if memory cgroups is not supported. -func (c *cgroup) OOMEventFD() (uintptr, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return 0, c.err - } - s := c.getSubsystem(Memory) - if s == nil { - return 0, ErrMemoryNotSupported - } - sp, err := c.path(Memory) - if err != nil { - return 0, err - } - return s.(*memoryController).memoryEvent(sp, OOMEvent()) -} - -// RegisterMemoryEvent allows the ability to register for all v1 memory cgroups -// notifications. -func (c *cgroup) RegisterMemoryEvent(event MemoryEvent) (uintptr, error) { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return 0, c.err - } - s := c.getSubsystem(Memory) - if s == nil { - return 0, ErrMemoryNotSupported - } - sp, err := c.path(Memory) - if err != nil { - return 0, err - } - return s.(*memoryController).memoryEvent(sp, event) -} - -// State returns the state of the cgroup and its processes -func (c *cgroup) State() State { - c.mu.Lock() - defer c.mu.Unlock() - c.checkExists() - if c.err != nil && c.err == ErrCgroupDeleted { - return Deleted - } - s := c.getSubsystem(Freezer) - if s == nil { - return Thawed - } - sp, err := c.path(Freezer) - if err != nil { - return Unknown - } - state, err := s.(*freezerController).state(sp) - if err != nil { - return Unknown - } - return state -} - -// MoveTo does a recursive move subsystem by subsystem of all the processes -// inside the group -func (c *cgroup) MoveTo(destination Cgroup) error { - c.mu.Lock() - defer c.mu.Unlock() - if c.err != nil { - return c.err - } - for _, s := range c.subsystems { - processes, err := c.processes(s.Name(), true, cgroupProcs) - if err != nil { - return err - } - for _, p := range processes { - if err := destination.Add(p); err != nil { - if strings.Contains(err.Error(), "no such process") { - continue - } - return err - } - } - } - return nil -} - -func (c *cgroup) getSubsystem(n Name) Subsystem { - for _, s := range c.subsystems { - if s.Name() == n { - return s - } - } - return nil -} - -func (c *cgroup) checkExists() { - for _, s := range pathers(c.subsystems) { - p, err := c.path(s.Name()) - if err != nil { - return - } - if _, err := os.Lstat(s.Path(p)); err != nil { - if os.IsNotExist(err) { - c.err = ErrCgroupDeleted - return - } - } - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/control.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/control.go deleted file mode 100644 index 8fee13d037..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/control.go +++ /dev/null @@ -1,99 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "os" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -type procType = string - -const ( - cgroupProcs procType = "cgroup.procs" - cgroupTasks procType = "tasks" - defaultDirPerm = 0o755 -) - -// defaultFilePerm is a var so that the test framework can change the filemode -// of all files created when the tests are running. The difference between the -// tests and real world use is that files like "cgroup.procs" will exist when writing -// to a read cgroup filesystem and do not exist prior when running in the tests. -// this is set to a non 0 value in the test code -var defaultFilePerm = os.FileMode(0) - -type Process struct { - // Subsystem is the name of the subsystem that the process / task is in. - Subsystem Name - // Pid is the process id of the process / task. - Pid int - // Path is the full path of the subsystem and location that the process / task is in. - Path string -} - -type Task = Process - -// Cgroup handles interactions with the individual groups to perform -// actions on them as them main interface to this cgroup package -type Cgroup interface { - // New creates a new cgroup under the calling cgroup - New(string, *specs.LinuxResources) (Cgroup, error) - // Add adds a process to the cgroup (cgroup.procs). Without additional arguments, - // the process is added to all the cgroup subsystems. When giving Add a list of - // subsystem names, the process is only added to those subsystems, provided that - // they are active in the targeted cgroup. - Add(Process, ...Name) error - // AddProc adds the process with the given id to the cgroup (cgroup.procs). - // Without additional arguments, the process with the given id is added to all - // the cgroup subsystems. When giving AddProc a list of subsystem names, the process - // id is only added to those subsystems, provided that they are active in the targeted - // cgroup. - AddProc(uint64, ...Name) error - // AddTask adds a process to the cgroup (tasks). Without additional arguments, the - // task is added to all the cgroup subsystems. When giving AddTask a list of subsystem - // names, the task is only added to those subsystems, provided that they are active in - // the targeted cgroup. - AddTask(Process, ...Name) error - // Delete removes the cgroup as a whole - Delete() error - // MoveTo moves all the processes under the calling cgroup to the provided one - // subsystems are moved one at a time - MoveTo(Cgroup) error - // Stat returns the stats for all subsystems in the cgroup - Stat(...ErrorHandler) (*v1.Metrics, error) - // Update updates all the subsystems with the provided resource changes - Update(resources *specs.LinuxResources) error - // Processes returns all the processes in a select subsystem for the cgroup - Processes(Name, bool) ([]Process, error) - // Tasks returns all the tasks in a select subsystem for the cgroup - Tasks(Name, bool) ([]Task, error) - // Freeze freezes or pauses all processes inside the cgroup - Freeze() error - // Thaw thaw or resumes all processes inside the cgroup - Thaw() error - // OOMEventFD returns the memory subsystem's event fd for OOM events - OOMEventFD() (uintptr, error) - // RegisterMemoryEvent returns the memory subsystems event fd for whatever memory event was - // registered for. Can alternatively register for the oom event with this method. - RegisterMemoryEvent(MemoryEvent) (uintptr, error) - // State returns the cgroups current state - State() State - // Subsystems returns all the subsystems in the cgroup - Subsystems() []Subsystem -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/cpu.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/cpu.go deleted file mode 100644 index e02ca0d8e8..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/cpu.go +++ /dev/null @@ -1,125 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bufio" - "os" - "path/filepath" - "strconv" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -func NewCpu(root string) *cpuController { - return &cpuController{ - root: filepath.Join(root, string(Cpu)), - } -} - -type cpuController struct { - root string -} - -func (c *cpuController) Name() Name { - return Cpu -} - -func (c *cpuController) Path(path string) string { - return filepath.Join(c.root, path) -} - -func (c *cpuController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(c.Path(path), defaultDirPerm); err != nil { - return err - } - if cpu := resources.CPU; cpu != nil { - for _, t := range []struct { - name string - ivalue *int64 - uvalue *uint64 - }{ - { - name: "rt_period_us", - uvalue: cpu.RealtimePeriod, - }, - { - name: "rt_runtime_us", - ivalue: cpu.RealtimeRuntime, - }, - { - name: "shares", - uvalue: cpu.Shares, - }, - { - name: "cfs_period_us", - uvalue: cpu.Period, - }, - { - name: "cfs_quota_us", - ivalue: cpu.Quota, - }, - } { - var value []byte - if t.uvalue != nil { - value = []byte(strconv.FormatUint(*t.uvalue, 10)) - } else if t.ivalue != nil { - value = []byte(strconv.FormatInt(*t.ivalue, 10)) - } - if value != nil { - if err := os.WriteFile( - filepath.Join(c.Path(path), "cpu."+t.name), - value, - defaultFilePerm, - ); err != nil { - return err - } - } - } - } - return nil -} - -func (c *cpuController) Update(path string, resources *specs.LinuxResources) error { - return c.Create(path, resources) -} - -func (c *cpuController) Stat(path string, stats *v1.Metrics) error { - f, err := os.Open(filepath.Join(c.Path(path), "cpu.stat")) - if err != nil { - return err - } - defer f.Close() - // get or create the cpu field because cpuacct can also set values on this struct - sc := bufio.NewScanner(f) - for sc.Scan() { - key, v, err := parseKV(sc.Text()) - if err != nil { - return err - } - switch key { - case "nr_periods": - stats.CPU.Throttling.Periods = v - case "nr_throttled": - stats.CPU.Throttling.ThrottledPeriods = v - case "throttled_time": - stats.CPU.Throttling.ThrottledTime = v - } - } - return sc.Err() -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/cpuacct.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/cpuacct.go deleted file mode 100644 index b7a3e8f6a2..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/cpuacct.go +++ /dev/null @@ -1,129 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bufio" - "fmt" - "os" - "path/filepath" - "strconv" - "strings" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" -) - -const nanosecondsInSecond = 1000000000 - -var clockTicks = getClockTicks() - -func NewCpuacct(root string) *cpuacctController { - return &cpuacctController{ - root: filepath.Join(root, string(Cpuacct)), - } -} - -type cpuacctController struct { - root string -} - -func (c *cpuacctController) Name() Name { - return Cpuacct -} - -func (c *cpuacctController) Path(path string) string { - return filepath.Join(c.root, path) -} - -func (c *cpuacctController) Stat(path string, stats *v1.Metrics) error { - user, kernel, err := c.getUsage(path) - if err != nil { - return err - } - total, err := readUint(filepath.Join(c.Path(path), "cpuacct.usage")) - if err != nil { - return err - } - percpu, err := c.percpuUsage(path) - if err != nil { - return err - } - stats.CPU.Usage.Total = total - stats.CPU.Usage.User = user - stats.CPU.Usage.Kernel = kernel - stats.CPU.Usage.PerCPU = percpu - return nil -} - -func (c *cpuacctController) percpuUsage(path string) ([]uint64, error) { - var usage []uint64 - data, err := os.ReadFile(filepath.Join(c.Path(path), "cpuacct.usage_percpu")) - if err != nil { - return nil, err - } - for _, v := range strings.Fields(string(data)) { - u, err := strconv.ParseUint(v, 10, 64) - if err != nil { - return nil, err - } - usage = append(usage, u) - } - return usage, nil -} - -func (c *cpuacctController) getUsage(path string) (user uint64, kernel uint64, err error) { - statPath := filepath.Join(c.Path(path), "cpuacct.stat") - f, err := os.Open(statPath) - if err != nil { - return 0, 0, err - } - defer f.Close() - var ( - raw = make(map[string]uint64) - sc = bufio.NewScanner(f) - ) - for sc.Scan() { - key, v, err := parseKV(sc.Text()) - if err != nil { - return 0, 0, err - } - raw[key] = v - } - if err := sc.Err(); err != nil { - return 0, 0, err - } - for _, t := range []struct { - name string - value *uint64 - }{ - { - name: "user", - value: &user, - }, - { - name: "system", - value: &kernel, - }, - } { - v, ok := raw[t.name] - if !ok { - return 0, 0, fmt.Errorf("expected field %q but not found in %q", t.name, statPath) - } - *t.value = v - } - return (user * nanosecondsInSecond) / clockTicks, (kernel * nanosecondsInSecond) / clockTicks, nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/cpuset.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/cpuset.go deleted file mode 100644 index 242f77ed55..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/cpuset.go +++ /dev/null @@ -1,158 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bytes" - "fmt" - "os" - "path/filepath" - - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -func NewCpuset(root string) *cpusetController { - return &cpusetController{ - root: filepath.Join(root, string(Cpuset)), - } -} - -type cpusetController struct { - root string -} - -func (c *cpusetController) Name() Name { - return Cpuset -} - -func (c *cpusetController) Path(path string) string { - return filepath.Join(c.root, path) -} - -func (c *cpusetController) Create(path string, resources *specs.LinuxResources) error { - if err := c.ensureParent(c.Path(path), c.root); err != nil { - return err - } - if err := os.MkdirAll(c.Path(path), defaultDirPerm); err != nil { - return err - } - if err := c.copyIfNeeded(c.Path(path), filepath.Dir(c.Path(path))); err != nil { - return err - } - if resources.CPU != nil { - for _, t := range []struct { - name string - value string - }{ - { - name: "cpus", - value: resources.CPU.Cpus, - }, - { - name: "mems", - value: resources.CPU.Mems, - }, - } { - if t.value != "" { - if err := os.WriteFile( - filepath.Join(c.Path(path), "cpuset."+t.name), - []byte(t.value), - defaultFilePerm, - ); err != nil { - return err - } - } - } - } - return nil -} - -func (c *cpusetController) Update(path string, resources *specs.LinuxResources) error { - return c.Create(path, resources) -} - -func (c *cpusetController) getValues(path string) (cpus []byte, mems []byte, err error) { - if cpus, err = os.ReadFile(filepath.Join(path, "cpuset.cpus")); err != nil && !os.IsNotExist(err) { - return - } - if mems, err = os.ReadFile(filepath.Join(path, "cpuset.mems")); err != nil && !os.IsNotExist(err) { - return - } - return cpus, mems, nil -} - -// ensureParent makes sure that the parent directory of current is created -// and populated with the proper cpus and mems files copied from -// it's parent. -func (c *cpusetController) ensureParent(current, root string) error { - parent := filepath.Dir(current) - if _, err := filepath.Rel(root, parent); err != nil { - return nil - } - // Avoid infinite recursion. - if parent == current { - return fmt.Errorf("cpuset: cgroup parent path outside cgroup root") - } - if cleanPath(parent) != root { - if err := c.ensureParent(parent, root); err != nil { - return err - } - } - if err := os.MkdirAll(current, defaultDirPerm); err != nil { - return err - } - return c.copyIfNeeded(current, parent) -} - -// copyIfNeeded copies the cpuset.cpus and cpuset.mems from the parent -// directory to the current directory if the file's contents are 0 -func (c *cpusetController) copyIfNeeded(current, parent string) error { - var ( - err error - currentCpus, currentMems []byte - parentCpus, parentMems []byte - ) - if currentCpus, currentMems, err = c.getValues(current); err != nil { - return err - } - if parentCpus, parentMems, err = c.getValues(parent); err != nil { - return err - } - if isEmpty(currentCpus) { - if err := os.WriteFile( - filepath.Join(current, "cpuset.cpus"), - parentCpus, - defaultFilePerm, - ); err != nil { - return err - } - } - if isEmpty(currentMems) { - if err := os.WriteFile( - filepath.Join(current, "cpuset.mems"), - parentMems, - defaultFilePerm, - ); err != nil { - return err - } - } - return nil -} - -func isEmpty(b []byte) bool { - return len(bytes.Trim(b, "\n")) == 0 -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/devices.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/devices.go deleted file mode 100644 index 80d76fa309..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/devices.go +++ /dev/null @@ -1,92 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "fmt" - "os" - "path/filepath" - - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -const ( - allowDeviceFile = "devices.allow" - denyDeviceFile = "devices.deny" - wildcard = -1 -) - -func NewDevices(root string) *devicesController { - return &devicesController{ - root: filepath.Join(root, string(Devices)), - } -} - -type devicesController struct { - root string -} - -func (d *devicesController) Name() Name { - return Devices -} - -func (d *devicesController) Path(path string) string { - return filepath.Join(d.root, path) -} - -func (d *devicesController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(d.Path(path), defaultDirPerm); err != nil { - return err - } - for _, device := range resources.Devices { - file := denyDeviceFile - if device.Allow { - file = allowDeviceFile - } - if device.Type == "" { - device.Type = "a" - } - if err := os.WriteFile( - filepath.Join(d.Path(path), file), - []byte(deviceString(device)), - defaultFilePerm, - ); err != nil { - return err - } - } - return nil -} - -func (d *devicesController) Update(path string, resources *specs.LinuxResources) error { - return d.Create(path, resources) -} - -func deviceString(device specs.LinuxDeviceCgroup) string { - return fmt.Sprintf("%s %s:%s %s", - device.Type, - deviceNumber(device.Major), - deviceNumber(device.Minor), - device.Access, - ) -} - -func deviceNumber(number *int64) string { - if number == nil || *number == wildcard { - return "*" - } - return fmt.Sprint(*number) -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/errors.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/errors.go deleted file mode 100644 index d3ff6fbd15..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/errors.go +++ /dev/null @@ -1,47 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "errors" - "os" -) - -var ( - ErrInvalidPid = errors.New("cgroups: pid must be greater than 0") - ErrMountPointNotExist = errors.New("cgroups: cgroup mountpoint does not exist") - ErrInvalidFormat = errors.New("cgroups: parsing file with invalid format failed") - ErrFreezerNotSupported = errors.New("cgroups: freezer cgroup not supported on this system") - ErrMemoryNotSupported = errors.New("cgroups: memory cgroup not supported on this system") - ErrCgroupDeleted = errors.New("cgroups: cgroup deleted") - ErrNoCgroupMountDestination = errors.New("cgroups: cannot find cgroup mount destination") -) - -// ErrorHandler is a function that handles and acts on errors -type ErrorHandler func(err error) error - -// IgnoreNotExist ignores any errors that are for not existing files -func IgnoreNotExist(err error) error { - if os.IsNotExist(err) { - return nil - } - return err -} - -func errPassthrough(err error) error { - return err -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/freezer.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/freezer.go deleted file mode 100644 index 05d9f6c275..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/freezer.go +++ /dev/null @@ -1,82 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "os" - "path/filepath" - "strings" - "time" -) - -func NewFreezer(root string) *freezerController { - return &freezerController{ - root: filepath.Join(root, string(Freezer)), - } -} - -type freezerController struct { - root string -} - -func (f *freezerController) Name() Name { - return Freezer -} - -func (f *freezerController) Path(path string) string { - return filepath.Join(f.root, path) -} - -func (f *freezerController) Freeze(path string) error { - return f.waitState(path, Frozen) -} - -func (f *freezerController) Thaw(path string) error { - return f.waitState(path, Thawed) -} - -func (f *freezerController) changeState(path string, state State) error { - return os.WriteFile( - filepath.Join(f.root, path, "freezer.state"), - []byte(strings.ToUpper(string(state))), - defaultFilePerm, - ) -} - -func (f *freezerController) state(path string) (State, error) { - current, err := os.ReadFile(filepath.Join(f.root, path, "freezer.state")) - if err != nil { - return "", err - } - return State(strings.ToLower(strings.TrimSpace(string(current)))), nil -} - -func (f *freezerController) waitState(path string, state State) error { - for { - if err := f.changeState(path, state); err != nil { - return err - } - current, err := f.state(path) - if err != nil { - return err - } - if current == state { - return nil - } - time.Sleep(1 * time.Millisecond) - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/hierarchy.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/hierarchy.go deleted file mode 100644 index 1af9aa6bec..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/hierarchy.go +++ /dev/null @@ -1,20 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -// Hierarchy enables both unified and split hierarchy for cgroups -type Hierarchy func() ([]Subsystem, error) diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/hugetlb.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/hugetlb.go deleted file mode 100644 index 75519d9da3..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/hugetlb.go +++ /dev/null @@ -1,109 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "os" - "path/filepath" - "strconv" - "strings" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -func NewHugetlb(root string) (*hugetlbController, error) { - sizes, err := hugePageSizes() - if err != nil { - return nil, err - } - - return &hugetlbController{ - root: filepath.Join(root, string(Hugetlb)), - sizes: sizes, - }, nil -} - -type hugetlbController struct { - root string - sizes []string -} - -func (h *hugetlbController) Name() Name { - return Hugetlb -} - -func (h *hugetlbController) Path(path string) string { - return filepath.Join(h.root, path) -} - -func (h *hugetlbController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(h.Path(path), defaultDirPerm); err != nil { - return err - } - for _, limit := range resources.HugepageLimits { - if err := os.WriteFile( - filepath.Join(h.Path(path), strings.Join([]string{"hugetlb", limit.Pagesize, "limit_in_bytes"}, ".")), - []byte(strconv.FormatUint(limit.Limit, 10)), - defaultFilePerm, - ); err != nil { - return err - } - } - return nil -} - -func (h *hugetlbController) Stat(path string, stats *v1.Metrics) error { - for _, size := range h.sizes { - s, err := h.readSizeStat(path, size) - if err != nil { - return err - } - stats.Hugetlb = append(stats.Hugetlb, s) - } - return nil -} - -func (h *hugetlbController) readSizeStat(path, size string) (*v1.HugetlbStat, error) { - s := v1.HugetlbStat{ - Pagesize: size, - } - for _, t := range []struct { - name string - value *uint64 - }{ - { - name: "usage_in_bytes", - value: &s.Usage, - }, - { - name: "max_usage_in_bytes", - value: &s.Max, - }, - { - name: "failcnt", - value: &s.Failcnt, - }, - } { - v, err := readUint(filepath.Join(h.Path(path), strings.Join([]string{"hugetlb", size, t.name}, "."))) - if err != nil { - return nil, err - } - *t.value = v - } - return &s, nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/memory.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/memory.go deleted file mode 100644 index caf5e9a7eb..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/memory.go +++ /dev/null @@ -1,480 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bufio" - "fmt" - "io" - "os" - "path/filepath" - "strconv" - "strings" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/sys/unix" -) - -// MemoryEvent is an interface that V1 memory Cgroup notifications implement. Arg returns the -// file name whose fd should be written to "cgroups.event_control". EventFile returns the name of -// the file that supports the notification api e.g. "memory.usage_in_bytes". -type MemoryEvent interface { - Arg() string - EventFile() string -} - -type memoryThresholdEvent struct { - threshold uint64 - swap bool -} - -// MemoryThresholdEvent returns a new [MemoryEvent] representing the memory threshold set. -// If swap is true, the event will be registered using memory.memsw.usage_in_bytes -func MemoryThresholdEvent(threshold uint64, swap bool) MemoryEvent { - return &memoryThresholdEvent{ - threshold, - swap, - } -} - -func (m *memoryThresholdEvent) Arg() string { - return strconv.FormatUint(m.threshold, 10) -} - -func (m *memoryThresholdEvent) EventFile() string { - if m.swap { - return "memory.memsw.usage_in_bytes" - } - return "memory.usage_in_bytes" -} - -type oomEvent struct{} - -// OOMEvent returns a new oom event to be used with RegisterMemoryEvent. -func OOMEvent() MemoryEvent { - return &oomEvent{} -} - -func (oom *oomEvent) Arg() string { - return "" -} - -func (oom *oomEvent) EventFile() string { - return "memory.oom_control" -} - -type memoryPressureEvent struct { - pressureLevel MemoryPressureLevel - hierarchy EventNotificationMode -} - -// MemoryPressureEvent returns a new [MemoryEvent] representing the memory pressure set. -func MemoryPressureEvent(pressureLevel MemoryPressureLevel, hierarchy EventNotificationMode) MemoryEvent { - return &memoryPressureEvent{ - pressureLevel, - hierarchy, - } -} - -func (m *memoryPressureEvent) Arg() string { - return string(m.pressureLevel) + "," + string(m.hierarchy) -} - -func (m *memoryPressureEvent) EventFile() string { - return "memory.pressure_level" -} - -// MemoryPressureLevel corresponds to the memory pressure levels defined -// for memory cgroups. -type MemoryPressureLevel string - -// The three memory pressure levels are as follows. -// - The "low" level means that the system is reclaiming memory for new -// allocations. Monitoring this reclaiming activity might be useful for -// maintaining cache level. Upon notification, the program (typically -// "Activity Manager") might analyze vmstat and act in advance (i.e. -// prematurely shutdown unimportant services). -// - The "medium" level means that the system is experiencing medium memory -// pressure, the system might be making swap, paging out active file caches, -// etc. Upon this event applications may decide to further analyze -// vmstat/zoneinfo/memcg or internal memory usage statistics and free any -// resources that can be easily reconstructed or re-read from a disk. -// - The "critical" level means that the system is actively thrashing, it is -// about to out of memory (OOM) or even the in-kernel OOM killer is on its -// way to trigger. Applications should do whatever they can to help the -// system. It might be too late to consult with vmstat or any other -// statistics, so it is advisable to take an immediate action. -// "https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt" Section 11 -const ( - LowPressure MemoryPressureLevel = "low" - MediumPressure MemoryPressureLevel = "medium" - CriticalPressure MemoryPressureLevel = "critical" -) - -// EventNotificationMode corresponds to the notification modes -// for the memory cgroups pressure level notifications. -type EventNotificationMode string - -// There are three optional modes that specify different propagation behavior: -// - "default": this is the default behavior specified above. This mode is the -// same as omitting the optional mode parameter, preserved by backwards -// compatibility. -// - "hierarchy": events always propagate up to the root, similar to the default -// behavior, except that propagation continues regardless of whether there are -// event listeners at each level, with the "hierarchy" mode. In the above -// example, groups A, B, and C will receive notification of memory pressure. -// - "local": events are pass-through, i.e. they only receive notifications when -// memory pressure is experienced in the memcg for which the notification is -// registered. In the above example, group C will receive notification if -// registered for "local" notification and the group experiences memory -// pressure. However, group B will never receive notification, regardless if -// there is an event listener for group C or not, if group B is registered for -// local notification. -// "https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt" Section 11 -const ( - DefaultMode EventNotificationMode = "default" - LocalMode EventNotificationMode = "local" - HierarchyMode EventNotificationMode = "hierarchy" -) - -// NewMemory returns a Memory controller given the root folder of cgroups. -// It may optionally accept other configuration options, such as IgnoreModules(...) -func NewMemory(root string, options ...func(*memoryController)) *memoryController { - mc := &memoryController{ - root: filepath.Join(root, string(Memory)), - ignored: map[string]struct{}{}, - } - for _, opt := range options { - opt(mc) - } - return mc -} - -// IgnoreModules configure the memory controller to not read memory metrics for some -// module names (e.g. passing "memsw" would avoid all the memory.memsw.* entries) -func IgnoreModules(names ...string) func(*memoryController) { - return func(mc *memoryController) { - for _, name := range names { - mc.ignored[name] = struct{}{} - } - } -} - -// OptionalSwap allows the memory controller to not fail if cgroups is not accounting -// Swap memory (there are no memory.memsw.* entries) -func OptionalSwap() func(*memoryController) { - return func(mc *memoryController) { - _, err := os.Stat(filepath.Join(mc.root, "memory.memsw.usage_in_bytes")) - if os.IsNotExist(err) { - mc.ignored["memsw"] = struct{}{} - } - } -} - -type memoryController struct { - root string - ignored map[string]struct{} -} - -func (m *memoryController) Name() Name { - return Memory -} - -func (m *memoryController) Path(path string) string { - return filepath.Join(m.root, path) -} - -func (m *memoryController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(m.Path(path), defaultDirPerm); err != nil { - return err - } - if resources.Memory == nil { - return nil - } - return m.set(path, getMemorySettings(resources)) -} - -func (m *memoryController) Update(path string, resources *specs.LinuxResources) error { - if resources.Memory == nil { - return nil - } - g := func(v *int64) bool { - return v != nil && *v > 0 - } - settings := getMemorySettings(resources) - if g(resources.Memory.Limit) && g(resources.Memory.Swap) { - // if the updated swap value is larger than the current memory limit set the swap changes first - // then set the memory limit as swap must always be larger than the current limit - current, err := readUint(filepath.Join(m.Path(path), "memory.limit_in_bytes")) - if err != nil { - return err - } - if current < uint64(*resources.Memory.Swap) { - settings[0], settings[1] = settings[1], settings[0] - } - } - return m.set(path, settings) -} - -func (m *memoryController) Stat(path string, stats *v1.Metrics) error { - fMemStat, err := os.Open(filepath.Join(m.Path(path), "memory.stat")) - if err != nil { - return err - } - defer fMemStat.Close() - stats.Memory = &v1.MemoryStat{ - Usage: &v1.MemoryEntry{}, - Swap: &v1.MemoryEntry{}, - Kernel: &v1.MemoryEntry{}, - KernelTCP: &v1.MemoryEntry{}, - } - if err := m.parseStats(fMemStat, stats.Memory); err != nil { - return err - } - - fMemOomControl, err := os.Open(filepath.Join(m.Path(path), "memory.oom_control")) - if err != nil { - return err - } - defer fMemOomControl.Close() - stats.MemoryOomControl = &v1.MemoryOomControl{} - if err := m.parseOomControlStats(fMemOomControl, stats.MemoryOomControl); err != nil { - return err - } - for _, t := range []struct { - module string - entry *v1.MemoryEntry - }{ - { - module: "", - entry: stats.Memory.Usage, - }, - { - module: "memsw", - entry: stats.Memory.Swap, - }, - { - module: "kmem", - entry: stats.Memory.Kernel, - }, - { - module: "kmem.tcp", - entry: stats.Memory.KernelTCP, - }, - } { - if _, ok := m.ignored[t.module]; ok { - continue - } - for _, tt := range []struct { - name string - value *uint64 - }{ - { - name: "usage_in_bytes", - value: &t.entry.Usage, - }, - { - name: "max_usage_in_bytes", - value: &t.entry.Max, - }, - { - name: "failcnt", - value: &t.entry.Failcnt, - }, - { - name: "limit_in_bytes", - value: &t.entry.Limit, - }, - } { - parts := []string{"memory"} - if t.module != "" { - parts = append(parts, t.module) - } - parts = append(parts, tt.name) - v, err := readUint(filepath.Join(m.Path(path), strings.Join(parts, "."))) - if err != nil { - return err - } - *tt.value = v - } - } - return nil -} - -func (m *memoryController) parseStats(r io.Reader, stat *v1.MemoryStat) error { - var ( - raw = make(map[string]uint64) - sc = bufio.NewScanner(r) - line int - ) - for sc.Scan() { - key, v, err := parseKV(sc.Text()) - if err != nil { - return fmt.Errorf("%d: %v", line, err) - } - raw[key] = v - line++ - } - if err := sc.Err(); err != nil { - return err - } - stat.Cache = raw["cache"] - stat.RSS = raw["rss"] - stat.RSSHuge = raw["rss_huge"] - stat.MappedFile = raw["mapped_file"] - stat.Dirty = raw["dirty"] - stat.Writeback = raw["writeback"] - stat.PgPgIn = raw["pgpgin"] - stat.PgPgOut = raw["pgpgout"] - stat.PgFault = raw["pgfault"] - stat.PgMajFault = raw["pgmajfault"] - stat.InactiveAnon = raw["inactive_anon"] - stat.ActiveAnon = raw["active_anon"] - stat.InactiveFile = raw["inactive_file"] - stat.ActiveFile = raw["active_file"] - stat.Unevictable = raw["unevictable"] - stat.HierarchicalMemoryLimit = raw["hierarchical_memory_limit"] - stat.HierarchicalSwapLimit = raw["hierarchical_memsw_limit"] - stat.TotalCache = raw["total_cache"] - stat.TotalRSS = raw["total_rss"] - stat.TotalRSSHuge = raw["total_rss_huge"] - stat.TotalMappedFile = raw["total_mapped_file"] - stat.TotalDirty = raw["total_dirty"] - stat.TotalWriteback = raw["total_writeback"] - stat.TotalPgPgIn = raw["total_pgpgin"] - stat.TotalPgPgOut = raw["total_pgpgout"] - stat.TotalPgFault = raw["total_pgfault"] - stat.TotalPgMajFault = raw["total_pgmajfault"] - stat.TotalInactiveAnon = raw["total_inactive_anon"] - stat.TotalActiveAnon = raw["total_active_anon"] - stat.TotalInactiveFile = raw["total_inactive_file"] - stat.TotalActiveFile = raw["total_active_file"] - stat.TotalUnevictable = raw["total_unevictable"] - return nil -} - -func (m *memoryController) parseOomControlStats(r io.Reader, stat *v1.MemoryOomControl) error { - var ( - raw = make(map[string]uint64) - sc = bufio.NewScanner(r) - line int - ) - for sc.Scan() { - key, v, err := parseKV(sc.Text()) - if err != nil { - return fmt.Errorf("%d: %v", line, err) - } - raw[key] = v - line++ - } - if err := sc.Err(); err != nil { - return err - } - stat.OomKillDisable = raw["oom_kill_disable"] - stat.UnderOom = raw["under_oom"] - stat.OomKill = raw["oom_kill"] - return nil -} - -func (m *memoryController) set(path string, settings []memorySettings) error { - for _, t := range settings { - if t.value != nil { - if err := os.WriteFile( - filepath.Join(m.Path(path), "memory."+t.name), - []byte(strconv.FormatInt(*t.value, 10)), - defaultFilePerm, - ); err != nil { - return err - } - } - } - return nil -} - -type memorySettings struct { - name string - value *int64 -} - -func getMemorySettings(resources *specs.LinuxResources) []memorySettings { - mem := resources.Memory - var swappiness *int64 - if mem.Swappiness != nil { - v := int64(*mem.Swappiness) - swappiness = &v - } - return []memorySettings{ - { - name: "limit_in_bytes", - value: mem.Limit, - }, - { - name: "soft_limit_in_bytes", - value: mem.Reservation, - }, - { - name: "memsw.limit_in_bytes", - value: mem.Swap, - }, - { - name: "kmem.limit_in_bytes", - value: mem.Kernel, - }, - { - name: "kmem.tcp.limit_in_bytes", - value: mem.KernelTCP, - }, - { - name: "oom_control", - value: getOomControlValue(mem), - }, - { - name: "swappiness", - value: swappiness, - }, - } -} - -func getOomControlValue(mem *specs.LinuxMemory) *int64 { - if mem.DisableOOMKiller != nil && *mem.DisableOOMKiller { - i := int64(1) - return &i - } - return nil -} - -func (m *memoryController) memoryEvent(path string, event MemoryEvent) (uintptr, error) { - root := m.Path(path) - efd, err := unix.Eventfd(0, unix.EFD_CLOEXEC) - if err != nil { - return 0, err - } - evtFile, err := os.Open(filepath.Join(root, event.EventFile())) - if err != nil { - unix.Close(efd) - return 0, err - } - defer evtFile.Close() - data := fmt.Sprintf("%d %d %s", efd, evtFile.Fd(), event.Arg()) - evctlPath := filepath.Join(root, "cgroup.event_control") - if err := os.WriteFile(evctlPath, []byte(data), 0o700); err != nil { - unix.Close(efd) - return 0, err - } - return uintptr(efd), nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/named.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/named.go deleted file mode 100644 index 95bda388ea..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/named.go +++ /dev/null @@ -1,39 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import "path/filepath" - -func NewNamed(root string, name Name) *namedController { - return &namedController{ - root: root, - name: name, - } -} - -type namedController struct { - root string - name Name -} - -func (n *namedController) Name() Name { - return n.name -} - -func (n *namedController) Path(path string) string { - return filepath.Join(n.root, string(n.name), path) -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/net_cls.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/net_cls.go deleted file mode 100644 index 22b3c95bbe..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/net_cls.go +++ /dev/null @@ -1,61 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "os" - "path/filepath" - "strconv" - - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -func NewNetCls(root string) *netclsController { - return &netclsController{ - root: filepath.Join(root, string(NetCLS)), - } -} - -type netclsController struct { - root string -} - -func (n *netclsController) Name() Name { - return NetCLS -} - -func (n *netclsController) Path(path string) string { - return filepath.Join(n.root, path) -} - -func (n *netclsController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(n.Path(path), defaultDirPerm); err != nil { - return err - } - if resources.Network != nil && resources.Network.ClassID != nil && *resources.Network.ClassID > 0 { - return os.WriteFile( - filepath.Join(n.Path(path), "net_cls.classid"), - []byte(strconv.FormatUint(uint64(*resources.Network.ClassID), 10)), - defaultFilePerm, - ) - } - return nil -} - -func (n *netclsController) Update(path string, resources *specs.LinuxResources) error { - return n.Create(path, resources) -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/net_prio.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/net_prio.go deleted file mode 100644 index 0936442b98..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/net_prio.go +++ /dev/null @@ -1,65 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "fmt" - "os" - "path/filepath" - - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -func NewNetPrio(root string) *netprioController { - return &netprioController{ - root: filepath.Join(root, string(NetPrio)), - } -} - -type netprioController struct { - root string -} - -func (n *netprioController) Name() Name { - return NetPrio -} - -func (n *netprioController) Path(path string) string { - return filepath.Join(n.root, path) -} - -func (n *netprioController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(n.Path(path), defaultDirPerm); err != nil { - return err - } - if resources.Network != nil { - for _, prio := range resources.Network.Priorities { - if err := os.WriteFile( - filepath.Join(n.Path(path), "net_prio.ifpriomap"), - formatPrio(prio.Name, prio.Priority), - defaultFilePerm, - ); err != nil { - return err - } - } - } - return nil -} - -func formatPrio(name string, prio uint32) []byte { - return []byte(fmt.Sprintf("%s %d", name, prio)) -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/opts.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/opts.go deleted file mode 100644 index 3aa7f4fbbb..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/opts.go +++ /dev/null @@ -1,72 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "errors" -) - -var ( - // ErrIgnoreSubsystem allows the specific subsystem to be skipped - ErrIgnoreSubsystem = errors.New("skip subsystem") - // ErrDevicesRequired is returned when the devices subsystem is required but - // does not exist or is not active - ErrDevicesRequired = errors.New("devices subsystem is required") -) - -// InitOpts allows configuration for the creation or loading of a cgroup -type InitOpts func(*InitConfig) error - -// InitConfig provides configuration options for the creation -// or loading of a cgroup and its subsystems -type InitConfig struct { - // InitCheck can be used to check initialization errors from the subsystem - InitCheck InitCheck - hierarchy Hierarchy -} - -func newInitConfig() *InitConfig { - return &InitConfig{ - InitCheck: RequireDevices, - hierarchy: Default, - } -} - -// InitCheck allows subsystems errors to be checked when initialized or loaded -type InitCheck func(Subsystem, Path, error) error - -// AllowAny allows any subsystem errors to be skipped -func AllowAny(_ Subsystem, _ Path, _ error) error { - return ErrIgnoreSubsystem -} - -// RequireDevices requires the device subsystem but no others -func RequireDevices(s Subsystem, _ Path, _ error) error { - if s.Name() == Devices { - return ErrDevicesRequired - } - return ErrIgnoreSubsystem -} - -// WithHiearchy sets a list of cgroup subsystems. -// The default list is coming from /proc/self/mountinfo. -func WithHiearchy(h Hierarchy) InitOpts { - return func(c *InitConfig) error { - c.hierarchy = h - return nil - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/paths.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/paths.go deleted file mode 100644 index 54de9a18e3..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/paths.go +++ /dev/null @@ -1,106 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "errors" - "fmt" - "path/filepath" -) - -type Path func(subsystem Name) (string, error) - -func RootPath(subsystem Name) (string, error) { - return "/", nil -} - -// StaticPath returns a static path to use for all cgroups -func StaticPath(path string) Path { - return func(_ Name) (string, error) { - return path, nil - } -} - -// NestedPath will nest the cgroups based on the calling processes cgroup -// placing its child processes inside its own path -func NestedPath(suffix string) Path { - paths, err := ParseCgroupFile("/proc/self/cgroup") - if err != nil { - return errorPath(err) - } - return existingPath(paths, suffix) -} - -// PidPath will return the correct cgroup paths for an existing process running inside a cgroup -// This is commonly used for the Load function to restore an existing container -func PidPath(pid int) Path { - p := fmt.Sprintf("/proc/%d/cgroup", pid) - paths, err := ParseCgroupFile(p) - if err != nil { - return errorPath(fmt.Errorf("parse cgroup file %s: %w", p, err)) - } - return existingPath(paths, "") -} - -// ErrControllerNotActive is returned when a controller is not supported or enabled -var ErrControllerNotActive = errors.New("controller is not supported") - -func existingPath(paths map[string]string, suffix string) Path { - // localize the paths based on the root mount dest for nested cgroups - for n, p := range paths { - dest, err := getCgroupDestination(n) - if err != nil { - return errorPath(err) - } - rel, err := filepath.Rel(dest, p) - if err != nil { - return errorPath(err) - } - if rel == "." { - rel = dest - } - paths[n] = filepath.Join("/", rel) - } - return func(name Name) (string, error) { - root, ok := paths[string(name)] - if !ok { - if root, ok = paths["name="+string(name)]; !ok { - return "", ErrControllerNotActive - } - } - if suffix != "" { - return filepath.Join(root, suffix), nil - } - return root, nil - } -} - -func subPath(path Path, subName string) Path { - return func(name Name) (string, error) { - p, err := path(name) - if err != nil { - return "", err - } - return filepath.Join(p, subName), nil - } -} - -func errorPath(err error) Path { - return func(_ Name) (string, error) { - return "", err - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/perf_event.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/perf_event.go deleted file mode 100644 index 4bd6d7e23d..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/perf_event.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import "path/filepath" - -func NewPerfEvent(root string) *PerfEventController { - return &PerfEventController{ - root: filepath.Join(root, string(PerfEvent)), - } -} - -type PerfEventController struct { - root string -} - -func (p *PerfEventController) Name() Name { - return PerfEvent -} - -func (p *PerfEventController) Path(path string) string { - return filepath.Join(p.root, path) -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/pids.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/pids.go deleted file mode 100644 index 31e2dda164..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/pids.go +++ /dev/null @@ -1,78 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "os" - "path/filepath" - "strconv" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -func NewPids(root string) *pidsController { - return &pidsController{ - root: filepath.Join(root, string(Pids)), - } -} - -type pidsController struct { - root string -} - -func (p *pidsController) Name() Name { - return Pids -} - -func (p *pidsController) Path(path string) string { - return filepath.Join(p.root, path) -} - -func (p *pidsController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(p.Path(path), defaultDirPerm); err != nil { - return err - } - if resources.Pids != nil && resources.Pids.Limit > 0 { - return os.WriteFile( - filepath.Join(p.Path(path), "pids.max"), - []byte(strconv.FormatInt(resources.Pids.Limit, 10)), - defaultFilePerm, - ) - } - return nil -} - -func (p *pidsController) Update(path string, resources *specs.LinuxResources) error { - return p.Create(path, resources) -} - -func (p *pidsController) Stat(path string, stats *v1.Metrics) error { - current, err := readUint(filepath.Join(p.Path(path), "pids.current")) - if err != nil { - return err - } - max, err := readUint(filepath.Join(p.Path(path), "pids.max")) - if err != nil { - return err - } - stats.Pids = &v1.PidsStat{ - Current: current, - Limit: max, - } - return nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/rdma.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/rdma.go deleted file mode 100644 index 0a45ae08fb..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/rdma.go +++ /dev/null @@ -1,153 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "math" - "os" - "path/filepath" - "strconv" - "strings" - - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -type rdmaController struct { - root string -} - -func (p *rdmaController) Name() Name { - return Rdma -} - -func (p *rdmaController) Path(path string) string { - return filepath.Join(p.root, path) -} - -func NewRdma(root string) *rdmaController { - return &rdmaController{ - root: filepath.Join(root, string(Rdma)), - } -} - -func createCmdString(device string, limits *specs.LinuxRdma) string { - var cmdString string - - cmdString = device - if limits.HcaHandles != nil { - cmdString = cmdString + " " + "hca_handle=" + strconv.FormatUint(uint64(*limits.HcaHandles), 10) - } - - if limits.HcaObjects != nil { - cmdString = cmdString + " " + "hca_object=" + strconv.FormatUint(uint64(*limits.HcaObjects), 10) - } - return cmdString -} - -func (p *rdmaController) Create(path string, resources *specs.LinuxResources) error { - if err := os.MkdirAll(p.Path(path), defaultDirPerm); err != nil { - return err - } - - for device, limit := range resources.Rdma { - if device != "" && (limit.HcaHandles != nil || limit.HcaObjects != nil) { - limit := limit - return os.WriteFile( - filepath.Join(p.Path(path), "rdma.max"), - []byte(createCmdString(device, &limit)), - defaultFilePerm, - ) - } - } - return nil -} - -func (p *rdmaController) Update(path string, resources *specs.LinuxResources) error { - return p.Create(path, resources) -} - -func parseRdmaKV(raw string, entry *v1.RdmaEntry) { - var value uint64 - var err error - - parts := strings.Split(raw, "=") - switch len(parts) { - case 2: - if parts[1] == "max" { - value = math.MaxUint32 - } else { - value, err = parseUint(parts[1], 10, 32) - if err != nil { - return - } - } - if parts[0] == "hca_handle" { - entry.HcaHandles = uint32(value) - } else if parts[0] == "hca_object" { - entry.HcaObjects = uint32(value) - } - } -} - -func toRdmaEntry(strEntries []string) []*v1.RdmaEntry { - var rdmaEntries []*v1.RdmaEntry - for i := range strEntries { - parts := strings.Fields(strEntries[i]) - switch len(parts) { - case 3: - entry := new(v1.RdmaEntry) - entry.Device = parts[0] - parseRdmaKV(parts[1], entry) - parseRdmaKV(parts[2], entry) - - rdmaEntries = append(rdmaEntries, entry) - default: - continue - } - } - return rdmaEntries -} - -func (p *rdmaController) Stat(path string, stats *v1.Metrics) error { - currentData, err := os.ReadFile(filepath.Join(p.Path(path), "rdma.current")) - if err != nil { - return err - } - currentPerDevices := strings.Split(string(currentData), "\n") - - maxData, err := os.ReadFile(filepath.Join(p.Path(path), "rdma.max")) - if err != nil { - return err - } - maxPerDevices := strings.Split(string(maxData), "\n") - - // If device got removed between reading two files, ignore returning - // stats. - if len(currentPerDevices) != len(maxPerDevices) { - return nil - } - - currentEntries := toRdmaEntry(currentPerDevices) - maxEntries := toRdmaEntry(maxPerDevices) - - stats.Rdma = &v1.RdmaStat{ - Current: currentEntries, - Limit: maxEntries, - } - return nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/state.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/state.go deleted file mode 100644 index 6ea81cccc9..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/state.go +++ /dev/null @@ -1,28 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -// State is a type that represents the state of the current cgroup -type State string - -const ( - Unknown State = "" - Thawed State = "thawed" - Frozen State = "frozen" - Freezing State = "freezing" - Deleted State = "deleted" -) diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go deleted file mode 100644 index e51e12f800..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package stats diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go deleted file mode 100644 index 75206889ba..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go +++ /dev/null @@ -1,1959 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: github.com/containerd/cgroups/cgroup1/stats/metrics.proto - -package stats - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Metrics struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Hugetlb []*HugetlbStat `protobuf:"bytes,1,rep,name=hugetlb,proto3" json:"hugetlb,omitempty"` - Pids *PidsStat `protobuf:"bytes,2,opt,name=pids,proto3" json:"pids,omitempty"` - CPU *CPUStat `protobuf:"bytes,3,opt,name=cpu,proto3" json:"cpu,omitempty"` - Memory *MemoryStat `protobuf:"bytes,4,opt,name=memory,proto3" json:"memory,omitempty"` - Blkio *BlkIOStat `protobuf:"bytes,5,opt,name=blkio,proto3" json:"blkio,omitempty"` - Rdma *RdmaStat `protobuf:"bytes,6,opt,name=rdma,proto3" json:"rdma,omitempty"` - Network []*NetworkStat `protobuf:"bytes,7,rep,name=network,proto3" json:"network,omitempty"` - CgroupStats *CgroupStats `protobuf:"bytes,8,opt,name=cgroup_stats,json=cgroupStats,proto3" json:"cgroup_stats,omitempty"` - MemoryOomControl *MemoryOomControl `protobuf:"bytes,9,opt,name=memory_oom_control,json=memoryOomControl,proto3" json:"memory_oom_control,omitempty"` -} - -func (x *Metrics) Reset() { - *x = Metrics{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Metrics) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Metrics) ProtoMessage() {} - -func (x *Metrics) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Metrics.ProtoReflect.Descriptor instead. -func (*Metrics) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{0} -} - -func (x *Metrics) GetHugetlb() []*HugetlbStat { - if x != nil { - return x.Hugetlb - } - return nil -} - -func (x *Metrics) GetPids() *PidsStat { - if x != nil { - return x.Pids - } - return nil -} - -func (x *Metrics) GetCPU() *CPUStat { - if x != nil { - return x.CPU - } - return nil -} - -func (x *Metrics) GetMemory() *MemoryStat { - if x != nil { - return x.Memory - } - return nil -} - -func (x *Metrics) GetBlkio() *BlkIOStat { - if x != nil { - return x.Blkio - } - return nil -} - -func (x *Metrics) GetRdma() *RdmaStat { - if x != nil { - return x.Rdma - } - return nil -} - -func (x *Metrics) GetNetwork() []*NetworkStat { - if x != nil { - return x.Network - } - return nil -} - -func (x *Metrics) GetCgroupStats() *CgroupStats { - if x != nil { - return x.CgroupStats - } - return nil -} - -func (x *Metrics) GetMemoryOomControl() *MemoryOomControl { - if x != nil { - return x.MemoryOomControl - } - return nil -} - -type HugetlbStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Usage uint64 `protobuf:"varint,1,opt,name=usage,proto3" json:"usage,omitempty"` - Max uint64 `protobuf:"varint,2,opt,name=max,proto3" json:"max,omitempty"` - Failcnt uint64 `protobuf:"varint,3,opt,name=failcnt,proto3" json:"failcnt,omitempty"` - Pagesize string `protobuf:"bytes,4,opt,name=pagesize,proto3" json:"pagesize,omitempty"` -} - -func (x *HugetlbStat) Reset() { - *x = HugetlbStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HugetlbStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HugetlbStat) ProtoMessage() {} - -func (x *HugetlbStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HugetlbStat.ProtoReflect.Descriptor instead. -func (*HugetlbStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{1} -} - -func (x *HugetlbStat) GetUsage() uint64 { - if x != nil { - return x.Usage - } - return 0 -} - -func (x *HugetlbStat) GetMax() uint64 { - if x != nil { - return x.Max - } - return 0 -} - -func (x *HugetlbStat) GetFailcnt() uint64 { - if x != nil { - return x.Failcnt - } - return 0 -} - -func (x *HugetlbStat) GetPagesize() string { - if x != nil { - return x.Pagesize - } - return "" -} - -type PidsStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Current uint64 `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"` - Limit uint64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"` -} - -func (x *PidsStat) Reset() { - *x = PidsStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PidsStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PidsStat) ProtoMessage() {} - -func (x *PidsStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PidsStat.ProtoReflect.Descriptor instead. -func (*PidsStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{2} -} - -func (x *PidsStat) GetCurrent() uint64 { - if x != nil { - return x.Current - } - return 0 -} - -func (x *PidsStat) GetLimit() uint64 { - if x != nil { - return x.Limit - } - return 0 -} - -type CPUStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Usage *CPUUsage `protobuf:"bytes,1,opt,name=usage,proto3" json:"usage,omitempty"` - Throttling *Throttle `protobuf:"bytes,2,opt,name=throttling,proto3" json:"throttling,omitempty"` -} - -func (x *CPUStat) Reset() { - *x = CPUStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CPUStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CPUStat) ProtoMessage() {} - -func (x *CPUStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CPUStat.ProtoReflect.Descriptor instead. -func (*CPUStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{3} -} - -func (x *CPUStat) GetUsage() *CPUUsage { - if x != nil { - return x.Usage - } - return nil -} - -func (x *CPUStat) GetThrottling() *Throttle { - if x != nil { - return x.Throttling - } - return nil -} - -type CPUUsage struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // values in nanoseconds - Total uint64 `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"` - Kernel uint64 `protobuf:"varint,2,opt,name=kernel,proto3" json:"kernel,omitempty"` - User uint64 `protobuf:"varint,3,opt,name=user,proto3" json:"user,omitempty"` - PerCPU []uint64 `protobuf:"varint,4,rep,packed,name=per_cpu,json=perCpu,proto3" json:"per_cpu,omitempty"` -} - -func (x *CPUUsage) Reset() { - *x = CPUUsage{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CPUUsage) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CPUUsage) ProtoMessage() {} - -func (x *CPUUsage) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CPUUsage.ProtoReflect.Descriptor instead. -func (*CPUUsage) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{4} -} - -func (x *CPUUsage) GetTotal() uint64 { - if x != nil { - return x.Total - } - return 0 -} - -func (x *CPUUsage) GetKernel() uint64 { - if x != nil { - return x.Kernel - } - return 0 -} - -func (x *CPUUsage) GetUser() uint64 { - if x != nil { - return x.User - } - return 0 -} - -func (x *CPUUsage) GetPerCPU() []uint64 { - if x != nil { - return x.PerCPU - } - return nil -} - -type Throttle struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Periods uint64 `protobuf:"varint,1,opt,name=periods,proto3" json:"periods,omitempty"` - ThrottledPeriods uint64 `protobuf:"varint,2,opt,name=throttled_periods,json=throttledPeriods,proto3" json:"throttled_periods,omitempty"` - ThrottledTime uint64 `protobuf:"varint,3,opt,name=throttled_time,json=throttledTime,proto3" json:"throttled_time,omitempty"` -} - -func (x *Throttle) Reset() { - *x = Throttle{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Throttle) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Throttle) ProtoMessage() {} - -func (x *Throttle) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Throttle.ProtoReflect.Descriptor instead. -func (*Throttle) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{5} -} - -func (x *Throttle) GetPeriods() uint64 { - if x != nil { - return x.Periods - } - return 0 -} - -func (x *Throttle) GetThrottledPeriods() uint64 { - if x != nil { - return x.ThrottledPeriods - } - return 0 -} - -func (x *Throttle) GetThrottledTime() uint64 { - if x != nil { - return x.ThrottledTime - } - return 0 -} - -type MemoryStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Cache uint64 `protobuf:"varint,1,opt,name=cache,proto3" json:"cache,omitempty"` - RSS uint64 `protobuf:"varint,2,opt,name=rss,proto3" json:"rss,omitempty"` - RSSHuge uint64 `protobuf:"varint,3,opt,name=rss_huge,json=rssHuge,proto3" json:"rss_huge,omitempty"` - MappedFile uint64 `protobuf:"varint,4,opt,name=mapped_file,json=mappedFile,proto3" json:"mapped_file,omitempty"` - Dirty uint64 `protobuf:"varint,5,opt,name=dirty,proto3" json:"dirty,omitempty"` - Writeback uint64 `protobuf:"varint,6,opt,name=writeback,proto3" json:"writeback,omitempty"` - PgPgIn uint64 `protobuf:"varint,7,opt,name=pg_pg_in,json=pgPgIn,proto3" json:"pg_pg_in,omitempty"` - PgPgOut uint64 `protobuf:"varint,8,opt,name=pg_pg_out,json=pgPgOut,proto3" json:"pg_pg_out,omitempty"` - PgFault uint64 `protobuf:"varint,9,opt,name=pg_fault,json=pgFault,proto3" json:"pg_fault,omitempty"` - PgMajFault uint64 `protobuf:"varint,10,opt,name=pg_maj_fault,json=pgMajFault,proto3" json:"pg_maj_fault,omitempty"` - InactiveAnon uint64 `protobuf:"varint,11,opt,name=inactive_anon,json=inactiveAnon,proto3" json:"inactive_anon,omitempty"` - ActiveAnon uint64 `protobuf:"varint,12,opt,name=active_anon,json=activeAnon,proto3" json:"active_anon,omitempty"` - InactiveFile uint64 `protobuf:"varint,13,opt,name=inactive_file,json=inactiveFile,proto3" json:"inactive_file,omitempty"` - ActiveFile uint64 `protobuf:"varint,14,opt,name=active_file,json=activeFile,proto3" json:"active_file,omitempty"` - Unevictable uint64 `protobuf:"varint,15,opt,name=unevictable,proto3" json:"unevictable,omitempty"` - HierarchicalMemoryLimit uint64 `protobuf:"varint,16,opt,name=hierarchical_memory_limit,json=hierarchicalMemoryLimit,proto3" json:"hierarchical_memory_limit,omitempty"` - HierarchicalSwapLimit uint64 `protobuf:"varint,17,opt,name=hierarchical_swap_limit,json=hierarchicalSwapLimit,proto3" json:"hierarchical_swap_limit,omitempty"` - TotalCache uint64 `protobuf:"varint,18,opt,name=total_cache,json=totalCache,proto3" json:"total_cache,omitempty"` - TotalRSS uint64 `protobuf:"varint,19,opt,name=total_rss,json=totalRss,proto3" json:"total_rss,omitempty"` - TotalRSSHuge uint64 `protobuf:"varint,20,opt,name=total_rss_huge,json=totalRssHuge,proto3" json:"total_rss_huge,omitempty"` - TotalMappedFile uint64 `protobuf:"varint,21,opt,name=total_mapped_file,json=totalMappedFile,proto3" json:"total_mapped_file,omitempty"` - TotalDirty uint64 `protobuf:"varint,22,opt,name=total_dirty,json=totalDirty,proto3" json:"total_dirty,omitempty"` - TotalWriteback uint64 `protobuf:"varint,23,opt,name=total_writeback,json=totalWriteback,proto3" json:"total_writeback,omitempty"` - TotalPgPgIn uint64 `protobuf:"varint,24,opt,name=total_pg_pg_in,json=totalPgPgIn,proto3" json:"total_pg_pg_in,omitempty"` - TotalPgPgOut uint64 `protobuf:"varint,25,opt,name=total_pg_pg_out,json=totalPgPgOut,proto3" json:"total_pg_pg_out,omitempty"` - TotalPgFault uint64 `protobuf:"varint,26,opt,name=total_pg_fault,json=totalPgFault,proto3" json:"total_pg_fault,omitempty"` - TotalPgMajFault uint64 `protobuf:"varint,27,opt,name=total_pg_maj_fault,json=totalPgMajFault,proto3" json:"total_pg_maj_fault,omitempty"` - TotalInactiveAnon uint64 `protobuf:"varint,28,opt,name=total_inactive_anon,json=totalInactiveAnon,proto3" json:"total_inactive_anon,omitempty"` - TotalActiveAnon uint64 `protobuf:"varint,29,opt,name=total_active_anon,json=totalActiveAnon,proto3" json:"total_active_anon,omitempty"` - TotalInactiveFile uint64 `protobuf:"varint,30,opt,name=total_inactive_file,json=totalInactiveFile,proto3" json:"total_inactive_file,omitempty"` - TotalActiveFile uint64 `protobuf:"varint,31,opt,name=total_active_file,json=totalActiveFile,proto3" json:"total_active_file,omitempty"` - TotalUnevictable uint64 `protobuf:"varint,32,opt,name=total_unevictable,json=totalUnevictable,proto3" json:"total_unevictable,omitempty"` - Usage *MemoryEntry `protobuf:"bytes,33,opt,name=usage,proto3" json:"usage,omitempty"` - Swap *MemoryEntry `protobuf:"bytes,34,opt,name=swap,proto3" json:"swap,omitempty"` - Kernel *MemoryEntry `protobuf:"bytes,35,opt,name=kernel,proto3" json:"kernel,omitempty"` - KernelTCP *MemoryEntry `protobuf:"bytes,36,opt,name=kernel_tcp,json=kernelTcp,proto3" json:"kernel_tcp,omitempty"` -} - -func (x *MemoryStat) Reset() { - *x = MemoryStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemoryStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemoryStat) ProtoMessage() {} - -func (x *MemoryStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemoryStat.ProtoReflect.Descriptor instead. -func (*MemoryStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{6} -} - -func (x *MemoryStat) GetCache() uint64 { - if x != nil { - return x.Cache - } - return 0 -} - -func (x *MemoryStat) GetRSS() uint64 { - if x != nil { - return x.RSS - } - return 0 -} - -func (x *MemoryStat) GetRSSHuge() uint64 { - if x != nil { - return x.RSSHuge - } - return 0 -} - -func (x *MemoryStat) GetMappedFile() uint64 { - if x != nil { - return x.MappedFile - } - return 0 -} - -func (x *MemoryStat) GetDirty() uint64 { - if x != nil { - return x.Dirty - } - return 0 -} - -func (x *MemoryStat) GetWriteback() uint64 { - if x != nil { - return x.Writeback - } - return 0 -} - -func (x *MemoryStat) GetPgPgIn() uint64 { - if x != nil { - return x.PgPgIn - } - return 0 -} - -func (x *MemoryStat) GetPgPgOut() uint64 { - if x != nil { - return x.PgPgOut - } - return 0 -} - -func (x *MemoryStat) GetPgFault() uint64 { - if x != nil { - return x.PgFault - } - return 0 -} - -func (x *MemoryStat) GetPgMajFault() uint64 { - if x != nil { - return x.PgMajFault - } - return 0 -} - -func (x *MemoryStat) GetInactiveAnon() uint64 { - if x != nil { - return x.InactiveAnon - } - return 0 -} - -func (x *MemoryStat) GetActiveAnon() uint64 { - if x != nil { - return x.ActiveAnon - } - return 0 -} - -func (x *MemoryStat) GetInactiveFile() uint64 { - if x != nil { - return x.InactiveFile - } - return 0 -} - -func (x *MemoryStat) GetActiveFile() uint64 { - if x != nil { - return x.ActiveFile - } - return 0 -} - -func (x *MemoryStat) GetUnevictable() uint64 { - if x != nil { - return x.Unevictable - } - return 0 -} - -func (x *MemoryStat) GetHierarchicalMemoryLimit() uint64 { - if x != nil { - return x.HierarchicalMemoryLimit - } - return 0 -} - -func (x *MemoryStat) GetHierarchicalSwapLimit() uint64 { - if x != nil { - return x.HierarchicalSwapLimit - } - return 0 -} - -func (x *MemoryStat) GetTotalCache() uint64 { - if x != nil { - return x.TotalCache - } - return 0 -} - -func (x *MemoryStat) GetTotalRSS() uint64 { - if x != nil { - return x.TotalRSS - } - return 0 -} - -func (x *MemoryStat) GetTotalRSSHuge() uint64 { - if x != nil { - return x.TotalRSSHuge - } - return 0 -} - -func (x *MemoryStat) GetTotalMappedFile() uint64 { - if x != nil { - return x.TotalMappedFile - } - return 0 -} - -func (x *MemoryStat) GetTotalDirty() uint64 { - if x != nil { - return x.TotalDirty - } - return 0 -} - -func (x *MemoryStat) GetTotalWriteback() uint64 { - if x != nil { - return x.TotalWriteback - } - return 0 -} - -func (x *MemoryStat) GetTotalPgPgIn() uint64 { - if x != nil { - return x.TotalPgPgIn - } - return 0 -} - -func (x *MemoryStat) GetTotalPgPgOut() uint64 { - if x != nil { - return x.TotalPgPgOut - } - return 0 -} - -func (x *MemoryStat) GetTotalPgFault() uint64 { - if x != nil { - return x.TotalPgFault - } - return 0 -} - -func (x *MemoryStat) GetTotalPgMajFault() uint64 { - if x != nil { - return x.TotalPgMajFault - } - return 0 -} - -func (x *MemoryStat) GetTotalInactiveAnon() uint64 { - if x != nil { - return x.TotalInactiveAnon - } - return 0 -} - -func (x *MemoryStat) GetTotalActiveAnon() uint64 { - if x != nil { - return x.TotalActiveAnon - } - return 0 -} - -func (x *MemoryStat) GetTotalInactiveFile() uint64 { - if x != nil { - return x.TotalInactiveFile - } - return 0 -} - -func (x *MemoryStat) GetTotalActiveFile() uint64 { - if x != nil { - return x.TotalActiveFile - } - return 0 -} - -func (x *MemoryStat) GetTotalUnevictable() uint64 { - if x != nil { - return x.TotalUnevictable - } - return 0 -} - -func (x *MemoryStat) GetUsage() *MemoryEntry { - if x != nil { - return x.Usage - } - return nil -} - -func (x *MemoryStat) GetSwap() *MemoryEntry { - if x != nil { - return x.Swap - } - return nil -} - -func (x *MemoryStat) GetKernel() *MemoryEntry { - if x != nil { - return x.Kernel - } - return nil -} - -func (x *MemoryStat) GetKernelTCP() *MemoryEntry { - if x != nil { - return x.KernelTCP - } - return nil -} - -type MemoryEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Limit uint64 `protobuf:"varint,1,opt,name=limit,proto3" json:"limit,omitempty"` - Usage uint64 `protobuf:"varint,2,opt,name=usage,proto3" json:"usage,omitempty"` - Max uint64 `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"` - Failcnt uint64 `protobuf:"varint,4,opt,name=failcnt,proto3" json:"failcnt,omitempty"` -} - -func (x *MemoryEntry) Reset() { - *x = MemoryEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemoryEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemoryEntry) ProtoMessage() {} - -func (x *MemoryEntry) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemoryEntry.ProtoReflect.Descriptor instead. -func (*MemoryEntry) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{7} -} - -func (x *MemoryEntry) GetLimit() uint64 { - if x != nil { - return x.Limit - } - return 0 -} - -func (x *MemoryEntry) GetUsage() uint64 { - if x != nil { - return x.Usage - } - return 0 -} - -func (x *MemoryEntry) GetMax() uint64 { - if x != nil { - return x.Max - } - return 0 -} - -func (x *MemoryEntry) GetFailcnt() uint64 { - if x != nil { - return x.Failcnt - } - return 0 -} - -type MemoryOomControl struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - OomKillDisable uint64 `protobuf:"varint,1,opt,name=oom_kill_disable,json=oomKillDisable,proto3" json:"oom_kill_disable,omitempty"` - UnderOom uint64 `protobuf:"varint,2,opt,name=under_oom,json=underOom,proto3" json:"under_oom,omitempty"` - OomKill uint64 `protobuf:"varint,3,opt,name=oom_kill,json=oomKill,proto3" json:"oom_kill,omitempty"` -} - -func (x *MemoryOomControl) Reset() { - *x = MemoryOomControl{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemoryOomControl) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemoryOomControl) ProtoMessage() {} - -func (x *MemoryOomControl) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemoryOomControl.ProtoReflect.Descriptor instead. -func (*MemoryOomControl) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{8} -} - -func (x *MemoryOomControl) GetOomKillDisable() uint64 { - if x != nil { - return x.OomKillDisable - } - return 0 -} - -func (x *MemoryOomControl) GetUnderOom() uint64 { - if x != nil { - return x.UnderOom - } - return 0 -} - -func (x *MemoryOomControl) GetOomKill() uint64 { - if x != nil { - return x.OomKill - } - return 0 -} - -type BlkIOStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - IoServiceBytesRecursive []*BlkIOEntry `protobuf:"bytes,1,rep,name=io_service_bytes_recursive,json=ioServiceBytesRecursive,proto3" json:"io_service_bytes_recursive,omitempty"` - IoServicedRecursive []*BlkIOEntry `protobuf:"bytes,2,rep,name=io_serviced_recursive,json=ioServicedRecursive,proto3" json:"io_serviced_recursive,omitempty"` - IoQueuedRecursive []*BlkIOEntry `protobuf:"bytes,3,rep,name=io_queued_recursive,json=ioQueuedRecursive,proto3" json:"io_queued_recursive,omitempty"` - IoServiceTimeRecursive []*BlkIOEntry `protobuf:"bytes,4,rep,name=io_service_time_recursive,json=ioServiceTimeRecursive,proto3" json:"io_service_time_recursive,omitempty"` - IoWaitTimeRecursive []*BlkIOEntry `protobuf:"bytes,5,rep,name=io_wait_time_recursive,json=ioWaitTimeRecursive,proto3" json:"io_wait_time_recursive,omitempty"` - IoMergedRecursive []*BlkIOEntry `protobuf:"bytes,6,rep,name=io_merged_recursive,json=ioMergedRecursive,proto3" json:"io_merged_recursive,omitempty"` - IoTimeRecursive []*BlkIOEntry `protobuf:"bytes,7,rep,name=io_time_recursive,json=ioTimeRecursive,proto3" json:"io_time_recursive,omitempty"` - SectorsRecursive []*BlkIOEntry `protobuf:"bytes,8,rep,name=sectors_recursive,json=sectorsRecursive,proto3" json:"sectors_recursive,omitempty"` -} - -func (x *BlkIOStat) Reset() { - *x = BlkIOStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BlkIOStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BlkIOStat) ProtoMessage() {} - -func (x *BlkIOStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BlkIOStat.ProtoReflect.Descriptor instead. -func (*BlkIOStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{9} -} - -func (x *BlkIOStat) GetIoServiceBytesRecursive() []*BlkIOEntry { - if x != nil { - return x.IoServiceBytesRecursive - } - return nil -} - -func (x *BlkIOStat) GetIoServicedRecursive() []*BlkIOEntry { - if x != nil { - return x.IoServicedRecursive - } - return nil -} - -func (x *BlkIOStat) GetIoQueuedRecursive() []*BlkIOEntry { - if x != nil { - return x.IoQueuedRecursive - } - return nil -} - -func (x *BlkIOStat) GetIoServiceTimeRecursive() []*BlkIOEntry { - if x != nil { - return x.IoServiceTimeRecursive - } - return nil -} - -func (x *BlkIOStat) GetIoWaitTimeRecursive() []*BlkIOEntry { - if x != nil { - return x.IoWaitTimeRecursive - } - return nil -} - -func (x *BlkIOStat) GetIoMergedRecursive() []*BlkIOEntry { - if x != nil { - return x.IoMergedRecursive - } - return nil -} - -func (x *BlkIOStat) GetIoTimeRecursive() []*BlkIOEntry { - if x != nil { - return x.IoTimeRecursive - } - return nil -} - -func (x *BlkIOStat) GetSectorsRecursive() []*BlkIOEntry { - if x != nil { - return x.SectorsRecursive - } - return nil -} - -type BlkIOEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Op string `protobuf:"bytes,1,opt,name=op,proto3" json:"op,omitempty"` - Device string `protobuf:"bytes,2,opt,name=device,proto3" json:"device,omitempty"` - Major uint64 `protobuf:"varint,3,opt,name=major,proto3" json:"major,omitempty"` - Minor uint64 `protobuf:"varint,4,opt,name=minor,proto3" json:"minor,omitempty"` - Value uint64 `protobuf:"varint,5,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *BlkIOEntry) Reset() { - *x = BlkIOEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BlkIOEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BlkIOEntry) ProtoMessage() {} - -func (x *BlkIOEntry) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BlkIOEntry.ProtoReflect.Descriptor instead. -func (*BlkIOEntry) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{10} -} - -func (x *BlkIOEntry) GetOp() string { - if x != nil { - return x.Op - } - return "" -} - -func (x *BlkIOEntry) GetDevice() string { - if x != nil { - return x.Device - } - return "" -} - -func (x *BlkIOEntry) GetMajor() uint64 { - if x != nil { - return x.Major - } - return 0 -} - -func (x *BlkIOEntry) GetMinor() uint64 { - if x != nil { - return x.Minor - } - return 0 -} - -func (x *BlkIOEntry) GetValue() uint64 { - if x != nil { - return x.Value - } - return 0 -} - -type RdmaStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Current []*RdmaEntry `protobuf:"bytes,1,rep,name=current,proto3" json:"current,omitempty"` - Limit []*RdmaEntry `protobuf:"bytes,2,rep,name=limit,proto3" json:"limit,omitempty"` -} - -func (x *RdmaStat) Reset() { - *x = RdmaStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RdmaStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RdmaStat) ProtoMessage() {} - -func (x *RdmaStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RdmaStat.ProtoReflect.Descriptor instead. -func (*RdmaStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{11} -} - -func (x *RdmaStat) GetCurrent() []*RdmaEntry { - if x != nil { - return x.Current - } - return nil -} - -func (x *RdmaStat) GetLimit() []*RdmaEntry { - if x != nil { - return x.Limit - } - return nil -} - -type RdmaEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Device string `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"` - HcaHandles uint32 `protobuf:"varint,2,opt,name=hca_handles,json=hcaHandles,proto3" json:"hca_handles,omitempty"` - HcaObjects uint32 `protobuf:"varint,3,opt,name=hca_objects,json=hcaObjects,proto3" json:"hca_objects,omitempty"` -} - -func (x *RdmaEntry) Reset() { - *x = RdmaEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RdmaEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RdmaEntry) ProtoMessage() {} - -func (x *RdmaEntry) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RdmaEntry.ProtoReflect.Descriptor instead. -func (*RdmaEntry) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{12} -} - -func (x *RdmaEntry) GetDevice() string { - if x != nil { - return x.Device - } - return "" -} - -func (x *RdmaEntry) GetHcaHandles() uint32 { - if x != nil { - return x.HcaHandles - } - return 0 -} - -func (x *RdmaEntry) GetHcaObjects() uint32 { - if x != nil { - return x.HcaObjects - } - return 0 -} - -type NetworkStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - RxBytes uint64 `protobuf:"varint,2,opt,name=rx_bytes,json=rxBytes,proto3" json:"rx_bytes,omitempty"` - RxPackets uint64 `protobuf:"varint,3,opt,name=rx_packets,json=rxPackets,proto3" json:"rx_packets,omitempty"` - RxErrors uint64 `protobuf:"varint,4,opt,name=rx_errors,json=rxErrors,proto3" json:"rx_errors,omitempty"` - RxDropped uint64 `protobuf:"varint,5,opt,name=rx_dropped,json=rxDropped,proto3" json:"rx_dropped,omitempty"` - TxBytes uint64 `protobuf:"varint,6,opt,name=tx_bytes,json=txBytes,proto3" json:"tx_bytes,omitempty"` - TxPackets uint64 `protobuf:"varint,7,opt,name=tx_packets,json=txPackets,proto3" json:"tx_packets,omitempty"` - TxErrors uint64 `protobuf:"varint,8,opt,name=tx_errors,json=txErrors,proto3" json:"tx_errors,omitempty"` - TxDropped uint64 `protobuf:"varint,9,opt,name=tx_dropped,json=txDropped,proto3" json:"tx_dropped,omitempty"` -} - -func (x *NetworkStat) Reset() { - *x = NetworkStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NetworkStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NetworkStat) ProtoMessage() {} - -func (x *NetworkStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NetworkStat.ProtoReflect.Descriptor instead. -func (*NetworkStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{13} -} - -func (x *NetworkStat) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *NetworkStat) GetRxBytes() uint64 { - if x != nil { - return x.RxBytes - } - return 0 -} - -func (x *NetworkStat) GetRxPackets() uint64 { - if x != nil { - return x.RxPackets - } - return 0 -} - -func (x *NetworkStat) GetRxErrors() uint64 { - if x != nil { - return x.RxErrors - } - return 0 -} - -func (x *NetworkStat) GetRxDropped() uint64 { - if x != nil { - return x.RxDropped - } - return 0 -} - -func (x *NetworkStat) GetTxBytes() uint64 { - if x != nil { - return x.TxBytes - } - return 0 -} - -func (x *NetworkStat) GetTxPackets() uint64 { - if x != nil { - return x.TxPackets - } - return 0 -} - -func (x *NetworkStat) GetTxErrors() uint64 { - if x != nil { - return x.TxErrors - } - return 0 -} - -func (x *NetworkStat) GetTxDropped() uint64 { - if x != nil { - return x.TxDropped - } - return 0 -} - -// CgroupStats exports per-cgroup statistics. -type CgroupStats struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // number of tasks sleeping - NrSleeping uint64 `protobuf:"varint,1,opt,name=nr_sleeping,json=nrSleeping,proto3" json:"nr_sleeping,omitempty"` - // number of tasks running - NrRunning uint64 `protobuf:"varint,2,opt,name=nr_running,json=nrRunning,proto3" json:"nr_running,omitempty"` - // number of tasks in stopped state - NrStopped uint64 `protobuf:"varint,3,opt,name=nr_stopped,json=nrStopped,proto3" json:"nr_stopped,omitempty"` - // number of tasks in uninterruptible state - NrUninterruptible uint64 `protobuf:"varint,4,opt,name=nr_uninterruptible,json=nrUninterruptible,proto3" json:"nr_uninterruptible,omitempty"` - // number of tasks waiting on IO - NrIoWait uint64 `protobuf:"varint,5,opt,name=nr_io_wait,json=nrIoWait,proto3" json:"nr_io_wait,omitempty"` -} - -func (x *CgroupStats) Reset() { - *x = CgroupStats{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgroupStats) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgroupStats) ProtoMessage() {} - -func (x *CgroupStats) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgroupStats.ProtoReflect.Descriptor instead. -func (*CgroupStats) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{14} -} - -func (x *CgroupStats) GetNrSleeping() uint64 { - if x != nil { - return x.NrSleeping - } - return 0 -} - -func (x *CgroupStats) GetNrRunning() uint64 { - if x != nil { - return x.NrRunning - } - return 0 -} - -func (x *CgroupStats) GetNrStopped() uint64 { - if x != nil { - return x.NrStopped - } - return 0 -} - -func (x *CgroupStats) GetNrUninterruptible() uint64 { - if x != nil { - return x.NrUninterruptible - } - return 0 -} - -func (x *CgroupStats) GetNrIoWait() uint64 { - if x != nil { - return x.NrIoWait - } - return 0 -} - -var File_github_com_containerd_cgroups_cgroup1_stats_metrics_proto protoreflect.FileDescriptor - -var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc = []byte{ - 0x0a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2f, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2f, 0x6d, 0x65, - 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x6f, 0x2e, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x73, 0x2e, 0x76, 0x31, 0x22, 0xcd, 0x04, 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, - 0x73, 0x12, 0x3f, 0x0a, 0x07, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, - 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x75, - 0x67, 0x65, 0x74, 0x6c, 0x62, 0x53, 0x74, 0x61, 0x74, 0x52, 0x07, 0x68, 0x75, 0x67, 0x65, 0x74, - 0x6c, 0x62, 0x12, 0x36, 0x0a, 0x04, 0x70, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, - 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x69, 0x64, 0x73, - 0x53, 0x74, 0x61, 0x74, 0x52, 0x04, 0x70, 0x69, 0x64, 0x73, 0x12, 0x33, 0x0a, 0x03, 0x63, 0x70, - 0x75, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x43, 0x50, 0x55, 0x53, 0x74, 0x61, 0x74, 0x52, 0x03, 0x63, 0x70, 0x75, 0x12, - 0x3c, 0x0a, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, - 0x79, 0x53, 0x74, 0x61, 0x74, 0x52, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x39, 0x0a, - 0x05, 0x62, 0x6c, 0x6b, 0x69, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, - 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x53, 0x74, 0x61, - 0x74, 0x52, 0x05, 0x62, 0x6c, 0x6b, 0x69, 0x6f, 0x12, 0x36, 0x0a, 0x04, 0x72, 0x64, 0x6d, 0x61, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, - 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x53, 0x74, 0x61, 0x74, 0x52, 0x04, 0x72, 0x64, 0x6d, 0x61, - 0x12, 0x3f, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x07, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x12, 0x48, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, - 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x73, 0x52, 0x0b, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x12, 0x6d, - 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x6f, 0x6f, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x4f, 0x6f, 0x6d, 0x43, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x52, 0x10, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x4f, 0x6f, 0x6d, 0x43, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x22, 0x6b, 0x0a, 0x0b, 0x48, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, - 0x53, 0x74, 0x61, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, - 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x18, 0x0a, 0x07, - 0x66, 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x66, - 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x69, - 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x69, - 0x7a, 0x65, 0x22, 0x3a, 0x0a, 0x08, 0x50, 0x69, 0x64, 0x73, 0x53, 0x74, 0x61, 0x74, 0x12, 0x18, - 0x0a, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x22, 0x87, - 0x01, 0x0a, 0x07, 0x43, 0x50, 0x55, 0x53, 0x74, 0x61, 0x74, 0x12, 0x38, 0x0a, 0x05, 0x75, 0x73, - 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x50, 0x55, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75, - 0x73, 0x61, 0x67, 0x65, 0x12, 0x42, 0x0a, 0x0a, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x69, - 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, - 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x52, 0x0a, 0x74, 0x68, - 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x22, 0x65, 0x0a, 0x08, 0x43, 0x50, 0x55, 0x55, - 0x73, 0x61, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6b, 0x65, - 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6b, 0x65, 0x72, 0x6e, - 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x65, 0x72, 0x5f, 0x63, 0x70, - 0x75, 0x18, 0x04, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x70, 0x65, 0x72, 0x43, 0x70, 0x75, 0x22, - 0x78, 0x0a, 0x08, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, - 0x65, 0x72, 0x69, 0x6f, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, 0x65, - 0x72, 0x69, 0x6f, 0x64, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, - 0x65, 0x64, 0x5f, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x10, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x50, 0x65, 0x72, 0x69, 0x6f, - 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x5f, - 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x74, 0x68, 0x72, 0x6f, - 0x74, 0x74, 0x6c, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x94, 0x0b, 0x0a, 0x0a, 0x4d, 0x65, - 0x6d, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x61, 0x63, 0x68, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x63, 0x61, 0x63, 0x68, 0x65, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x72, 0x73, 0x73, - 0x12, 0x19, 0x0a, 0x08, 0x72, 0x73, 0x73, 0x5f, 0x68, 0x75, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x07, 0x72, 0x73, 0x73, 0x48, 0x75, 0x67, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, - 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x0a, 0x6d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, - 0x64, 0x69, 0x72, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x64, 0x69, 0x72, - 0x74, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, - 0x12, 0x18, 0x0a, 0x08, 0x70, 0x67, 0x5f, 0x70, 0x67, 0x5f, 0x69, 0x6e, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x06, 0x70, 0x67, 0x50, 0x67, 0x49, 0x6e, 0x12, 0x1a, 0x0a, 0x09, 0x70, 0x67, - 0x5f, 0x70, 0x67, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, - 0x67, 0x50, 0x67, 0x4f, 0x75, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x67, 0x5f, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, 0x67, 0x46, 0x61, 0x75, 0x6c, - 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x70, 0x67, 0x5f, 0x6d, 0x61, 0x6a, 0x5f, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x70, 0x67, 0x4d, 0x61, 0x6a, 0x46, 0x61, - 0x75, 0x6c, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, - 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x69, 0x6e, 0x61, 0x63, - 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, 0x74, 0x69, - 0x76, 0x65, 0x5f, 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x61, - 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x61, - 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x0c, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1f, - 0x0a, 0x0b, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0e, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0a, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, - 0x20, 0x0a, 0x0b, 0x75, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0f, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x75, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, - 0x65, 0x12, 0x3a, 0x0a, 0x19, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, 0x61, - 0x6c, 0x5f, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x10, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x17, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, - 0x61, 0x6c, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x36, 0x0a, - 0x17, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x73, 0x77, - 0x61, 0x70, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, - 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x77, 0x61, 0x70, - 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x63, - 0x61, 0x63, 0x68, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x74, 0x6f, 0x74, 0x61, - 0x6c, 0x43, 0x61, 0x63, 0x68, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, - 0x72, 0x73, 0x73, 0x18, 0x13, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x74, 0x6f, 0x74, 0x61, 0x6c, - 0x52, 0x73, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x72, 0x73, 0x73, - 0x5f, 0x68, 0x75, 0x67, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x74, 0x6f, 0x74, - 0x61, 0x6c, 0x52, 0x73, 0x73, 0x48, 0x75, 0x67, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x74, 0x6f, 0x74, - 0x61, 0x6c, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x15, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x4d, 0x61, 0x70, 0x70, 0x65, - 0x64, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x64, - 0x69, 0x72, 0x74, 0x79, 0x18, 0x16, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x74, 0x6f, 0x74, 0x61, - 0x6c, 0x44, 0x69, 0x72, 0x74, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, - 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x18, 0x17, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x0e, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x12, - 0x23, 0x0a, 0x0e, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, 0x5f, 0x70, 0x67, 0x5f, 0x69, - 0x6e, 0x18, 0x18, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, - 0x50, 0x67, 0x49, 0x6e, 0x12, 0x25, 0x0a, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, - 0x5f, 0x70, 0x67, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x19, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x74, - 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, 0x50, 0x67, 0x4f, 0x75, 0x74, 0x12, 0x24, 0x0a, 0x0e, 0x74, - 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, 0x5f, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x1a, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, 0x46, 0x61, 0x75, 0x6c, - 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, 0x5f, 0x6d, 0x61, - 0x6a, 0x5f, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, - 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, 0x4d, 0x61, 0x6a, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x2e, - 0x0a, 0x13, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, - 0x5f, 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x74, 0x6f, 0x74, - 0x61, 0x6c, 0x49, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x2a, - 0x0a, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x61, - 0x6e, 0x6f, 0x6e, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, - 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x6f, - 0x74, 0x61, 0x6c, 0x5f, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, - 0x65, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x49, 0x6e, - 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x74, 0x6f, - 0x74, 0x61, 0x6c, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, - 0x1f, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x41, 0x63, 0x74, 0x69, - 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, - 0x75, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x20, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x55, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, - 0x62, 0x6c, 0x65, 0x12, 0x3b, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x21, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, - 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, - 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, - 0x12, 0x39, 0x0a, 0x04, 0x73, 0x77, 0x61, 0x70, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, - 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x73, 0x77, 0x61, 0x70, 0x12, 0x3d, 0x0a, 0x06, 0x6b, - 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x06, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x44, 0x0a, 0x0a, 0x6b, 0x65, - 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x74, 0x63, 0x70, 0x18, 0x24, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, - 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x54, 0x63, 0x70, - 0x22, 0x65, 0x0a, 0x0b, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, - 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d, - 0x61, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x18, 0x0a, - 0x07, 0x66, 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, - 0x66, 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x22, 0x74, 0x0a, 0x10, 0x4d, 0x65, 0x6d, 0x6f, 0x72, - 0x79, 0x4f, 0x6f, 0x6d, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x10, 0x6f, - 0x6f, 0x6d, 0x5f, 0x6b, 0x69, 0x6c, 0x6c, 0x5f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x6f, 0x6f, 0x6d, 0x4b, 0x69, 0x6c, 0x6c, 0x44, 0x69, - 0x73, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x6e, 0x64, 0x65, 0x72, 0x5f, 0x6f, - 0x6f, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x75, 0x6e, 0x64, 0x65, 0x72, 0x4f, - 0x6f, 0x6d, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x6f, 0x6d, 0x5f, 0x6b, 0x69, 0x6c, 0x6c, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6f, 0x6f, 0x6d, 0x4b, 0x69, 0x6c, 0x6c, 0x22, 0xd5, 0x05, - 0x0a, 0x09, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x53, 0x74, 0x61, 0x74, 0x12, 0x61, 0x0a, 0x1a, 0x69, - 0x6f, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, - 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x17, 0x69, 0x6f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x58, - 0x0a, 0x15, 0x69, 0x6f, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x5f, 0x72, 0x65, - 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, - 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x13, 0x69, 0x6f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x52, - 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x54, 0x0a, 0x13, 0x69, 0x6f, 0x5f, 0x71, - 0x75, 0x65, 0x75, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, - 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, - 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x69, 0x6f, 0x51, - 0x75, 0x65, 0x75, 0x65, 0x64, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x5f, - 0x0a, 0x19, 0x69, 0x6f, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x74, 0x69, 0x6d, - 0x65, 0x5f, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, - 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x16, 0x69, 0x6f, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, - 0x59, 0x0a, 0x16, 0x69, 0x6f, 0x5f, 0x77, 0x61, 0x69, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, - 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x69, 0x6f, 0x57, 0x61, 0x69, 0x74, 0x54, 0x69, 0x6d, - 0x65, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x54, 0x0a, 0x13, 0x69, 0x6f, - 0x5f, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, - 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x69, - 0x6f, 0x4d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, - 0x12, 0x50, 0x0a, 0x11, 0x69, 0x6f, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x72, 0x65, 0x63, 0x75, - 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x0f, 0x69, 0x6f, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, - 0x76, 0x65, 0x12, 0x51, 0x0a, 0x11, 0x73, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x5f, 0x72, 0x65, - 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, - 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x10, 0x73, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x52, 0x65, 0x63, 0x75, - 0x72, 0x73, 0x69, 0x76, 0x65, 0x22, 0x76, 0x0a, 0x0a, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x6f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x02, 0x6f, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, - 0x61, 0x6a, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, - 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x84, 0x01, - 0x0a, 0x08, 0x52, 0x64, 0x6d, 0x61, 0x53, 0x74, 0x61, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x63, 0x75, - 0x72, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x6f, - 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x39, 0x0a, 0x05, 0x6c, 0x69, 0x6d, - 0x69, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, - 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6c, - 0x69, 0x6d, 0x69, 0x74, 0x22, 0x65, 0x0a, 0x09, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x63, 0x61, - 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, - 0x68, 0x63, 0x61, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x63, - 0x61, 0x5f, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x0a, 0x68, 0x63, 0x61, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x22, 0x8d, 0x02, 0x0a, 0x0b, - 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x19, 0x0a, 0x08, 0x72, 0x78, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x07, 0x72, 0x78, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x78, - 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, - 0x72, 0x78, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x78, 0x5f, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x72, 0x78, - 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x78, 0x5f, 0x64, 0x72, 0x6f, - 0x70, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x72, 0x78, 0x44, 0x72, - 0x6f, 0x70, 0x70, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x78, 0x5f, 0x62, 0x79, 0x74, 0x65, - 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x74, 0x78, 0x42, 0x79, 0x74, 0x65, 0x73, - 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x78, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x78, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x12, - 0x1b, 0x0a, 0x09, 0x74, 0x78, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x08, 0x74, 0x78, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x1d, 0x0a, 0x0a, - 0x74, 0x78, 0x5f, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x09, 0x74, 0x78, 0x44, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x22, 0xb9, 0x01, 0x0a, 0x0b, - 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6e, - 0x72, 0x5f, 0x73, 0x6c, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x0a, 0x6e, 0x72, 0x53, 0x6c, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x0a, 0x0a, - 0x6e, 0x72, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x09, 0x6e, 0x72, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6e, - 0x72, 0x5f, 0x73, 0x74, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x09, 0x6e, 0x72, 0x53, 0x74, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x12, 0x2d, 0x0a, 0x12, 0x6e, 0x72, - 0x5f, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x72, 0x75, 0x70, 0x74, 0x69, 0x62, 0x6c, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x6e, 0x72, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x72, 0x75, 0x70, 0x74, 0x69, 0x62, 0x6c, 0x65, 0x12, 0x1c, 0x0a, 0x0a, 0x6e, 0x72, 0x5f, - 0x69, 0x6f, 0x5f, 0x77, 0x61, 0x69, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x6e, - 0x72, 0x49, 0x6f, 0x57, 0x61, 0x69, 0x74, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, - 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, - 0x2f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescOnce sync.Once - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData = file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc -) - -func file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP() []byte { - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescOnce.Do(func() { - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData) - }) - return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData -} - -var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes = make([]protoimpl.MessageInfo, 15) -var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_goTypes = []interface{}{ - (*Metrics)(nil), // 0: io.containerd.cgroups.v1.Metrics - (*HugetlbStat)(nil), // 1: io.containerd.cgroups.v1.HugetlbStat - (*PidsStat)(nil), // 2: io.containerd.cgroups.v1.PidsStat - (*CPUStat)(nil), // 3: io.containerd.cgroups.v1.CPUStat - (*CPUUsage)(nil), // 4: io.containerd.cgroups.v1.CPUUsage - (*Throttle)(nil), // 5: io.containerd.cgroups.v1.Throttle - (*MemoryStat)(nil), // 6: io.containerd.cgroups.v1.MemoryStat - (*MemoryEntry)(nil), // 7: io.containerd.cgroups.v1.MemoryEntry - (*MemoryOomControl)(nil), // 8: io.containerd.cgroups.v1.MemoryOomControl - (*BlkIOStat)(nil), // 9: io.containerd.cgroups.v1.BlkIOStat - (*BlkIOEntry)(nil), // 10: io.containerd.cgroups.v1.BlkIOEntry - (*RdmaStat)(nil), // 11: io.containerd.cgroups.v1.RdmaStat - (*RdmaEntry)(nil), // 12: io.containerd.cgroups.v1.RdmaEntry - (*NetworkStat)(nil), // 13: io.containerd.cgroups.v1.NetworkStat - (*CgroupStats)(nil), // 14: io.containerd.cgroups.v1.CgroupStats -} -var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_depIdxs = []int32{ - 1, // 0: io.containerd.cgroups.v1.Metrics.hugetlb:type_name -> io.containerd.cgroups.v1.HugetlbStat - 2, // 1: io.containerd.cgroups.v1.Metrics.pids:type_name -> io.containerd.cgroups.v1.PidsStat - 3, // 2: io.containerd.cgroups.v1.Metrics.cpu:type_name -> io.containerd.cgroups.v1.CPUStat - 6, // 3: io.containerd.cgroups.v1.Metrics.memory:type_name -> io.containerd.cgroups.v1.MemoryStat - 9, // 4: io.containerd.cgroups.v1.Metrics.blkio:type_name -> io.containerd.cgroups.v1.BlkIOStat - 11, // 5: io.containerd.cgroups.v1.Metrics.rdma:type_name -> io.containerd.cgroups.v1.RdmaStat - 13, // 6: io.containerd.cgroups.v1.Metrics.network:type_name -> io.containerd.cgroups.v1.NetworkStat - 14, // 7: io.containerd.cgroups.v1.Metrics.cgroup_stats:type_name -> io.containerd.cgroups.v1.CgroupStats - 8, // 8: io.containerd.cgroups.v1.Metrics.memory_oom_control:type_name -> io.containerd.cgroups.v1.MemoryOomControl - 4, // 9: io.containerd.cgroups.v1.CPUStat.usage:type_name -> io.containerd.cgroups.v1.CPUUsage - 5, // 10: io.containerd.cgroups.v1.CPUStat.throttling:type_name -> io.containerd.cgroups.v1.Throttle - 7, // 11: io.containerd.cgroups.v1.MemoryStat.usage:type_name -> io.containerd.cgroups.v1.MemoryEntry - 7, // 12: io.containerd.cgroups.v1.MemoryStat.swap:type_name -> io.containerd.cgroups.v1.MemoryEntry - 7, // 13: io.containerd.cgroups.v1.MemoryStat.kernel:type_name -> io.containerd.cgroups.v1.MemoryEntry - 7, // 14: io.containerd.cgroups.v1.MemoryStat.kernel_tcp:type_name -> io.containerd.cgroups.v1.MemoryEntry - 10, // 15: io.containerd.cgroups.v1.BlkIOStat.io_service_bytes_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 16: io.containerd.cgroups.v1.BlkIOStat.io_serviced_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 17: io.containerd.cgroups.v1.BlkIOStat.io_queued_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 18: io.containerd.cgroups.v1.BlkIOStat.io_service_time_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 19: io.containerd.cgroups.v1.BlkIOStat.io_wait_time_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 20: io.containerd.cgroups.v1.BlkIOStat.io_merged_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 21: io.containerd.cgroups.v1.BlkIOStat.io_time_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 10, // 22: io.containerd.cgroups.v1.BlkIOStat.sectors_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry - 12, // 23: io.containerd.cgroups.v1.RdmaStat.current:type_name -> io.containerd.cgroups.v1.RdmaEntry - 12, // 24: io.containerd.cgroups.v1.RdmaStat.limit:type_name -> io.containerd.cgroups.v1.RdmaEntry - 25, // [25:25] is the sub-list for method output_type - 25, // [25:25] is the sub-list for method input_type - 25, // [25:25] is the sub-list for extension type_name - 25, // [25:25] is the sub-list for extension extendee - 0, // [0:25] is the sub-list for field type_name -} - -func init() { file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_init() } -func file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_init() { - if File_github_com_containerd_cgroups_cgroup1_stats_metrics_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Metrics); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HugetlbStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PidsStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CPUStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CPUUsage); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Throttle); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemoryStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemoryEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemoryOomControl); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BlkIOStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BlkIOEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RdmaStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RdmaEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NetworkStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgroupStats); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc, - NumEnums: 0, - NumMessages: 15, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_goTypes, - DependencyIndexes: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_depIdxs, - MessageInfos: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes, - }.Build() - File_github_com_containerd_cgroups_cgroup1_stats_metrics_proto = out.File - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc = nil - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_goTypes = nil - file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_depIdxs = nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt deleted file mode 100644 index 7e4313ea58..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt +++ /dev/null @@ -1,771 +0,0 @@ -file { - name: "github.com/containerd/cgroups/cgroup1/stats/metrics.proto" - package: "io.containerd.cgroups.v1" - message_type { - name: "Metrics" - field { - name: "hugetlb" - number: 1 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.HugetlbStat" - json_name: "hugetlb" - } - field { - name: "pids" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.PidsStat" - json_name: "pids" - } - field { - name: "cpu" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.CPUStat" - json_name: "cpu" - } - field { - name: "memory" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.MemoryStat" - json_name: "memory" - } - field { - name: "blkio" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOStat" - json_name: "blkio" - } - field { - name: "rdma" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.RdmaStat" - json_name: "rdma" - } - field { - name: "network" - number: 7 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.NetworkStat" - json_name: "network" - } - field { - name: "cgroup_stats" - number: 8 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.CgroupStats" - json_name: "cgroupStats" - } - field { - name: "memory_oom_control" - number: 9 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.MemoryOomControl" - json_name: "memoryOomControl" - } - } - message_type { - name: "HugetlbStat" - field { - name: "usage" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "usage" - } - field { - name: "max" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "max" - } - field { - name: "failcnt" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "failcnt" - } - field { - name: "pagesize" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "pagesize" - } - } - message_type { - name: "PidsStat" - field { - name: "current" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "current" - } - field { - name: "limit" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "limit" - } - } - message_type { - name: "CPUStat" - field { - name: "usage" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.CPUUsage" - json_name: "usage" - } - field { - name: "throttling" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.Throttle" - json_name: "throttling" - } - } - message_type { - name: "CPUUsage" - field { - name: "total" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "total" - } - field { - name: "kernel" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "kernel" - } - field { - name: "user" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "user" - } - field { - name: "per_cpu" - number: 4 - label: LABEL_REPEATED - type: TYPE_UINT64 - json_name: "perCpu" - } - } - message_type { - name: "Throttle" - field { - name: "periods" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "periods" - } - field { - name: "throttled_periods" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "throttledPeriods" - } - field { - name: "throttled_time" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "throttledTime" - } - } - message_type { - name: "MemoryStat" - field { - name: "cache" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "cache" - } - field { - name: "rss" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rss" - } - field { - name: "rss_huge" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rssHuge" - } - field { - name: "mapped_file" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "mappedFile" - } - field { - name: "dirty" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "dirty" - } - field { - name: "writeback" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "writeback" - } - field { - name: "pg_pg_in" - number: 7 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgPgIn" - } - field { - name: "pg_pg_out" - number: 8 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgPgOut" - } - field { - name: "pg_fault" - number: 9 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgFault" - } - field { - name: "pg_maj_fault" - number: 10 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgMajFault" - } - field { - name: "inactive_anon" - number: 11 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "inactiveAnon" - } - field { - name: "active_anon" - number: 12 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "activeAnon" - } - field { - name: "inactive_file" - number: 13 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "inactiveFile" - } - field { - name: "active_file" - number: 14 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "activeFile" - } - field { - name: "unevictable" - number: 15 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "unevictable" - } - field { - name: "hierarchical_memory_limit" - number: 16 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "hierarchicalMemoryLimit" - } - field { - name: "hierarchical_swap_limit" - number: 17 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "hierarchicalSwapLimit" - } - field { - name: "total_cache" - number: 18 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalCache" - } - field { - name: "total_rss" - number: 19 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalRss" - } - field { - name: "total_rss_huge" - number: 20 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalRssHuge" - } - field { - name: "total_mapped_file" - number: 21 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalMappedFile" - } - field { - name: "total_dirty" - number: 22 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalDirty" - } - field { - name: "total_writeback" - number: 23 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalWriteback" - } - field { - name: "total_pg_pg_in" - number: 24 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalPgPgIn" - } - field { - name: "total_pg_pg_out" - number: 25 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalPgPgOut" - } - field { - name: "total_pg_fault" - number: 26 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalPgFault" - } - field { - name: "total_pg_maj_fault" - number: 27 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalPgMajFault" - } - field { - name: "total_inactive_anon" - number: 28 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalInactiveAnon" - } - field { - name: "total_active_anon" - number: 29 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalActiveAnon" - } - field { - name: "total_inactive_file" - number: 30 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalInactiveFile" - } - field { - name: "total_active_file" - number: 31 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalActiveFile" - } - field { - name: "total_unevictable" - number: 32 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "totalUnevictable" - } - field { - name: "usage" - number: 33 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.MemoryEntry" - json_name: "usage" - } - field { - name: "swap" - number: 34 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.MemoryEntry" - json_name: "swap" - } - field { - name: "kernel" - number: 35 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.MemoryEntry" - json_name: "kernel" - } - field { - name: "kernel_tcp" - number: 36 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.MemoryEntry" - json_name: "kernelTcp" - } - } - message_type { - name: "MemoryEntry" - field { - name: "limit" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "limit" - } - field { - name: "usage" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "usage" - } - field { - name: "max" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "max" - } - field { - name: "failcnt" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "failcnt" - } - } - message_type { - name: "MemoryOomControl" - field { - name: "oom_kill_disable" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "oomKillDisable" - } - field { - name: "under_oom" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "underOom" - } - field { - name: "oom_kill" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "oomKill" - } - } - message_type { - name: "BlkIOStat" - field { - name: "io_service_bytes_recursive" - number: 1 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioServiceBytesRecursive" - } - field { - name: "io_serviced_recursive" - number: 2 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioServicedRecursive" - } - field { - name: "io_queued_recursive" - number: 3 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioQueuedRecursive" - } - field { - name: "io_service_time_recursive" - number: 4 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioServiceTimeRecursive" - } - field { - name: "io_wait_time_recursive" - number: 5 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioWaitTimeRecursive" - } - field { - name: "io_merged_recursive" - number: 6 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioMergedRecursive" - } - field { - name: "io_time_recursive" - number: 7 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "ioTimeRecursive" - } - field { - name: "sectors_recursive" - number: 8 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.BlkIOEntry" - json_name: "sectorsRecursive" - } - } - message_type { - name: "BlkIOEntry" - field { - name: "op" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "op" - } - field { - name: "device" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "device" - } - field { - name: "major" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "major" - } - field { - name: "minor" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "minor" - } - field { - name: "value" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "value" - } - } - message_type { - name: "RdmaStat" - field { - name: "current" - number: 1 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.RdmaEntry" - json_name: "current" - } - field { - name: "limit" - number: 2 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v1.RdmaEntry" - json_name: "limit" - } - } - message_type { - name: "RdmaEntry" - field { - name: "device" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "device" - } - field { - name: "hca_handles" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT32 - json_name: "hcaHandles" - } - field { - name: "hca_objects" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT32 - json_name: "hcaObjects" - } - } - message_type { - name: "NetworkStat" - field { - name: "name" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "name" - } - field { - name: "rx_bytes" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rxBytes" - } - field { - name: "rx_packets" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rxPackets" - } - field { - name: "rx_errors" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rxErrors" - } - field { - name: "rx_dropped" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rxDropped" - } - field { - name: "tx_bytes" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "txBytes" - } - field { - name: "tx_packets" - number: 7 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "txPackets" - } - field { - name: "tx_errors" - number: 8 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "txErrors" - } - field { - name: "tx_dropped" - number: 9 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "txDropped" - } - } - message_type { - name: "CgroupStats" - field { - name: "nr_sleeping" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrSleeping" - } - field { - name: "nr_running" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrRunning" - } - field { - name: "nr_stopped" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrStopped" - } - field { - name: "nr_uninterruptible" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrUninterruptible" - } - field { - name: "nr_io_wait" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrIoWait" - } - } - options { - go_package: "github.com/containerd/cgroups/cgroup1/stats" - } - syntax: "proto3" -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto deleted file mode 100644 index e6e4444b1b..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto +++ /dev/null @@ -1,158 +0,0 @@ -syntax = "proto3"; - -package io.containerd.cgroups.v1; - -option go_package = "github.com/containerd/cgroups/cgroup1/stats"; - -message Metrics { - repeated HugetlbStat hugetlb = 1; - PidsStat pids = 2; - CPUStat cpu = 3; - MemoryStat memory = 4; - BlkIOStat blkio = 5; - RdmaStat rdma = 6; - repeated NetworkStat network = 7; - CgroupStats cgroup_stats = 8; - MemoryOomControl memory_oom_control = 9; -} - -message HugetlbStat { - uint64 usage = 1; - uint64 max = 2; - uint64 failcnt = 3; - string pagesize = 4; -} - -message PidsStat { - uint64 current = 1; - uint64 limit = 2; -} - -message CPUStat { - CPUUsage usage = 1; - Throttle throttling = 2; -} - -message CPUUsage { - // values in nanoseconds - uint64 total = 1; - uint64 kernel = 2; - uint64 user = 3; - repeated uint64 per_cpu = 4; - -} - -message Throttle { - uint64 periods = 1; - uint64 throttled_periods = 2; - uint64 throttled_time = 3; -} - -message MemoryStat { - uint64 cache = 1; - uint64 rss = 2; - uint64 rss_huge = 3; - uint64 mapped_file = 4; - uint64 dirty = 5; - uint64 writeback = 6; - uint64 pg_pg_in = 7; - uint64 pg_pg_out = 8; - uint64 pg_fault = 9; - uint64 pg_maj_fault = 10; - uint64 inactive_anon = 11; - uint64 active_anon = 12; - uint64 inactive_file = 13; - uint64 active_file = 14; - uint64 unevictable = 15; - uint64 hierarchical_memory_limit = 16; - uint64 hierarchical_swap_limit = 17; - uint64 total_cache = 18; - uint64 total_rss = 19; - uint64 total_rss_huge = 20; - uint64 total_mapped_file = 21; - uint64 total_dirty = 22; - uint64 total_writeback = 23; - uint64 total_pg_pg_in = 24; - uint64 total_pg_pg_out = 25; - uint64 total_pg_fault = 26; - uint64 total_pg_maj_fault = 27; - uint64 total_inactive_anon = 28; - uint64 total_active_anon = 29; - uint64 total_inactive_file = 30; - uint64 total_active_file = 31; - uint64 total_unevictable = 32; - MemoryEntry usage = 33; - MemoryEntry swap = 34; - MemoryEntry kernel = 35; - MemoryEntry kernel_tcp = 36; - -} - -message MemoryEntry { - uint64 limit = 1; - uint64 usage = 2; - uint64 max = 3; - uint64 failcnt = 4; -} - -message MemoryOomControl { - uint64 oom_kill_disable = 1; - uint64 under_oom = 2; - uint64 oom_kill = 3; -} - -message BlkIOStat { - repeated BlkIOEntry io_service_bytes_recursive = 1; - repeated BlkIOEntry io_serviced_recursive = 2; - repeated BlkIOEntry io_queued_recursive = 3; - repeated BlkIOEntry io_service_time_recursive = 4; - repeated BlkIOEntry io_wait_time_recursive = 5; - repeated BlkIOEntry io_merged_recursive = 6; - repeated BlkIOEntry io_time_recursive = 7; - repeated BlkIOEntry sectors_recursive = 8; -} - -message BlkIOEntry { - string op = 1; - string device = 2; - uint64 major = 3; - uint64 minor = 4; - uint64 value = 5; -} - -message RdmaStat { - repeated RdmaEntry current = 1; - repeated RdmaEntry limit = 2; -} - -message RdmaEntry { - string device = 1; - uint32 hca_handles = 2; - uint32 hca_objects = 3; -} - -message NetworkStat { - string name = 1; - uint64 rx_bytes = 2; - uint64 rx_packets = 3; - uint64 rx_errors = 4; - uint64 rx_dropped = 5; - uint64 tx_bytes = 6; - uint64 tx_packets = 7; - uint64 tx_errors = 8; - uint64 tx_dropped = 9; -} - -// CgroupStats exports per-cgroup statistics. -message CgroupStats { - // number of tasks sleeping - uint64 nr_sleeping = 1; - // number of tasks running - uint64 nr_running = 2; - // number of tasks in stopped state - uint64 nr_stopped = 3; - // number of tasks in uninterruptible state - uint64 nr_uninterruptible = 4; - // number of tasks waiting on IO - uint64 nr_io_wait = 5; -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/subsystem.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/subsystem.go deleted file mode 100644 index d32ea2cae4..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/subsystem.go +++ /dev/null @@ -1,117 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "fmt" - "os" - - "github.com/containerd/cgroups/v3" - v1 "github.com/containerd/cgroups/v3/cgroup1/stats" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -// Name is a typed name for a cgroup subsystem -type Name string - -const ( - Devices Name = "devices" - Hugetlb Name = "hugetlb" - Freezer Name = "freezer" - Pids Name = "pids" - NetCLS Name = "net_cls" - NetPrio Name = "net_prio" - PerfEvent Name = "perf_event" - Cpuset Name = "cpuset" - Cpu Name = "cpu" - Cpuacct Name = "cpuacct" - Memory Name = "memory" - Blkio Name = "blkio" - Rdma Name = "rdma" -) - -// Subsystems returns a complete list of the default cgroups -// available on most linux systems -func Subsystems() []Name { - n := []Name{ - Freezer, - Pids, - NetCLS, - NetPrio, - PerfEvent, - Cpuset, - Cpu, - Cpuacct, - Memory, - Blkio, - Rdma, - } - if !cgroups.RunningInUserNS() { - n = append(n, Devices) - } - if _, err := os.Stat("/sys/kernel/mm/hugepages"); err == nil { - n = append(n, Hugetlb) - } - return n -} - -type Subsystem interface { - Name() Name -} - -type pather interface { - Subsystem - Path(path string) string -} - -type creator interface { - Subsystem - Create(path string, resources *specs.LinuxResources) error -} - -type deleter interface { - Subsystem - Delete(path string) error -} - -type stater interface { - Subsystem - Stat(path string, stats *v1.Metrics) error -} - -type updater interface { - Subsystem - Update(path string, resources *specs.LinuxResources) error -} - -// SingleSubsystem returns a single cgroup subsystem within the base Hierarchy -func SingleSubsystem(baseHierarchy Hierarchy, subsystem Name) Hierarchy { - return func() ([]Subsystem, error) { - subsystems, err := baseHierarchy() - if err != nil { - return nil, err - } - for _, s := range subsystems { - if s.Name() == subsystem { - return []Subsystem{ - s, - }, nil - } - } - return nil, fmt.Errorf("unable to find subsystem %s", subsystem) - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/systemd.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/systemd.go deleted file mode 100644 index 335a255b83..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/systemd.go +++ /dev/null @@ -1,157 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "context" - "path/filepath" - "strings" - "sync" - - systemdDbus "github.com/coreos/go-systemd/v22/dbus" - "github.com/godbus/dbus/v5" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -const ( - SystemdDbus Name = "systemd" - defaultSlice Name = "system.slice" -) - -var ( - canDelegate bool - once sync.Once -) - -func Systemd() ([]Subsystem, error) { - root, err := v1MountPoint() - if err != nil { - return nil, err - } - defaultSubsystems, err := defaults(root) - if err != nil { - return nil, err - } - s, err := NewSystemd(root) - if err != nil { - return nil, err - } - // make sure the systemd controller is added first - return append([]Subsystem{s}, defaultSubsystems...), nil -} - -func Slice(slice, name string) Path { - if slice == "" { - slice = string(defaultSlice) - } - return func(subsystem Name) (string, error) { - return filepath.Join(slice, name), nil - } -} - -func NewSystemd(root string) (*SystemdController, error) { - return &SystemdController{ - root: root, - }, nil -} - -type SystemdController struct { - root string -} - -func (s *SystemdController) Name() Name { - return SystemdDbus -} - -func (s *SystemdController) Create(path string, _ *specs.LinuxResources) error { - ctx := context.TODO() - conn, err := systemdDbus.NewWithContext(ctx) - if err != nil { - return err - } - defer conn.Close() - slice, name := splitName(path) - // We need to see if systemd can handle the delegate property - // Systemd will return an error if it cannot handle delegate regardless - // of its bool setting. - checkDelegate := func() { - canDelegate = true - dlSlice := newProperty("Delegate", true) - if _, err := conn.StartTransientUnitContext(ctx, slice, "testdelegate", []systemdDbus.Property{dlSlice}, nil); err != nil { - if dbusError, ok := err.(dbus.Error); ok { - // Starting with systemd v237, Delegate is not even a property of slices anymore, - // so the D-Bus call fails with "InvalidArgs" error. - if strings.Contains(dbusError.Name, "org.freedesktop.DBus.Error.PropertyReadOnly") || strings.Contains(dbusError.Name, "org.freedesktop.DBus.Error.InvalidArgs") { - canDelegate = false - } - } - } - - _, _ = conn.StopUnitContext(ctx, slice, "testDelegate", nil) - } - once.Do(checkDelegate) - properties := []systemdDbus.Property{ - systemdDbus.PropDescription("cgroup " + name), - systemdDbus.PropWants(slice), - newProperty("DefaultDependencies", false), - newProperty("MemoryAccounting", true), - newProperty("CPUAccounting", true), - newProperty("BlockIOAccounting", true), - } - - // If we can delegate, we add the property back in - if canDelegate { - properties = append(properties, newProperty("Delegate", true)) - } - - ch := make(chan string) - _, err = conn.StartTransientUnitContext(ctx, name, "replace", properties, ch) - if err != nil { - return err - } - <-ch - return nil -} - -func (s *SystemdController) Delete(path string) error { - ctx := context.TODO() - conn, err := systemdDbus.NewWithContext(ctx) - if err != nil { - return err - } - defer conn.Close() - _, name := splitName(path) - ch := make(chan string) - _, err = conn.StopUnitContext(ctx, name, "replace", ch) - if err != nil { - return err - } - <-ch - return nil -} - -func newProperty(name string, units interface{}) systemdDbus.Property { - return systemdDbus.Property{ - Name: name, - Value: dbus.MakeVariant(units), - } -} - -func splitName(path string) (slice string, unit string) { - slice, unit = filepath.Split(path) - return strings.TrimSuffix(slice, "/"), unit -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/ticks.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/ticks.go deleted file mode 100644 index 2c6fbdc0d7..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/ticks.go +++ /dev/null @@ -1,26 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -func getClockTicks() uint64 { - // The value comes from `C.sysconf(C._SC_CLK_TCK)`, and - // on Linux it's a constant which is safe to be hard coded, - // so we can avoid using cgo here. - // See https://github.com/containerd/cgroups/pull/12 for - // more details. - return 100 -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/utils.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/utils.go deleted file mode 100644 index 2b7d552001..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/utils.go +++ /dev/null @@ -1,280 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bufio" - "bytes" - "fmt" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/containerd/cgroups/v3" - units "github.com/docker/go-units" - specs "github.com/opencontainers/runtime-spec/specs-go" -) - -// defaults returns all known groups -func defaults(root string) ([]Subsystem, error) { - h, err := NewHugetlb(root) - if err != nil && !os.IsNotExist(err) { - return nil, err - } - s := []Subsystem{ - NewNamed(root, "systemd"), - NewFreezer(root), - NewPids(root), - NewNetCls(root), - NewNetPrio(root), - NewPerfEvent(root), - NewCpuset(root), - NewCpu(root), - NewCpuacct(root), - NewMemory(root), - NewBlkio(root), - NewRdma(root), - } - // only add the devices cgroup if we are not in a user namespace - // because modifications are not allowed - if !cgroups.RunningInUserNS() { - s = append(s, NewDevices(root)) - } - // add the hugetlb cgroup if error wasn't due to missing hugetlb - // cgroup support on the host - if err == nil { - s = append(s, h) - } - return s, nil -} - -// remove will remove a cgroup path handling EAGAIN and EBUSY errors and -// retrying the remove after a exp timeout -func remove(path string) error { - delay := 10 * time.Millisecond - for i := 0; i < 5; i++ { - if i != 0 { - time.Sleep(delay) - delay *= 2 - } - if err := os.RemoveAll(path); err == nil { - return nil - } - } - return fmt.Errorf("cgroups: unable to remove path %q", path) -} - -// readPids will read all the pids of processes or tasks in a cgroup by the provided path -func readPids(path string, subsystem Name, pType procType) ([]Process, error) { - f, err := os.Open(filepath.Join(path, pType)) - if err != nil { - return nil, err - } - defer f.Close() - var ( - out []Process - s = bufio.NewScanner(f) - ) - for s.Scan() { - if t := s.Text(); t != "" { - pid, err := strconv.Atoi(t) - if err != nil { - return nil, err - } - out = append(out, Process{ - Pid: pid, - Subsystem: subsystem, - Path: path, - }) - } - } - if err := s.Err(); err != nil { - // failed to read all pids? - return nil, err - } - return out, nil -} - -func hugePageSizes() ([]string, error) { - var ( - pageSizes []string - sizeList = []string{"B", "KB", "MB", "GB", "TB", "PB"} - ) - files, err := os.ReadDir("/sys/kernel/mm/hugepages") - if err != nil { - return nil, err - } - for _, st := range files { - nameArray := strings.Split(st.Name(), "-") - pageSize, err := units.RAMInBytes(nameArray[1]) - if err != nil { - return nil, err - } - pageSizes = append(pageSizes, units.CustomSize("%g%s", float64(pageSize), 1024.0, sizeList)) - } - return pageSizes, nil -} - -func readUint(path string) (uint64, error) { - f, err := os.Open(path) - if err != nil { - return 0, err - } - defer f.Close() - - // We should only need 20 bytes for the max uint64, but for a nice power of 2 - // lets use 32. - b := make([]byte, 32) - n, err := f.Read(b) - if err != nil { - return 0, err - } - s := string(bytes.TrimSpace(b[:n])) - if s == "max" { - // Return 0 for the max value to maintain backward compatibility. - return 0, nil - } - return parseUint(s, 10, 64) -} - -func parseUint(s string, base, bitSize int) (uint64, error) { - v, err := strconv.ParseUint(s, base, bitSize) - if err != nil { - intValue, intErr := strconv.ParseInt(s, base, bitSize) - // 1. Handle negative values greater than MinInt64 (and) - // 2. Handle negative values lesser than MinInt64 - if intErr == nil && intValue < 0 { - return 0, nil - } else if intErr != nil && - intErr.(*strconv.NumError).Err == strconv.ErrRange && - intValue < 0 { - return 0, nil - } - return 0, err - } - return v, nil -} - -func parseKV(raw string) (string, uint64, error) { - parts := strings.Fields(raw) - switch len(parts) { - case 2: - v, err := parseUint(parts[1], 10, 64) - if err != nil { - return "", 0, err - } - return parts[0], v, nil - default: - return "", 0, ErrInvalidFormat - } -} - -// ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup -// or /proc//cgroup, into a map of subsystems to cgroup paths, e.g. -// -// "cpu": "/user.slice/user-1000.slice" -// "pids": "/user.slice/user-1000.slice" -// -// etc. -// -// The resulting map does not have an element for cgroup v2 unified hierarchy. -// Use [cgroups.ParseCgroupFileUnified] to get the unified path. -func ParseCgroupFile(path string) (map[string]string, error) { - x, _, err := ParseCgroupFileUnified(path) - return x, err -} - -// ParseCgroupFileUnified returns legacy subsystem paths as the first value, -// and returns the unified path as the second value. -// -// Deprecated: use [cgroups.ParseCgroupFileUnified] instead . -func ParseCgroupFileUnified(path string) (map[string]string, string, error) { - return cgroups.ParseCgroupFileUnified(path) -} - -func getCgroupDestination(subsystem string) (string, error) { - f, err := os.Open("/proc/self/mountinfo") - if err != nil { - return "", err - } - defer f.Close() - s := bufio.NewScanner(f) - for s.Scan() { - fields := strings.Split(s.Text(), " ") - if len(fields) < 10 { - // broken mountinfo? - continue - } - if fields[len(fields)-3] != "cgroup" { - continue - } - for _, opt := range strings.Split(fields[len(fields)-1], ",") { - if opt == subsystem { - return fields[3], nil - } - } - } - if err := s.Err(); err != nil { - return "", err - } - return "", ErrNoCgroupMountDestination -} - -func pathers(subystems []Subsystem) []pather { - var out []pather - for _, s := range subystems { - if p, ok := s.(pather); ok { - out = append(out, p) - } - } - return out -} - -func initializeSubsystem(s Subsystem, path Path, resources *specs.LinuxResources) error { - if c, ok := s.(creator); ok { - p, err := path(s.Name()) - if err != nil { - return err - } - if err := c.Create(p, resources); err != nil { - return err - } - } else if c, ok := s.(pather); ok { - p, err := path(s.Name()) - if err != nil { - return err - } - // do the default create if the group does not have a custom one - if err := os.MkdirAll(c.Path(p), defaultDirPerm); err != nil { - return err - } - } - return nil -} - -func cleanPath(path string) string { - if path == "" { - return "" - } - path = filepath.Clean(path) - if !filepath.IsAbs(path) { - path, _ = filepath.Rel(string(os.PathSeparator), filepath.Clean(string(os.PathSeparator)+path)) - } - return path -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/v1.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/v1.go deleted file mode 100644 index ce025bbd98..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup1/v1.go +++ /dev/null @@ -1,73 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup1 - -import ( - "bufio" - "fmt" - "os" - "path/filepath" - "strings" -) - -// Default returns all the groups in the default cgroups mountpoint in a single hierarchy -func Default() ([]Subsystem, error) { - root, err := v1MountPoint() - if err != nil { - return nil, err - } - subsystems, err := defaults(root) - if err != nil { - return nil, err - } - var enabled []Subsystem - for _, s := range pathers(subsystems) { - // check and remove the default groups that do not exist - if _, err := os.Lstat(s.Path("/")); err == nil { - enabled = append(enabled, s) - } - } - return enabled, nil -} - -// v1MountPoint returns the mount point where the cgroup -// mountpoints are mounted in a single hierarchy -func v1MountPoint() (string, error) { - f, err := os.Open("/proc/self/mountinfo") - if err != nil { - return "", err - } - defer f.Close() - scanner := bufio.NewScanner(f) - for scanner.Scan() { - var ( - text = scanner.Text() - fields = strings.Split(text, " ") - numFields = len(fields) - ) - if numFields < 10 { - return "", fmt.Errorf("mountinfo: bad entry %q", text) - } - if fields[numFields-3] == "cgroup" { - return filepath.Dir(fields[4]), nil - } - } - if err := scanner.Err(); err != nil { - return "", err - } - return "", ErrMountPointNotExist -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/cpu.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/cpu.go deleted file mode 100644 index dcb253db56..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/cpu.go +++ /dev/null @@ -1,83 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "math" - "strconv" - "strings" -) - -type CPUMax string - -func NewCPUMax(quota *int64, period *uint64) CPUMax { - max := "max" - if quota != nil { - max = strconv.FormatInt(*quota, 10) - } - return CPUMax(strings.Join([]string{max, strconv.FormatUint(*period, 10)}, " ")) -} - -type CPU struct { - Weight *uint64 - Max CPUMax - Cpus string - Mems string -} - -func (c CPUMax) extractQuotaAndPeriod() (int64, uint64) { - var ( - quota int64 - period uint64 - ) - values := strings.Split(string(c), " ") - if values[0] == "max" { - quota = math.MaxInt64 - } else { - quota, _ = strconv.ParseInt(values[0], 10, 64) - } - period, _ = strconv.ParseUint(values[1], 10, 64) - return quota, period -} - -func (r *CPU) Values() (o []Value) { - if r.Weight != nil { - o = append(o, Value{ - filename: "cpu.weight", - value: *r.Weight, - }) - } - if r.Max != "" { - o = append(o, Value{ - filename: "cpu.max", - value: r.Max, - }) - } - if r.Cpus != "" { - o = append(o, Value{ - filename: "cpuset.cpus", - value: r.Cpus, - }) - } - if r.Mems != "" { - o = append(o, Value{ - filename: "cpuset.mems", - value: r.Mems, - }) - } - return o -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/devicefilter.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/devicefilter.go deleted file mode 100644 index 0cd5f7f3dd..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/devicefilter.go +++ /dev/null @@ -1,200 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Devicefilter containes eBPF device filter program -// -// The implementation is based on https://github.com/containers/crun/blob/0.10.2/src/libcrun/ebpf.c -// -// Although ebpf.c is originally licensed under LGPL-3.0-or-later, the author (Giuseppe Scrivano) -// agreed to relicense the file in Apache License 2.0: https://github.com/opencontainers/runc/issues/2144#issuecomment-543116397 -// -// This particular Go implementation based on runc version -// https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/ebpf/devicefilter/devicefilter.go - -package cgroup2 - -import ( - "errors" - "fmt" - "math" - - "github.com/cilium/ebpf/asm" - "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/sys/unix" -) - -const ( - // license string format is same as kernel MODULE_LICENSE macro - license = "Apache" -) - -// DeviceFilter returns eBPF device filter program and its license string -func DeviceFilter(devices []specs.LinuxDeviceCgroup) (asm.Instructions, string, error) { - p := &program{} - p.init() - for i := len(devices) - 1; i >= 0; i-- { - if err := p.appendDevice(devices[i]); err != nil { - return nil, "", err - } - } - insts, err := p.finalize() - return insts, license, err -} - -type program struct { - insts asm.Instructions - hasWildCard bool - blockID int -} - -func (p *program) init() { - // struct bpf_cgroup_dev_ctx: https://elixir.bootlin.com/linux/v5.3.6/source/include/uapi/linux/bpf.h#L3423 - /* - u32 access_type - u32 major - u32 minor - */ - // R2 <- type (lower 16 bit of u32 access_type at R1[0]) - p.insts = append(p.insts, - asm.LoadMem(asm.R2, asm.R1, 0, asm.Half)) - - // R3 <- access (upper 16 bit of u32 access_type at R1[0]) - p.insts = append(p.insts, - asm.LoadMem(asm.R3, asm.R1, 0, asm.Word), - // RSh: bitwise shift right - asm.RSh.Imm32(asm.R3, 16)) - - // R4 <- major (u32 major at R1[4]) - p.insts = append(p.insts, - asm.LoadMem(asm.R4, asm.R1, 4, asm.Word)) - - // R5 <- minor (u32 minor at R1[8]) - p.insts = append(p.insts, - asm.LoadMem(asm.R5, asm.R1, 8, asm.Word)) -} - -// appendDevice needs to be called from the last element of OCI linux.resources.devices to the head element. -func (p *program) appendDevice(dev specs.LinuxDeviceCgroup) error { - if p.blockID < 0 { - return errors.New("the program is finalized") - } - if p.hasWildCard { - // All entries after wildcard entry are ignored - return nil - } - - bpfType := int32(-1) - hasType := true - switch dev.Type { - case string('c'): - bpfType = int32(unix.BPF_DEVCG_DEV_CHAR) - case string('b'): - bpfType = int32(unix.BPF_DEVCG_DEV_BLOCK) - case string('a'): - hasType = false - default: - // if not specified in OCI json, typ is set to DeviceTypeAll - return fmt.Errorf("invalid DeviceType %q", dev.Type) - } - if *dev.Major > math.MaxUint32 { - return fmt.Errorf("invalid major %d", *dev.Major) - } - if *dev.Minor > math.MaxUint32 { - return fmt.Errorf("invalid minor %d", *dev.Major) - } - hasMajor := *dev.Major >= 0 // if not specified in OCI json, major is set to -1 - hasMinor := *dev.Minor >= 0 - bpfAccess := int32(0) - for _, r := range dev.Access { - switch r { - case 'r': - bpfAccess |= unix.BPF_DEVCG_ACC_READ - case 'w': - bpfAccess |= unix.BPF_DEVCG_ACC_WRITE - case 'm': - bpfAccess |= unix.BPF_DEVCG_ACC_MKNOD - default: - return fmt.Errorf("unknown device access %v", r) - } - } - // If the access is rwm, skip the check. - hasAccess := bpfAccess != (unix.BPF_DEVCG_ACC_READ | unix.BPF_DEVCG_ACC_WRITE | unix.BPF_DEVCG_ACC_MKNOD) - - blockSym := fmt.Sprintf("block-%d", p.blockID) - nextBlockSym := fmt.Sprintf("block-%d", p.blockID+1) - prevBlockLastIdx := len(p.insts) - 1 - if hasType { - p.insts = append(p.insts, - // if (R2 != bpfType) goto next - asm.JNE.Imm(asm.R2, bpfType, nextBlockSym), - ) - } - if hasAccess { - p.insts = append(p.insts, - // if (R3 & bpfAccess == 0 /* use R1 as a temp var */) goto next - asm.Mov.Reg32(asm.R1, asm.R3), - asm.And.Imm32(asm.R1, bpfAccess), - asm.JEq.Imm(asm.R1, 0, nextBlockSym), - ) - } - if hasMajor { - p.insts = append(p.insts, - // if (R4 != major) goto next - asm.JNE.Imm(asm.R4, int32(*dev.Major), nextBlockSym), - ) - } - if hasMinor { - p.insts = append(p.insts, - // if (R5 != minor) goto next - asm.JNE.Imm(asm.R5, int32(*dev.Minor), nextBlockSym), - ) - } - if !hasType && !hasAccess && !hasMajor && !hasMinor { - p.hasWildCard = true - } - p.insts = append(p.insts, acceptBlock(dev.Allow)...) - // set blockSym to the first instruction we added in this iteration - p.insts[prevBlockLastIdx+1] = p.insts[prevBlockLastIdx+1].WithSymbol(blockSym) - p.blockID++ - return nil -} - -func (p *program) finalize() (asm.Instructions, error) { - if p.hasWildCard { - // acceptBlock with asm.Return() is already inserted - return p.insts, nil - } - blockSym := fmt.Sprintf("block-%d", p.blockID) - p.insts = append(p.insts, - // R0 <- 0 - asm.Mov.Imm32(asm.R0, 0).WithSymbol(blockSym), - asm.Return(), - ) - p.blockID = -1 - return p.insts, nil -} - -func acceptBlock(accept bool) asm.Instructions { - v := int32(0) - if accept { - v = 1 - } - return []asm.Instruction{ - // R0 <- v - asm.Mov.Imm32(asm.R0, v), - asm.Return(), - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/ebpf.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/ebpf.go deleted file mode 100644 index 503a147bbd..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/ebpf.go +++ /dev/null @@ -1,96 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "fmt" - - "github.com/cilium/ebpf" - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/link" - "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/sys/unix" -) - -// LoadAttachCgroupDeviceFilter installs eBPF device filter program to /sys/fs/cgroup/ directory. -// -// Requires the system to be running in cgroup2 unified-mode with kernel >= 4.15 . -// -// https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92 -func LoadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFD int) (func() error, error) { - nilCloser := func() error { - return nil - } - spec := &ebpf.ProgramSpec{ - Type: ebpf.CGroupDevice, - Instructions: insts, - License: license, - } - prog, err := ebpf.NewProgram(spec) - if err != nil { - return nilCloser, err - } - err = link.RawAttachProgram(link.RawAttachProgramOptions{ - Target: dirFD, - Program: prog, - Attach: ebpf.AttachCGroupDevice, - Flags: unix.BPF_F_ALLOW_MULTI, - }) - if err != nil { - return nilCloser, fmt.Errorf("failed to call BPF_PROG_ATTACH (BPF_CGROUP_DEVICE, BPF_F_ALLOW_MULTI): %w", err) - } - closer := func() error { - err = link.RawDetachProgram(link.RawDetachProgramOptions{ - Target: dirFD, - Program: prog, - Attach: ebpf.AttachCGroupDevice, - }) - if err != nil { - return fmt.Errorf("failed to call BPF_PROG_DETACH (BPF_CGROUP_DEVICE): %w", err) - } - return nil - } - return closer, nil -} - -func isRWM(cgroupPermissions string) bool { - r := false - w := false - m := false - for _, rn := range cgroupPermissions { - switch rn { - case 'r': - r = true - case 'w': - w = true - case 'm': - m = true - } - } - return r && w && m -} - -// the logic is from runc -// https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/fs/devices_v2.go#L44 -func canSkipEBPFError(devices []specs.LinuxDeviceCgroup) bool { - for _, dev := range devices { - if dev.Allow || !isRWM(dev.Access) { - return false - } - } - return true -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/errors.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/errors.go deleted file mode 100644 index f57e15e54d..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/errors.go +++ /dev/null @@ -1,26 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "errors" -) - -var ( - ErrInvalidFormat = errors.New("cgroups: parsing file with invalid format failed") - ErrInvalidGroupPath = errors.New("cgroups: invalid group path") -) diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/hugetlb.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/hugetlb.go deleted file mode 100644 index b476b49ff2..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/hugetlb.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import "strings" - -type HugeTlb []HugeTlbEntry - -type HugeTlbEntry struct { - HugePageSize string - Limit uint64 -} - -func (r *HugeTlb) Values() (o []Value) { - for _, e := range *r { - o = append(o, Value{ - filename: strings.Join([]string{"hugetlb", e.HugePageSize, "max"}, "."), - value: e.Limit, - }) - } - - return o -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/io.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/io.go deleted file mode 100644 index b70dd8ef5d..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/io.go +++ /dev/null @@ -1,64 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import "fmt" - -type IOType string - -const ( - ReadBPS IOType = "rbps" - WriteBPS IOType = "wbps" - ReadIOPS IOType = "riops" - WriteIOPS IOType = "wiops" -) - -type BFQ struct { - Weight uint16 -} - -type Entry struct { - Type IOType - Major int64 - Minor int64 - Rate uint64 -} - -func (e Entry) String() string { - return fmt.Sprintf("%d:%d %s=%d", e.Major, e.Minor, e.Type, e.Rate) -} - -type IO struct { - BFQ BFQ - Max []Entry -} - -func (i *IO) Values() (o []Value) { - if i.BFQ.Weight != 0 { - o = append(o, Value{ - filename: "io.bfq.weight", - value: i.BFQ.Weight, - }) - } - for _, e := range i.Max { - o = append(o, Value{ - filename: "io.max", - value: e.String(), - }) - } - return o -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/manager.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/manager.go deleted file mode 100644 index 4a4292d5fc..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/manager.go +++ /dev/null @@ -1,921 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "bufio" - "context" - "errors" - "fmt" - "math" - "os" - "path/filepath" - "strconv" - "strings" - "time" - - "github.com/containerd/cgroups/v3/cgroup2/stats" - - systemdDbus "github.com/coreos/go-systemd/v22/dbus" - "github.com/godbus/dbus/v5" - "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" -) - -const ( - subtreeControl = "cgroup.subtree_control" - controllersFile = "cgroup.controllers" - killFile = "cgroup.kill" - typeFile = "cgroup.type" - defaultCgroup2Path = "/sys/fs/cgroup" - defaultSlice = "system.slice" -) - -var canDelegate bool - -type Event struct { - Low uint64 - High uint64 - Max uint64 - OOM uint64 - OOMKill uint64 -} - -// Resources for a cgroups v2 unified hierarchy -type Resources struct { - CPU *CPU - Memory *Memory - Pids *Pids - IO *IO - RDMA *RDMA - HugeTlb *HugeTlb - // When len(Devices) is zero, devices are not controlled - Devices []specs.LinuxDeviceCgroup -} - -// Values returns the raw filenames and values that -// can be written to the unified hierarchy -func (r *Resources) Values() (o []Value) { - if r.CPU != nil { - o = append(o, r.CPU.Values()...) - } - if r.Memory != nil { - o = append(o, r.Memory.Values()...) - } - if r.Pids != nil { - o = append(o, r.Pids.Values()...) - } - if r.IO != nil { - o = append(o, r.IO.Values()...) - } - if r.RDMA != nil { - o = append(o, r.RDMA.Values()...) - } - if r.HugeTlb != nil { - o = append(o, r.HugeTlb.Values()...) - } - return o -} - -// EnabledControllers returns the list of all not nil resource controllers -func (r *Resources) EnabledControllers() (c []string) { - if r.CPU != nil { - c = append(c, "cpu") - if r.CPU.Cpus != "" || r.CPU.Mems != "" { - c = append(c, "cpuset") - } - } - if r.Memory != nil { - c = append(c, "memory") - } - if r.Pids != nil { - c = append(c, "pids") - } - if r.IO != nil { - c = append(c, "io") - } - if r.RDMA != nil { - c = append(c, "rdma") - } - if r.HugeTlb != nil { - c = append(c, "hugetlb") - } - return -} - -// Value of a cgroup setting -type Value struct { - filename string - value interface{} -} - -// write the value to the full, absolute path, of a unified hierarchy -func (c *Value) write(path string, perm os.FileMode) error { - var data []byte - switch t := c.value.(type) { - case uint64: - data = []byte(strconv.FormatUint(t, 10)) - case uint16: - data = []byte(strconv.FormatUint(uint64(t), 10)) - case int64: - data = []byte(strconv.FormatInt(t, 10)) - case []byte: - data = t - case string: - data = []byte(t) - case CPUMax: - data = []byte(t) - default: - return ErrInvalidFormat - } - - return os.WriteFile( - filepath.Join(path, c.filename), - data, - perm, - ) -} - -func writeValues(path string, values []Value) error { - for _, o := range values { - if err := o.write(path, defaultFilePerm); err != nil { - return err - } - } - return nil -} - -func NewManager(mountpoint string, group string, resources *Resources) (*Manager, error) { - if resources == nil { - return nil, errors.New("resources reference is nil") - } - if err := VerifyGroupPath(group); err != nil { - return nil, err - } - path := filepath.Join(mountpoint, group) - if err := os.MkdirAll(path, defaultDirPerm); err != nil { - return nil, err - } - m := Manager{ - unifiedMountpoint: mountpoint, - path: path, - } - if err := m.ToggleControllers(resources.EnabledControllers(), Enable); err != nil { - // clean up cgroup dir on failure - os.Remove(path) - return nil, err - } - if err := setResources(path, resources); err != nil { - os.Remove(path) - return nil, err - } - return &m, nil -} - -type InitConfig struct { - mountpoint string -} - -type InitOpts func(c *InitConfig) error - -// WithMountpoint sets the unified mountpoint. The default path is /sys/fs/cgroup. -func WithMountpoint(path string) InitOpts { - return func(c *InitConfig) error { - c.mountpoint = path - return nil - } -} - -// Load a cgroup. -func Load(group string, opts ...InitOpts) (*Manager, error) { - c := InitConfig{mountpoint: defaultCgroup2Path} - for _, opt := range opts { - if err := opt(&c); err != nil { - return nil, err - } - } - - if err := VerifyGroupPath(group); err != nil { - return nil, err - } - path := filepath.Join(c.mountpoint, group) - return &Manager{ - unifiedMountpoint: c.mountpoint, - path: path, - }, nil -} - -type Manager struct { - unifiedMountpoint string - path string -} - -func setResources(path string, resources *Resources) error { - if resources != nil { - if err := writeValues(path, resources.Values()); err != nil { - return err - } - if err := setDevices(path, resources.Devices); err != nil { - return err - } - } - return nil -} - -// CgroupType represents the types a cgroup can be. -type CgroupType string - -const ( - Domain CgroupType = "domain" - Threaded CgroupType = "threaded" -) - -func (c *Manager) GetType() (CgroupType, error) { - val, err := os.ReadFile(filepath.Join(c.path, typeFile)) - if err != nil { - return "", err - } - trimmed := strings.TrimSpace(string(val)) - return CgroupType(trimmed), nil -} - -func (c *Manager) SetType(cgType CgroupType) error { - // NOTE: We could abort if cgType != Threaded here as currently - // it's not possible to revert back to domain, but not sure - // it's worth being that opinionated, especially if that may - // ever change. - v := Value{ - filename: typeFile, - value: string(cgType), - } - return writeValues(c.path, []Value{v}) -} - -func (c *Manager) RootControllers() ([]string, error) { - b, err := os.ReadFile(filepath.Join(c.unifiedMountpoint, controllersFile)) - if err != nil { - return nil, err - } - return strings.Fields(string(b)), nil -} - -func (c *Manager) Controllers() ([]string, error) { - b, err := os.ReadFile(filepath.Join(c.path, controllersFile)) - if err != nil { - return nil, err - } - return strings.Fields(string(b)), nil -} - -func (c *Manager) Update(resources *Resources) error { - return setResources(c.path, resources) -} - -type ControllerToggle int - -const ( - Enable ControllerToggle = iota + 1 - Disable -) - -func toggleFunc(controllers []string, prefix string) []string { - out := make([]string, len(controllers)) - for i, c := range controllers { - out[i] = prefix + c - } - return out -} - -func (c *Manager) ToggleControllers(controllers []string, t ControllerToggle) error { - // when c.path is like /foo/bar/baz, the following files need to be written: - // * /sys/fs/cgroup/cgroup.subtree_control - // * /sys/fs/cgroup/foo/cgroup.subtree_control - // * /sys/fs/cgroup/foo/bar/cgroup.subtree_control - // Note that /sys/fs/cgroup/foo/bar/baz/cgroup.subtree_control does not need to be written. - split := strings.Split(c.path, "/") - var lastErr error - for i := range split { - f := strings.Join(split[:i], "/") - if !strings.HasPrefix(f, c.unifiedMountpoint) || f == c.path { - continue - } - filePath := filepath.Join(f, subtreeControl) - if err := c.writeSubtreeControl(filePath, controllers, t); err != nil { - // When running as rootless, the user may face EPERM on parent groups, but it is neglible when the - // controller is already written. - // So we only return the last error. - lastErr = fmt.Errorf("failed to write subtree controllers %+v to %q: %w", controllers, filePath, err) - } else { - lastErr = nil - } - } - return lastErr -} - -func (c *Manager) writeSubtreeControl(filePath string, controllers []string, t ControllerToggle) error { - f, err := os.OpenFile(filePath, os.O_WRONLY, 0) - if err != nil { - return err - } - defer f.Close() - switch t { - case Enable: - controllers = toggleFunc(controllers, "+") - case Disable: - controllers = toggleFunc(controllers, "-") - } - _, err = f.WriteString(strings.Join(controllers, " ")) - return err -} - -func (c *Manager) NewChild(name string, resources *Resources) (*Manager, error) { - if strings.HasPrefix(name, "/") { - return nil, errors.New("name must be relative") - } - path := filepath.Join(c.path, name) - if err := os.MkdirAll(path, defaultDirPerm); err != nil { - return nil, err - } - m := Manager{ - unifiedMountpoint: c.unifiedMountpoint, - path: path, - } - if resources != nil { - if err := m.ToggleControllers(resources.EnabledControllers(), Enable); err != nil { - // clean up cgroup dir on failure - os.Remove(path) - return nil, err - } - } - if err := setResources(path, resources); err != nil { - // clean up cgroup dir on failure - os.Remove(path) - return nil, err - } - return &m, nil -} - -func (c *Manager) AddProc(pid uint64) error { - v := Value{ - filename: cgroupProcs, - value: pid, - } - return writeValues(c.path, []Value{v}) -} - -func (c *Manager) AddThread(tid uint64) error { - v := Value{ - filename: cgroupThreads, - value: tid, - } - return writeValues(c.path, []Value{v}) -} - -// Kill will try to forcibly exit all of the processes in the cgroup. This is -// equivalent to sending a SIGKILL to every process. On kernels 5.14 and greater -// this will use the cgroup.kill file, on anything that doesn't have the cgroup.kill -// file, a manual process of freezing -> sending a SIGKILL to every process -> thawing -// will be used. -func (c *Manager) Kill() error { - v := Value{ - filename: killFile, - value: "1", - } - err := writeValues(c.path, []Value{v}) - if err == nil { - return nil - } - logrus.Warnf("falling back to slower kill implementation: %s", err) - // Fallback to slow method. - return c.fallbackKill() -} - -// fallbackKill is a slower fallback to the more modern (kernels 5.14+) -// approach of writing to the cgroup.kill file. This is heavily pulled -// from runc's same approach (in signalAllProcesses), with the only differences -// being this is just tailored to the API exposed in this library, and we don't -// need to care about signals other than SIGKILL. -// -// https://github.com/opencontainers/runc/blob/8da0a0b5675764feaaaaad466f6567a9983fcd08/libcontainer/init_linux.go#L523-L529 -func (c *Manager) fallbackKill() error { - if err := c.Freeze(); err != nil { - logrus.Warn(err) - } - pids, err := c.Procs(true) - if err != nil { - if err := c.Thaw(); err != nil { - logrus.Warn(err) - } - return err - } - var procs []*os.Process - for _, pid := range pids { - p, err := os.FindProcess(int(pid)) - if err != nil { - logrus.Warn(err) - continue - } - procs = append(procs, p) - if err := p.Signal(unix.SIGKILL); err != nil { - logrus.Warn(err) - } - } - if err := c.Thaw(); err != nil { - logrus.Warn(err) - } - - subreaper, err := getSubreaper() - if err != nil { - // The error here means that PR_GET_CHILD_SUBREAPER is not - // supported because this code might run on a kernel older - // than 3.4. We don't want to throw an error in that case, - // and we simplify things, considering there is no subreaper - // set. - subreaper = 0 - } - - for _, p := range procs { - // In case a subreaper has been setup, this code must not - // wait for the process. Otherwise, we cannot be sure the - // current process will be reaped by the subreaper, while - // the subreaper might be waiting for this process in order - // to retrieve its exit code. - if subreaper == 0 { - if _, err := p.Wait(); err != nil { - if !errors.Is(err, unix.ECHILD) { - logrus.Warnf("wait on pid %d failed: %s", p.Pid, err) - } - } - } - } - return nil -} - -func (c *Manager) Delete() error { - // kernel prevents cgroups with running process from being removed, check the tree is empty - processes, err := c.Procs(true) - if err != nil { - return err - } - if len(processes) > 0 { - return fmt.Errorf("cgroups: unable to remove path %q: still contains running processes", c.path) - } - return remove(c.path) -} - -func (c *Manager) Procs(recursive bool) ([]uint64, error) { - var processes []uint64 - err := filepath.Walk(c.path, func(p string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if !recursive && info.IsDir() { - if p == c.path { - return nil - } - return filepath.SkipDir - } - _, name := filepath.Split(p) - if name != cgroupProcs { - return nil - } - procs, err := parseCgroupProcsFile(p) - if err != nil { - return err - } - processes = append(processes, procs...) - return nil - }) - return processes, err -} - -func (c *Manager) MoveTo(destination *Manager) error { - processes, err := c.Procs(true) - if err != nil { - return err - } - for _, p := range processes { - if err := destination.AddProc(p); err != nil { - if strings.Contains(err.Error(), "no such process") { - continue - } - return err - } - } - return nil -} - -func (c *Manager) Stat() (*stats.Metrics, error) { - controllers, err := c.Controllers() - if err != nil { - return nil, err - } - // Sizing this avoids an allocation to increase the map at runtime; - // currently the default bucket size is 8 and we put 40+ elements - // in it so we'd always end up allocating. - out := make(map[string]uint64, 50) - for _, controller := range controllers { - switch controller { - case "cpu", "memory": - if err := readKVStatsFile(c.path, controller+".stat", out); err != nil { - if os.IsNotExist(err) { - continue - } - return nil, err - } - } - } - memoryEvents := make(map[string]uint64) - if err := readKVStatsFile(c.path, "memory.events", memoryEvents); err != nil { - if !os.IsNotExist(err) { - return nil, err - } - } - - var metrics stats.Metrics - metrics.Pids = &stats.PidsStat{ - Current: getStatFileContentUint64(filepath.Join(c.path, "pids.current")), - Limit: getStatFileContentUint64(filepath.Join(c.path, "pids.max")), - } - metrics.CPU = &stats.CPUStat{ - UsageUsec: out["usage_usec"], - UserUsec: out["user_usec"], - SystemUsec: out["system_usec"], - NrPeriods: out["nr_periods"], - NrThrottled: out["nr_throttled"], - ThrottledUsec: out["throttled_usec"], - } - metrics.Memory = &stats.MemoryStat{ - Anon: out["anon"], - File: out["file"], - KernelStack: out["kernel_stack"], - Slab: out["slab"], - Sock: out["sock"], - Shmem: out["shmem"], - FileMapped: out["file_mapped"], - FileDirty: out["file_dirty"], - FileWriteback: out["file_writeback"], - AnonThp: out["anon_thp"], - InactiveAnon: out["inactive_anon"], - ActiveAnon: out["active_anon"], - InactiveFile: out["inactive_file"], - ActiveFile: out["active_file"], - Unevictable: out["unevictable"], - SlabReclaimable: out["slab_reclaimable"], - SlabUnreclaimable: out["slab_unreclaimable"], - Pgfault: out["pgfault"], - Pgmajfault: out["pgmajfault"], - WorkingsetRefault: out["workingset_refault"], - WorkingsetActivate: out["workingset_activate"], - WorkingsetNodereclaim: out["workingset_nodereclaim"], - Pgrefill: out["pgrefill"], - Pgscan: out["pgscan"], - Pgsteal: out["pgsteal"], - Pgactivate: out["pgactivate"], - Pgdeactivate: out["pgdeactivate"], - Pglazyfree: out["pglazyfree"], - Pglazyfreed: out["pglazyfreed"], - ThpFaultAlloc: out["thp_fault_alloc"], - ThpCollapseAlloc: out["thp_collapse_alloc"], - Usage: getStatFileContentUint64(filepath.Join(c.path, "memory.current")), - UsageLimit: getStatFileContentUint64(filepath.Join(c.path, "memory.max")), - SwapUsage: getStatFileContentUint64(filepath.Join(c.path, "memory.swap.current")), - SwapLimit: getStatFileContentUint64(filepath.Join(c.path, "memory.swap.max")), - } - if len(memoryEvents) > 0 { - metrics.MemoryEvents = &stats.MemoryEvents{ - Low: memoryEvents["low"], - High: memoryEvents["high"], - Max: memoryEvents["max"], - Oom: memoryEvents["oom"], - OomKill: memoryEvents["oom_kill"], - } - } - metrics.Io = &stats.IOStat{Usage: readIoStats(c.path)} - metrics.Rdma = &stats.RdmaStat{ - Current: rdmaStats(filepath.Join(c.path, "rdma.current")), - Limit: rdmaStats(filepath.Join(c.path, "rdma.max")), - } - metrics.Hugetlb = readHugeTlbStats(c.path) - - return &metrics, nil -} - -func readKVStatsFile(path string, file string, out map[string]uint64) error { - f, err := os.Open(filepath.Join(path, file)) - if err != nil { - return err - } - defer f.Close() - - s := bufio.NewScanner(f) - for s.Scan() { - name, value, err := parseKV(s.Text()) - if err != nil { - return fmt.Errorf("error while parsing %s (line=%q): %w", filepath.Join(path, file), s.Text(), err) - } - out[name] = value - } - return s.Err() -} - -func (c *Manager) Freeze() error { - return c.freeze(c.path, Frozen) -} - -func (c *Manager) Thaw() error { - return c.freeze(c.path, Thawed) -} - -func (c *Manager) freeze(path string, state State) error { - values := state.Values() - for { - if err := writeValues(path, values); err != nil { - return err - } - current, err := fetchState(path) - if err != nil { - return err - } - if current == state { - return nil - } - time.Sleep(1 * time.Millisecond) - } -} - -func (c *Manager) isCgroupEmpty() bool { - // In case of any error we return true so that we exit and don't leak resources - out := make(map[string]uint64) - if err := readKVStatsFile(c.path, "cgroup.events", out); err != nil { - return true - } - if v, ok := out["populated"]; ok { - return v == 0 - } - return true -} - -// MemoryEventFD returns inotify file descriptor and 'memory.events' inotify watch descriptor -func (c *Manager) MemoryEventFD() (int, uint32, error) { - fpath := filepath.Join(c.path, "memory.events") - fd, err := unix.InotifyInit() - if err != nil { - return 0, 0, errors.New("failed to create inotify fd") - } - wd, err := unix.InotifyAddWatch(fd, fpath, unix.IN_MODIFY) - if err != nil { - unix.Close(fd) - return 0, 0, fmt.Errorf("failed to add inotify watch for %q: %w", fpath, err) - } - // monitor to detect process exit/cgroup deletion - evpath := filepath.Join(c.path, "cgroup.events") - if _, err = unix.InotifyAddWatch(fd, evpath, unix.IN_MODIFY); err != nil { - unix.Close(fd) - return 0, 0, fmt.Errorf("failed to add inotify watch for %q: %w", evpath, err) - } - - return fd, uint32(wd), nil -} - -func (c *Manager) EventChan() (<-chan Event, <-chan error) { - ec := make(chan Event) - errCh := make(chan error, 1) - go c.waitForEvents(ec, errCh) - - return ec, errCh -} - -func (c *Manager) waitForEvents(ec chan<- Event, errCh chan<- error) { - defer close(errCh) - - fd, _, err := c.MemoryEventFD() - if err != nil { - errCh <- err - return - } - defer unix.Close(fd) - - for { - buffer := make([]byte, unix.SizeofInotifyEvent*10) - bytesRead, err := unix.Read(fd, buffer) - if err != nil { - errCh <- err - return - } - if bytesRead >= unix.SizeofInotifyEvent { - out := make(map[string]uint64) - if err := readKVStatsFile(c.path, "memory.events", out); err != nil { - // When cgroup is deleted read may return -ENODEV instead of -ENOENT from open. - if _, statErr := os.Lstat(filepath.Join(c.path, "memory.events")); !os.IsNotExist(statErr) { - errCh <- err - } - return - } - ec <- Event{ - Low: out["low"], - High: out["high"], - Max: out["max"], - OOM: out["oom"], - OOMKill: out["oom_kill"], - } - if c.isCgroupEmpty() { - return - } - } - } -} - -func setDevices(path string, devices []specs.LinuxDeviceCgroup) error { - if len(devices) == 0 { - return nil - } - insts, license, err := DeviceFilter(devices) - if err != nil { - return err - } - dirFD, err := unix.Open(path, unix.O_DIRECTORY|unix.O_RDONLY|unix.O_CLOEXEC, 0o600) - if err != nil { - return fmt.Errorf("cannot get dir FD for %s", path) - } - defer unix.Close(dirFD) - if _, err := LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil { - if !canSkipEBPFError(devices) { - return err - } - } - return nil -} - -// getSystemdFullPath returns the full systemd path when creating a systemd slice group. -// the reason this is necessary is because the "-" character has a special meaning in -// systemd slice. For example, when creating a slice called "my-group-112233.slice", -// systemd will create a hierarchy like this: -// -// /sys/fs/cgroup/my.slice/my-group.slice/my-group-112233.slice -func getSystemdFullPath(slice, group string) string { - return filepath.Join(defaultCgroup2Path, dashesToPath(slice), dashesToPath(group)) -} - -// dashesToPath converts a slice name with dashes to it's corresponding systemd filesystem path. -func dashesToPath(in string) string { - path := "" - if strings.HasSuffix(in, ".slice") && strings.Contains(in, "-") { - parts := strings.Split(in, "-") - for i := range parts { - s := strings.Join(parts[0:i+1], "-") - if !strings.HasSuffix(s, ".slice") { - s += ".slice" - } - path = filepath.Join(path, s) - } - } else { - path = filepath.Join(path, in) - } - return path -} - -func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, error) { - if slice == "" { - slice = defaultSlice - } - ctx := context.TODO() - path := getSystemdFullPath(slice, group) - conn, err := systemdDbus.NewWithContext(ctx) - if err != nil { - return &Manager{}, err - } - defer conn.Close() - - properties := []systemdDbus.Property{ - systemdDbus.PropDescription("cgroup " + group), - newSystemdProperty("DefaultDependencies", false), - newSystemdProperty("MemoryAccounting", true), - newSystemdProperty("CPUAccounting", true), - newSystemdProperty("IOAccounting", true), - } - - // if we create a slice, the parent is defined via a Wants= - if strings.HasSuffix(group, ".slice") { - properties = append(properties, systemdDbus.PropWants(defaultSlice)) - } else { - // otherwise, we use Slice= - properties = append(properties, systemdDbus.PropSlice(defaultSlice)) - } - - // only add pid if its valid, -1 is used w/ general slice creation. - if pid != -1 { - properties = append(properties, newSystemdProperty("PIDs", []uint32{uint32(pid)})) - } - - if resources.Memory != nil && resources.Memory.Min != nil && *resources.Memory.Min != 0 { - properties = append(properties, - newSystemdProperty("MemoryMin", uint64(*resources.Memory.Min))) - } - - if resources.Memory != nil && resources.Memory.Max != nil && *resources.Memory.Max != 0 { - properties = append(properties, - newSystemdProperty("MemoryMax", uint64(*resources.Memory.Max))) - } - - if resources.CPU != nil && resources.CPU.Weight != nil && *resources.CPU.Weight != 0 { - properties = append(properties, - newSystemdProperty("CPUWeight", *resources.CPU.Weight)) - } - - if resources.CPU != nil && resources.CPU.Max != "" { - quota, period := resources.CPU.Max.extractQuotaAndPeriod() - // cpu.cfs_quota_us and cpu.cfs_period_us are controlled by systemd. - // corresponds to USEC_INFINITY in systemd - // if USEC_INFINITY is provided, CPUQuota is left unbound by systemd - // always setting a property value ensures we can apply a quota and remove it later - cpuQuotaPerSecUSec := uint64(math.MaxUint64) - if quota > 0 { - // systemd converts CPUQuotaPerSecUSec (microseconds per CPU second) to CPUQuota - // (integer percentage of CPU) internally. This means that if a fractional percent of - // CPU is indicated by Resources.CpuQuota, we need to round up to the nearest - // 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect. - cpuQuotaPerSecUSec = uint64(quota*1000000) / period - if cpuQuotaPerSecUSec%10000 != 0 { - cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000 - } - } - properties = append(properties, - newSystemdProperty("CPUQuotaPerSecUSec", cpuQuotaPerSecUSec)) - } - - // If we can delegate, we add the property back in - if canDelegate { - properties = append(properties, newSystemdProperty("Delegate", true)) - } - - if resources.Pids != nil && resources.Pids.Max > 0 { - properties = append(properties, - newSystemdProperty("TasksAccounting", true), - newSystemdProperty("TasksMax", uint64(resources.Pids.Max))) - } - - statusChan := make(chan string, 1) - if _, err := conn.StartTransientUnitContext(ctx, group, "replace", properties, statusChan); err == nil { - select { - case <-statusChan: - case <-time.After(time.Second): - logrus.Warnf("Timed out while waiting for StartTransientUnit(%s) completion signal from dbus. Continuing...", group) - } - } else if !isUnitExists(err) { - return &Manager{}, err - } - - return &Manager{ - path: path, - }, nil -} - -func LoadSystemd(slice, group string) (*Manager, error) { - if slice == "" { - slice = defaultSlice - } - path := getSystemdFullPath(slice, group) - return &Manager{ - path: path, - }, nil -} - -func (c *Manager) DeleteSystemd() error { - ctx := context.TODO() - conn, err := systemdDbus.NewWithContext(ctx) - if err != nil { - return err - } - defer conn.Close() - group := systemdUnitFromPath(c.path) - ch := make(chan string) - _, err = conn.StopUnitContext(ctx, group, "replace", ch) - if err != nil { - return err - } - <-ch - return nil -} - -func newSystemdProperty(name string, units interface{}) systemdDbus.Property { - return systemdDbus.Property{ - Name: name, - Value: dbus.MakeVariant(units), - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/memory.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/memory.go deleted file mode 100644 index 8cc8962bd8..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/memory.go +++ /dev/null @@ -1,59 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -type Memory struct { - Swap *int64 - Min *int64 - Max *int64 - Low *int64 - High *int64 -} - -func (r *Memory) Values() (o []Value) { - if r.Swap != nil { - o = append(o, Value{ - filename: "memory.swap.max", - value: *r.Swap, - }) - } - if r.Min != nil { - o = append(o, Value{ - filename: "memory.min", - value: *r.Min, - }) - } - if r.Max != nil { - o = append(o, Value{ - filename: "memory.max", - value: *r.Max, - }) - } - if r.Low != nil { - o = append(o, Value{ - filename: "memory.low", - value: *r.Low, - }) - } - if r.High != nil { - o = append(o, Value{ - filename: "memory.high", - value: *r.High, - }) - } - return o -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/paths.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/paths.go deleted file mode 100644 index 074bb83bc4..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/paths.go +++ /dev/null @@ -1,60 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "fmt" - "path/filepath" - "strings" -) - -// NestedGroupPath will nest the cgroups based on the calling processes cgroup -// placing its child processes inside its own path -func NestedGroupPath(suffix string) (string, error) { - path, err := parseCgroupFile("/proc/self/cgroup") - if err != nil { - return "", err - } - return filepath.Join(path, suffix), nil -} - -// PidGroupPath will return the correct cgroup paths for an existing process running inside a cgroup -// This is commonly used for the Load function to restore an existing container -func PidGroupPath(pid int) (string, error) { - p := fmt.Sprintf("/proc/%d/cgroup", pid) - return parseCgroupFile(p) -} - -// VerifyGroupPath verifies the format of group path string g. -// The format is same as the third field in /proc/PID/cgroup. -// e.g. "/user.slice/user-1001.slice/session-1.scope" -// -// g must be a "clean" absolute path starts with "/", and must not contain "/sys/fs/cgroup" prefix. -// -// VerifyGroupPath doesn't verify whether g actually exists on the system. -func VerifyGroupPath(g string) error { - if !strings.HasPrefix(g, "/") { - return ErrInvalidGroupPath - } - if filepath.Clean(g) != g { - return ErrInvalidGroupPath - } - if strings.HasPrefix(g, "/sys/fs/cgroup") { - return ErrInvalidGroupPath - } - return nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/pids.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/pids.go deleted file mode 100644 index 7de2632606..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/pids.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import "strconv" - -type Pids struct { - Max int64 -} - -func (r *Pids) Values() (o []Value) { - if r.Max != 0 { - limit := "max" - if r.Max > 0 { - limit = strconv.FormatInt(r.Max, 10) - } - o = append(o, Value{ - filename: "pids.max", - value: limit, - }) - } - return o -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/rdma.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/rdma.go deleted file mode 100644 index 2a65117f10..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/rdma.go +++ /dev/null @@ -1,46 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "fmt" -) - -type RDMA struct { - Limit []RDMAEntry -} - -type RDMAEntry struct { - Device string - HcaHandles uint32 - HcaObjects uint32 -} - -func (r RDMAEntry) String() string { - return fmt.Sprintf("%s hca_handle=%d hca_object=%d", r.Device, r.HcaHandles, r.HcaObjects) -} - -func (r *RDMA) Values() (o []Value) { - for _, e := range r.Limit { - o = append(o, Value{ - filename: "rdma.max", - value: e.String(), - }) - } - - return o -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/state.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/state.go deleted file mode 100644 index 886e94b291..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/state.go +++ /dev/null @@ -1,65 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "os" - "path/filepath" - "strings" -) - -// State is a type that represents the state of the current cgroup -type State string - -const ( - Unknown State = "" - Thawed State = "thawed" - Frozen State = "frozen" - Deleted State = "deleted" - - cgroupFreeze = "cgroup.freeze" -) - -func (s State) Values() []Value { - v := Value{ - filename: cgroupFreeze, - } - switch s { - case Frozen: - v.value = "1" - case Thawed: - v.value = "0" - } - return []Value{ - v, - } -} - -func fetchState(path string) (State, error) { - current, err := os.ReadFile(filepath.Join(path, cgroupFreeze)) - if err != nil { - return Unknown, err - } - switch strings.TrimSpace(string(current)) { - case "1": - return Frozen, nil - case "0": - return Thawed, nil - default: - return Unknown, nil - } -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/doc.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/doc.go deleted file mode 100644 index e51e12f800..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package stats diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.go deleted file mode 100644 index d4cb4ad489..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.go +++ /dev/null @@ -1,1333 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: github.com/containerd/cgroups/cgroup2/stats/metrics.proto - -package stats - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Metrics struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Pids *PidsStat `protobuf:"bytes,1,opt,name=pids,proto3" json:"pids,omitempty"` - CPU *CPUStat `protobuf:"bytes,2,opt,name=cpu,proto3" json:"cpu,omitempty"` - Memory *MemoryStat `protobuf:"bytes,4,opt,name=memory,proto3" json:"memory,omitempty"` - Rdma *RdmaStat `protobuf:"bytes,5,opt,name=rdma,proto3" json:"rdma,omitempty"` - Io *IOStat `protobuf:"bytes,6,opt,name=io,proto3" json:"io,omitempty"` - Hugetlb []*HugeTlbStat `protobuf:"bytes,7,rep,name=hugetlb,proto3" json:"hugetlb,omitempty"` - MemoryEvents *MemoryEvents `protobuf:"bytes,8,opt,name=memory_events,json=memoryEvents,proto3" json:"memory_events,omitempty"` -} - -func (x *Metrics) Reset() { - *x = Metrics{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Metrics) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Metrics) ProtoMessage() {} - -func (x *Metrics) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Metrics.ProtoReflect.Descriptor instead. -func (*Metrics) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{0} -} - -func (x *Metrics) GetPids() *PidsStat { - if x != nil { - return x.Pids - } - return nil -} - -func (x *Metrics) GetCPU() *CPUStat { - if x != nil { - return x.CPU - } - return nil -} - -func (x *Metrics) GetMemory() *MemoryStat { - if x != nil { - return x.Memory - } - return nil -} - -func (x *Metrics) GetRdma() *RdmaStat { - if x != nil { - return x.Rdma - } - return nil -} - -func (x *Metrics) GetIo() *IOStat { - if x != nil { - return x.Io - } - return nil -} - -func (x *Metrics) GetHugetlb() []*HugeTlbStat { - if x != nil { - return x.Hugetlb - } - return nil -} - -func (x *Metrics) GetMemoryEvents() *MemoryEvents { - if x != nil { - return x.MemoryEvents - } - return nil -} - -type PidsStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Current uint64 `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"` - Limit uint64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"` -} - -func (x *PidsStat) Reset() { - *x = PidsStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PidsStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PidsStat) ProtoMessage() {} - -func (x *PidsStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PidsStat.ProtoReflect.Descriptor instead. -func (*PidsStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{1} -} - -func (x *PidsStat) GetCurrent() uint64 { - if x != nil { - return x.Current - } - return 0 -} - -func (x *PidsStat) GetLimit() uint64 { - if x != nil { - return x.Limit - } - return 0 -} - -type CPUStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - UsageUsec uint64 `protobuf:"varint,1,opt,name=usage_usec,json=usageUsec,proto3" json:"usage_usec,omitempty"` - UserUsec uint64 `protobuf:"varint,2,opt,name=user_usec,json=userUsec,proto3" json:"user_usec,omitempty"` - SystemUsec uint64 `protobuf:"varint,3,opt,name=system_usec,json=systemUsec,proto3" json:"system_usec,omitempty"` - NrPeriods uint64 `protobuf:"varint,4,opt,name=nr_periods,json=nrPeriods,proto3" json:"nr_periods,omitempty"` - NrThrottled uint64 `protobuf:"varint,5,opt,name=nr_throttled,json=nrThrottled,proto3" json:"nr_throttled,omitempty"` - ThrottledUsec uint64 `protobuf:"varint,6,opt,name=throttled_usec,json=throttledUsec,proto3" json:"throttled_usec,omitempty"` -} - -func (x *CPUStat) Reset() { - *x = CPUStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CPUStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CPUStat) ProtoMessage() {} - -func (x *CPUStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CPUStat.ProtoReflect.Descriptor instead. -func (*CPUStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{2} -} - -func (x *CPUStat) GetUsageUsec() uint64 { - if x != nil { - return x.UsageUsec - } - return 0 -} - -func (x *CPUStat) GetUserUsec() uint64 { - if x != nil { - return x.UserUsec - } - return 0 -} - -func (x *CPUStat) GetSystemUsec() uint64 { - if x != nil { - return x.SystemUsec - } - return 0 -} - -func (x *CPUStat) GetNrPeriods() uint64 { - if x != nil { - return x.NrPeriods - } - return 0 -} - -func (x *CPUStat) GetNrThrottled() uint64 { - if x != nil { - return x.NrThrottled - } - return 0 -} - -func (x *CPUStat) GetThrottledUsec() uint64 { - if x != nil { - return x.ThrottledUsec - } - return 0 -} - -type MemoryStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Anon uint64 `protobuf:"varint,1,opt,name=anon,proto3" json:"anon,omitempty"` - File uint64 `protobuf:"varint,2,opt,name=file,proto3" json:"file,omitempty"` - KernelStack uint64 `protobuf:"varint,3,opt,name=kernel_stack,json=kernelStack,proto3" json:"kernel_stack,omitempty"` - Slab uint64 `protobuf:"varint,4,opt,name=slab,proto3" json:"slab,omitempty"` - Sock uint64 `protobuf:"varint,5,opt,name=sock,proto3" json:"sock,omitempty"` - Shmem uint64 `protobuf:"varint,6,opt,name=shmem,proto3" json:"shmem,omitempty"` - FileMapped uint64 `protobuf:"varint,7,opt,name=file_mapped,json=fileMapped,proto3" json:"file_mapped,omitempty"` - FileDirty uint64 `protobuf:"varint,8,opt,name=file_dirty,json=fileDirty,proto3" json:"file_dirty,omitempty"` - FileWriteback uint64 `protobuf:"varint,9,opt,name=file_writeback,json=fileWriteback,proto3" json:"file_writeback,omitempty"` - AnonThp uint64 `protobuf:"varint,10,opt,name=anon_thp,json=anonThp,proto3" json:"anon_thp,omitempty"` - InactiveAnon uint64 `protobuf:"varint,11,opt,name=inactive_anon,json=inactiveAnon,proto3" json:"inactive_anon,omitempty"` - ActiveAnon uint64 `protobuf:"varint,12,opt,name=active_anon,json=activeAnon,proto3" json:"active_anon,omitempty"` - InactiveFile uint64 `protobuf:"varint,13,opt,name=inactive_file,json=inactiveFile,proto3" json:"inactive_file,omitempty"` - ActiveFile uint64 `protobuf:"varint,14,opt,name=active_file,json=activeFile,proto3" json:"active_file,omitempty"` - Unevictable uint64 `protobuf:"varint,15,opt,name=unevictable,proto3" json:"unevictable,omitempty"` - SlabReclaimable uint64 `protobuf:"varint,16,opt,name=slab_reclaimable,json=slabReclaimable,proto3" json:"slab_reclaimable,omitempty"` - SlabUnreclaimable uint64 `protobuf:"varint,17,opt,name=slab_unreclaimable,json=slabUnreclaimable,proto3" json:"slab_unreclaimable,omitempty"` - Pgfault uint64 `protobuf:"varint,18,opt,name=pgfault,proto3" json:"pgfault,omitempty"` - Pgmajfault uint64 `protobuf:"varint,19,opt,name=pgmajfault,proto3" json:"pgmajfault,omitempty"` - WorkingsetRefault uint64 `protobuf:"varint,20,opt,name=workingset_refault,json=workingsetRefault,proto3" json:"workingset_refault,omitempty"` - WorkingsetActivate uint64 `protobuf:"varint,21,opt,name=workingset_activate,json=workingsetActivate,proto3" json:"workingset_activate,omitempty"` - WorkingsetNodereclaim uint64 `protobuf:"varint,22,opt,name=workingset_nodereclaim,json=workingsetNodereclaim,proto3" json:"workingset_nodereclaim,omitempty"` - Pgrefill uint64 `protobuf:"varint,23,opt,name=pgrefill,proto3" json:"pgrefill,omitempty"` - Pgscan uint64 `protobuf:"varint,24,opt,name=pgscan,proto3" json:"pgscan,omitempty"` - Pgsteal uint64 `protobuf:"varint,25,opt,name=pgsteal,proto3" json:"pgsteal,omitempty"` - Pgactivate uint64 `protobuf:"varint,26,opt,name=pgactivate,proto3" json:"pgactivate,omitempty"` - Pgdeactivate uint64 `protobuf:"varint,27,opt,name=pgdeactivate,proto3" json:"pgdeactivate,omitempty"` - Pglazyfree uint64 `protobuf:"varint,28,opt,name=pglazyfree,proto3" json:"pglazyfree,omitempty"` - Pglazyfreed uint64 `protobuf:"varint,29,opt,name=pglazyfreed,proto3" json:"pglazyfreed,omitempty"` - ThpFaultAlloc uint64 `protobuf:"varint,30,opt,name=thp_fault_alloc,json=thpFaultAlloc,proto3" json:"thp_fault_alloc,omitempty"` - ThpCollapseAlloc uint64 `protobuf:"varint,31,opt,name=thp_collapse_alloc,json=thpCollapseAlloc,proto3" json:"thp_collapse_alloc,omitempty"` - Usage uint64 `protobuf:"varint,32,opt,name=usage,proto3" json:"usage,omitempty"` - UsageLimit uint64 `protobuf:"varint,33,opt,name=usage_limit,json=usageLimit,proto3" json:"usage_limit,omitempty"` - SwapUsage uint64 `protobuf:"varint,34,opt,name=swap_usage,json=swapUsage,proto3" json:"swap_usage,omitempty"` - SwapLimit uint64 `protobuf:"varint,35,opt,name=swap_limit,json=swapLimit,proto3" json:"swap_limit,omitempty"` -} - -func (x *MemoryStat) Reset() { - *x = MemoryStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemoryStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemoryStat) ProtoMessage() {} - -func (x *MemoryStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemoryStat.ProtoReflect.Descriptor instead. -func (*MemoryStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{3} -} - -func (x *MemoryStat) GetAnon() uint64 { - if x != nil { - return x.Anon - } - return 0 -} - -func (x *MemoryStat) GetFile() uint64 { - if x != nil { - return x.File - } - return 0 -} - -func (x *MemoryStat) GetKernelStack() uint64 { - if x != nil { - return x.KernelStack - } - return 0 -} - -func (x *MemoryStat) GetSlab() uint64 { - if x != nil { - return x.Slab - } - return 0 -} - -func (x *MemoryStat) GetSock() uint64 { - if x != nil { - return x.Sock - } - return 0 -} - -func (x *MemoryStat) GetShmem() uint64 { - if x != nil { - return x.Shmem - } - return 0 -} - -func (x *MemoryStat) GetFileMapped() uint64 { - if x != nil { - return x.FileMapped - } - return 0 -} - -func (x *MemoryStat) GetFileDirty() uint64 { - if x != nil { - return x.FileDirty - } - return 0 -} - -func (x *MemoryStat) GetFileWriteback() uint64 { - if x != nil { - return x.FileWriteback - } - return 0 -} - -func (x *MemoryStat) GetAnonThp() uint64 { - if x != nil { - return x.AnonThp - } - return 0 -} - -func (x *MemoryStat) GetInactiveAnon() uint64 { - if x != nil { - return x.InactiveAnon - } - return 0 -} - -func (x *MemoryStat) GetActiveAnon() uint64 { - if x != nil { - return x.ActiveAnon - } - return 0 -} - -func (x *MemoryStat) GetInactiveFile() uint64 { - if x != nil { - return x.InactiveFile - } - return 0 -} - -func (x *MemoryStat) GetActiveFile() uint64 { - if x != nil { - return x.ActiveFile - } - return 0 -} - -func (x *MemoryStat) GetUnevictable() uint64 { - if x != nil { - return x.Unevictable - } - return 0 -} - -func (x *MemoryStat) GetSlabReclaimable() uint64 { - if x != nil { - return x.SlabReclaimable - } - return 0 -} - -func (x *MemoryStat) GetSlabUnreclaimable() uint64 { - if x != nil { - return x.SlabUnreclaimable - } - return 0 -} - -func (x *MemoryStat) GetPgfault() uint64 { - if x != nil { - return x.Pgfault - } - return 0 -} - -func (x *MemoryStat) GetPgmajfault() uint64 { - if x != nil { - return x.Pgmajfault - } - return 0 -} - -func (x *MemoryStat) GetWorkingsetRefault() uint64 { - if x != nil { - return x.WorkingsetRefault - } - return 0 -} - -func (x *MemoryStat) GetWorkingsetActivate() uint64 { - if x != nil { - return x.WorkingsetActivate - } - return 0 -} - -func (x *MemoryStat) GetWorkingsetNodereclaim() uint64 { - if x != nil { - return x.WorkingsetNodereclaim - } - return 0 -} - -func (x *MemoryStat) GetPgrefill() uint64 { - if x != nil { - return x.Pgrefill - } - return 0 -} - -func (x *MemoryStat) GetPgscan() uint64 { - if x != nil { - return x.Pgscan - } - return 0 -} - -func (x *MemoryStat) GetPgsteal() uint64 { - if x != nil { - return x.Pgsteal - } - return 0 -} - -func (x *MemoryStat) GetPgactivate() uint64 { - if x != nil { - return x.Pgactivate - } - return 0 -} - -func (x *MemoryStat) GetPgdeactivate() uint64 { - if x != nil { - return x.Pgdeactivate - } - return 0 -} - -func (x *MemoryStat) GetPglazyfree() uint64 { - if x != nil { - return x.Pglazyfree - } - return 0 -} - -func (x *MemoryStat) GetPglazyfreed() uint64 { - if x != nil { - return x.Pglazyfreed - } - return 0 -} - -func (x *MemoryStat) GetThpFaultAlloc() uint64 { - if x != nil { - return x.ThpFaultAlloc - } - return 0 -} - -func (x *MemoryStat) GetThpCollapseAlloc() uint64 { - if x != nil { - return x.ThpCollapseAlloc - } - return 0 -} - -func (x *MemoryStat) GetUsage() uint64 { - if x != nil { - return x.Usage - } - return 0 -} - -func (x *MemoryStat) GetUsageLimit() uint64 { - if x != nil { - return x.UsageLimit - } - return 0 -} - -func (x *MemoryStat) GetSwapUsage() uint64 { - if x != nil { - return x.SwapUsage - } - return 0 -} - -func (x *MemoryStat) GetSwapLimit() uint64 { - if x != nil { - return x.SwapLimit - } - return 0 -} - -type MemoryEvents struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Low uint64 `protobuf:"varint,1,opt,name=low,proto3" json:"low,omitempty"` - High uint64 `protobuf:"varint,2,opt,name=high,proto3" json:"high,omitempty"` - Max uint64 `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"` - Oom uint64 `protobuf:"varint,4,opt,name=oom,proto3" json:"oom,omitempty"` - OomKill uint64 `protobuf:"varint,5,opt,name=oom_kill,json=oomKill,proto3" json:"oom_kill,omitempty"` -} - -func (x *MemoryEvents) Reset() { - *x = MemoryEvents{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemoryEvents) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemoryEvents) ProtoMessage() {} - -func (x *MemoryEvents) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemoryEvents.ProtoReflect.Descriptor instead. -func (*MemoryEvents) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{4} -} - -func (x *MemoryEvents) GetLow() uint64 { - if x != nil { - return x.Low - } - return 0 -} - -func (x *MemoryEvents) GetHigh() uint64 { - if x != nil { - return x.High - } - return 0 -} - -func (x *MemoryEvents) GetMax() uint64 { - if x != nil { - return x.Max - } - return 0 -} - -func (x *MemoryEvents) GetOom() uint64 { - if x != nil { - return x.Oom - } - return 0 -} - -func (x *MemoryEvents) GetOomKill() uint64 { - if x != nil { - return x.OomKill - } - return 0 -} - -type RdmaStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Current []*RdmaEntry `protobuf:"bytes,1,rep,name=current,proto3" json:"current,omitempty"` - Limit []*RdmaEntry `protobuf:"bytes,2,rep,name=limit,proto3" json:"limit,omitempty"` -} - -func (x *RdmaStat) Reset() { - *x = RdmaStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RdmaStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RdmaStat) ProtoMessage() {} - -func (x *RdmaStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RdmaStat.ProtoReflect.Descriptor instead. -func (*RdmaStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{5} -} - -func (x *RdmaStat) GetCurrent() []*RdmaEntry { - if x != nil { - return x.Current - } - return nil -} - -func (x *RdmaStat) GetLimit() []*RdmaEntry { - if x != nil { - return x.Limit - } - return nil -} - -type RdmaEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Device string `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"` - HcaHandles uint32 `protobuf:"varint,2,opt,name=hca_handles,json=hcaHandles,proto3" json:"hca_handles,omitempty"` - HcaObjects uint32 `protobuf:"varint,3,opt,name=hca_objects,json=hcaObjects,proto3" json:"hca_objects,omitempty"` -} - -func (x *RdmaEntry) Reset() { - *x = RdmaEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RdmaEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RdmaEntry) ProtoMessage() {} - -func (x *RdmaEntry) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RdmaEntry.ProtoReflect.Descriptor instead. -func (*RdmaEntry) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{6} -} - -func (x *RdmaEntry) GetDevice() string { - if x != nil { - return x.Device - } - return "" -} - -func (x *RdmaEntry) GetHcaHandles() uint32 { - if x != nil { - return x.HcaHandles - } - return 0 -} - -func (x *RdmaEntry) GetHcaObjects() uint32 { - if x != nil { - return x.HcaObjects - } - return 0 -} - -type IOStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Usage []*IOEntry `protobuf:"bytes,1,rep,name=usage,proto3" json:"usage,omitempty"` -} - -func (x *IOStat) Reset() { - *x = IOStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IOStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IOStat) ProtoMessage() {} - -func (x *IOStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IOStat.ProtoReflect.Descriptor instead. -func (*IOStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{7} -} - -func (x *IOStat) GetUsage() []*IOEntry { - if x != nil { - return x.Usage - } - return nil -} - -type IOEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Major uint64 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"` - Minor uint64 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"` - Rbytes uint64 `protobuf:"varint,3,opt,name=rbytes,proto3" json:"rbytes,omitempty"` - Wbytes uint64 `protobuf:"varint,4,opt,name=wbytes,proto3" json:"wbytes,omitempty"` - Rios uint64 `protobuf:"varint,5,opt,name=rios,proto3" json:"rios,omitempty"` - Wios uint64 `protobuf:"varint,6,opt,name=wios,proto3" json:"wios,omitempty"` -} - -func (x *IOEntry) Reset() { - *x = IOEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IOEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IOEntry) ProtoMessage() {} - -func (x *IOEntry) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IOEntry.ProtoReflect.Descriptor instead. -func (*IOEntry) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{8} -} - -func (x *IOEntry) GetMajor() uint64 { - if x != nil { - return x.Major - } - return 0 -} - -func (x *IOEntry) GetMinor() uint64 { - if x != nil { - return x.Minor - } - return 0 -} - -func (x *IOEntry) GetRbytes() uint64 { - if x != nil { - return x.Rbytes - } - return 0 -} - -func (x *IOEntry) GetWbytes() uint64 { - if x != nil { - return x.Wbytes - } - return 0 -} - -func (x *IOEntry) GetRios() uint64 { - if x != nil { - return x.Rios - } - return 0 -} - -func (x *IOEntry) GetWios() uint64 { - if x != nil { - return x.Wios - } - return 0 -} - -type HugeTlbStat struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Current uint64 `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"` - Max uint64 `protobuf:"varint,2,opt,name=max,proto3" json:"max,omitempty"` - Pagesize string `protobuf:"bytes,3,opt,name=pagesize,proto3" json:"pagesize,omitempty"` -} - -func (x *HugeTlbStat) Reset() { - *x = HugeTlbStat{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HugeTlbStat) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HugeTlbStat) ProtoMessage() {} - -func (x *HugeTlbStat) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HugeTlbStat.ProtoReflect.Descriptor instead. -func (*HugeTlbStat) Descriptor() ([]byte, []int) { - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP(), []int{9} -} - -func (x *HugeTlbStat) GetCurrent() uint64 { - if x != nil { - return x.Current - } - return 0 -} - -func (x *HugeTlbStat) GetMax() uint64 { - if x != nil { - return x.Max - } - return 0 -} - -func (x *HugeTlbStat) GetPagesize() string { - if x != nil { - return x.Pagesize - } - return "" -} - -var File_github_com_containerd_cgroups_cgroup2_stats_metrics_proto protoreflect.FileDescriptor - -var file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDesc = []byte{ - 0x0a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2f, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2f, 0x6d, 0x65, - 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x6f, 0x2e, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x73, 0x2e, 0x76, 0x32, 0x22, 0xac, 0x03, 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, - 0x73, 0x12, 0x36, 0x0a, 0x04, 0x70, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x50, 0x69, 0x64, 0x73, 0x53, - 0x74, 0x61, 0x74, 0x52, 0x04, 0x70, 0x69, 0x64, 0x73, 0x12, 0x33, 0x0a, 0x03, 0x63, 0x70, 0x75, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, - 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, - 0x32, 0x2e, 0x43, 0x50, 0x55, 0x53, 0x74, 0x61, 0x74, 0x52, 0x03, 0x63, 0x70, 0x75, 0x12, 0x3c, - 0x0a, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, - 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, - 0x53, 0x74, 0x61, 0x74, 0x52, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x04, - 0x72, 0x64, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x53, 0x74, 0x61, 0x74, 0x52, 0x04, - 0x72, 0x64, 0x6d, 0x61, 0x12, 0x30, 0x0a, 0x02, 0x69, 0x6f, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, - 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x49, 0x4f, 0x53, 0x74, - 0x61, 0x74, 0x52, 0x02, 0x69, 0x6f, 0x12, 0x3f, 0x0a, 0x07, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, - 0x62, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, - 0x76, 0x32, 0x2e, 0x48, 0x75, 0x67, 0x65, 0x54, 0x6c, 0x62, 0x53, 0x74, 0x61, 0x74, 0x52, 0x07, - 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x12, 0x4b, 0x0a, 0x0d, 0x6d, 0x65, 0x6d, 0x6f, 0x72, - 0x79, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, - 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, - 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x0c, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x76, - 0x65, 0x6e, 0x74, 0x73, 0x22, 0x3a, 0x0a, 0x08, 0x50, 0x69, 0x64, 0x73, 0x53, 0x74, 0x61, 0x74, - 0x12, 0x18, 0x0a, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x69, - 0x6d, 0x69, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, - 0x22, 0xcf, 0x01, 0x0a, 0x07, 0x43, 0x50, 0x55, 0x53, 0x74, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, - 0x75, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x09, 0x75, 0x73, 0x61, 0x67, 0x65, 0x55, 0x73, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, - 0x75, 0x73, 0x65, 0x72, 0x55, 0x73, 0x65, 0x63, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x79, 0x73, 0x74, - 0x65, 0x6d, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x73, - 0x79, 0x73, 0x74, 0x65, 0x6d, 0x55, 0x73, 0x65, 0x63, 0x12, 0x1d, 0x0a, 0x0a, 0x6e, 0x72, 0x5f, - 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x6e, - 0x72, 0x50, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x6e, 0x72, 0x5f, 0x74, - 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, - 0x6e, 0x72, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x74, - 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0d, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x55, 0x73, - 0x65, 0x63, 0x22, 0x8f, 0x09, 0x0a, 0x0a, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, - 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x04, 0x61, 0x6e, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x6b, 0x65, 0x72, - 0x6e, 0x65, 0x6c, 0x5f, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x0b, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x63, 0x6b, 0x12, 0x12, 0x0a, 0x04, - 0x73, 0x6c, 0x61, 0x62, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, 0x6c, 0x61, 0x62, - 0x12, 0x12, 0x0a, 0x04, 0x73, 0x6f, 0x63, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, - 0x73, 0x6f, 0x63, 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x65, 0x6d, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x05, 0x73, 0x68, 0x6d, 0x65, 0x6d, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x69, - 0x6c, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x66, - 0x69, 0x6c, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x74, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x09, 0x66, 0x69, 0x6c, 0x65, 0x44, 0x69, 0x72, 0x74, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x66, 0x69, - 0x6c, 0x65, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x18, 0x09, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x0d, 0x66, 0x69, 0x6c, 0x65, 0x57, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, - 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x6e, 0x6f, 0x6e, 0x5f, 0x74, 0x68, 0x70, 0x18, 0x0a, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, 0x6e, 0x6f, 0x6e, 0x54, 0x68, 0x70, 0x12, 0x23, 0x0a, 0x0d, - 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0c, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, - 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x61, 0x6e, 0x6f, 0x6e, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, - 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, - 0x69, 0x6c, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x69, 0x6e, 0x61, 0x63, 0x74, - 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x61, 0x63, - 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x75, 0x6e, 0x65, 0x76, - 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x75, - 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6c, - 0x61, 0x62, 0x5f, 0x72, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x10, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x73, 0x6c, 0x61, 0x62, 0x52, 0x65, 0x63, 0x6c, 0x61, 0x69, - 0x6d, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x6c, 0x61, 0x62, 0x5f, 0x75, 0x6e, - 0x72, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x11, 0x73, 0x6c, 0x61, 0x62, 0x55, 0x6e, 0x72, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, - 0x61, 0x62, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x67, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, 0x67, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x1e, - 0x0a, 0x0a, 0x70, 0x67, 0x6d, 0x61, 0x6a, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x13, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x0a, 0x70, 0x67, 0x6d, 0x61, 0x6a, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x2d, - 0x0a, 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x18, 0x14, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x73, 0x65, 0x74, 0x52, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x2f, 0x0a, - 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x61, 0x63, 0x74, 0x69, - 0x76, 0x61, 0x74, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x04, 0x52, 0x12, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x73, 0x65, 0x74, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x12, 0x35, - 0x0a, 0x16, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x6e, 0x6f, 0x64, - 0x65, 0x72, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x18, 0x16, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x73, 0x65, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x72, 0x65, - 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x67, 0x72, 0x65, 0x66, 0x69, 0x6c, - 0x6c, 0x18, 0x17, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x70, 0x67, 0x72, 0x65, 0x66, 0x69, 0x6c, - 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x67, 0x73, 0x63, 0x61, 0x6e, 0x18, 0x18, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x06, 0x70, 0x67, 0x73, 0x63, 0x61, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x67, 0x73, - 0x74, 0x65, 0x61, 0x6c, 0x18, 0x19, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, 0x67, 0x73, 0x74, - 0x65, 0x61, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x67, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, - 0x65, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x70, 0x67, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x67, 0x64, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x67, 0x64, 0x65, 0x61, - 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x67, 0x6c, 0x61, 0x7a, - 0x79, 0x66, 0x72, 0x65, 0x65, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x70, 0x67, 0x6c, - 0x61, 0x7a, 0x79, 0x66, 0x72, 0x65, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x67, 0x6c, 0x61, 0x7a, - 0x79, 0x66, 0x72, 0x65, 0x65, 0x64, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x70, 0x67, - 0x6c, 0x61, 0x7a, 0x79, 0x66, 0x72, 0x65, 0x65, 0x64, 0x12, 0x26, 0x0a, 0x0f, 0x74, 0x68, 0x70, - 0x5f, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x61, 0x6c, 0x6c, 0x6f, 0x63, 0x18, 0x1e, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x0d, 0x74, 0x68, 0x70, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x41, 0x6c, 0x6c, 0x6f, - 0x63, 0x12, 0x2c, 0x0a, 0x12, 0x74, 0x68, 0x70, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x61, 0x70, 0x73, - 0x65, 0x5f, 0x61, 0x6c, 0x6c, 0x6f, 0x63, 0x18, 0x1f, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x74, - 0x68, 0x70, 0x43, 0x6f, 0x6c, 0x6c, 0x61, 0x70, 0x73, 0x65, 0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x12, - 0x14, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x20, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, - 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x6c, - 0x69, 0x6d, 0x69, 0x74, 0x18, 0x21, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x75, 0x73, 0x61, 0x67, - 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x77, 0x61, 0x70, 0x5f, 0x75, - 0x73, 0x61, 0x67, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x73, 0x77, 0x61, 0x70, - 0x55, 0x73, 0x61, 0x67, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x77, 0x61, 0x70, 0x5f, 0x6c, 0x69, - 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x73, 0x77, 0x61, 0x70, 0x4c, - 0x69, 0x6d, 0x69, 0x74, 0x22, 0x73, 0x0a, 0x0c, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x76, - 0x65, 0x6e, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6c, 0x6f, 0x77, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x03, 0x6c, 0x6f, 0x77, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x67, 0x68, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x68, 0x69, 0x67, 0x68, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, - 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x10, 0x0a, 0x03, - 0x6f, 0x6f, 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6f, 0x6f, 0x6d, 0x12, 0x19, - 0x0a, 0x08, 0x6f, 0x6f, 0x6d, 0x5f, 0x6b, 0x69, 0x6c, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x07, 0x6f, 0x6f, 0x6d, 0x4b, 0x69, 0x6c, 0x6c, 0x22, 0x84, 0x01, 0x0a, 0x08, 0x52, 0x64, - 0x6d, 0x61, 0x53, 0x74, 0x61, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, - 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, - 0x76, 0x32, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x75, - 0x72, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x39, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, - 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, - 0x22, 0x65, 0x0a, 0x09, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, - 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, - 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x63, 0x61, 0x5f, 0x68, 0x61, 0x6e, - 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x68, 0x63, 0x61, 0x48, - 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x63, 0x61, 0x5f, 0x6f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x68, 0x63, 0x61, - 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x22, 0x41, 0x0a, 0x06, 0x49, 0x4f, 0x53, 0x74, 0x61, - 0x74, 0x12, 0x37, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x21, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, - 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x32, 0x2e, 0x49, 0x4f, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x22, 0x8d, 0x01, 0x0a, 0x07, 0x49, - 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, - 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6d, 0x69, 0x6e, - 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x06, 0x72, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x77, 0x62, 0x79, 0x74, - 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x69, 0x6f, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x04, 0x72, 0x69, 0x6f, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x69, 0x6f, 0x73, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x77, 0x69, 0x6f, 0x73, 0x22, 0x55, 0x0a, 0x0b, 0x48, 0x75, - 0x67, 0x65, 0x54, 0x6c, 0x62, 0x53, 0x74, 0x61, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x75, 0x72, - 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x63, 0x75, 0x72, 0x72, - 0x65, 0x6e, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x69, 0x7a, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x69, 0x7a, - 0x65, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x73, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x32, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x73, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescOnce sync.Once - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescData = file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDesc -) - -func file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescGZIP() []byte { - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescOnce.Do(func() { - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescData) - }) - return file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDescData -} - -var file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes = make([]protoimpl.MessageInfo, 10) -var file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_goTypes = []interface{}{ - (*Metrics)(nil), // 0: io.containerd.cgroups.v2.Metrics - (*PidsStat)(nil), // 1: io.containerd.cgroups.v2.PidsStat - (*CPUStat)(nil), // 2: io.containerd.cgroups.v2.CPUStat - (*MemoryStat)(nil), // 3: io.containerd.cgroups.v2.MemoryStat - (*MemoryEvents)(nil), // 4: io.containerd.cgroups.v2.MemoryEvents - (*RdmaStat)(nil), // 5: io.containerd.cgroups.v2.RdmaStat - (*RdmaEntry)(nil), // 6: io.containerd.cgroups.v2.RdmaEntry - (*IOStat)(nil), // 7: io.containerd.cgroups.v2.IOStat - (*IOEntry)(nil), // 8: io.containerd.cgroups.v2.IOEntry - (*HugeTlbStat)(nil), // 9: io.containerd.cgroups.v2.HugeTlbStat -} -var file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_depIdxs = []int32{ - 1, // 0: io.containerd.cgroups.v2.Metrics.pids:type_name -> io.containerd.cgroups.v2.PidsStat - 2, // 1: io.containerd.cgroups.v2.Metrics.cpu:type_name -> io.containerd.cgroups.v2.CPUStat - 3, // 2: io.containerd.cgroups.v2.Metrics.memory:type_name -> io.containerd.cgroups.v2.MemoryStat - 5, // 3: io.containerd.cgroups.v2.Metrics.rdma:type_name -> io.containerd.cgroups.v2.RdmaStat - 7, // 4: io.containerd.cgroups.v2.Metrics.io:type_name -> io.containerd.cgroups.v2.IOStat - 9, // 5: io.containerd.cgroups.v2.Metrics.hugetlb:type_name -> io.containerd.cgroups.v2.HugeTlbStat - 4, // 6: io.containerd.cgroups.v2.Metrics.memory_events:type_name -> io.containerd.cgroups.v2.MemoryEvents - 6, // 7: io.containerd.cgroups.v2.RdmaStat.current:type_name -> io.containerd.cgroups.v2.RdmaEntry - 6, // 8: io.containerd.cgroups.v2.RdmaStat.limit:type_name -> io.containerd.cgroups.v2.RdmaEntry - 8, // 9: io.containerd.cgroups.v2.IOStat.usage:type_name -> io.containerd.cgroups.v2.IOEntry - 10, // [10:10] is the sub-list for method output_type - 10, // [10:10] is the sub-list for method input_type - 10, // [10:10] is the sub-list for extension type_name - 10, // [10:10] is the sub-list for extension extendee - 0, // [0:10] is the sub-list for field type_name -} - -func init() { file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_init() } -func file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_init() { - if File_github_com_containerd_cgroups_cgroup2_stats_metrics_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Metrics); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PidsStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CPUStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemoryStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemoryEvents); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RdmaStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RdmaEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IOStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IOEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HugeTlbStat); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDesc, - NumEnums: 0, - NumMessages: 10, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_goTypes, - DependencyIndexes: file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_depIdxs, - MessageInfos: file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_msgTypes, - }.Build() - File_github_com_containerd_cgroups_cgroup2_stats_metrics_proto = out.File - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_rawDesc = nil - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_goTypes = nil - file_github_com_containerd_cgroups_cgroup2_stats_metrics_proto_depIdxs = nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.txt b/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.txt deleted file mode 100644 index f9b0cd3430..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.pb.txt +++ /dev/null @@ -1,538 +0,0 @@ -file { - name: "github.com/containerd/cgroups/cgroup2/stats/metrics.proto" - package: "io.containerd.cgroups.v2" - message_type { - name: "Metrics" - field { - name: "pids" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.PidsStat" - json_name: "pids" - } - field { - name: "cpu" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.CPUStat" - json_name: "cpu" - } - field { - name: "memory" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.MemoryStat" - json_name: "memory" - } - field { - name: "rdma" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.RdmaStat" - json_name: "rdma" - } - field { - name: "io" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.IOStat" - json_name: "io" - } - field { - name: "hugetlb" - number: 7 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.HugeTlbStat" - json_name: "hugetlb" - } - field { - name: "memory_events" - number: 8 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.MemoryEvents" - json_name: "memoryEvents" - } - } - message_type { - name: "PidsStat" - field { - name: "current" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "current" - } - field { - name: "limit" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "limit" - } - } - message_type { - name: "CPUStat" - field { - name: "usage_usec" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "usageUsec" - } - field { - name: "user_usec" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "userUsec" - } - field { - name: "system_usec" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "systemUsec" - } - field { - name: "nr_periods" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrPeriods" - } - field { - name: "nr_throttled" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "nrThrottled" - } - field { - name: "throttled_usec" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "throttledUsec" - } - } - message_type { - name: "MemoryStat" - field { - name: "anon" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "anon" - } - field { - name: "file" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "file" - } - field { - name: "kernel_stack" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "kernelStack" - } - field { - name: "slab" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "slab" - } - field { - name: "sock" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "sock" - } - field { - name: "shmem" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "shmem" - } - field { - name: "file_mapped" - number: 7 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "fileMapped" - } - field { - name: "file_dirty" - number: 8 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "fileDirty" - } - field { - name: "file_writeback" - number: 9 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "fileWriteback" - } - field { - name: "anon_thp" - number: 10 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "anonThp" - } - field { - name: "inactive_anon" - number: 11 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "inactiveAnon" - } - field { - name: "active_anon" - number: 12 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "activeAnon" - } - field { - name: "inactive_file" - number: 13 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "inactiveFile" - } - field { - name: "active_file" - number: 14 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "activeFile" - } - field { - name: "unevictable" - number: 15 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "unevictable" - } - field { - name: "slab_reclaimable" - number: 16 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "slabReclaimable" - } - field { - name: "slab_unreclaimable" - number: 17 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "slabUnreclaimable" - } - field { - name: "pgfault" - number: 18 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgfault" - } - field { - name: "pgmajfault" - number: 19 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgmajfault" - } - field { - name: "workingset_refault" - number: 20 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "workingsetRefault" - } - field { - name: "workingset_activate" - number: 21 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "workingsetActivate" - } - field { - name: "workingset_nodereclaim" - number: 22 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "workingsetNodereclaim" - } - field { - name: "pgrefill" - number: 23 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgrefill" - } - field { - name: "pgscan" - number: 24 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgscan" - } - field { - name: "pgsteal" - number: 25 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgsteal" - } - field { - name: "pgactivate" - number: 26 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgactivate" - } - field { - name: "pgdeactivate" - number: 27 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pgdeactivate" - } - field { - name: "pglazyfree" - number: 28 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pglazyfree" - } - field { - name: "pglazyfreed" - number: 29 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "pglazyfreed" - } - field { - name: "thp_fault_alloc" - number: 30 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "thpFaultAlloc" - } - field { - name: "thp_collapse_alloc" - number: 31 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "thpCollapseAlloc" - } - field { - name: "usage" - number: 32 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "usage" - } - field { - name: "usage_limit" - number: 33 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "usageLimit" - } - field { - name: "swap_usage" - number: 34 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "swapUsage" - } - field { - name: "swap_limit" - number: 35 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "swapLimit" - } - } - message_type { - name: "MemoryEvents" - field { - name: "low" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "low" - } - field { - name: "high" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "high" - } - field { - name: "max" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "max" - } - field { - name: "oom" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "oom" - } - field { - name: "oom_kill" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "oomKill" - } - } - message_type { - name: "RdmaStat" - field { - name: "current" - number: 1 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.RdmaEntry" - json_name: "current" - } - field { - name: "limit" - number: 2 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.RdmaEntry" - json_name: "limit" - } - } - message_type { - name: "RdmaEntry" - field { - name: "device" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "device" - } - field { - name: "hca_handles" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT32 - json_name: "hcaHandles" - } - field { - name: "hca_objects" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT32 - json_name: "hcaObjects" - } - } - message_type { - name: "IOStat" - field { - name: "usage" - number: 1 - label: LABEL_REPEATED - type: TYPE_MESSAGE - type_name: ".io.containerd.cgroups.v2.IOEntry" - json_name: "usage" - } - } - message_type { - name: "IOEntry" - field { - name: "major" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "major" - } - field { - name: "minor" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "minor" - } - field { - name: "rbytes" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rbytes" - } - field { - name: "wbytes" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "wbytes" - } - field { - name: "rios" - number: 5 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "rios" - } - field { - name: "wios" - number: 6 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "wios" - } - } - message_type { - name: "HugeTlbStat" - field { - name: "current" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "current" - } - field { - name: "max" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_UINT64 - json_name: "max" - } - field { - name: "pagesize" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "pagesize" - } - } - options { - go_package: "github.com/containerd/cgroups/cgroup2/stats" - } - syntax: "proto3" -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.proto b/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.proto deleted file mode 100644 index 3e9ee6d6ab..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/stats/metrics.proto +++ /dev/null @@ -1,105 +0,0 @@ -syntax = "proto3"; - -package io.containerd.cgroups.v2; - -option go_package = "github.com/containerd/cgroups/cgroup2/stats"; - -message Metrics { - PidsStat pids = 1; - CPUStat cpu = 2; - MemoryStat memory = 4; - RdmaStat rdma = 5; - IOStat io = 6; - repeated HugeTlbStat hugetlb = 7; - MemoryEvents memory_events = 8; -} - -message PidsStat { - uint64 current = 1; - uint64 limit = 2; -} - -message CPUStat { - uint64 usage_usec = 1; - uint64 user_usec = 2; - uint64 system_usec = 3; - uint64 nr_periods = 4; - uint64 nr_throttled = 5; - uint64 throttled_usec = 6; -} - -message MemoryStat { - uint64 anon = 1; - uint64 file = 2; - uint64 kernel_stack = 3; - uint64 slab = 4; - uint64 sock = 5; - uint64 shmem = 6; - uint64 file_mapped = 7; - uint64 file_dirty = 8; - uint64 file_writeback = 9; - uint64 anon_thp = 10; - uint64 inactive_anon = 11; - uint64 active_anon = 12; - uint64 inactive_file = 13; - uint64 active_file = 14; - uint64 unevictable = 15; - uint64 slab_reclaimable = 16; - uint64 slab_unreclaimable = 17; - uint64 pgfault = 18; - uint64 pgmajfault = 19; - uint64 workingset_refault = 20; - uint64 workingset_activate = 21; - uint64 workingset_nodereclaim = 22; - uint64 pgrefill = 23; - uint64 pgscan = 24; - uint64 pgsteal = 25; - uint64 pgactivate = 26; - uint64 pgdeactivate = 27; - uint64 pglazyfree = 28; - uint64 pglazyfreed = 29; - uint64 thp_fault_alloc = 30; - uint64 thp_collapse_alloc = 31; - uint64 usage = 32; - uint64 usage_limit = 33; - uint64 swap_usage = 34; - uint64 swap_limit = 35; -} - -message MemoryEvents { - uint64 low = 1; - uint64 high = 2; - uint64 max = 3; - uint64 oom = 4; - uint64 oom_kill = 5; -} - -message RdmaStat { - repeated RdmaEntry current = 1; - repeated RdmaEntry limit = 2; -} - -message RdmaEntry { - string device = 1; - uint32 hca_handles = 2; - uint32 hca_objects = 3; -} - -message IOStat { - repeated IOEntry usage = 1; -} - -message IOEntry { - uint64 major = 1; - uint64 minor = 2; - uint64 rbytes = 3; - uint64 wbytes = 4; - uint64 rios = 5; - uint64 wios = 6; -} - -message HugeTlbStat { - uint64 current = 1; - uint64 max = 2; - string pagesize = 3; -} diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup2/utils.go b/vendor/github.com/containerd/cgroups/v3/cgroup2/utils.go deleted file mode 100644 index f5302444a7..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/cgroup2/utils.go +++ /dev/null @@ -1,488 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroup2 - -import ( - "bufio" - "errors" - "fmt" - "io" - "math" - "os" - "path/filepath" - "strconv" - "strings" - "sync" - "time" - "unsafe" - - "github.com/containerd/cgroups/v3/cgroup2/stats" - - "github.com/godbus/dbus/v5" - "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" -) - -const ( - cgroupProcs = "cgroup.procs" - cgroupThreads = "cgroup.threads" - defaultDirPerm = 0o755 -) - -// defaultFilePerm is a var so that the test framework can change the filemode -// of all files created when the tests are running. The difference between the -// tests and real world use is that files like "cgroup.procs" will exist when writing -// to a read cgroup filesystem and do not exist prior when running in the tests. -// this is set to a non 0 value in the test code -var defaultFilePerm = os.FileMode(0) - -// remove will remove a cgroup path handling EAGAIN and EBUSY errors and -// retrying the remove after a exp timeout -func remove(path string) error { - var err error - delay := 10 * time.Millisecond - for i := 0; i < 5; i++ { - if i != 0 { - time.Sleep(delay) - delay *= 2 - } - if err = os.RemoveAll(path); err == nil { - return nil - } - } - return fmt.Errorf("cgroups: unable to remove path %q: %w", path, err) -} - -// parseCgroupProcsFile parses /sys/fs/cgroup/$GROUPPATH/cgroup.procs -func parseCgroupProcsFile(path string) ([]uint64, error) { - f, err := os.Open(path) - if err != nil { - return nil, err - } - defer f.Close() - var ( - out []uint64 - s = bufio.NewScanner(f) - ) - for s.Scan() { - if t := s.Text(); t != "" { - pid, err := strconv.ParseUint(t, 10, 0) - if err != nil { - return nil, err - } - out = append(out, pid) - } - } - if err := s.Err(); err != nil { - return nil, err - } - return out, nil -} - -func parseKV(raw string) (string, uint64, error) { - parts := strings.Fields(raw) - if len(parts) != 2 { - return "", 0, ErrInvalidFormat - } - v, err := parseUint(parts[1], 10, 64) - return parts[0], v, err -} - -func parseUint(s string, base, bitSize int) (uint64, error) { - v, err := strconv.ParseUint(s, base, bitSize) - if err != nil { - intValue, intErr := strconv.ParseInt(s, base, bitSize) - // 1. Handle negative values greater than MinInt64 (and) - // 2. Handle negative values lesser than MinInt64 - if intErr == nil && intValue < 0 { - return 0, nil - } else if intErr != nil && - intErr.(*strconv.NumError).Err == strconv.ErrRange && - intValue < 0 { - return 0, nil - } - return 0, err - } - return v, nil -} - -// parseCgroupFile parses /proc/PID/cgroup file and return string -func parseCgroupFile(path string) (string, error) { - f, err := os.Open(path) - if err != nil { - return "", err - } - defer f.Close() - return parseCgroupFromReader(f) -} - -func parseCgroupFromReader(r io.Reader) (string, error) { - s := bufio.NewScanner(r) - for s.Scan() { - var ( - text = s.Text() - parts = strings.SplitN(text, ":", 3) - ) - if len(parts) < 3 { - return "", fmt.Errorf("invalid cgroup entry: %q", text) - } - // text is like "0::/user.slice/user-1001.slice/session-1.scope" - if parts[0] == "0" && parts[1] == "" { - return parts[2], nil - } - } - if err := s.Err(); err != nil { - return "", err - } - return "", fmt.Errorf("cgroup path not found") -} - -// ToResources converts the oci LinuxResources struct into a -// v2 Resources type for use with this package. -// -// converting cgroups configuration from v1 to v2 -// ref: https://github.com/containers/crun/blob/master/crun.1.md#cgroup-v2 -func ToResources(spec *specs.LinuxResources) *Resources { - var resources Resources - if cpu := spec.CPU; cpu != nil { - resources.CPU = &CPU{ - Cpus: cpu.Cpus, - Mems: cpu.Mems, - } - if shares := cpu.Shares; shares != nil { - convertedWeight := 1 + ((*shares-2)*9999)/262142 - resources.CPU.Weight = &convertedWeight - } - if period := cpu.Period; period != nil { - resources.CPU.Max = NewCPUMax(cpu.Quota, period) - } - } - if mem := spec.Memory; mem != nil { - resources.Memory = &Memory{} - if swap := mem.Swap; swap != nil { - resources.Memory.Swap = swap - } - if l := mem.Limit; l != nil { - resources.Memory.Max = l - } - if l := mem.Reservation; l != nil { - resources.Memory.Low = l - } - } - if hugetlbs := spec.HugepageLimits; hugetlbs != nil { - hugeTlbUsage := HugeTlb{} - for _, hugetlb := range hugetlbs { - hugeTlbUsage = append(hugeTlbUsage, HugeTlbEntry{ - HugePageSize: hugetlb.Pagesize, - Limit: hugetlb.Limit, - }) - } - resources.HugeTlb = &hugeTlbUsage - } - if pids := spec.Pids; pids != nil { - resources.Pids = &Pids{ - Max: pids.Limit, - } - } - if i := spec.BlockIO; i != nil { - resources.IO = &IO{} - if i.Weight != nil { - resources.IO.BFQ.Weight = 1 + (*i.Weight-10)*9999/990 - } - for t, devices := range map[IOType][]specs.LinuxThrottleDevice{ - ReadBPS: i.ThrottleReadBpsDevice, - WriteBPS: i.ThrottleWriteBpsDevice, - ReadIOPS: i.ThrottleReadIOPSDevice, - WriteIOPS: i.ThrottleWriteIOPSDevice, - } { - for _, d := range devices { - resources.IO.Max = append(resources.IO.Max, Entry{ - Type: t, - Major: d.Major, - Minor: d.Minor, - Rate: d.Rate, - }) - } - } - } - if i := spec.Rdma; i != nil { - resources.RDMA = &RDMA{} - for device, value := range spec.Rdma { - if device != "" && (value.HcaHandles != nil && value.HcaObjects != nil) { - resources.RDMA.Limit = append(resources.RDMA.Limit, RDMAEntry{ - Device: device, - HcaHandles: *value.HcaHandles, - HcaObjects: *value.HcaObjects, - }) - } - } - } - - return &resources -} - -// Gets uint64 parsed content of single value cgroup stat file -func getStatFileContentUint64(filePath string) uint64 { - f, err := os.Open(filePath) - if err != nil { - return 0 - } - defer f.Close() - - // We expect an unsigned 64 bit integer, or a "max" string - // in some cases. - buf := make([]byte, 32) - n, err := f.Read(buf) - if err != nil { - return 0 - } - - trimmed := strings.TrimSpace(string(buf[:n])) - if trimmed == "max" { - return math.MaxUint64 - } - - res, err := parseUint(trimmed, 10, 64) - if err != nil { - logrus.Errorf("unable to parse %q as a uint from Cgroup file %q", trimmed, filePath) - return res - } - - return res -} - -func readIoStats(path string) []*stats.IOEntry { - // more details on the io.stat file format: https://www.kernel.org/doc/Documentation/cgroup-v2.txt - var usage []*stats.IOEntry - fpath := filepath.Join(path, "io.stat") - currentData, err := os.ReadFile(fpath) - if err != nil { - return usage - } - entries := strings.Split(string(currentData), "\n") - - for _, entry := range entries { - parts := strings.Split(entry, " ") - if len(parts) < 2 { - continue - } - majmin := strings.Split(parts[0], ":") - if len(majmin) != 2 { - continue - } - major, err := strconv.ParseUint(majmin[0], 10, 0) - if err != nil { - return usage - } - minor, err := strconv.ParseUint(majmin[1], 10, 0) - if err != nil { - return usage - } - parts = parts[1:] - ioEntry := stats.IOEntry{ - Major: major, - Minor: minor, - } - for _, s := range parts { - keyPairValue := strings.Split(s, "=") - if len(keyPairValue) != 2 { - continue - } - v, err := strconv.ParseUint(keyPairValue[1], 10, 0) - if err != nil { - continue - } - switch keyPairValue[0] { - case "rbytes": - ioEntry.Rbytes = v - case "wbytes": - ioEntry.Wbytes = v - case "rios": - ioEntry.Rios = v - case "wios": - ioEntry.Wios = v - } - } - usage = append(usage, &ioEntry) - } - return usage -} - -func rdmaStats(filepath string) []*stats.RdmaEntry { - currentData, err := os.ReadFile(filepath) - if err != nil { - return []*stats.RdmaEntry{} - } - return toRdmaEntry(strings.Split(string(currentData), "\n")) -} - -func parseRdmaKV(raw string, entry *stats.RdmaEntry) { - var value uint64 - var err error - - parts := strings.Split(raw, "=") - switch len(parts) { - case 2: - if parts[1] == "max" { - value = math.MaxUint32 - } else { - value, err = parseUint(parts[1], 10, 32) - if err != nil { - return - } - } - if parts[0] == "hca_handle" { - entry.HcaHandles = uint32(value) - } else if parts[0] == "hca_object" { - entry.HcaObjects = uint32(value) - } - } -} - -func toRdmaEntry(strEntries []string) []*stats.RdmaEntry { - var rdmaEntries []*stats.RdmaEntry - for i := range strEntries { - parts := strings.Fields(strEntries[i]) - switch len(parts) { - case 3: - entry := new(stats.RdmaEntry) - entry.Device = parts[0] - parseRdmaKV(parts[1], entry) - parseRdmaKV(parts[2], entry) - - rdmaEntries = append(rdmaEntries, entry) - default: - continue - } - } - return rdmaEntries -} - -// isUnitExists returns true if the error is that a systemd unit already exists. -func isUnitExists(err error) bool { - if err != nil { - if dbusError, ok := err.(dbus.Error); ok { - return strings.Contains(dbusError.Name, "org.freedesktop.systemd1.UnitExists") - } - } - return false -} - -func systemdUnitFromPath(path string) string { - _, unit := filepath.Split(path) - return unit -} - -func readHugeTlbStats(path string) []*stats.HugeTlbStat { - hpSizes := hugePageSizes() - usage := make([]*stats.HugeTlbStat, len(hpSizes)) - for idx, pagesize := range hpSizes { - usage[idx] = &stats.HugeTlbStat{ - Max: getStatFileContentUint64(filepath.Join(path, "hugetlb."+pagesize+".max")), - Current: getStatFileContentUint64(filepath.Join(path, "hugetlb."+pagesize+".current")), - Pagesize: pagesize, - } - } - return usage -} - -var ( - hPageSizes []string - initHPSOnce sync.Once -) - -// The following idea and implementation is taken pretty much line for line from -// runc. Because the hugetlb files are well known, and the only variable thrown in -// the mix is what huge page sizes you have on your host, this lends itself well -// to doing the work to find the files present once, and then re-using this. This -// saves a os.Readdirnames(0) call to search for hugeltb files on every `manager.Stat` -// call. -// https://github.com/opencontainers/runc/blob/3a2c0c2565644d8a7e0f1dd594a060b21fa96cf1/libcontainer/cgroups/utils.go#L301 -func hugePageSizes() []string { - initHPSOnce.Do(func() { - dir, err := os.OpenFile("/sys/kernel/mm/hugepages", unix.O_DIRECTORY|unix.O_RDONLY, 0) - if err != nil { - return - } - files, err := dir.Readdirnames(0) - dir.Close() - if err != nil { - return - } - - hPageSizes, err = getHugePageSizeFromFilenames(files) - if err != nil { - logrus.Warnf("hugePageSizes: %s", err) - } - }) - - return hPageSizes -} - -func getHugePageSizeFromFilenames(fileNames []string) ([]string, error) { - pageSizes := make([]string, 0, len(fileNames)) - var warn error - - for _, file := range fileNames { - // example: hugepages-1048576kB - val := strings.TrimPrefix(file, "hugepages-") - if len(val) == len(file) { - // Unexpected file name: no prefix found, ignore it. - continue - } - // In all known versions of Linux up to 6.3 the suffix is always - // "kB". If we find something else, produce an error but keep going. - eLen := len(val) - 2 - val = strings.TrimSuffix(val, "kB") - if len(val) != eLen { - // Highly unlikely. - if warn == nil { - warn = errors.New(file + `: invalid suffix (expected "kB")`) - } - continue - } - size, err := strconv.Atoi(val) - if err != nil { - // Highly unlikely. - if warn == nil { - warn = fmt.Errorf("%s: %w", file, err) - } - continue - } - // Model after https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/hugetlb_cgroup.c?id=eff48ddeab782e35e58ccc8853f7386bbae9dec4#n574 - // but in our case the size is in KB already. - if size >= (1 << 20) { - val = strconv.Itoa(size>>20) + "GB" - } else if size >= (1 << 10) { - val = strconv.Itoa(size>>10) + "MB" - } else { - val += "KB" - } - pageSizes = append(pageSizes, val) - } - - return pageSizes, warn -} - -func getSubreaper() (int, error) { - var i uintptr - if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil { - return -1, err - } - return int(i), nil -} diff --git a/vendor/github.com/containerd/cgroups/v3/utils.go b/vendor/github.com/containerd/cgroups/v3/utils.go deleted file mode 100644 index ebff755a76..0000000000 --- a/vendor/github.com/containerd/cgroups/v3/utils.go +++ /dev/null @@ -1,150 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package cgroups - -import ( - "bufio" - "fmt" - "io" - "os" - "path/filepath" - "strings" - "sync" - - "golang.org/x/sys/unix" -) - -var ( - nsOnce sync.Once - inUserNS bool - checkMode sync.Once - cgMode CGMode -) - -const unifiedMountpoint = "/sys/fs/cgroup" - -// CGMode is the cgroups mode of the host system -type CGMode int - -const ( - // Unavailable cgroup mountpoint - Unavailable CGMode = iota - // Legacy cgroups v1 - Legacy - // Hybrid with cgroups v1 and v2 controllers mounted - Hybrid - // Unified with only cgroups v2 mounted - Unified -) - -// Mode returns the cgroups mode running on the host -func Mode() CGMode { - checkMode.Do(func() { - var st unix.Statfs_t - if err := unix.Statfs(unifiedMountpoint, &st); err != nil { - cgMode = Unavailable - return - } - switch st.Type { - case unix.CGROUP2_SUPER_MAGIC: - cgMode = Unified - default: - cgMode = Legacy - if err := unix.Statfs(filepath.Join(unifiedMountpoint, "unified"), &st); err != nil { - return - } - if st.Type == unix.CGROUP2_SUPER_MAGIC { - cgMode = Hybrid - } - } - }) - return cgMode -} - -// RunningInUserNS detects whether we are currently running in a user namespace. -// Copied from github.com/lxc/lxd/shared/util.go -func RunningInUserNS() bool { - nsOnce.Do(func() { - file, err := os.Open("/proc/self/uid_map") - if err != nil { - // This kernel-provided file only exists if user namespaces are supported - return - } - defer file.Close() - - buf := bufio.NewReader(file) - l, _, err := buf.ReadLine() - if err != nil { - return - } - - line := string(l) - var a, b, c int64 - fmt.Sscanf(line, "%d %d %d", &a, &b, &c) - - /* - * We assume we are in the initial user namespace if we have a full - * range - 4294967295 uids starting at uid 0. - */ - if a == 0 && b == 0 && c == 4294967295 { - return - } - inUserNS = true - }) - return inUserNS -} - -// ParseCgroupFileUnified returns legacy subsystem paths as the first value, -// and returns the unified path as the second value. -func ParseCgroupFileUnified(path string) (map[string]string, string, error) { - f, err := os.Open(path) - if err != nil { - return nil, "", err - } - defer f.Close() - return ParseCgroupFromReaderUnified(f) -} - -// ParseCgroupFromReaderUnified returns legacy subsystem paths as the first value, -// and returns the unified path as the second value. -func ParseCgroupFromReaderUnified(r io.Reader) (map[string]string, string, error) { - var ( - cgroups = make(map[string]string) - unified = "" - s = bufio.NewScanner(r) - ) - for s.Scan() { - var ( - text = s.Text() - parts = strings.SplitN(text, ":", 3) - ) - if len(parts) < 3 { - return nil, unified, fmt.Errorf("invalid cgroup entry: %q", text) - } - for _, subs := range strings.Split(parts[1], ",") { - if subs == "" { - unified = parts[2] - } else { - cgroups[subs] = parts[2] - } - } - } - if err := s.Err(); err != nil { - return nil, unified, err - } - return cgroups, unified, nil -} diff --git a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go deleted file mode 100644 index 74982358a8..0000000000 --- a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp.go +++ /dev/null @@ -1,25 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package seccomp - -// IsEnabled checks whether seccomp support is enabled. On Linux, it returns -// true if the kernel has been configured to support seccomp (kernel options -// CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are set). On non-Linux, it always -// returns false. -func IsEnabled() bool { - return isEnabled() -} diff --git a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go deleted file mode 100644 index a23b492c6f..0000000000 --- a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_linux.go +++ /dev/null @@ -1,80 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/* - Copyright The runc Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package seccomp - -import ( - "sync" - - "golang.org/x/sys/unix" -) - -var ( - enabled bool - enabledOnce sync.Once -) - -// isEnabled returns whether the kernel has been configured to support seccomp -// (including the check for CONFIG_SECCOMP_FILTER kernel option). -func isEnabled() bool { - // Excerpts from prctl(2), section ERRORS: - // - // EACCES - // option is PR_SET_SECCOMP and arg2 is SECCOMP_MODE_FILTER, but - // the process does not have the CAP_SYS_ADMIN capability or has - // not set the no_new_privs attribute <...>. - // <...> - // EFAULT - // option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER, the - // system was built with CONFIG_SECCOMP_FILTER, and arg3 is an - // invalid address. - // <...> - // EINVAL - // option is PR_SET_SECCOMP or PR_GET_SECCOMP, and the kernel - // was not configured with CONFIG_SECCOMP. - // - // EINVAL - // option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER, - // and the kernel was not configured with CONFIG_SECCOMP_FILTER. - // - // - // Meaning, in case these kernel options are set (this is what we check - // for here), we will get some other error (most probably EACCES or - // EFAULT). IOW, EINVAL means "seccomp not supported", any other error - // means it is supported. - - enabledOnce.Do(func() { - enabled = unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL - }) - - return enabled -} diff --git a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go b/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go deleted file mode 100644 index 41c2ceacbb..0000000000 --- a/vendor/github.com/containerd/containerd/pkg/seccomp/seccomp_unsupported.go +++ /dev/null @@ -1,23 +0,0 @@ -//go:build !linux - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package seccomp - -func isEnabled() bool { - return false -} diff --git a/vendor/github.com/coreos/go-systemd/v22/LICENSE b/vendor/github.com/coreos/go-systemd/v22/LICENSE deleted file mode 100644 index 37ec93a14f..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/LICENSE +++ /dev/null @@ -1,191 +0,0 @@ -Apache License -Version 2.0, January 2004 -http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - -"License" shall mean the terms and conditions for use, reproduction, and -distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by the copyright -owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all other entities -that control, are controlled by, or are under common control with that entity. -For the purposes of this definition, "control" means (i) the power, direct or -indirect, to cause the direction or management of such entity, whether by -contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the -outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising -permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, including -but not limited to software source code, documentation source, and configuration -files. - -"Object" form shall mean any form resulting from mechanical transformation or -translation of a Source form, including but not limited to compiled object code, -generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, made -available under the License, as indicated by a copyright notice that is included -in or attached to the work (an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object form, that -is based on (or derived from) the Work and for which the editorial revisions, -annotations, elaborations, or other modifications represent, as a whole, an -original work of authorship. For the purposes of this License, Derivative Works -shall not include works that remain separable from, or merely link (or bind by -name) to the interfaces of, the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including the original version -of the Work and any modifications or additions to that Work or Derivative Works -thereof, that is intentionally submitted to Licensor for inclusion in the Work -by the copyright owner or by an individual or Legal Entity authorized to submit -on behalf of the copyright owner. For the purposes of this definition, -"submitted" means any form of electronic, verbal, or written communication sent -to the Licensor or its representatives, including but not limited to -communication on electronic mailing lists, source code control systems, and -issue tracking systems that are managed by, or on behalf of, the Licensor for -the purpose of discussing and improving the Work, but excluding communication -that is conspicuously marked or otherwise designated in writing by the copyright -owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on behalf -of whom a Contribution has been received by Licensor and subsequently -incorporated within the Work. - -2. Grant of Copyright License. - -Subject to the terms and conditions of this License, each Contributor hereby -grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, -irrevocable copyright license to reproduce, prepare Derivative Works of, -publicly display, publicly perform, sublicense, and distribute the Work and such -Derivative Works in Source or Object form. - -3. Grant of Patent License. - -Subject to the terms and conditions of this License, each Contributor hereby -grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, -irrevocable (except as stated in this section) patent license to make, have -made, use, offer to sell, sell, import, and otherwise transfer the Work, where -such license applies only to those patent claims licensable by such Contributor -that are necessarily infringed by their Contribution(s) alone or by combination -of their Contribution(s) with the Work to which such Contribution(s) was -submitted. If You institute patent litigation against any entity (including a -cross-claim or counterclaim in a lawsuit) alleging that the Work or a -Contribution incorporated within the Work constitutes direct or contributory -patent infringement, then any patent licenses granted to You under this License -for that Work shall terminate as of the date such litigation is filed. - -4. Redistribution. - -You may reproduce and distribute copies of the Work or Derivative Works thereof -in any medium, with or without modifications, and in Source or Object form, -provided that You meet the following conditions: - -You must give any other recipients of the Work or Derivative Works a copy of -this License; and -You must cause any modified files to carry prominent notices stating that You -changed the files; and -You must retain, in the Source form of any Derivative Works that You distribute, -all copyright, patent, trademark, and attribution notices from the Source form -of the Work, excluding those notices that do not pertain to any part of the -Derivative Works; and -If the Work includes a "NOTICE" text file as part of its distribution, then any -Derivative Works that You distribute must include a readable copy of the -attribution notices contained within such NOTICE file, excluding those notices -that do not pertain to any part of the Derivative Works, in at least one of the -following places: within a NOTICE text file distributed as part of the -Derivative Works; within the Source form or documentation, if provided along -with the Derivative Works; or, within a display generated by the Derivative -Works, if and wherever such third-party notices normally appear. The contents of -the NOTICE file are for informational purposes only and do not modify the -License. You may add Your own attribution notices within Derivative Works that -You distribute, alongside or as an addendum to the NOTICE text from the Work, -provided that such additional attribution notices cannot be construed as -modifying the License. -You may add Your own copyright statement to Your modifications and may provide -additional or different license terms and conditions for use, reproduction, or -distribution of Your modifications, or for any such Derivative Works as a whole, -provided Your use, reproduction, and distribution of the Work otherwise complies -with the conditions stated in this License. - -5. Submission of Contributions. - -Unless You explicitly state otherwise, any Contribution intentionally submitted -for inclusion in the Work by You to the Licensor shall be under the terms and -conditions of this License, without any additional terms or conditions. -Notwithstanding the above, nothing herein shall supersede or modify the terms of -any separate license agreement you may have executed with Licensor regarding -such Contributions. - -6. Trademarks. - -This License does not grant permission to use the trade names, trademarks, -service marks, or product names of the Licensor, except as required for -reasonable and customary use in describing the origin of the Work and -reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. - -Unless required by applicable law or agreed to in writing, Licensor provides the -Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, -including, without limitation, any warranties or conditions of TITLE, -NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are -solely responsible for determining the appropriateness of using or -redistributing the Work and assume any risks associated with Your exercise of -permissions under this License. - -8. Limitation of Liability. - -In no event and under no legal theory, whether in tort (including negligence), -contract, or otherwise, unless required by applicable law (such as deliberate -and grossly negligent acts) or agreed to in writing, shall any Contributor be -liable to You for damages, including any direct, indirect, special, incidental, -or consequential damages of any character arising as a result of this License or -out of the use or inability to use the Work (including but not limited to -damages for loss of goodwill, work stoppage, computer failure or malfunction, or -any and all other commercial damages or losses), even if such Contributor has -been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. - -While redistributing the Work or Derivative Works thereof, You may choose to -offer, and charge a fee for, acceptance of support, warranty, indemnity, or -other liability obligations and/or rights consistent with this License. However, -in accepting such obligations, You may act only on Your own behalf and on Your -sole responsibility, not on behalf of any other Contributor, and only if You -agree to indemnify, defend, and hold each Contributor harmless for any liability -incurred by, or claims asserted against, such Contributor by reason of your -accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work - -To apply the Apache License to your work, attach the following boilerplate -notice, with the fields enclosed by brackets "[]" replaced with your own -identifying information. (Don't include the brackets!) The text should be -enclosed in the appropriate comment syntax for the file format. We also -recommend that a file or class name and description of purpose be included on -the same "printed page" as the copyright notice for easier identification within -third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/coreos/go-systemd/v22/NOTICE b/vendor/github.com/coreos/go-systemd/v22/NOTICE deleted file mode 100644 index 23a0ada2fb..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -CoreOS Project -Copyright 2018 CoreOS, Inc - -This product includes software developed at CoreOS, Inc. -(http://www.coreos.com/). diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go deleted file mode 100644 index 147f756fe2..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go +++ /dev/null @@ -1,266 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Integration with the systemd D-Bus API. See http://www.freedesktop.org/wiki/Software/systemd/dbus/ -package dbus - -import ( - "context" - "encoding/hex" - "fmt" - "os" - "strconv" - "strings" - "sync" - - "github.com/godbus/dbus/v5" -) - -const ( - alpha = `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ` - num = `0123456789` - alphanum = alpha + num - signalBuffer = 100 -) - -// needsEscape checks whether a byte in a potential dbus ObjectPath needs to be escaped -func needsEscape(i int, b byte) bool { - // Escape everything that is not a-z-A-Z-0-9 - // Also escape 0-9 if it's the first character - return strings.IndexByte(alphanum, b) == -1 || - (i == 0 && strings.IndexByte(num, b) != -1) -} - -// PathBusEscape sanitizes a constituent string of a dbus ObjectPath using the -// rules that systemd uses for serializing special characters. -func PathBusEscape(path string) string { - // Special case the empty string - if len(path) == 0 { - return "_" - } - n := []byte{} - for i := 0; i < len(path); i++ { - c := path[i] - if needsEscape(i, c) { - e := fmt.Sprintf("_%x", c) - n = append(n, []byte(e)...) - } else { - n = append(n, c) - } - } - return string(n) -} - -// pathBusUnescape is the inverse of PathBusEscape. -func pathBusUnescape(path string) string { - if path == "_" { - return "" - } - n := []byte{} - for i := 0; i < len(path); i++ { - c := path[i] - if c == '_' && i+2 < len(path) { - res, err := hex.DecodeString(path[i+1 : i+3]) - if err == nil { - n = append(n, res...) - } - i += 2 - } else { - n = append(n, c) - } - } - return string(n) -} - -// Conn is a connection to systemd's dbus endpoint. -type Conn struct { - // sysconn/sysobj are only used to call dbus methods - sysconn *dbus.Conn - sysobj dbus.BusObject - - // sigconn/sigobj are only used to receive dbus signals - sigconn *dbus.Conn - sigobj dbus.BusObject - - jobListener struct { - jobs map[dbus.ObjectPath]chan<- string - sync.Mutex - } - subStateSubscriber struct { - updateCh chan<- *SubStateUpdate - errCh chan<- error - sync.Mutex - ignore map[dbus.ObjectPath]int64 - cleanIgnore int64 - } - propertiesSubscriber struct { - updateCh chan<- *PropertiesUpdate - errCh chan<- error - sync.Mutex - } -} - -// Deprecated: use NewWithContext instead. -func New() (*Conn, error) { - return NewWithContext(context.Background()) -} - -// NewWithContext establishes a connection to any available bus and authenticates. -// Callers should call Close() when done with the connection. -func NewWithContext(ctx context.Context) (*Conn, error) { - conn, err := NewSystemConnectionContext(ctx) - if err != nil && os.Geteuid() == 0 { - return NewSystemdConnectionContext(ctx) - } - return conn, err -} - -// Deprecated: use NewSystemConnectionContext instead. -func NewSystemConnection() (*Conn, error) { - return NewSystemConnectionContext(context.Background()) -} - -// NewSystemConnectionContext establishes a connection to the system bus and authenticates. -// Callers should call Close() when done with the connection. -func NewSystemConnectionContext(ctx context.Context) (*Conn, error) { - return NewConnection(func() (*dbus.Conn, error) { - return dbusAuthHelloConnection(ctx, dbus.SystemBusPrivate) - }) -} - -// Deprecated: use NewUserConnectionContext instead. -func NewUserConnection() (*Conn, error) { - return NewUserConnectionContext(context.Background()) -} - -// NewUserConnectionContext establishes a connection to the session bus and -// authenticates. This can be used to connect to systemd user instances. -// Callers should call Close() when done with the connection. -func NewUserConnectionContext(ctx context.Context) (*Conn, error) { - return NewConnection(func() (*dbus.Conn, error) { - return dbusAuthHelloConnection(ctx, dbus.SessionBusPrivate) - }) -} - -// Deprecated: use NewSystemdConnectionContext instead. -func NewSystemdConnection() (*Conn, error) { - return NewSystemdConnectionContext(context.Background()) -} - -// NewSystemdConnectionContext establishes a private, direct connection to systemd. -// This can be used for communicating with systemd without a dbus daemon. -// Callers should call Close() when done with the connection. -func NewSystemdConnectionContext(ctx context.Context) (*Conn, error) { - return NewConnection(func() (*dbus.Conn, error) { - // We skip Hello when talking directly to systemd. - return dbusAuthConnection(ctx, func(opts ...dbus.ConnOption) (*dbus.Conn, error) { - return dbus.Dial("unix:path=/run/systemd/private", opts...) - }) - }) -} - -// Close closes an established connection. -func (c *Conn) Close() { - c.sysconn.Close() - c.sigconn.Close() -} - -// Connected returns whether conn is connected -func (c *Conn) Connected() bool { - return c.sysconn.Connected() && c.sigconn.Connected() -} - -// NewConnection establishes a connection to a bus using a caller-supplied function. -// This allows connecting to remote buses through a user-supplied mechanism. -// The supplied function may be called multiple times, and should return independent connections. -// The returned connection must be fully initialised: the org.freedesktop.DBus.Hello call must have succeeded, -// and any authentication should be handled by the function. -func NewConnection(dialBus func() (*dbus.Conn, error)) (*Conn, error) { - sysconn, err := dialBus() - if err != nil { - return nil, err - } - - sigconn, err := dialBus() - if err != nil { - sysconn.Close() - return nil, err - } - - c := &Conn{ - sysconn: sysconn, - sysobj: systemdObject(sysconn), - sigconn: sigconn, - sigobj: systemdObject(sigconn), - } - - c.subStateSubscriber.ignore = make(map[dbus.ObjectPath]int64) - c.jobListener.jobs = make(map[dbus.ObjectPath]chan<- string) - - // Setup the listeners on jobs so that we can get completions - c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, - "type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'") - - c.dispatch() - return c, nil -} - -// GetManagerProperty returns the value of a property on the org.freedesktop.systemd1.Manager -// interface. The value is returned in its string representation, as defined at -// https://developer.gnome.org/glib/unstable/gvariant-text.html. -func (c *Conn) GetManagerProperty(prop string) (string, error) { - variant, err := c.sysobj.GetProperty("org.freedesktop.systemd1.Manager." + prop) - if err != nil { - return "", err - } - return variant.String(), nil -} - -func dbusAuthConnection(ctx context.Context, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) { - conn, err := createBus(dbus.WithContext(ctx)) - if err != nil { - return nil, err - } - - // Only use EXTERNAL method, and hardcode the uid (not username) - // to avoid a username lookup (which requires a dynamically linked - // libc) - methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))} - - err = conn.Auth(methods) - if err != nil { - conn.Close() - return nil, err - } - - return conn, nil -} - -func dbusAuthHelloConnection(ctx context.Context, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) { - conn, err := dbusAuthConnection(ctx, createBus) - if err != nil { - return nil, err - } - - if err = conn.Hello(); err != nil { - conn.Close() - return nil, err - } - - return conn, nil -} - -func systemdObject(conn *dbus.Conn) dbus.BusObject { - return conn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1")) -} diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go deleted file mode 100644 index 074148cb4d..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go +++ /dev/null @@ -1,864 +0,0 @@ -// Copyright 2015, 2018 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package dbus - -import ( - "context" - "errors" - "fmt" - "path" - "strconv" - - "github.com/godbus/dbus/v5" -) - -// Who can be used to specify which process to kill in the unit via the KillUnitWithTarget API -type Who string - -const ( - // All sends the signal to all processes in the unit - All Who = "all" - // Main sends the signal to the main process of the unit - Main Who = "main" - // Control sends the signal to the control process of the unit - Control Who = "control" -) - -func (c *Conn) jobComplete(signal *dbus.Signal) { - var id uint32 - var job dbus.ObjectPath - var unit string - var result string - dbus.Store(signal.Body, &id, &job, &unit, &result) - c.jobListener.Lock() - out, ok := c.jobListener.jobs[job] - if ok { - out <- result - delete(c.jobListener.jobs, job) - } - c.jobListener.Unlock() -} - -func (c *Conn) startJob(ctx context.Context, ch chan<- string, job string, args ...interface{}) (int, error) { - if ch != nil { - c.jobListener.Lock() - defer c.jobListener.Unlock() - } - - var p dbus.ObjectPath - err := c.sysobj.CallWithContext(ctx, job, 0, args...).Store(&p) - if err != nil { - return 0, err - } - - if ch != nil { - c.jobListener.jobs[p] = ch - } - - // ignore error since 0 is fine if conversion fails - jobID, _ := strconv.Atoi(path.Base(string(p))) - - return jobID, nil -} - -// Deprecated: use StartUnitContext instead. -func (c *Conn) StartUnit(name string, mode string, ch chan<- string) (int, error) { - return c.StartUnitContext(context.Background(), name, mode, ch) -} - -// StartUnitContext enqueues a start job and depending jobs, if any (unless otherwise -// specified by the mode string). -// -// Takes the unit to activate, plus a mode string. The mode needs to be one of -// replace, fail, isolate, ignore-dependencies, ignore-requirements. If -// "replace" the call will start the unit and its dependencies, possibly -// replacing already queued jobs that conflict with this. If "fail" the call -// will start the unit and its dependencies, but will fail if this would change -// an already queued job. If "isolate" the call will start the unit in question -// and terminate all units that aren't dependencies of it. If -// "ignore-dependencies" it will start a unit but ignore all its dependencies. -// If "ignore-requirements" it will start a unit but only ignore the -// requirement dependencies. It is not recommended to make use of the latter -// two options. -// -// If the provided channel is non-nil, a result string will be sent to it upon -// job completion: one of done, canceled, timeout, failed, dependency, skipped. -// done indicates successful execution of a job. canceled indicates that a job -// has been canceled before it finished execution. timeout indicates that the -// job timeout was reached. failed indicates that the job failed. dependency -// indicates that a job this job has been depending on failed and the job hence -// has been removed too. skipped indicates that a job was skipped because it -// didn't apply to the units current state. -// -// If no error occurs, the ID of the underlying systemd job will be returned. There -// does exist the possibility for no error to be returned, but for the returned job -// ID to be 0. In this case, the actual underlying ID is not 0 and this datapoint -// should not be considered authoritative. -// -// If an error does occur, it will be returned to the user alongside a job ID of 0. -func (c *Conn) StartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartUnit", name, mode) -} - -// Deprecated: use StopUnitContext instead. -func (c *Conn) StopUnit(name string, mode string, ch chan<- string) (int, error) { - return c.StopUnitContext(context.Background(), name, mode, ch) -} - -// StopUnitContext is similar to StartUnitContext, but stops the specified unit -// rather than starting it. -func (c *Conn) StopUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StopUnit", name, mode) -} - -// Deprecated: use ReloadUnitContext instead. -func (c *Conn) ReloadUnit(name string, mode string, ch chan<- string) (int, error) { - return c.ReloadUnitContext(context.Background(), name, mode, ch) -} - -// ReloadUnitContext reloads a unit. Reloading is done only if the unit -// is already running, and fails otherwise. -func (c *Conn) ReloadUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.ReloadUnit", name, mode) -} - -// Deprecated: use RestartUnitContext instead. -func (c *Conn) RestartUnit(name string, mode string, ch chan<- string) (int, error) { - return c.RestartUnitContext(context.Background(), name, mode, ch) -} - -// RestartUnitContext restarts a service. If a service is restarted that isn't -// running it will be started. -func (c *Conn) RestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.RestartUnit", name, mode) -} - -// Deprecated: use TryRestartUnitContext instead. -func (c *Conn) TryRestartUnit(name string, mode string, ch chan<- string) (int, error) { - return c.TryRestartUnitContext(context.Background(), name, mode, ch) -} - -// TryRestartUnitContext is like RestartUnitContext, except that a service that -// isn't running is not affected by the restart. -func (c *Conn) TryRestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode) -} - -// Deprecated: use ReloadOrRestartUnitContext instead. -func (c *Conn) ReloadOrRestartUnit(name string, mode string, ch chan<- string) (int, error) { - return c.ReloadOrRestartUnitContext(context.Background(), name, mode, ch) -} - -// ReloadOrRestartUnitContext attempts a reload if the unit supports it and use -// a restart otherwise. -func (c *Conn) ReloadOrRestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode) -} - -// Deprecated: use ReloadOrTryRestartUnitContext instead. -func (c *Conn) ReloadOrTryRestartUnit(name string, mode string, ch chan<- string) (int, error) { - return c.ReloadOrTryRestartUnitContext(context.Background(), name, mode, ch) -} - -// ReloadOrTryRestartUnitContext attempts a reload if the unit supports it, -// and use a "Try" flavored restart otherwise. -func (c *Conn) ReloadOrTryRestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode) -} - -// Deprecated: use StartTransientUnitContext instead. -func (c *Conn) StartTransientUnit(name string, mode string, properties []Property, ch chan<- string) (int, error) { - return c.StartTransientUnitContext(context.Background(), name, mode, properties, ch) -} - -// StartTransientUnitContext may be used to create and start a transient unit, which -// will be released as soon as it is not running or referenced anymore or the -// system is rebooted. name is the unit name including suffix, and must be -// unique. mode is the same as in StartUnitContext, properties contains properties -// of the unit. -func (c *Conn) StartTransientUnitContext(ctx context.Context, name string, mode string, properties []Property, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0)) -} - -// Deprecated: use KillUnitContext instead. -func (c *Conn) KillUnit(name string, signal int32) { - c.KillUnitContext(context.Background(), name, signal) -} - -// KillUnitContext takes the unit name and a UNIX signal number to send. -// All of the unit's processes are killed. -func (c *Conn) KillUnitContext(ctx context.Context, name string, signal int32) { - c.KillUnitWithTarget(ctx, name, All, signal) -} - -// KillUnitWithTarget is like KillUnitContext, but allows you to specify which -// process in the unit to send the signal to. -func (c *Conn) KillUnitWithTarget(ctx context.Context, name string, target Who, signal int32) error { - return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.KillUnit", 0, name, string(target), signal).Store() -} - -// Deprecated: use ResetFailedUnitContext instead. -func (c *Conn) ResetFailedUnit(name string) error { - return c.ResetFailedUnitContext(context.Background(), name) -} - -// ResetFailedUnitContext resets the "failed" state of a specific unit. -func (c *Conn) ResetFailedUnitContext(ctx context.Context, name string) error { - return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ResetFailedUnit", 0, name).Store() -} - -// Deprecated: use SystemStateContext instead. -func (c *Conn) SystemState() (*Property, error) { - return c.SystemStateContext(context.Background()) -} - -// SystemStateContext returns the systemd state. Equivalent to -// systemctl is-system-running. -func (c *Conn) SystemStateContext(ctx context.Context) (*Property, error) { - var err error - var prop dbus.Variant - - obj := c.sysconn.Object("org.freedesktop.systemd1", "/org/freedesktop/systemd1") - err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Properties.Get", 0, "org.freedesktop.systemd1.Manager", "SystemState").Store(&prop) - if err != nil { - return nil, err - } - - return &Property{Name: "SystemState", Value: prop}, nil -} - -// getProperties takes the unit path and returns all of its dbus object properties, for the given dbus interface. -func (c *Conn) getProperties(ctx context.Context, path dbus.ObjectPath, dbusInterface string) (map[string]interface{}, error) { - var err error - var props map[string]dbus.Variant - - if !path.IsValid() { - return nil, fmt.Errorf("invalid unit name: %v", path) - } - - obj := c.sysconn.Object("org.freedesktop.systemd1", path) - err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props) - if err != nil { - return nil, err - } - - out := make(map[string]interface{}, len(props)) - for k, v := range props { - out[k] = v.Value() - } - - return out, nil -} - -// Deprecated: use GetUnitPropertiesContext instead. -func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) { - return c.GetUnitPropertiesContext(context.Background(), unit) -} - -// GetUnitPropertiesContext takes the (unescaped) unit name and returns all of -// its dbus object properties. -func (c *Conn) GetUnitPropertiesContext(ctx context.Context, unit string) (map[string]interface{}, error) { - path := unitPath(unit) - return c.getProperties(ctx, path, "org.freedesktop.systemd1.Unit") -} - -// Deprecated: use GetUnitPathPropertiesContext instead. -func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]interface{}, error) { - return c.GetUnitPathPropertiesContext(context.Background(), path) -} - -// GetUnitPathPropertiesContext takes the (escaped) unit path and returns all -// of its dbus object properties. -func (c *Conn) GetUnitPathPropertiesContext(ctx context.Context, path dbus.ObjectPath) (map[string]interface{}, error) { - return c.getProperties(ctx, path, "org.freedesktop.systemd1.Unit") -} - -// Deprecated: use GetAllPropertiesContext instead. -func (c *Conn) GetAllProperties(unit string) (map[string]interface{}, error) { - return c.GetAllPropertiesContext(context.Background(), unit) -} - -// GetAllPropertiesContext takes the (unescaped) unit name and returns all of -// its dbus object properties. -func (c *Conn) GetAllPropertiesContext(ctx context.Context, unit string) (map[string]interface{}, error) { - path := unitPath(unit) - return c.getProperties(ctx, path, "") -} - -func (c *Conn) getProperty(ctx context.Context, unit string, dbusInterface string, propertyName string) (*Property, error) { - var err error - var prop dbus.Variant - - path := unitPath(unit) - if !path.IsValid() { - return nil, errors.New("invalid unit name: " + unit) - } - - obj := c.sysconn.Object("org.freedesktop.systemd1", path) - err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop) - if err != nil { - return nil, err - } - - return &Property{Name: propertyName, Value: prop}, nil -} - -// Deprecated: use GetUnitPropertyContext instead. -func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) { - return c.GetUnitPropertyContext(context.Background(), unit, propertyName) -} - -// GetUnitPropertyContext takes an (unescaped) unit name, and a property name, -// and returns the property value. -func (c *Conn) GetUnitPropertyContext(ctx context.Context, unit string, propertyName string) (*Property, error) { - return c.getProperty(ctx, unit, "org.freedesktop.systemd1.Unit", propertyName) -} - -// Deprecated: use GetServicePropertyContext instead. -func (c *Conn) GetServiceProperty(service string, propertyName string) (*Property, error) { - return c.GetServicePropertyContext(context.Background(), service, propertyName) -} - -// GetServiceProperty returns property for given service name and property name. -func (c *Conn) GetServicePropertyContext(ctx context.Context, service string, propertyName string) (*Property, error) { - return c.getProperty(ctx, service, "org.freedesktop.systemd1.Service", propertyName) -} - -// Deprecated: use GetUnitTypePropertiesContext instead. -func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) { - return c.GetUnitTypePropertiesContext(context.Background(), unit, unitType) -} - -// GetUnitTypePropertiesContext returns the extra properties for a unit, specific to the unit type. -// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope. -// Returns "dbus.Error: Unknown interface" error if the unitType is not the correct type of the unit. -func (c *Conn) GetUnitTypePropertiesContext(ctx context.Context, unit string, unitType string) (map[string]interface{}, error) { - path := unitPath(unit) - return c.getProperties(ctx, path, "org.freedesktop.systemd1."+unitType) -} - -// Deprecated: use SetUnitPropertiesContext instead. -func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error { - return c.SetUnitPropertiesContext(context.Background(), name, runtime, properties...) -} - -// SetUnitPropertiesContext may be used to modify certain unit properties at runtime. -// Not all properties may be changed at runtime, but many resource management -// settings (primarily those in systemd.cgroup(5)) may. The changes are applied -// instantly, and stored on disk for future boots, unless runtime is true, in which -// case the settings only apply until the next reboot. name is the name of the unit -// to modify. properties are the settings to set, encoded as an array of property -// name and value pairs. -func (c *Conn) SetUnitPropertiesContext(ctx context.Context, name string, runtime bool, properties ...Property) error { - return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.SetUnitProperties", 0, name, runtime, properties).Store() -} - -// Deprecated: use GetUnitTypePropertyContext instead. -func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) { - return c.GetUnitTypePropertyContext(context.Background(), unit, unitType, propertyName) -} - -// GetUnitTypePropertyContext takes a property name, a unit name, and a unit type, -// and returns a property value. For valid values of unitType, see GetUnitTypePropertiesContext. -func (c *Conn) GetUnitTypePropertyContext(ctx context.Context, unit string, unitType string, propertyName string) (*Property, error) { - return c.getProperty(ctx, unit, "org.freedesktop.systemd1."+unitType, propertyName) -} - -type UnitStatus struct { - Name string // The primary unit name as string - Description string // The human readable description string - LoadState string // The load state (i.e. whether the unit file has been loaded successfully) - ActiveState string // The active state (i.e. whether the unit is currently started or not) - SubState string // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not) - Followed string // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string. - Path dbus.ObjectPath // The unit object path - JobId uint32 // If there is a job queued for the job unit the numeric job id, 0 otherwise - JobType string // The job type as string - JobPath dbus.ObjectPath // The job object path -} - -type storeFunc func(retvalues ...interface{}) error - -func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) { - result := make([][]interface{}, 0) - err := f(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - status := make([]UnitStatus, len(result)) - statusInterface := make([]interface{}, len(status)) - for i := range status { - statusInterface[i] = &status[i] - } - - err = dbus.Store(resultInterface, statusInterface...) - if err != nil { - return nil, err - } - - return status, nil -} - -// GetUnitByPID returns the unit object path of the unit a process ID -// belongs to. It takes a UNIX PID and returns the object path. The PID must -// refer to an existing system process -func (c *Conn) GetUnitByPID(ctx context.Context, pid uint32) (dbus.ObjectPath, error) { - var result dbus.ObjectPath - - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.GetUnitByPID", 0, pid).Store(&result) - - return result, err -} - -// GetUnitNameByPID returns the name of the unit a process ID belongs to. It -// takes a UNIX PID and returns the object path. The PID must refer to an -// existing system process -func (c *Conn) GetUnitNameByPID(ctx context.Context, pid uint32) (string, error) { - path, err := c.GetUnitByPID(ctx, pid) - if err != nil { - return "", err - } - - return unitName(path), nil -} - -// Deprecated: use ListUnitsContext instead. -func (c *Conn) ListUnits() ([]UnitStatus, error) { - return c.ListUnitsContext(context.Background()) -} - -// ListUnitsContext returns an array with all currently loaded units. Note that -// units may be known by multiple names at the same time, and hence there might -// be more unit names loaded than actual units behind them. -// Also note that a unit is only loaded if it is active and/or enabled. -// Units that are both disabled and inactive will thus not be returned. -func (c *Conn) ListUnitsContext(ctx context.Context) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnits", 0).Store) -} - -// Deprecated: use ListUnitsFilteredContext instead. -func (c *Conn) ListUnitsFiltered(states []string) ([]UnitStatus, error) { - return c.ListUnitsFilteredContext(context.Background(), states) -} - -// ListUnitsFilteredContext returns an array with units filtered by state. -// It takes a list of units' statuses to filter. -func (c *Conn) ListUnitsFilteredContext(ctx context.Context, states []string) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsFiltered", 0, states).Store) -} - -// Deprecated: use ListUnitsByPatternsContext instead. -func (c *Conn) ListUnitsByPatterns(states []string, patterns []string) ([]UnitStatus, error) { - return c.ListUnitsByPatternsContext(context.Background(), states, patterns) -} - -// ListUnitsByPatternsContext returns an array with units. -// It takes a list of units' statuses and names to filter. -// Note that units may be known by multiple names at the same time, -// and hence there might be more unit names loaded than actual units behind them. -func (c *Conn) ListUnitsByPatternsContext(ctx context.Context, states []string, patterns []string) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByPatterns", 0, states, patterns).Store) -} - -// Deprecated: use ListUnitsByNamesContext instead. -func (c *Conn) ListUnitsByNames(units []string) ([]UnitStatus, error) { - return c.ListUnitsByNamesContext(context.Background(), units) -} - -// ListUnitsByNamesContext returns an array with units. It takes a list of units' -// names and returns an UnitStatus array. Comparing to ListUnitsByPatternsContext -// method, this method returns statuses even for inactive or non-existing -// units. Input array should contain exact unit names, but not patterns. -// -// Requires systemd v230 or higher. -func (c *Conn) ListUnitsByNamesContext(ctx context.Context, units []string) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store) -} - -type UnitFile struct { - Path string - Type string -} - -func (c *Conn) listUnitFilesInternal(f storeFunc) ([]UnitFile, error) { - result := make([][]interface{}, 0) - err := f(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - files := make([]UnitFile, len(result)) - fileInterface := make([]interface{}, len(files)) - for i := range files { - fileInterface[i] = &files[i] - } - - err = dbus.Store(resultInterface, fileInterface...) - if err != nil { - return nil, err - } - - return files, nil -} - -// Deprecated: use ListUnitFilesContext instead. -func (c *Conn) ListUnitFiles() ([]UnitFile, error) { - return c.ListUnitFilesContext(context.Background()) -} - -// ListUnitFiles returns an array of all available units on disk. -func (c *Conn) ListUnitFilesContext(ctx context.Context) ([]UnitFile, error) { - return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store) -} - -// Deprecated: use ListUnitFilesByPatternsContext instead. -func (c *Conn) ListUnitFilesByPatterns(states []string, patterns []string) ([]UnitFile, error) { - return c.ListUnitFilesByPatternsContext(context.Background(), states, patterns) -} - -// ListUnitFilesByPatternsContext returns an array of all available units on disk matched the patterns. -func (c *Conn) ListUnitFilesByPatternsContext(ctx context.Context, states []string, patterns []string) ([]UnitFile, error) { - return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFilesByPatterns", 0, states, patterns).Store) -} - -type LinkUnitFileChange EnableUnitFileChange - -// Deprecated: use LinkUnitFilesContext instead. -func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) { - return c.LinkUnitFilesContext(context.Background(), files, runtime, force) -} - -// LinkUnitFilesContext links unit files (that are located outside of the -// usual unit search paths) into the unit search path. -// -// It takes a list of absolute paths to unit files to link and two -// booleans. -// -// The first boolean controls whether the unit shall be -// enabled for runtime only (true, /run), or persistently (false, -// /etc). -// -// The second controls whether symlinks pointing to other units shall -// be replaced if necessary. -// -// This call returns a list of the changes made. The list consists of -// structures with three strings: the type of the change (one of symlink -// or unlink), the file name of the symlink and the destination of the -// symlink. -func (c *Conn) LinkUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) { - result := make([][]interface{}, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]LinkUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil -} - -// Deprecated: use EnableUnitFilesContext instead. -func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) { - return c.EnableUnitFilesContext(context.Background(), files, runtime, force) -} - -// EnableUnitFilesContext may be used to enable one or more units in the system -// (by creating symlinks to them in /etc or /run). -// -// It takes a list of unit files to enable (either just file names or full -// absolute paths if the unit files are residing outside the usual unit -// search paths), and two booleans: the first controls whether the unit shall -// be enabled for runtime only (true, /run), or persistently (false, /etc). -// The second one controls whether symlinks pointing to other units shall -// be replaced if necessary. -// -// This call returns one boolean and an array with the changes made. The -// boolean signals whether the unit files contained any enablement -// information (i.e. an [Install]) section. The changes list consists of -// structures with three strings: the type of the change (one of symlink -// or unlink), the file name of the symlink and the destination of the -// symlink. -func (c *Conn) EnableUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) { - var carries_install_info bool - - result := make([][]interface{}, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result) - if err != nil { - return false, nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]EnableUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return false, nil, err - } - - return carries_install_info, changes, nil -} - -type EnableUnitFileChange struct { - Type string // Type of the change (one of symlink or unlink) - Filename string // File name of the symlink - Destination string // Destination of the symlink -} - -// Deprecated: use DisableUnitFilesContext instead. -func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) { - return c.DisableUnitFilesContext(context.Background(), files, runtime) -} - -// DisableUnitFilesContext may be used to disable one or more units in the -// system (by removing symlinks to them from /etc or /run). -// -// It takes a list of unit files to disable (either just file names or full -// absolute paths if the unit files are residing outside the usual unit -// search paths), and one boolean: whether the unit was enabled for runtime -// only (true, /run), or persistently (false, /etc). -// -// This call returns an array with the changes made. The changes list -// consists of structures with three strings: the type of the change (one of -// symlink or unlink), the file name of the symlink and the destination of the -// symlink. -func (c *Conn) DisableUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]DisableUnitFileChange, error) { - result := make([][]interface{}, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]DisableUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil -} - -type DisableUnitFileChange struct { - Type string // Type of the change (one of symlink or unlink) - Filename string // File name of the symlink - Destination string // Destination of the symlink -} - -// Deprecated: use MaskUnitFilesContext instead. -func (c *Conn) MaskUnitFiles(files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) { - return c.MaskUnitFilesContext(context.Background(), files, runtime, force) -} - -// MaskUnitFilesContext masks one or more units in the system. -// -// The files argument contains a list of units to mask (either just file names -// or full absolute paths if the unit files are residing outside the usual unit -// search paths). -// -// The runtime argument is used to specify whether the unit was enabled for -// runtime only (true, /run/systemd/..), or persistently (false, -// /etc/systemd/..). -func (c *Conn) MaskUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) { - result := make([][]interface{}, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]MaskUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil -} - -type MaskUnitFileChange struct { - Type string // Type of the change (one of symlink or unlink) - Filename string // File name of the symlink - Destination string // Destination of the symlink -} - -// Deprecated: use UnmaskUnitFilesContext instead. -func (c *Conn) UnmaskUnitFiles(files []string, runtime bool) ([]UnmaskUnitFileChange, error) { - return c.UnmaskUnitFilesContext(context.Background(), files, runtime) -} - -// UnmaskUnitFilesContext unmasks one or more units in the system. -// -// It takes the list of unit files to mask (either just file names or full -// absolute paths if the unit files are residing outside the usual unit search -// paths), and a boolean runtime flag to specify whether the unit was enabled -// for runtime only (true, /run/systemd/..), or persistently (false, -// /etc/systemd/..). -func (c *Conn) UnmaskUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]UnmaskUnitFileChange, error) { - result := make([][]interface{}, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]UnmaskUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil -} - -type UnmaskUnitFileChange struct { - Type string // Type of the change (one of symlink or unlink) - Filename string // File name of the symlink - Destination string // Destination of the symlink -} - -// Deprecated: use ReloadContext instead. -func (c *Conn) Reload() error { - return c.ReloadContext(context.Background()) -} - -// ReloadContext instructs systemd to scan for and reload unit files. This is -// an equivalent to systemctl daemon-reload. -func (c *Conn) ReloadContext(ctx context.Context) error { - return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.Reload", 0).Store() -} - -func unitPath(name string) dbus.ObjectPath { - return dbus.ObjectPath("/org/freedesktop/systemd1/unit/" + PathBusEscape(name)) -} - -// unitName returns the unescaped base element of the supplied escaped path. -func unitName(dpath dbus.ObjectPath) string { - return pathBusUnescape(path.Base(string(dpath))) -} - -// JobStatus holds a currently queued job definition. -type JobStatus struct { - Id uint32 // The numeric job id - Unit string // The primary unit name for this job - JobType string // The job type as string - Status string // The job state as string - JobPath dbus.ObjectPath // The job object path - UnitPath dbus.ObjectPath // The unit object path -} - -// Deprecated: use ListJobsContext instead. -func (c *Conn) ListJobs() ([]JobStatus, error) { - return c.ListJobsContext(context.Background()) -} - -// ListJobsContext returns an array with all currently queued jobs. -func (c *Conn) ListJobsContext(ctx context.Context) ([]JobStatus, error) { - return c.listJobsInternal(ctx) -} - -func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) { - result := make([][]interface{}, 0) - if err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListJobs", 0).Store(&result); err != nil { - return nil, err - } - - resultInterface := make([]interface{}, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - status := make([]JobStatus, len(result)) - statusInterface := make([]interface{}, len(status)) - for i := range status { - statusInterface[i] = &status[i] - } - - if err := dbus.Store(resultInterface, statusInterface...); err != nil { - return nil, err - } - - return status, nil -} - -// Freeze the cgroup associated with the unit. -// Note that FreezeUnit and ThawUnit are only supported on systems running with cgroup v2. -func (c *Conn) FreezeUnit(ctx context.Context, unit string) error { - return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.FreezeUnit", 0, unit).Store() -} - -// Unfreeze the cgroup associated with the unit. -func (c *Conn) ThawUnit(ctx context.Context, unit string) error { - return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ThawUnit", 0, unit).Store() -} diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/properties.go b/vendor/github.com/coreos/go-systemd/v22/dbus/properties.go deleted file mode 100644 index fb42b62733..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/properties.go +++ /dev/null @@ -1,237 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package dbus - -import ( - "github.com/godbus/dbus/v5" -) - -// From the systemd docs: -// -// The properties array of StartTransientUnit() may take many of the settings -// that may also be configured in unit files. Not all parameters are currently -// accepted though, but we plan to cover more properties with future release. -// Currently you may set the Description, Slice and all dependency types of -// units, as well as RemainAfterExit, ExecStart for service units, -// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares, -// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth, -// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit, -// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map -// directly to their counterparts in unit files and as normal D-Bus object -// properties. The exception here is the PIDs field of scope units which is -// used for construction of the scope only and specifies the initial PIDs to -// add to the scope object. - -type Property struct { - Name string - Value dbus.Variant -} - -type PropertyCollection struct { - Name string - Properties []Property -} - -type execStart struct { - Path string // the binary path to execute - Args []string // an array with all arguments to pass to the executed command, starting with argument 0 - UncleanIsFailure bool // a boolean whether it should be considered a failure if the process exits uncleanly -} - -// PropExecStart sets the ExecStart service property. The first argument is a -// slice with the binary path to execute followed by the arguments to pass to -// the executed command. See -// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= -func PropExecStart(command []string, uncleanIsFailure bool) Property { - execStarts := []execStart{ - { - Path: command[0], - Args: command, - UncleanIsFailure: uncleanIsFailure, - }, - } - - return Property{ - Name: "ExecStart", - Value: dbus.MakeVariant(execStarts), - } -} - -// PropRemainAfterExit sets the RemainAfterExit service property. See -// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit= -func PropRemainAfterExit(b bool) Property { - return Property{ - Name: "RemainAfterExit", - Value: dbus.MakeVariant(b), - } -} - -// PropType sets the Type service property. See -// http://www.freedesktop.org/software/systemd/man/systemd.service.html#Type= -func PropType(t string) Property { - return Property{ - Name: "Type", - Value: dbus.MakeVariant(t), - } -} - -// PropDescription sets the Description unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description= -func PropDescription(desc string) Property { - return Property{ - Name: "Description", - Value: dbus.MakeVariant(desc), - } -} - -func propDependency(name string, units []string) Property { - return Property{ - Name: name, - Value: dbus.MakeVariant(units), - } -} - -// PropRequires sets the Requires unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires= -func PropRequires(units ...string) Property { - return propDependency("Requires", units) -} - -// PropRequiresOverridable sets the RequiresOverridable unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable= -func PropRequiresOverridable(units ...string) Property { - return propDependency("RequiresOverridable", units) -} - -// PropRequisite sets the Requisite unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite= -func PropRequisite(units ...string) Property { - return propDependency("Requisite", units) -} - -// PropRequisiteOverridable sets the RequisiteOverridable unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable= -func PropRequisiteOverridable(units ...string) Property { - return propDependency("RequisiteOverridable", units) -} - -// PropWants sets the Wants unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants= -func PropWants(units ...string) Property { - return propDependency("Wants", units) -} - -// PropBindsTo sets the BindsTo unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo= -func PropBindsTo(units ...string) Property { - return propDependency("BindsTo", units) -} - -// PropRequiredBy sets the RequiredBy unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy= -func PropRequiredBy(units ...string) Property { - return propDependency("RequiredBy", units) -} - -// PropRequiredByOverridable sets the RequiredByOverridable unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable= -func PropRequiredByOverridable(units ...string) Property { - return propDependency("RequiredByOverridable", units) -} - -// PropWantedBy sets the WantedBy unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy= -func PropWantedBy(units ...string) Property { - return propDependency("WantedBy", units) -} - -// PropBoundBy sets the BoundBy unit property. See -// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy= -func PropBoundBy(units ...string) Property { - return propDependency("BoundBy", units) -} - -// PropConflicts sets the Conflicts unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts= -func PropConflicts(units ...string) Property { - return propDependency("Conflicts", units) -} - -// PropConflictedBy sets the ConflictedBy unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy= -func PropConflictedBy(units ...string) Property { - return propDependency("ConflictedBy", units) -} - -// PropBefore sets the Before unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before= -func PropBefore(units ...string) Property { - return propDependency("Before", units) -} - -// PropAfter sets the After unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After= -func PropAfter(units ...string) Property { - return propDependency("After", units) -} - -// PropOnFailure sets the OnFailure unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure= -func PropOnFailure(units ...string) Property { - return propDependency("OnFailure", units) -} - -// PropTriggers sets the Triggers unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers= -func PropTriggers(units ...string) Property { - return propDependency("Triggers", units) -} - -// PropTriggeredBy sets the TriggeredBy unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy= -func PropTriggeredBy(units ...string) Property { - return propDependency("TriggeredBy", units) -} - -// PropPropagatesReloadTo sets the PropagatesReloadTo unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo= -func PropPropagatesReloadTo(units ...string) Property { - return propDependency("PropagatesReloadTo", units) -} - -// PropRequiresMountsFor sets the RequiresMountsFor unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor= -func PropRequiresMountsFor(units ...string) Property { - return propDependency("RequiresMountsFor", units) -} - -// PropSlice sets the Slice unit property. See -// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice= -func PropSlice(slice string) Property { - return Property{ - Name: "Slice", - Value: dbus.MakeVariant(slice), - } -} - -// PropPids sets the PIDs field of scope units used in the initial construction -// of the scope only and specifies the initial PIDs to add to the scope object. -// See https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/#properties -func PropPids(pids ...uint32) Property { - return Property{ - Name: "PIDs", - Value: dbus.MakeVariant(pids), - } -} diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/set.go deleted file mode 100644 index 17c5d48565..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/set.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package dbus - -type set struct { - data map[string]bool -} - -func (s *set) Add(value string) { - s.data[value] = true -} - -func (s *set) Remove(value string) { - delete(s.data, value) -} - -func (s *set) Contains(value string) (exists bool) { - _, exists = s.data[value] - return -} - -func (s *set) Length() int { - return len(s.data) -} - -func (s *set) Values() (values []string) { - for val := range s.data { - values = append(values, val) - } - return -} - -func newSet() *set { - return &set{make(map[string]bool)} -} diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go deleted file mode 100644 index 7e370fea21..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go +++ /dev/null @@ -1,333 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package dbus - -import ( - "errors" - "log" - "time" - - "github.com/godbus/dbus/v5" -) - -const ( - cleanIgnoreInterval = int64(10 * time.Second) - ignoreInterval = int64(30 * time.Millisecond) -) - -// Subscribe sets up this connection to subscribe to all systemd dbus events. -// This is required before calling SubscribeUnits. When the connection closes -// systemd will automatically stop sending signals so there is no need to -// explicitly call Unsubscribe(). -func (c *Conn) Subscribe() error { - c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, - "type='signal',interface='org.freedesktop.systemd1.Manager',member='UnitNew'") - c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, - "type='signal',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged'") - - return c.sigobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store() -} - -// Unsubscribe this connection from systemd dbus events. -func (c *Conn) Unsubscribe() error { - return c.sigobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store() -} - -func (c *Conn) dispatch() { - ch := make(chan *dbus.Signal, signalBuffer) - - c.sigconn.Signal(ch) - - go func() { - for { - signal, ok := <-ch - if !ok { - return - } - - if signal.Name == "org.freedesktop.systemd1.Manager.JobRemoved" { - c.jobComplete(signal) - } - - if c.subStateSubscriber.updateCh == nil && - c.propertiesSubscriber.updateCh == nil { - continue - } - - var unitPath dbus.ObjectPath - switch signal.Name { - case "org.freedesktop.systemd1.Manager.JobRemoved": - unitName := signal.Body[2].(string) - c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath) - case "org.freedesktop.systemd1.Manager.UnitNew": - unitPath = signal.Body[1].(dbus.ObjectPath) - case "org.freedesktop.DBus.Properties.PropertiesChanged": - if signal.Body[0].(string) == "org.freedesktop.systemd1.Unit" { - unitPath = signal.Path - - if len(signal.Body) >= 2 { - if changed, ok := signal.Body[1].(map[string]dbus.Variant); ok { - c.sendPropertiesUpdate(unitPath, changed) - } - } - } - } - - if unitPath == dbus.ObjectPath("") { - continue - } - - c.sendSubStateUpdate(unitPath) - } - }() -} - -// SubscribeUnits returns two unbuffered channels which will receive all changed units every -// interval. Deleted units are sent as nil. -func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) { - return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil) -} - -// SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer -// size of the channels, the comparison function for detecting changes and a filter -// function for cutting down on the noise that your channel receives. -func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func(string) bool) (<-chan map[string]*UnitStatus, <-chan error) { - old := make(map[string]*UnitStatus) - statusChan := make(chan map[string]*UnitStatus, buffer) - errChan := make(chan error, buffer) - - go func() { - for { - timerChan := time.After(interval) - - units, err := c.ListUnits() - if err == nil { - cur := make(map[string]*UnitStatus) - for i := range units { - if filterUnit != nil && filterUnit(units[i].Name) { - continue - } - cur[units[i].Name] = &units[i] - } - - // add all new or changed units - changed := make(map[string]*UnitStatus) - for n, u := range cur { - if oldU, ok := old[n]; !ok || isChanged(oldU, u) { - changed[n] = u - } - delete(old, n) - } - - // add all deleted units - for oldN := range old { - changed[oldN] = nil - } - - old = cur - - if len(changed) != 0 { - statusChan <- changed - } - } else { - errChan <- err - } - - <-timerChan - } - }() - - return statusChan, errChan -} - -type SubStateUpdate struct { - UnitName string - SubState string -} - -// SetSubStateSubscriber writes to updateCh when any unit's substate changes. -// Although this writes to updateCh on every state change, the reported state -// may be more recent than the change that generated it (due to an unavoidable -// race in the systemd dbus interface). That is, this method provides a good -// way to keep a current view of all units' states, but is not guaranteed to -// show every state transition they go through. Furthermore, state changes -// will only be written to the channel with non-blocking writes. If updateCh -// is full, it attempts to write an error to errCh; if errCh is full, the error -// passes silently. -func (c *Conn) SetSubStateSubscriber(updateCh chan<- *SubStateUpdate, errCh chan<- error) { - if c == nil { - msg := "nil receiver" - select { - case errCh <- errors.New(msg): - default: - log.Printf("full error channel while reporting: %s\n", msg) - } - return - } - - c.subStateSubscriber.Lock() - defer c.subStateSubscriber.Unlock() - c.subStateSubscriber.updateCh = updateCh - c.subStateSubscriber.errCh = errCh -} - -func (c *Conn) sendSubStateUpdate(unitPath dbus.ObjectPath) { - c.subStateSubscriber.Lock() - defer c.subStateSubscriber.Unlock() - - if c.subStateSubscriber.updateCh == nil { - return - } - - isIgnored := c.shouldIgnore(unitPath) - defer c.cleanIgnore() - if isIgnored { - return - } - - info, err := c.GetUnitPathProperties(unitPath) - if err != nil { - select { - case c.subStateSubscriber.errCh <- err: - default: - log.Printf("full error channel while reporting: %s\n", err) - } - return - } - defer c.updateIgnore(unitPath, info) - - name, ok := info["Id"].(string) - if !ok { - msg := "failed to cast info.Id" - select { - case c.subStateSubscriber.errCh <- errors.New(msg): - default: - log.Printf("full error channel while reporting: %s\n", err) - } - return - } - substate, ok := info["SubState"].(string) - if !ok { - msg := "failed to cast info.SubState" - select { - case c.subStateSubscriber.errCh <- errors.New(msg): - default: - log.Printf("full error channel while reporting: %s\n", msg) - } - return - } - - update := &SubStateUpdate{name, substate} - select { - case c.subStateSubscriber.updateCh <- update: - default: - msg := "update channel is full" - select { - case c.subStateSubscriber.errCh <- errors.New(msg): - default: - log.Printf("full error channel while reporting: %s\n", msg) - } - return - } -} - -// The ignore functions work around a wart in the systemd dbus interface. -// Requesting the properties of an unloaded unit will cause systemd to send a -// pair of UnitNew/UnitRemoved signals. Because we need to get a unit's -// properties on UnitNew (as that's the only indication of a new unit coming up -// for the first time), we would enter an infinite loop if we did not attempt -// to detect and ignore these spurious signals. The signal themselves are -// indistinguishable from relevant ones, so we (somewhat hackishly) ignore an -// unloaded unit's signals for a short time after requesting its properties. -// This means that we will miss e.g. a transient unit being restarted -// *immediately* upon failure and also a transient unit being started -// immediately after requesting its status (with systemctl status, for example, -// because this causes a UnitNew signal to be sent which then causes us to fetch -// the properties). - -func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool { - t, ok := c.subStateSubscriber.ignore[path] - return ok && t >= time.Now().UnixNano() -} - -func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) { - loadState, ok := info["LoadState"].(string) - if !ok { - return - } - - // unit is unloaded - it will trigger bad systemd dbus behavior - if loadState == "not-found" { - c.subStateSubscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval - } -} - -// without this, ignore would grow unboundedly over time -func (c *Conn) cleanIgnore() { - now := time.Now().UnixNano() - if c.subStateSubscriber.cleanIgnore < now { - c.subStateSubscriber.cleanIgnore = now + cleanIgnoreInterval - - for p, t := range c.subStateSubscriber.ignore { - if t < now { - delete(c.subStateSubscriber.ignore, p) - } - } - } -} - -// PropertiesUpdate holds a map of a unit's changed properties -type PropertiesUpdate struct { - UnitName string - Changed map[string]dbus.Variant -} - -// SetPropertiesSubscriber writes to updateCh when any unit's properties -// change. Every property change reported by systemd will be sent; that is, no -// transitions will be "missed" (as they might be with SetSubStateSubscriber). -// However, state changes will only be written to the channel with non-blocking -// writes. If updateCh is full, it attempts to write an error to errCh; if -// errCh is full, the error passes silently. -func (c *Conn) SetPropertiesSubscriber(updateCh chan<- *PropertiesUpdate, errCh chan<- error) { - c.propertiesSubscriber.Lock() - defer c.propertiesSubscriber.Unlock() - c.propertiesSubscriber.updateCh = updateCh - c.propertiesSubscriber.errCh = errCh -} - -// we don't need to worry about shouldIgnore() here because -// sendPropertiesUpdate doesn't call GetProperties() -func (c *Conn) sendPropertiesUpdate(unitPath dbus.ObjectPath, changedProps map[string]dbus.Variant) { - c.propertiesSubscriber.Lock() - defer c.propertiesSubscriber.Unlock() - - if c.propertiesSubscriber.updateCh == nil { - return - } - - update := &PropertiesUpdate{unitName(unitPath), changedProps} - - select { - case c.propertiesSubscriber.updateCh <- update: - default: - msg := "update channel is full" - select { - case c.propertiesSubscriber.errCh <- errors.New(msg): - default: - log.Printf("full error channel while reporting: %s\n", msg) - } - return - } -} diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go deleted file mode 100644 index 5b408d5847..0000000000 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package dbus - -import ( - "time" -) - -// SubscriptionSet returns a subscription set which is like conn.Subscribe but -// can filter to only return events for a set of units. -type SubscriptionSet struct { - *set - conn *Conn -} - -func (s *SubscriptionSet) filter(unit string) bool { - return !s.Contains(unit) -} - -// Subscribe starts listening for dbus events for all of the units in the set. -// Returns channels identical to conn.SubscribeUnits. -func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) { - // TODO: Make fully evented by using systemd 209 with properties changed values - return s.conn.SubscribeUnitsCustom(time.Second, 0, - mismatchUnitStatus, - func(unit string) bool { return s.filter(unit) }, - ) -} - -// NewSubscriptionSet returns a new subscription set. -func (conn *Conn) NewSubscriptionSet() *SubscriptionSet { - return &SubscriptionSet{newSet(), conn} -} - -// mismatchUnitStatus returns true if the provided UnitStatus objects -// are not equivalent. false is returned if the objects are equivalent. -// Only the Name, Description and state-related fields are used in -// the comparison. -func mismatchUnitStatus(u1, u2 *UnitStatus) bool { - return u1.Name != u2.Name || - u1.Description != u2.Description || - u1.LoadState != u2.LoadState || - u1.ActiveState != u2.ActiveState || - u1.SubState != u2.SubState -} diff --git a/vendor/github.com/distribution/reference/README.md b/vendor/github.com/distribution/reference/README.md index e2531e49c4..172a02e0b3 100644 --- a/vendor/github.com/distribution/reference/README.md +++ b/vendor/github.com/distribution/reference/README.md @@ -10,7 +10,7 @@ Go library to handle references to container images. [![codecov](https://codecov.io/gh/distribution/reference/branch/main/graph/badge.svg)](https://codecov.io/gh/distribution/reference) [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference?ref=badge_shield) -This repository contains a library for handling refrences to container images held in container registries. Please see [godoc](https://pkg.go.dev/github.com/distribution/reference) for details. +This repository contains a library for handling references to container images held in container registries. Please see [godoc](https://pkg.go.dev/github.com/distribution/reference) for details. ## Contribution diff --git a/vendor/github.com/distribution/reference/normalize.go b/vendor/github.com/distribution/reference/normalize.go index a30229d01b..f4128314c1 100644 --- a/vendor/github.com/distribution/reference/normalize.go +++ b/vendor/github.com/distribution/reference/normalize.go @@ -123,20 +123,51 @@ func ParseDockerRef(ref string) (Named, error) { // splitDockerDomain splits a repository name to domain and remote-name. // If no valid domain is found, the default domain is used. Repository name // needs to be already validated before. -func splitDockerDomain(name string) (domain, remainder string) { - i := strings.IndexRune(name, '/') - if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != localhost && strings.ToLower(name[:i]) == name[:i]) { - domain, remainder = defaultDomain, name - } else { - domain, remainder = name[:i], name[i+1:] - } - if domain == legacyDefaultDomain { - domain = defaultDomain - } - if domain == defaultDomain && !strings.ContainsRune(remainder, '/') { - remainder = officialRepoPrefix + remainder - } - return +func splitDockerDomain(name string) (domain, remoteName string) { + maybeDomain, maybeRemoteName, ok := strings.Cut(name, "/") + if !ok { + // Fast-path for single element ("familiar" names), such as "ubuntu" + // or "ubuntu:latest". Familiar names must be handled separately, to + // prevent them from being handled as "hostname:port". + // + // Canonicalize them as "docker.io/library/name[:tag]" + + // FIXME(thaJeztah): account for bare "localhost" or "example.com" names, which SHOULD be considered a domain. + return defaultDomain, officialRepoPrefix + name + } + + switch { + case maybeDomain == localhost: + // localhost is a reserved namespace and always considered a domain. + domain, remoteName = maybeDomain, maybeRemoteName + case maybeDomain == legacyDefaultDomain: + // canonicalize the Docker Hub and legacy "Docker Index" domains. + domain, remoteName = defaultDomain, maybeRemoteName + case strings.ContainsAny(maybeDomain, ".:"): + // Likely a domain or IP-address: + // + // - contains a "." (e.g., "example.com" or "127.0.0.1") + // - contains a ":" (e.g., "example:5000", "::1", or "[::1]:5000") + domain, remoteName = maybeDomain, maybeRemoteName + case strings.ToLower(maybeDomain) != maybeDomain: + // Uppercase namespaces are not allowed, so if the first element + // is not lowercase, we assume it to be a domain-name. + domain, remoteName = maybeDomain, maybeRemoteName + default: + // None of the above: it's not a domain, so use the default, and + // use the name input the remote-name. + domain, remoteName = defaultDomain, name + } + + if domain == defaultDomain && !strings.ContainsRune(remoteName, '/') { + // Canonicalize "familiar" names, but only on Docker Hub, not + // on other domains: + // + // "docker.io/ubuntu[:tag]" => "docker.io/library/ubuntu[:tag]" + remoteName = officialRepoPrefix + remoteName + } + + return domain, remoteName } // familiarizeName returns a shortened version of the name familiar diff --git a/vendor/github.com/distribution/reference/reference.go b/vendor/github.com/distribution/reference/reference.go index e98c44daa2..900398bde7 100644 --- a/vendor/github.com/distribution/reference/reference.go +++ b/vendor/github.com/distribution/reference/reference.go @@ -35,8 +35,13 @@ import ( ) const ( + // RepositoryNameTotalLengthMax is the maximum total number of characters in a repository name. + RepositoryNameTotalLengthMax = 255 + // NameTotalLengthMax is the maximum total number of characters in a repository name. - NameTotalLengthMax = 255 + // + // Deprecated: use [RepositoryNameTotalLengthMax] instead. + NameTotalLengthMax = RepositoryNameTotalLengthMax ) var ( @@ -55,8 +60,8 @@ var ( // ErrNameEmpty is returned for empty, invalid repository names. ErrNameEmpty = errors.New("repository name must have at least one component") - // ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax. - ErrNameTooLong = fmt.Errorf("repository name must not be more than %v characters", NameTotalLengthMax) + // ErrNameTooLong is returned when a repository name is longer than RepositoryNameTotalLengthMax. + ErrNameTooLong = fmt.Errorf("repository name must not be more than %v characters", RepositoryNameTotalLengthMax) // ErrNameNotCanonical is returned when a name is not canonical. ErrNameNotCanonical = errors.New("repository name must be canonical") @@ -165,6 +170,9 @@ func Path(named Named) (name string) { return path } +// splitDomain splits a named reference into a hostname and path string. +// If no valid hostname is found, the hostname is empty and the full value +// is returned as name func splitDomain(name string) (string, string) { match := anchoredNameRegexp.FindStringSubmatch(name) if len(match) != 3 { @@ -173,19 +181,6 @@ func splitDomain(name string) (string, string) { return match[1], match[2] } -// SplitHostname splits a named reference into a -// hostname and name string. If no valid hostname is -// found, the hostname is empty and the full value -// is returned as name -// -// Deprecated: Use [Domain] or [Path]. -func SplitHostname(named Named) (string, string) { - if r, ok := named.(namedRepository); ok { - return r.Domain(), r.Path() - } - return splitDomain(named.Name()) -} - // Parse parses s and returns a syntactically valid Reference. // If an error was encountered it is returned, along with a nil Reference. func Parse(s string) (Reference, error) { @@ -200,10 +195,6 @@ func Parse(s string) (Reference, error) { return nil, ErrReferenceInvalidFormat } - if len(matches[1]) > NameTotalLengthMax { - return nil, ErrNameTooLong - } - var repo repository nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1]) @@ -215,6 +206,10 @@ func Parse(s string) (Reference, error) { repo.path = matches[1] } + if len(repo.path) > RepositoryNameTotalLengthMax { + return nil, ErrNameTooLong + } + ref := reference{ namedRepository: repo, tag: matches[2], @@ -253,14 +248,15 @@ func ParseNamed(s string) (Named, error) { // WithName returns a named object representing the given string. If the input // is invalid ErrReferenceInvalidFormat will be returned. func WithName(name string) (Named, error) { - if len(name) > NameTotalLengthMax { - return nil, ErrNameTooLong - } - match := anchoredNameRegexp.FindStringSubmatch(name) if match == nil || len(match) != 3 { return nil, ErrReferenceInvalidFormat } + + if len(match[2]) > RepositoryNameTotalLengthMax { + return nil, ErrNameTooLong + } + return repository{ domain: match[1], path: match[2], diff --git a/vendor/github.com/docker/docker/AUTHORS b/vendor/github.com/docker/docker/AUTHORS index 36315d429d..5f93eeb4e8 100644 --- a/vendor/github.com/docker/docker/AUTHORS +++ b/vendor/github.com/docker/docker/AUTHORS @@ -10,6 +10,7 @@ Aaron Huslage Aaron L. Xu Aaron Lehmann Aaron Welch +Aaron Yoshitake Abel Muiño Abhijeet Kasurde Abhinandan Prativadi @@ -62,6 +63,7 @@ alambike Alan Hoyle Alan Scherger Alan Thompson +Alano Terblanche Albert Callarisa Albert Zhang Albin Kerouanton @@ -141,6 +143,7 @@ Andreas Tiefenthaler Andrei Gherzan Andrei Ushakov Andrei Vagin +Andrew Baxter <423qpsxzhh8k3h@s.rendaw.me> Andrew C. Bodine Andrew Clay Shafer Andrew Duckworth @@ -193,6 +196,7 @@ Anton Löfgren Anton Nikitin Anton Polonskiy Anton Tiurin +Antonio Aguilar Antonio Murdaca Antonis Kalipetis Antony Messerli @@ -221,7 +225,6 @@ Avi Das Avi Kivity Avi Miller Avi Vaid -ayoshitake Azat Khuyiyakhmetov Bao Yonglei Bardia Keyoumarsi @@ -316,6 +319,7 @@ Burke Libbey Byung Kang Caleb Spare Calen Pennington +Calvin Liu Cameron Boehmer Cameron Sparr Cameron Spear @@ -362,6 +366,7 @@ Chen Qiu Cheng-mean Liu Chengfei Shang Chengguang Xu +Chentianze Chenyang Yan chenyuzhu Chetan Birajdar @@ -409,6 +414,7 @@ Christopher Crone Christopher Currie Christopher Jones Christopher Latham +Christopher Petito Christopher Rigor Christy Norman Chun Chen @@ -777,6 +783,7 @@ Gabriel L. Somlo Gabriel Linder Gabriel Monroy Gabriel Nicolas Avellaneda +Gabriel Tomitsuka Gaetan de Villele Galen Sampson Gang Qiao @@ -792,6 +799,7 @@ Geoff Levand Geoffrey Bachelet Geon Kim George Kontridze +George Ma George MacRorie George Xie Georgi Hristozov @@ -913,6 +921,7 @@ Illo Abdulrahim Ilya Dmitrichenko Ilya Gusev Ilya Khlopotov +imalasong <2879499479@qq.com> imre Fitos inglesp Ingo Gottwald @@ -930,6 +939,7 @@ J Bruni J. Nunn Jack Danger Canty Jack Laxson +Jack Walker <90711509+j2walker@users.noreply.github.com> Jacob Atzen Jacob Edelman Jacob Tomlinson @@ -989,6 +999,7 @@ Jason Shepherd Jason Smith Jason Sommer Jason Stangroome +Jasper Siepkes Javier Bassi jaxgeller Jay @@ -1100,6 +1111,7 @@ Jon Johnson Jon Surrell Jon Wedaman Jonas Dohse +Jonas Geiler Jonas Heinrich Jonas Pfenniger Jonathan A. Schweder @@ -1267,6 +1279,7 @@ Lakshan Perera Lalatendu Mohanty Lance Chen Lance Kinley +Lars Andringa Lars Butler Lars Kellogg-Stedman Lars R. Damerow @@ -1673,6 +1686,7 @@ Patrick Böänziger Patrick Devine Patrick Haas Patrick Hemmer +Patrick St. laurent Patrick Stapleton Patrik Cyvoct pattichen @@ -1878,6 +1892,7 @@ Royce Remer Rozhnov Alexandr Rudolph Gottesheim Rui Cao +Rui JingAn Rui Lopes Ruilin Li Runshen Zhu @@ -2184,6 +2199,7 @@ Tomek Mańko Tommaso Visconti Tomoya Tabuchi Tomáš Hrčka +Tomáš Virtus tonic Tonny Xu Tony Abboud @@ -2228,6 +2244,7 @@ Victor I. Wood Victor Lyuboslavsky Victor Marmol Victor Palma +Victor Toni Victor Vieux Victoria Bialas Vijaya Kumar K @@ -2279,6 +2296,7 @@ Wassim Dhif Wataru Ishida Wayne Chang Wayne Song +weebney Weerasak Chongnguluam Wei Fu Wei Wu diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go index b11c2fe02b..f831735f84 100644 --- a/vendor/github.com/docker/docker/api/common.go +++ b/vendor/github.com/docker/docker/api/common.go @@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api" // Common constants for daemon and client. const ( // DefaultVersion of the current REST API. - DefaultVersion = "1.45" + DefaultVersion = "1.46" // MinSupportedAPIVersion is the minimum API version that can be supported // by the API server, specified as "major.minor". Note that the daemon diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml index 5677340dbd..cc754bf1fd 100644 --- a/vendor/github.com/docker/docker/api/swagger.yaml +++ b/vendor/github.com/docker/docker/api/swagger.yaml @@ -19,10 +19,10 @@ produces: consumes: - "application/json" - "text/plain" -basePath: "/v1.45" +basePath: "/v1.46" info: title: "Docker Engine API" - version: "1.45" + version: "1.46" x-logo: url: "https://docs.docker.com/assets/images/logo-docker-main.png" description: | @@ -55,8 +55,8 @@ info: the URL is not supported by the daemon, a HTTP `400 Bad Request` error message is returned. - If you omit the version-prefix, the current version of the API (v1.45) is used. - For example, calling `/info` is the same as calling `/v1.45/info`. Using the + If you omit the version-prefix, the current version of the API (v1.46) is used. + For example, calling `/info` is the same as calling `/v1.46/info`. Using the API without a version-prefix is deprecated and will be removed in a future release. Engine releases in the near future should support this version of the API, @@ -442,6 +442,21 @@ definitions: Mode: description: "The permission mode for the tmpfs mount in an integer." type: "integer" + Options: + description: | + The options to be passed to the tmpfs mount. An array of arrays. + Flag options should be provided as 1-length arrays. Other types + should be provided as as 2-length arrays, where the first item is + the key and the second the value. + type: "array" + items: + type: "array" + minItems: 1 + maxItems: 2 + items: + type: "string" + example: + [["noexec"]] RestartPolicy: description: | @@ -1198,13 +1213,6 @@ definitions: ContainerConfig: description: | Configuration for a container that is portable between hosts. - - When used as `ContainerConfig` field in an image, `ContainerConfig` is an - optional field containing the configuration of the container that was last - committed when creating the image. - - Previous versions of Docker builder used this field to store build cache, - and it is not in active use anymore. type: "object" properties: Hostname: @@ -1363,6 +1371,289 @@ definitions: type: "string" example: ["/bin/sh", "-c"] + ImageConfig: + description: | + Configuration of the image. These fields are used as defaults + when starting a container from the image. + type: "object" + properties: + Hostname: + description: | + The hostname to use for the container, as a valid RFC 1123 hostname. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always empty. It must not be used, and will be removed in API v1.47. + type: "string" + example: "" + Domainname: + description: | + The domain name to use for the container. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always empty. It must not be used, and will be removed in API v1.47. + type: "string" + example: "" + User: + description: "The user that commands are run as inside the container." + type: "string" + example: "web:web" + AttachStdin: + description: | + Whether to attach to `stdin`. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always false. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + AttachStdout: + description: | + Whether to attach to `stdout`. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always false. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + AttachStderr: + description: | + Whether to attach to `stderr`. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always false. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + ExposedPorts: + description: | + An object mapping ports to an empty object in the form: + + `{"/": {}}` + type: "object" + x-nullable: true + additionalProperties: + type: "object" + enum: + - {} + default: {} + example: { + "80/tcp": {}, + "443/tcp": {} + } + Tty: + description: | + Attach standard streams to a TTY, including `stdin` if it is not closed. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always false. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + OpenStdin: + description: | + Open `stdin` + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always false. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + StdinOnce: + description: | + Close `stdin` after one attached client disconnects. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always false. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + Env: + description: | + A list of environment variables to set inside the container in the + form `["VAR=value", ...]`. A variable without `=` is removed from the + environment, rather than to have an empty value. + type: "array" + items: + type: "string" + example: + - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + Cmd: + description: | + Command to run specified as a string or an array of strings. + type: "array" + items: + type: "string" + example: ["/bin/sh"] + Healthcheck: + $ref: "#/definitions/HealthConfig" + ArgsEscaped: + description: "Command is already escaped (Windows only)" + type: "boolean" + default: false + example: false + x-nullable: true + Image: + description: | + The name (or reference) of the image to use when creating the container, + or which was used when the container was created. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always empty. It must not be used, and will be removed in API v1.47. + type: "string" + default: "" + example: "" + Volumes: + description: | + An object mapping mount point paths inside the container to empty + objects. + type: "object" + additionalProperties: + type: "object" + enum: + - {} + default: {} + example: + "/app/data": {} + "/app/config": {} + WorkingDir: + description: "The working directory for commands to run in." + type: "string" + example: "/public/" + Entrypoint: + description: | + The entry point for the container as a string or an array of strings. + + If the array consists of exactly one empty string (`[""]`) then the + entry point is reset to system default (i.e., the entry point used by + docker when there is no `ENTRYPOINT` instruction in the `Dockerfile`). + type: "array" + items: + type: "string" + example: [] + NetworkDisabled: + description: | + Disable networking for the container. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always omitted. It must not be used, and will be removed in API v1.47. + type: "boolean" + default: false + example: false + x-nullable: true + MacAddress: + description: | + MAC address of the container. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always omitted. It must not be used, and will be removed in API v1.47. + type: "string" + default: "" + example: "" + x-nullable: true + OnBuild: + description: | + `ONBUILD` metadata that were defined in the image's `Dockerfile`. + type: "array" + x-nullable: true + items: + type: "string" + example: [] + Labels: + description: "User-defined key/value metadata." + type: "object" + additionalProperties: + type: "string" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" + StopSignal: + description: | + Signal to stop a container as a string or unsigned integer. + type: "string" + example: "SIGTERM" + x-nullable: true + StopTimeout: + description: | + Timeout to stop a container in seconds. + +


+ + > **Deprecated**: this field is not part of the image specification and is + > always omitted. It must not be used, and will be removed in API v1.47. + type: "integer" + default: 10 + x-nullable: true + Shell: + description: | + Shell for when `RUN`, `CMD`, and `ENTRYPOINT` uses a shell. + type: "array" + x-nullable: true + items: + type: "string" + example: ["/bin/sh", "-c"] + # FIXME(thaJeztah): temporarily using a full example to remove some "omitempty" fields. Remove once the fields are removed. + example: + "Hostname": "" + "Domainname": "" + "User": "web:web" + "AttachStdin": false + "AttachStdout": false + "AttachStderr": false + "ExposedPorts": { + "80/tcp": {}, + "443/tcp": {} + } + "Tty": false + "OpenStdin": false + "StdinOnce": false + "Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"] + "Cmd": ["/bin/sh"] + "Healthcheck": { + "Test": ["string"], + "Interval": 0, + "Timeout": 0, + "Retries": 0, + "StartPeriod": 0, + "StartInterval": 0 + } + "ArgsEscaped": true + "Image": "" + "Volumes": { + "/app/data": {}, + "/app/config": {} + } + "WorkingDir": "/public/" + "Entrypoint": [] + "OnBuild": [] + "Labels": { + "com.example.some-label": "some-value", + "com.example.some-other-label": "some-other-value" + } + "StopSignal": "SIGTERM" + "Shell": ["/bin/sh", "-c"] + NetworkingConfig: description: | NetworkingConfig represents the container's networking configuration for @@ -1758,21 +2049,6 @@ definitions: format: "dateTime" x-nullable: true example: "2022-02-04T21:20:12.497794809Z" - Container: - description: | - The ID of the container that was used to create the image. - - Depending on how the image was created, this field may be empty. - - **Deprecated**: this field is kept for backward compatibility, but - will be removed in API v1.45. - type: "string" - example: "65974bc86f1770ae4bff79f651ebdbce166ae9aada632ee3fa9af3a264911735" - ContainerConfig: - description: | - **Deprecated**: this field is kept for backward compatibility, but - will be removed in API v1.45. - $ref: "#/definitions/ContainerConfig" DockerVersion: description: | The version of Docker that was used to build the image. @@ -1780,7 +2056,7 @@ definitions: Depending on how the image was created, this field may be empty. type: "string" x-nullable: false - example: "20.10.7" + example: "27.0.1" Author: description: | Name of the author that was specified when committing the image, or as @@ -1789,7 +2065,7 @@ definitions: x-nullable: false example: "" Config: - $ref: "#/definitions/ContainerConfig" + $ref: "#/definitions/ImageConfig" Architecture: description: | Hardware CPU architecture that the image runs on. @@ -1866,6 +2142,7 @@ definitions: format: "dateTime" example: "2022-02-28T14:40:02.623929178Z" x-nullable: true + ImageSummary: type: "object" x-go-name: "Summary" @@ -2179,72 +2456,129 @@ definitions: type: "object" properties: Name: + description: | + Name of the network. type: "string" + example: "my_network" Id: + description: | + ID that uniquely identifies a network on a single machine. type: "string" + example: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99" Created: + description: | + Date and time at which the network was created in + [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds. type: "string" format: "dateTime" + example: "2016-10-19T04:33:30.360899459Z" Scope: + description: | + The level at which the network exists (e.g. `swarm` for cluster-wide + or `local` for machine level) type: "string" + example: "local" Driver: + description: | + The name of the driver used to create the network (e.g. `bridge`, + `overlay`). type: "string" + example: "overlay" EnableIPv6: + description: | + Whether the network was created with IPv6 enabled. type: "boolean" + example: false IPAM: $ref: "#/definitions/IPAM" Internal: + description: | + Whether the network is created to only allow internal networking + connectivity. type: "boolean" + default: false + example: false Attachable: + description: | + Wheter a global / swarm scope network is manually attachable by regular + containers from workers in swarm mode. type: "boolean" + default: false + example: false Ingress: + description: | + Whether the network is providing the routing-mesh for the swarm cluster. + type: "boolean" + default: false + example: false + ConfigFrom: + $ref: "#/definitions/ConfigReference" + ConfigOnly: + description: | + Whether the network is a config-only network. Config-only networks are + placeholder networks for network configurations to be used by other + networks. Config-only networks cannot be used directly to run containers + or services. type: "boolean" + default: false Containers: + description: | + Contains endpoints attached to the network. type: "object" additionalProperties: $ref: "#/definitions/NetworkContainer" + example: + 19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c: + Name: "test" + EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a" + MacAddress: "02:42:ac:13:00:02" + IPv4Address: "172.19.0.2/16" + IPv6Address: "" Options: + description: | + Network-specific options uses when creating the network. type: "object" additionalProperties: type: "string" + example: + com.docker.network.bridge.default_bridge: "true" + com.docker.network.bridge.enable_icc: "true" + com.docker.network.bridge.enable_ip_masquerade: "true" + com.docker.network.bridge.host_binding_ipv4: "0.0.0.0" + com.docker.network.bridge.name: "docker0" + com.docker.network.driver.mtu: "1500" Labels: + description: "User-defined key/value metadata." type: "object" additionalProperties: type: "string" - example: - Name: "net01" - Id: "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99" - Created: "2016-10-19T04:33:30.360899459Z" - Scope: "local" - Driver: "bridge" - EnableIPv6: false - IPAM: - Driver: "default" - Config: - - Subnet: "172.19.0.0/16" - Gateway: "172.19.0.1" - Options: - foo: "bar" - Internal: false - Attachable: false - Ingress: false - Containers: - 19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c: - Name: "test" - EndpointID: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a" - MacAddress: "02:42:ac:13:00:02" - IPv4Address: "172.19.0.2/16" - IPv6Address: "" - Options: - com.docker.network.bridge.default_bridge: "true" - com.docker.network.bridge.enable_icc: "true" - com.docker.network.bridge.enable_ip_masquerade: "true" - com.docker.network.bridge.host_binding_ipv4: "0.0.0.0" - com.docker.network.bridge.name: "docker0" - com.docker.network.driver.mtu: "1500" - Labels: - com.example.some-label: "some-value" - com.example.some-other-label: "some-other-value" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" + Peers: + description: | + List of peer nodes for an overlay network. This field is only present + for overlay networks, and omitted for other network types. + type: "array" + items: + $ref: "#/definitions/PeerInfo" + x-nullable: true + # TODO: Add Services (only present when "verbose" is set). + + ConfigReference: + description: | + The config-only network source to provide the configuration for + this network. + type: "object" + properties: + Network: + description: | + The name of the config-only network that provides the network's + configuration. The specified network must be an existing config-only + network. Only network names are allowed, not network IDs. + type: "string" + example: "config_only_network_01" + IPAM: type: "object" properties: @@ -2252,6 +2586,7 @@ definitions: description: "Name of the IPAM driver to use." type: "string" default: "default" + example: "default" Config: description: | List of IPAM configuration options, specified as a map: @@ -2267,16 +2602,21 @@ definitions: type: "object" additionalProperties: type: "string" + example: + foo: "bar" IPAMConfig: type: "object" properties: Subnet: type: "string" + example: "172.20.0.0/16" IPRange: type: "string" + example: "172.20.10.0/24" Gateway: type: "string" + example: "172.20.10.11" AuxiliaryAddresses: type: "object" additionalProperties: @@ -2287,14 +2627,53 @@ definitions: properties: Name: type: "string" + example: "container_1" EndpointID: type: "string" + example: "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a" MacAddress: type: "string" + example: "02:42:ac:13:00:02" IPv4Address: type: "string" + example: "172.19.0.2/16" IPv6Address: type: "string" + example: "" + + PeerInfo: + description: | + PeerInfo represents one peer of an overlay network. + type: "object" + properties: + Name: + description: + ID of the peer-node in the Swarm cluster. + type: "string" + example: "6869d7c1732b" + IP: + description: + IP-address of the peer-node in the Swarm cluster. + type: "string" + example: "10.133.77.91" + + NetworkCreateResponse: + description: "OK response to NetworkCreate operation" + type: "object" + title: "NetworkCreateResponse" + x-go-name: "CreateResponse" + required: [Id, Warning] + properties: + Id: + description: "The ID of the created network." + type: "string" + x-nullable: false + example: "b5c4fc71e8022147cd25de22b22173de4e3b170134117172eb595cb91b4e7e5d" + Warning: + description: "Warnings encountered when creating the container" + type: "string" + x-nullable: false + example: "" BuildInfo: type: "object" @@ -2495,6 +2874,17 @@ definitions: example: - "server_x" - "server_y" + DriverOpts: + description: | + DriverOpts is a mapping of driver options and values. These options + are passed directly to the driver and are driver specific. + type: "object" + x-nullable: true + additionalProperties: + type: "string" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" # Operational data NetworkID: @@ -2538,17 +2928,6 @@ definitions: type: "integer" format: "int64" example: 64 - DriverOpts: - description: | - DriverOpts is a mapping of driver options and values. These options - are passed directly to the driver and are driver specific. - type: "object" - x-nullable: true - additionalProperties: - type: "string" - example: - com.example.some-label: "some-value" - com.example.some-other-label: "some-other-value" DNSNames: description: | List of all DNS names an endpoint has on a specific network. This @@ -3720,6 +4099,13 @@ definitions: but this is just provided for lookup/display purposes. The secret in the reference will be identified by its ID. type: "string" + OomScoreAdj: + type: "integer" + format: "int64" + description: | + An integer value containing the score given to the container in + order to tune OOM killer preferences. + example: 0 Configs: description: | Configs contains references to zero or more configs that will be @@ -3916,7 +4302,7 @@ definitions: `node.platform.os` | Node operating system | `node.platform.os==windows` `node.platform.arch` | Node architecture | `node.platform.arch==x86_64` `node.labels` | User-defined node labels | `node.labels.security==high` - `engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-14.04` + `engine.labels` | Docker Engine's labels | `engine.labels.operatingsystem==ubuntu-24.04` `engine.labels` apply to Docker Engine labels like operating system, drivers, etc. Swarm administrators add `node.labels` for operational @@ -4639,6 +5025,12 @@ definitions: properties: NetworkMode: type: "string" + Annotations: + description: "Arbitrary key-value metadata attached to container" + type: "object" + x-nullable: true + additionalProperties: + type: "string" NetworkSettings: description: "A summary of the container's network settings" type: "object" @@ -4907,7 +5299,7 @@ definitions: Version of the component type: "string" x-nullable: false - example: "19.03.12" + example: "27.0.1" Details: description: | Key/value pairs of strings with additional information about the @@ -4921,17 +5313,17 @@ definitions: Version: description: "The version of the daemon" type: "string" - example: "19.03.12" + example: "27.0.1" ApiVersion: description: | The default (and highest) API version that is supported by the daemon type: "string" - example: "1.40" + example: "1.46" MinAPIVersion: description: | The minimum API version that is supported by the daemon type: "string" - example: "1.12" + example: "1.24" GitCommit: description: | The Git commit of the source code that was used to build the daemon @@ -4942,7 +5334,7 @@ definitions: The version Go used to compile the daemon, and the version of the Go runtime in use. type: "string" - example: "go1.13.14" + example: "go1.21.11" Os: description: | The operating system that the daemon is running on ("linux" or "windows") @@ -4959,7 +5351,7 @@ definitions: This field is omitted when empty. type: "string" - example: "4.19.76-linuxkit" + example: "6.8.0-31-generic" Experimental: description: | Indicates if the daemon is started with experimental features enabled. @@ -5165,13 +5557,13 @@ definitions: information is queried from the HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ registry value, for example _"10.0 14393 (14393.1198.amd64fre.rs1_release_sec.170427-1353)"_. type: "string" - example: "4.9.38-moby" + example: "6.8.0-31-generic" OperatingSystem: description: | - Name of the host's operating system, for example: "Ubuntu 16.04.2 LTS" + Name of the host's operating system, for example: "Ubuntu 24.04 LTS" or "Windows Server 2016 Datacenter" type: "string" - example: "Alpine Linux v3.5" + example: "Ubuntu 24.04 LTS" OSVersion: description: | Version of the host's operating system @@ -5182,7 +5574,7 @@ definitions: > very existence, and the formatting of values, should not be considered > stable, and may change without notice. type: "string" - example: "16.04" + example: "24.04" OSType: description: | Generic type of the operating system of the host, as returned by the @@ -5284,7 +5676,7 @@ definitions: description: | Version string of the daemon. type: "string" - example: "24.0.2" + example: "27.0.1" Runtimes: description: | List of [OCI compliant](https://github.com/opencontainers/runtime-spec) @@ -5436,6 +5828,58 @@ definitions: example: - "/etc/cdi" - "/var/run/cdi" + Containerd: + $ref: "#/definitions/ContainerdInfo" + x-nullable: true + + ContainerdInfo: + description: | + Information for connecting to the containerd instance that is used by the daemon. + This is included for debugging purposes only. + type: "object" + properties: + Address: + description: "The address of the containerd socket." + type: "string" + example: "/run/containerd/containerd.sock" + Namespaces: + description: | + The namespaces that the daemon uses for running containers and + plugins in containerd. These namespaces can be configured in the + daemon configuration, and are considered to be used exclusively + by the daemon, Tampering with the containerd instance may cause + unexpected behavior. + + As these namespaces are considered to be exclusively accessed + by the daemon, it is not recommended to change these values, + or to change them to a value that is used by other systems, + such as cri-containerd. + type: "object" + properties: + Containers: + description: | + The default containerd namespace used for containers managed + by the daemon. + + The default namespace for containers is "moby", but will be + suffixed with the `.` of the remapped `root` if + user-namespaces are enabled and the containerd image-store + is used. + type: "string" + default: "moby" + example: "moby" + Plugins: + description: | + The default containerd namespace used for plugins managed by + the daemon. + + The default namespace for plugins is "plugins.moby", but will be + suffixed with the `.` of the remapped `root` if + user-namespaces are enabled and the containerd image-store + is used. + type: "string" + default: "plugins.moby" + example: "plugins.moby" # PluginsInfo is a temp struct holding Plugins name # registered with docker daemon. It is used by Info struct @@ -6288,6 +6732,8 @@ paths: SizeRootFs: 0 HostConfig: NetworkMode: "default" + Annotations: + io.kubernetes.docker.type: "container" NetworkSettings: Networks: bridge: @@ -6323,6 +6769,9 @@ paths: SizeRootFs: 0 HostConfig: NetworkMode: "default" + Annotations: + io.kubernetes.docker.type: "container" + io.kubernetes.sandbox.id: "3befe639bed0fd6afdd65fd1fa84506756f59360ec4adc270b0fdac9be22b4d3" NetworkSettings: Networks: bridge: @@ -6351,6 +6800,9 @@ paths: SizeRootFs: 0 HostConfig: NetworkMode: "default" + Annotations: + io.kubernetes.image.id: "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82" + io.kubernetes.image.name: "ubuntu:latest" NetworkSettings: Networks: bridge: @@ -6379,6 +6831,8 @@ paths: SizeRootFs: 0 HostConfig: NetworkMode: "default" + Annotations: + io.kubernetes.config.source: "api" NetworkSettings: Networks: bridge: @@ -8656,6 +9110,11 @@ paths: details. type: "string" required: true + - name: "platform" + in: "query" + description: "Select a platform-specific manifest to be pushed. OCI platform (JSON encoded)" + type: "string" + x-nullable: true tags: ["Image"] /images/{name}/tag: post: @@ -9104,7 +9563,7 @@ paths: Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune` - Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune` + Images report these events: `create, `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune` Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune` @@ -10060,19 +10519,9 @@ paths: - "application/json" responses: 201: - description: "No error" + description: "Network created successfully" schema: - type: "object" - title: "NetworkCreateResponse" - properties: - Id: - description: "The ID of the created network." - type: "string" - Warning: - type: "string" - example: - Id: "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30" - Warning: "" + $ref: "#/definitions/NetworkCreateResponse" 400: description: "bad parameter" schema: @@ -10104,14 +10553,17 @@ paths: Name: description: "The network's name." type: "string" - CheckDuplicate: - description: | - Deprecated: CheckDuplicate is now always enabled. - type: "boolean" + example: "my_network" Driver: description: "Name of the network driver plugin to use." type: "string" default: "bridge" + example: "bridge" + Scope: + description: | + The level at which the network exists (e.g. `swarm` for cluster-wide + or `local` for machine level). + type: "string" Internal: description: "Restrict external access to the network." type: "boolean" @@ -10120,55 +10572,55 @@ paths: Globally scoped network is manually attachable by regular containers from workers in swarm mode. type: "boolean" + example: true Ingress: description: | Ingress network is the network which provides the routing-mesh in swarm mode. type: "boolean" + example: false + ConfigOnly: + description: | + Creates a config-only network. Config-only networks are placeholder + networks for network configurations to be used by other networks. + Config-only networks cannot be used directly to run containers + or services. + type: "boolean" + default: false + example: false + ConfigFrom: + description: | + Specifies the source which will provide the configuration for + this network. The specified network must be an existing + config-only network; see ConfigOnly. + $ref: "#/definitions/ConfigReference" IPAM: description: "Optional custom IP scheme for the network." $ref: "#/definitions/IPAM" EnableIPv6: description: "Enable IPv6 on the network." type: "boolean" + example: true Options: description: "Network specific options to be used by the drivers." type: "object" additionalProperties: type: "string" + example: + com.docker.network.bridge.default_bridge: "true" + com.docker.network.bridge.enable_icc: "true" + com.docker.network.bridge.enable_ip_masquerade: "true" + com.docker.network.bridge.host_binding_ipv4: "0.0.0.0" + com.docker.network.bridge.name: "docker0" + com.docker.network.driver.mtu: "1500" Labels: description: "User-defined key/value metadata." type: "object" additionalProperties: type: "string" - example: - Name: "isolated_nw" - CheckDuplicate: false - Driver: "bridge" - EnableIPv6: true - IPAM: - Driver: "default" - Config: - - Subnet: "172.20.0.0/16" - IPRange: "172.20.10.0/24" - Gateway: "172.20.10.11" - - Subnet: "2001:db8:abcd::/64" - Gateway: "2001:db8:abcd::1011" - Options: - foo: "bar" - Internal: true - Attachable: false - Ingress: false - Options: - com.docker.network.bridge.default_bridge: "true" - com.docker.network.bridge.enable_icc: "true" - com.docker.network.bridge.enable_ip_masquerade: "true" - com.docker.network.bridge.host_binding_ipv4: "0.0.0.0" - com.docker.network.bridge.name: "docker0" - com.docker.network.driver.mtu: "1500" - Labels: - com.example.some-label: "some-value" - com.example.some-other-label: "some-other-value" + example: + com.example.some-label: "some-value" + com.example.some-other-label: "some-other-value" tags: ["Network"] /networks/{id}/connect: @@ -11274,6 +11726,7 @@ paths: Mode: 384 SecretID: "fpjqlhnwb19zds35k8wn80lq9" SecretName: "example_org_domain_key" + OomScoreAdj: 0 LogDriver: Name: "json-file" Options: @@ -11426,6 +11879,7 @@ paths: Image: "busybox" Args: - "top" + OomScoreAdj: 0 Resources: Limits: {} Reservations: {} diff --git a/vendor/github.com/docker/docker/api/types/backend/backend.go b/vendor/github.com/docker/docker/api/types/backend/backend.go index e4e760905d..c625e60045 100644 --- a/vendor/github.com/docker/docker/api/types/backend/backend.go +++ b/vendor/github.com/docker/docker/api/types/backend/backend.go @@ -30,7 +30,7 @@ type ContainerRmConfig struct { // ContainerAttachConfig holds the streams to use when connecting to a container to view logs. type ContainerAttachConfig struct { - GetStreams func(multiplexed bool) (io.ReadCloser, io.Writer, io.Writer, error) + GetStreams func(multiplexed bool, cancel func()) (io.ReadCloser, io.Writer, io.Writer, error) UseStdin bool UseStdout bool UseStderr bool @@ -89,7 +89,15 @@ type LogSelector struct { type ContainerStatsConfig struct { Stream bool OneShot bool - OutStream io.Writer + OutStream func() io.Writer +} + +// ExecStartConfig holds the options to start container's exec. +type ExecStartConfig struct { + Stdin io.Reader + Stdout io.Writer + Stderr io.Writer + ConsoleSize *[2]uint `json:",omitempty"` } // ExecInspect holds information about a running process started diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go index 882201f0ea..df791f02a0 100644 --- a/vendor/github.com/docker/docker/api/types/client.go +++ b/vendor/github.com/docker/docker/api/types/client.go @@ -2,43 +2,15 @@ package types // import "github.com/docker/docker/api/types" import ( "bufio" + "context" "io" "net" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/filters" "github.com/docker/docker/api/types/registry" - units "github.com/docker/go-units" ) -// ContainerExecInspect holds information returned by exec inspect. -type ContainerExecInspect struct { - ExecID string `json:"ID"` - ContainerID string - Running bool - ExitCode int - Pid int -} - -// CopyToContainerOptions holds information -// about files to copy into a container -type CopyToContainerOptions struct { - AllowOverwriteDirWithFile bool - CopyUIDGID bool -} - -// EventsOptions holds parameters to filter events with. -type EventsOptions struct { - Since string - Until string - Filters filters.Args -} - -// NetworkListOptions holds parameters to filter the list of networks with. -type NetworkListOptions struct { - Filters filters.Args -} - // NewHijackedResponse intializes a HijackedResponse type func NewHijackedResponse(conn net.Conn, mediaType string) HijackedResponse { return HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn), mediaType: mediaType} @@ -101,7 +73,7 @@ type ImageBuildOptions struct { NetworkMode string ShmSize int64 Dockerfile string - Ulimits []*units.Ulimit + Ulimits []*container.Ulimit // BuildArgs needs to be a *string instead of just a string so that // we can tell the difference between "" (empty string) and no value // at all (nil). See the parsing of buildArgs in @@ -122,7 +94,7 @@ type ImageBuildOptions struct { Target string SessionID string Platform string - // Version specifies the version of the unerlying builder to use + // Version specifies the version of the underlying builder to use Version BuilderVersion // BuildID is an optional identifier that can be passed together with the // build request. The same identifier can be used to gracefully cancel the @@ -157,34 +129,13 @@ type ImageBuildResponse struct { OSType string } -// ImageImportSource holds source information for ImageImport -type ImageImportSource struct { - Source io.Reader // Source is the data to send to the server to create this image from. You must set SourceName to "-" to leverage this. - SourceName string // SourceName is the name of the image to pull. Set to "-" to leverage the Source attribute. -} - -// ImageLoadResponse returns information to the client about a load process. -type ImageLoadResponse struct { - // Body must be closed to avoid a resource leak - Body io.ReadCloser - JSON bool -} - // RequestPrivilegeFunc is a function interface that // clients can supply to retry operations after // getting an authorization error. // This function returns the registry authentication // header value in base 64 format, or an error // if the privilege request fails. -type RequestPrivilegeFunc func() (string, error) - -// ImageSearchOptions holds parameters to search images with. -type ImageSearchOptions struct { - RegistryAuth string - PrivilegeFunc RequestPrivilegeFunc - Filters filters.Args - Limit int -} +type RequestPrivilegeFunc func(context.Context) (string, error) // NodeListOptions holds parameters to list nodes with. type NodeListOptions struct { @@ -289,7 +240,7 @@ type PluginInstallOptions struct { RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry RemoteRef string // RemoteRef is the plugin name on the registry PrivilegeFunc RequestPrivilegeFunc - AcceptPermissionsFunc func(PluginPrivileges) (bool, error) + AcceptPermissionsFunc func(context.Context, PluginPrivileges) (bool, error) Args []string } diff --git a/vendor/github.com/docker/docker/api/types/configs.go b/vendor/github.com/docker/docker/api/types/configs.go deleted file mode 100644 index 945b6efadd..0000000000 --- a/vendor/github.com/docker/docker/api/types/configs.go +++ /dev/null @@ -1,18 +0,0 @@ -package types // import "github.com/docker/docker/api/types" - -// ExecConfig is a small subset of the Config struct that holds the configuration -// for the exec feature of docker. -type ExecConfig struct { - User string // User that will run the command - Privileged bool // Is the container in privileged mode - Tty bool // Attach standard streams to a tty. - ConsoleSize *[2]uint `json:",omitempty"` // Initial console size [height, width] - AttachStdin bool // Attach the standard input, makes possible user interaction - AttachStderr bool // Attach the standard error - AttachStdout bool // Attach the standard output - Detach bool // Execute in detach mode - DetachKeys string // Escape keys for detach - Env []string // Environment variables - WorkingDir string // Working directory - Cmd []string // Execution commands and args -} diff --git a/vendor/github.com/docker/docker/api/types/container/config.go b/vendor/github.com/docker/docker/api/types/container/config.go index 86f46b74af..d6b03e8b2e 100644 --- a/vendor/github.com/docker/docker/api/types/container/config.go +++ b/vendor/github.com/docker/docker/api/types/container/config.go @@ -1,7 +1,6 @@ package container // import "github.com/docker/docker/api/types/container" import ( - "io" "time" "github.com/docker/docker/api/types/strslice" @@ -36,14 +35,6 @@ type StopOptions struct { // HealthConfig holds configuration settings for the HEALTHCHECK feature. type HealthConfig = dockerspec.HealthcheckConfig -// ExecStartOptions holds the options to start container's exec. -type ExecStartOptions struct { - Stdin io.Reader - Stdout io.Writer - Stderr io.Writer - ConsoleSize *[2]uint `json:",omitempty"` -} - // Config contains the configuration data about a container. // It should hold only portable information about the container. // Here, "portable" means "independent from the host we are running on". diff --git a/vendor/github.com/docker/docker/api/types/container/container.go b/vendor/github.com/docker/docker/api/types/container/container.go new file mode 100644 index 0000000000..711af12c99 --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/container/container.go @@ -0,0 +1,44 @@ +package container + +import ( + "io" + "os" + "time" +) + +// PruneReport contains the response for Engine API: +// POST "/containers/prune" +type PruneReport struct { + ContainersDeleted []string + SpaceReclaimed uint64 +} + +// PathStat is used to encode the header from +// GET "/containers/{name:.*}/archive" +// "Name" is the file or directory name. +type PathStat struct { + Name string `json:"name"` + Size int64 `json:"size"` + Mode os.FileMode `json:"mode"` + Mtime time.Time `json:"mtime"` + LinkTarget string `json:"linkTarget"` +} + +// CopyToContainerOptions holds information +// about files to copy into a container +type CopyToContainerOptions struct { + AllowOverwriteDirWithFile bool + CopyUIDGID bool +} + +// StatsResponseReader wraps an io.ReadCloser to read (a stream of) stats +// for a container, as produced by the GET "/stats" endpoint. +// +// The OSType field is set to the server's platform to allow +// platform-specific handling of the response. +// +// TODO(thaJeztah): remove this wrapper, and make OSType part of [StatsResponse]. +type StatsResponseReader struct { + Body io.ReadCloser `json:"body"` + OSType string `json:"ostype"` +} diff --git a/vendor/github.com/docker/docker/api/types/container/create_request.go b/vendor/github.com/docker/docker/api/types/container/create_request.go new file mode 100644 index 0000000000..e98dd6ad44 --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/container/create_request.go @@ -0,0 +1,13 @@ +package container + +import "github.com/docker/docker/api/types/network" + +// CreateRequest is the request message sent to the server for container +// create calls. It is a config wrapper that holds the container [Config] +// (portable) and the corresponding [HostConfig] (non-portable) and +// [network.NetworkingConfig]. +type CreateRequest struct { + *Config + HostConfig *HostConfig `json:"HostConfig,omitempty"` + NetworkingConfig *network.NetworkingConfig `json:"NetworkingConfig,omitempty"` +} diff --git a/vendor/github.com/docker/docker/api/types/container/exec.go b/vendor/github.com/docker/docker/api/types/container/exec.go new file mode 100644 index 0000000000..96093eb5cd --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/container/exec.go @@ -0,0 +1,43 @@ +package container + +// ExecOptions is a small subset of the Config struct that holds the configuration +// for the exec feature of docker. +type ExecOptions struct { + User string // User that will run the command + Privileged bool // Is the container in privileged mode + Tty bool // Attach standard streams to a tty. + ConsoleSize *[2]uint `json:",omitempty"` // Initial console size [height, width] + AttachStdin bool // Attach the standard input, makes possible user interaction + AttachStderr bool // Attach the standard error + AttachStdout bool // Attach the standard output + Detach bool // Execute in detach mode + DetachKeys string // Escape keys for detach + Env []string // Environment variables + WorkingDir string // Working directory + Cmd []string // Execution commands and args +} + +// ExecStartOptions is a temp struct used by execStart +// Config fields is part of ExecConfig in runconfig package +type ExecStartOptions struct { + // ExecStart will first check if it's detached + Detach bool + // Check if there's a tty + Tty bool + // Terminal size [height, width], unused if Tty == false + ConsoleSize *[2]uint `json:",omitempty"` +} + +// ExecAttachOptions is a temp struct used by execAttach. +// +// TODO(thaJeztah): make this a separate type; ContainerExecAttach does not use the Detach option, and cannot run detached. +type ExecAttachOptions = ExecStartOptions + +// ExecInspect holds information returned by exec inspect. +type ExecInspect struct { + ExecID string `json:"ID"` + ContainerID string + Running bool + ExitCode int + Pid int +} diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig.go b/vendor/github.com/docker/docker/api/types/container/hostconfig.go index efb96266e8..727da8839c 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig.go @@ -360,6 +360,12 @@ type LogConfig struct { Config map[string]string } +// Ulimit is an alias for [units.Ulimit], which may be moving to a different +// location or become a local type. This alias is to help transitioning. +// +// Users are recommended to use this alias instead of using [units.Ulimit] directly. +type Ulimit = units.Ulimit + // Resources contains container's resources (cgroups config, ulimits...) type Resources struct { // Applicable to all platforms @@ -387,14 +393,14 @@ type Resources struct { // KernelMemory specifies the kernel memory limit (in bytes) for the container. // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes. - KernelMemory int64 `json:",omitempty"` - KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) - MemoryReservation int64 // Memory soft limit (in bytes) - MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap - MemorySwappiness *int64 // Tuning container memory swappiness behaviour - OomKillDisable *bool // Whether to disable OOM Killer or not - PidsLimit *int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change. - Ulimits []*units.Ulimit // List of ulimits to be set in the container + KernelMemory int64 `json:",omitempty"` + KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) + MemoryReservation int64 // Memory soft limit (in bytes) + MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap + MemorySwappiness *int64 // Tuning container memory swappiness behaviour + OomKillDisable *bool // Whether to disable OOM Killer or not + PidsLimit *int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change. + Ulimits []*Ulimit // List of ulimits to be set in the container // Applicable to Windows CPUCount int64 `json:"CpuCount"` // CPU count diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go index 4213292378..cdee49ea3d 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go @@ -9,24 +9,6 @@ func (i Isolation) IsValid() bool { return i.IsDefault() } -// NetworkName returns the name of the network stack. -func (n NetworkMode) NetworkName() string { - if n.IsBridge() { - return network.NetworkBridge - } else if n.IsHost() { - return network.NetworkHost - } else if n.IsContainer() { - return "container" - } else if n.IsNone() { - return network.NetworkNone - } else if n.IsDefault() { - return network.NetworkDefault - } else if n.IsUserDefined() { - return n.UserDefined() - } - return "" -} - // IsBridge indicates whether container uses the bridge network stack func (n NetworkMode) IsBridge() bool { return n == network.NetworkBridge @@ -41,3 +23,23 @@ func (n NetworkMode) IsHost() bool { func (n NetworkMode) IsUserDefined() bool { return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() } + +// NetworkName returns the name of the network stack. +func (n NetworkMode) NetworkName() string { + switch { + case n.IsDefault(): + return network.NetworkDefault + case n.IsBridge(): + return network.NetworkBridge + case n.IsHost(): + return network.NetworkHost + case n.IsNone(): + return network.NetworkNone + case n.IsContainer(): + return "container" + case n.IsUserDefined(): + return n.UserDefined() + default: + return "" + } +} diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go index 154667f4f0..f08545542c 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go @@ -2,6 +2,11 @@ package container // import "github.com/docker/docker/api/types/container" import "github.com/docker/docker/api/types/network" +// IsValid indicates if an isolation technology is valid +func (i Isolation) IsValid() bool { + return i.IsDefault() || i.IsHyperV() || i.IsProcess() +} + // IsBridge indicates whether container uses the bridge network stack // in windows it is given the name NAT func (n NetworkMode) IsBridge() bool { @@ -19,24 +24,24 @@ func (n NetworkMode) IsUserDefined() bool { return !n.IsDefault() && !n.IsNone() && !n.IsBridge() && !n.IsContainer() } -// IsValid indicates if an isolation technology is valid -func (i Isolation) IsValid() bool { - return i.IsDefault() || i.IsHyperV() || i.IsProcess() -} - // NetworkName returns the name of the network stack. func (n NetworkMode) NetworkName() string { - if n.IsDefault() { + switch { + case n.IsDefault(): return network.NetworkDefault - } else if n.IsBridge() { + case n.IsBridge(): return network.NetworkNat - } else if n.IsNone() { + case n.IsHost(): + // Windows currently doesn't support host network-mode, so + // this would currently never happen.. + return network.NetworkHost + case n.IsNone(): return network.NetworkNone - } else if n.IsContainer() { + case n.IsContainer(): return "container" - } else if n.IsUserDefined() { + case n.IsUserDefined(): return n.UserDefined() + default: + return "" } - - return "" } diff --git a/vendor/github.com/docker/docker/api/types/stats.go b/vendor/github.com/docker/docker/api/types/container/stats.go similarity index 96% rename from vendor/github.com/docker/docker/api/types/stats.go rename to vendor/github.com/docker/docker/api/types/container/stats.go index 20daebed14..3b3fb131a2 100644 --- a/vendor/github.com/docker/docker/api/types/stats.go +++ b/vendor/github.com/docker/docker/api/types/container/stats.go @@ -1,6 +1,4 @@ -// Package types is used for API stability in the types and response to the -// consumers of the API stats endpoint. -package types // import "github.com/docker/docker/api/types" +package container import "time" @@ -169,8 +167,10 @@ type Stats struct { MemoryStats MemoryStats `json:"memory_stats,omitempty"` } -// StatsJSON is newly used Networks -type StatsJSON struct { +// StatsResponse is newly used Networks. +// +// TODO(thaJeztah): unify with [Stats]. This wrapper was to account for pre-api v1.21 changes, see https://github.com/moby/moby/commit/d3379946ec96fb6163cb8c4517d7d5a067045801 +type StatsResponse struct { Stats Name string `json:"name,omitempty"` diff --git a/vendor/github.com/docker/docker/api/types/events/events.go b/vendor/github.com/docker/docker/api/types/events/events.go index 6dbcd92235..e225df4ec1 100644 --- a/vendor/github.com/docker/docker/api/types/events/events.go +++ b/vendor/github.com/docker/docker/api/types/events/events.go @@ -1,4 +1,5 @@ package events // import "github.com/docker/docker/api/types/events" +import "github.com/docker/docker/api/types/filters" // Type is used for event-types. type Type string @@ -125,3 +126,10 @@ type Message struct { Time int64 `json:"time,omitempty"` TimeNano int64 `json:"timeNano,omitempty"` } + +// ListOptions holds parameters to filter events with. +type ListOptions struct { + Since string + Until string + Filters filters.Args +} diff --git a/vendor/github.com/docker/docker/api/types/image/image.go b/vendor/github.com/docker/docker/api/types/image/image.go index 167df28c7b..abb7ffd805 100644 --- a/vendor/github.com/docker/docker/api/types/image/image.go +++ b/vendor/github.com/docker/docker/api/types/image/image.go @@ -1,9 +1,47 @@ package image -import "time" +import ( + "io" + "time" +) // Metadata contains engine-local data about the image. type Metadata struct { // LastTagTime is the date and time at which the image was last tagged. LastTagTime time.Time `json:",omitempty"` } + +// PruneReport contains the response for Engine API: +// POST "/images/prune" +type PruneReport struct { + ImagesDeleted []DeleteResponse + SpaceReclaimed uint64 +} + +// LoadResponse returns information to the client about a load process. +// +// TODO(thaJeztah): remove this type, and just use an io.ReadCloser +// +// This type was added in https://github.com/moby/moby/pull/18878, related +// to https://github.com/moby/moby/issues/19177; +// +// Make docker load to output json when the response content type is json +// Swarm hijacks the response from docker load and returns JSON rather +// than plain text like the Engine does. This makes the API library to return +// information to figure that out. +// +// However the "load" endpoint unconditionally returns JSON; +// https://github.com/moby/moby/blob/7b9d2ef6e5518a3d3f3cc418459f8df786cfbbd1/api/server/router/image/image_routes.go#L248-L255 +// +// PR https://github.com/moby/moby/pull/21959 made the response-type depend +// on whether "quiet" was set, but this logic got changed in a follow-up +// https://github.com/moby/moby/pull/25557, which made the JSON response-type +// unconditionally, but the output produced depend on whether"quiet" was set. +// +// We should deprecated the "quiet" option, as it's really a client +// responsibility. +type LoadResponse struct { + // Body must be closed to avoid a resource leak + Body io.ReadCloser + JSON bool +} diff --git a/vendor/github.com/docker/docker/api/types/image/opts.go b/vendor/github.com/docker/docker/api/types/image/opts.go index c6b1f351b4..8e32c9af86 100644 --- a/vendor/github.com/docker/docker/api/types/image/opts.go +++ b/vendor/github.com/docker/docker/api/types/image/opts.go @@ -1,6 +1,18 @@ package image -import "github.com/docker/docker/api/types/filters" +import ( + "context" + "io" + + "github.com/docker/docker/api/types/filters" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" +) + +// ImportSource holds source information for ImageImport +type ImportSource struct { + Source io.Reader // Source is the data to send to the server to create this image from. You must set SourceName to "-" to leverage this. + SourceName string // SourceName is the name of the image to pull. Set to "-" to leverage the Source attribute. +} // ImportOptions holds information to import images from the client host. type ImportOptions struct { @@ -27,12 +39,28 @@ type PullOptions struct { // privilege request fails. // // Also see [github.com/docker/docker/api/types.RequestPrivilegeFunc]. - PrivilegeFunc func() (string, error) + PrivilegeFunc func(context.Context) (string, error) Platform string } // PushOptions holds information to push images. -type PushOptions PullOptions +type PushOptions struct { + All bool + RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry + + // PrivilegeFunc is a function that clients can supply to retry operations + // after getting an authorization error. This function returns the registry + // authentication header value in base64 encoded format, or an error if the + // privilege request fails. + // + // Also see [github.com/docker/docker/api/types.RequestPrivilegeFunc]. + PrivilegeFunc func(context.Context) (string, error) + + // Platform is an optional field that selects a specific platform to push + // when the image is a multi-platform image. + // Using this will only push a single platform-specific manifest. + Platform *ocispec.Platform `json:",omitempty"` +} // ListOptions holds parameters to list images with. type ListOptions struct { diff --git a/vendor/github.com/docker/docker/api/types/mount/mount.go b/vendor/github.com/docker/docker/api/types/mount/mount.go index 6fe04da257..c68dcf65bd 100644 --- a/vendor/github.com/docker/docker/api/types/mount/mount.go +++ b/vendor/github.com/docker/docker/api/types/mount/mount.go @@ -119,7 +119,11 @@ type TmpfsOptions struct { SizeBytes int64 `json:",omitempty"` // Mode of the tmpfs upon creation Mode os.FileMode `json:",omitempty"` - + // Options to be passed to the tmpfs mount. An array of arrays. Flag + // options should be provided as 1-length arrays. Other types should be + // provided as 2-length arrays, where the first item is the key and the + // second the value. + Options [][]string `json:",omitempty"` // TODO(stevvooe): There are several more tmpfs flags, specified in the // daemon, that are accepted. Only the most basic are added for now. // diff --git a/vendor/github.com/docker/docker/api/types/network/create_response.go b/vendor/github.com/docker/docker/api/types/network/create_response.go new file mode 100644 index 0000000000..c32b35bff5 --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/network/create_response.go @@ -0,0 +1,19 @@ +package network + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +// CreateResponse NetworkCreateResponse +// +// OK response to NetworkCreate operation +// swagger:model CreateResponse +type CreateResponse struct { + + // The ID of the created network. + // Required: true + ID string `json:"Id"` + + // Warnings encountered when creating the container + // Required: true + Warning string `json:"Warning"` +} diff --git a/vendor/github.com/docker/docker/api/types/network/endpoint.go b/vendor/github.com/docker/docker/api/types/network/endpoint.go index 9edd1c38d9..0fbb40b351 100644 --- a/vendor/github.com/docker/docker/api/types/network/endpoint.go +++ b/vendor/github.com/docker/docker/api/types/network/endpoint.go @@ -18,6 +18,7 @@ type EndpointSettings struct { // Once the container is running, it becomes operational data (it may contain a // generated address). MacAddress string + DriverOpts map[string]string // Operational data NetworkID string EndpointID string @@ -27,7 +28,6 @@ type EndpointSettings struct { IPv6Gateway string GlobalIPv6Address string GlobalIPv6PrefixLen int - DriverOpts map[string]string // DNSNames holds all the (non fully qualified) DNS names associated to this endpoint. First entry is used to // generate PTR records. DNSNames []string diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go index f1f300f3d7..c8db97a7e6 100644 --- a/vendor/github.com/docker/docker/api/types/network/network.go +++ b/vendor/github.com/docker/docker/api/types/network/network.go @@ -1,6 +1,8 @@ package network // import "github.com/docker/docker/api/types/network" import ( + "time" + "github.com/docker/docker/api/types/filters" ) @@ -17,6 +19,82 @@ const ( NetworkNat = "nat" ) +// CreateRequest is the request message sent to the server for network create call. +type CreateRequest struct { + CreateOptions + Name string // Name is the requested name of the network. + + // Deprecated: CheckDuplicate is deprecated since API v1.44, but it defaults to true when sent by the client + // package to older daemons. + CheckDuplicate *bool `json:",omitempty"` +} + +// CreateOptions holds options to create a network. +type CreateOptions struct { + Driver string // Driver is the driver-name used to create the network (e.g. `bridge`, `overlay`) + Scope string // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level). + EnableIPv6 *bool `json:",omitempty"` // EnableIPv6 represents whether to enable IPv6. + IPAM *IPAM // IPAM is the network's IP Address Management. + Internal bool // Internal represents if the network is used internal only. + Attachable bool // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode. + Ingress bool // Ingress indicates the network is providing the routing-mesh for the swarm cluster. + ConfigOnly bool // ConfigOnly creates a config-only network. Config-only networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services. + ConfigFrom *ConfigReference // ConfigFrom specifies the source which will provide the configuration for this network. The specified network must be a config-only network; see [CreateOptions.ConfigOnly]. + Options map[string]string // Options specifies the network-specific options to use for when creating the network. + Labels map[string]string // Labels holds metadata specific to the network being created. +} + +// ListOptions holds parameters to filter the list of networks with. +type ListOptions struct { + Filters filters.Args +} + +// InspectOptions holds parameters to inspect network. +type InspectOptions struct { + Scope string + Verbose bool +} + +// ConnectOptions represents the data to be used to connect a container to the +// network. +type ConnectOptions struct { + Container string + EndpointConfig *EndpointSettings `json:",omitempty"` +} + +// DisconnectOptions represents the data to be used to disconnect a container +// from the network. +type DisconnectOptions struct { + Container string + Force bool +} + +// Inspect is the body of the "get network" http response message. +type Inspect struct { + Name string // Name is the name of the network + ID string `json:"Id"` // ID uniquely identifies a network on a single machine + Created time.Time // Created is the time the network created + Scope string // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level) + Driver string // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`) + EnableIPv6 bool // EnableIPv6 represents whether to enable IPv6 + IPAM IPAM // IPAM is the network's IP Address Management + Internal bool // Internal represents if the network is used internal only + Attachable bool // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode. + Ingress bool // Ingress indicates the network is providing the routing-mesh for the swarm cluster. + ConfigFrom ConfigReference // ConfigFrom specifies the source which will provide the configuration for this network. + ConfigOnly bool // ConfigOnly networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services. + Containers map[string]EndpointResource // Containers contains endpoints belonging to the network + Options map[string]string // Options holds the network specific options to use for when creating the network + Labels map[string]string // Labels holds metadata specific to the network being created + Peers []PeerInfo `json:",omitempty"` // List of peer nodes for an overlay network + Services map[string]ServiceInfo `json:",omitempty"` +} + +// Summary is used as response when listing networks. It currently is an alias +// for [Inspect], but may diverge in the future, as not all information may +// be included when listing networks. +type Summary = Inspect + // Address represents an IP address type Address struct { Addr string @@ -45,6 +123,16 @@ type ServiceInfo struct { Tasks []Task } +// EndpointResource contains network resources allocated and used for a +// container in a network. +type EndpointResource struct { + Name string + EndpointID string + MacAddress string + IPv4Address string + IPv6Address string +} + // NetworkingConfig represents the container's networking configuration for each of its interfaces // Carries the networking configs specified in the `docker run` and `docker network connect` commands type NetworkingConfig struct { @@ -70,3 +158,9 @@ var acceptedFilters = map[string]bool{ func ValidateFilters(filter filters.Args) error { return filter.Validate(acceptedFilters) } + +// PruneReport contains the response for Engine API: +// POST "/networks/prune" +type PruneReport struct { + NetworksDeleted []string +} diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go index 6bbae93ef2..75ee07b15f 100644 --- a/vendor/github.com/docker/docker/api/types/registry/registry.go +++ b/vendor/github.com/docker/docker/api/types/registry/registry.go @@ -84,32 +84,6 @@ type IndexInfo struct { Official bool } -// SearchResult describes a search result returned from a registry -type SearchResult struct { - // StarCount indicates the number of stars this repository has - StarCount int `json:"star_count"` - // IsOfficial is true if the result is from an official repository. - IsOfficial bool `json:"is_official"` - // Name is the name of the repository - Name string `json:"name"` - // IsAutomated indicates whether the result is automated. - // - // Deprecated: the "is_automated" field is deprecated and will always be "false". - IsAutomated bool `json:"is_automated"` - // Description is a textual description of the repository - Description string `json:"description"` -} - -// SearchResults lists a collection search results returned from a registry -type SearchResults struct { - // Query contains the query string that generated the search results - Query string `json:"query"` - // NumResults indicates the number of results the query returned - NumResults int `json:"num_results"` - // Results is a slice containing the actual results for the search - Results []SearchResult `json:"results"` -} - // DistributionInspect describes the result obtained from contacting the // registry to retrieve image metadata type DistributionInspect struct { diff --git a/vendor/github.com/docker/docker/api/types/registry/search.go b/vendor/github.com/docker/docker/api/types/registry/search.go new file mode 100644 index 0000000000..a0a1eec544 --- /dev/null +++ b/vendor/github.com/docker/docker/api/types/registry/search.go @@ -0,0 +1,47 @@ +package registry + +import ( + "context" + + "github.com/docker/docker/api/types/filters" +) + +// SearchOptions holds parameters to search images with. +type SearchOptions struct { + RegistryAuth string + + // PrivilegeFunc is a [types.RequestPrivilegeFunc] the client can + // supply to retry operations after getting an authorization error. + // + // It must return the registry authentication header value in base64 + // format, or an error if the privilege request fails. + PrivilegeFunc func(context.Context) (string, error) + Filters filters.Args + Limit int +} + +// SearchResult describes a search result returned from a registry +type SearchResult struct { + // StarCount indicates the number of stars this repository has + StarCount int `json:"star_count"` + // IsOfficial is true if the result is from an official repository. + IsOfficial bool `json:"is_official"` + // Name is the name of the repository + Name string `json:"name"` + // IsAutomated indicates whether the result is automated. + // + // Deprecated: the "is_automated" field is deprecated and will always be "false". + IsAutomated bool `json:"is_automated"` + // Description is a textual description of the repository + Description string `json:"description"` +} + +// SearchResults lists a collection search results returned from a registry +type SearchResults struct { + // Query contains the query string that generated the search results + Query string `json:"query"` + // NumResults indicates the number of results the query returned + NumResults int `json:"num_results"` + // Results is a slice containing the actual results for the search + Results []SearchResult `json:"results"` +} diff --git a/vendor/github.com/docker/docker/api/types/swarm/container.go b/vendor/github.com/docker/docker/api/types/swarm/container.go index 65f61d2d20..30e3de70c0 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/container.go +++ b/vendor/github.com/docker/docker/api/types/swarm/container.go @@ -5,7 +5,6 @@ import ( "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/mount" - "github.com/docker/go-units" ) // DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf) @@ -115,5 +114,6 @@ type ContainerSpec struct { Sysctls map[string]string `json:",omitempty"` CapabilityAdd []string `json:",omitempty"` CapabilityDrop []string `json:",omitempty"` - Ulimits []*units.Ulimit `json:",omitempty"` + Ulimits []*container.Ulimit `json:",omitempty"` + OomScoreAdj int64 `json:",omitempty"` } diff --git a/vendor/github.com/docker/docker/api/types/system/info.go b/vendor/github.com/docker/docker/api/types/system/info.go index 89d4a0098e..6791cf3284 100644 --- a/vendor/github.com/docker/docker/api/types/system/info.go +++ b/vendor/github.com/docker/docker/api/types/system/info.go @@ -75,6 +75,8 @@ type Info struct { DefaultAddressPools []NetworkAddressPool `json:",omitempty"` CDISpecDirs []string + Containerd *ContainerdInfo `json:",omitempty"` + // Legacy API fields for older API versions. legacyFields @@ -85,6 +87,43 @@ type Info struct { Warnings []string } +// ContainerdInfo holds information about the containerd instance used by the daemon. +type ContainerdInfo struct { + // Address is the path to the containerd socket. + Address string `json:",omitempty"` + // Namespaces is the containerd namespaces used by the daemon. + Namespaces ContainerdNamespaces +} + +// ContainerdNamespaces reflects the containerd namespaces used by the daemon. +// +// These namespaces can be configured in the daemon configuration, and are +// considered to be used exclusively by the daemon, +// +// As these namespaces are considered to be exclusively accessed +// by the daemon, it is not recommended to change these values, +// or to change them to a value that is used by other systems, +// such as cri-containerd. +type ContainerdNamespaces struct { + // Containers holds the default containerd namespace used for + // containers managed by the daemon. + // + // The default namespace for containers is "moby", but will be + // suffixed with the `.` of the remapped `root` if + // user-namespaces are enabled and the containerd image-store + // is used. + Containers string + + // Plugins holds the default containerd namespace used for + // plugins managed by the daemon. + // + // The default namespace for plugins is "moby", but will be + // suffixed with the `.` of the remapped `root` if + // user-namespaces are enabled and the containerd image-store + // is used. + Plugins string +} + type legacyFields struct { ExecutionDriver string `json:",omitempty"` // Deprecated: deprecated since API v1.25, but returned for older versions. } diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go index ca07162a20..fe99b74392 100644 --- a/vendor/github.com/docker/docker/api/types/types.go +++ b/vendor/github.com/docker/docker/api/types/types.go @@ -1,8 +1,6 @@ package types // import "github.com/docker/docker/api/types" import ( - "io" - "os" "time" "github.com/docker/docker/api/types/container" @@ -155,36 +153,13 @@ type Container struct { State string Status string HostConfig struct { - NetworkMode string `json:",omitempty"` + NetworkMode string `json:",omitempty"` + Annotations map[string]string `json:",omitempty"` } NetworkSettings *SummaryNetworkSettings Mounts []MountPoint } -// CopyConfig contains request body of Engine API: -// POST "/containers/"+containerID+"/copy" -type CopyConfig struct { - Resource string -} - -// ContainerPathStat is used to encode the header from -// GET "/containers/{name:.*}/archive" -// "Name" is the file or directory name. -type ContainerPathStat struct { - Name string `json:"name"` - Size int64 `json:"size"` - Mode os.FileMode `json:"mode"` - Mtime time.Time `json:"mtime"` - LinkTarget string `json:"linkTarget"` -} - -// ContainerStats contains response of Engine API: -// GET "/stats" -type ContainerStats struct { - Body io.ReadCloser `json:"body"` - OSType string `json:"ostype"` -} - // Ping contains response of Engine API: // GET "/_ping" type Ping struct { @@ -230,17 +205,6 @@ type Version struct { BuildTime string `json:",omitempty"` } -// ExecStartCheck is a temp struct used by execStart -// Config fields is part of ExecConfig in runconfig package -type ExecStartCheck struct { - // ExecStart will first check if it's detached - Detach bool - // Check if there's a tty - Tty bool - // Terminal size [height, width], unused if Tty == false - ConsoleSize *[2]uint `json:",omitempty"` -} - // HealthcheckResult stores information about a single run of a healthcheck probe type HealthcheckResult struct { Start time.Time // Start is the time this check started @@ -281,18 +245,6 @@ type ContainerState struct { Health *Health `json:",omitempty"` } -// ContainerNode stores information about the node that a container -// is running on. It's only used by the Docker Swarm standalone API -type ContainerNode struct { - ID string - IPAddress string `json:"IP"` - Addr string - Name string - Cpus int - Memory int64 - Labels map[string]string -} - // ContainerJSONBase contains response of Engine API: // GET "/containers/{name:.*}/json" type ContainerJSONBase struct { @@ -306,7 +258,7 @@ type ContainerJSONBase struct { HostnamePath string HostsPath string LogPath string - Node *ContainerNode `json:",omitempty"` // Node is only propagated by Docker Swarm standalone API + Node *ContainerNode `json:",omitempty"` // Deprecated: Node was only propagated by Docker Swarm standalone API. It sill be removed in the next release. Name string RestartCount int Driver string @@ -423,84 +375,6 @@ type MountPoint struct { Propagation mount.Propagation } -// NetworkResource is the body of the "get network" http response message -type NetworkResource struct { - Name string // Name is the requested name of the network - ID string `json:"Id"` // ID uniquely identifies a network on a single machine - Created time.Time // Created is the time the network created - Scope string // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level) - Driver string // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`) - EnableIPv6 bool // EnableIPv6 represents whether to enable IPv6 - IPAM network.IPAM // IPAM is the network's IP Address Management - Internal bool // Internal represents if the network is used internal only - Attachable bool // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode. - Ingress bool // Ingress indicates the network is providing the routing-mesh for the swarm cluster. - ConfigFrom network.ConfigReference // ConfigFrom specifies the source which will provide the configuration for this network. - ConfigOnly bool // ConfigOnly networks are place-holder networks for network configurations to be used by other networks. ConfigOnly networks cannot be used directly to run containers or services. - Containers map[string]EndpointResource // Containers contains endpoints belonging to the network - Options map[string]string // Options holds the network specific options to use for when creating the network - Labels map[string]string // Labels holds metadata specific to the network being created - Peers []network.PeerInfo `json:",omitempty"` // List of peer nodes for an overlay network - Services map[string]network.ServiceInfo `json:",omitempty"` -} - -// EndpointResource contains network resources allocated and used for a container in a network -type EndpointResource struct { - Name string - EndpointID string - MacAddress string - IPv4Address string - IPv6Address string -} - -// NetworkCreate is the expected body of the "create network" http request message -type NetworkCreate struct { - // Deprecated: CheckDuplicate is deprecated since API v1.44, but it defaults to true when sent by the client - // package to older daemons. - CheckDuplicate bool `json:",omitempty"` - Driver string - Scope string - EnableIPv6 bool - IPAM *network.IPAM - Internal bool - Attachable bool - Ingress bool - ConfigOnly bool - ConfigFrom *network.ConfigReference - Options map[string]string - Labels map[string]string -} - -// NetworkCreateRequest is the request message sent to the server for network create call. -type NetworkCreateRequest struct { - NetworkCreate - Name string -} - -// NetworkCreateResponse is the response message sent by the server for network create call -type NetworkCreateResponse struct { - ID string `json:"Id"` - Warning string -} - -// NetworkConnect represents the data to be used to connect a container to the network -type NetworkConnect struct { - Container string - EndpointConfig *network.EndpointSettings `json:",omitempty"` -} - -// NetworkDisconnect represents the data to be used to disconnect a container from the network -type NetworkDisconnect struct { - Container string - Force bool -} - -// NetworkInspectOptions holds parameters to inspect network -type NetworkInspectOptions struct { - Scope string - Verbose bool -} - // DiskUsageObject represents an object type used for disk usage query filtering. type DiskUsageObject string @@ -533,27 +407,6 @@ type DiskUsage struct { BuilderSize int64 `json:",omitempty"` // Deprecated: deprecated in API 1.38, and no longer used since API 1.40. } -// ContainersPruneReport contains the response for Engine API: -// POST "/containers/prune" -type ContainersPruneReport struct { - ContainersDeleted []string - SpaceReclaimed uint64 -} - -// VolumesPruneReport contains the response for Engine API: -// POST "/volumes/prune" -type VolumesPruneReport struct { - VolumesDeleted []string - SpaceReclaimed uint64 -} - -// ImagesPruneReport contains the response for Engine API: -// POST "/images/prune" -type ImagesPruneReport struct { - ImagesDeleted []image.DeleteResponse - SpaceReclaimed uint64 -} - // BuildCachePruneReport contains the response for Engine API: // POST "/build/prune" type BuildCachePruneReport struct { @@ -561,12 +414,6 @@ type BuildCachePruneReport struct { SpaceReclaimed uint64 } -// NetworksPruneReport contains the response for Engine API: -// POST "/networks/prune" -type NetworksPruneReport struct { - NetworksDeleted []string -} - // SecretCreateResponse contains the information returned to a client // on the creation of a new secret. type SecretCreateResponse struct { diff --git a/vendor/github.com/docker/docker/api/types/types_deprecated.go b/vendor/github.com/docker/docker/api/types/types_deprecated.go index 231a5cca46..43ffe104aa 100644 --- a/vendor/github.com/docker/docker/api/types/types_deprecated.go +++ b/vendor/github.com/docker/docker/api/types/types_deprecated.go @@ -1,35 +1,210 @@ package types import ( + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/api/types/events" "github.com/docker/docker/api/types/image" + "github.com/docker/docker/api/types/network" + "github.com/docker/docker/api/types/registry" + "github.com/docker/docker/api/types/volume" ) -// ImageImportOptions holds information to import images from the client host. +// ImagesPruneReport contains the response for Engine API: +// POST "/images/prune" // -// Deprecated: use [image.ImportOptions]. -type ImageImportOptions = image.ImportOptions +// Deprecated: use [image.PruneReport]. +type ImagesPruneReport = image.PruneReport -// ImageCreateOptions holds information to create images. +// VolumesPruneReport contains the response for Engine API: +// POST "/volumes/prune". // -// Deprecated: use [image.CreateOptions]. -type ImageCreateOptions = image.CreateOptions +// Deprecated: use [volume.PruneReport]. +type VolumesPruneReport = volume.PruneReport -// ImagePullOptions holds information to pull images. +// NetworkCreateRequest is the request message sent to the server for network create call. // -// Deprecated: use [image.PullOptions]. -type ImagePullOptions = image.PullOptions +// Deprecated: use [network.CreateRequest]. +type NetworkCreateRequest = network.CreateRequest -// ImagePushOptions holds information to push images. +// NetworkCreate is the expected body of the "create network" http request message // -// Deprecated: use [image.PushOptions]. -type ImagePushOptions = image.PushOptions +// Deprecated: use [network.CreateOptions]. +type NetworkCreate = network.CreateOptions -// ImageListOptions holds parameters to list images with. +// NetworkListOptions holds parameters to filter the list of networks with. // -// Deprecated: use [image.ListOptions]. -type ImageListOptions = image.ListOptions +// Deprecated: use [network.ListOptions]. +type NetworkListOptions = network.ListOptions -// ImageRemoveOptions holds parameters to remove images. +// NetworkCreateResponse is the response message sent by the server for network create call. // -// Deprecated: use [image.RemoveOptions]. -type ImageRemoveOptions = image.RemoveOptions +// Deprecated: use [network.CreateResponse]. +type NetworkCreateResponse = network.CreateResponse + +// NetworkInspectOptions holds parameters to inspect network. +// +// Deprecated: use [network.InspectOptions]. +type NetworkInspectOptions = network.InspectOptions + +// NetworkConnect represents the data to be used to connect a container to the network +// +// Deprecated: use [network.ConnectOptions]. +type NetworkConnect = network.ConnectOptions + +// NetworkDisconnect represents the data to be used to disconnect a container from the network +// +// Deprecated: use [network.DisconnectOptions]. +type NetworkDisconnect = network.DisconnectOptions + +// EndpointResource contains network resources allocated and used for a container in a network. +// +// Deprecated: use [network.EndpointResource]. +type EndpointResource = network.EndpointResource + +// NetworkResource is the body of the "get network" http response message/ +// +// Deprecated: use [network.Inspect] or [network.Summary] (for list operations). +type NetworkResource = network.Inspect + +// NetworksPruneReport contains the response for Engine API: +// POST "/networks/prune" +// +// Deprecated: use [network.PruneReport]. +type NetworksPruneReport = network.PruneReport + +// ExecConfig is a small subset of the Config struct that holds the configuration +// for the exec feature of docker. +// +// Deprecated: use [container.ExecOptions]. +type ExecConfig = container.ExecOptions + +// ExecStartCheck is a temp struct used by execStart +// Config fields is part of ExecConfig in runconfig package +// +// Deprecated: use [container.ExecStartOptions] or [container.ExecAttachOptions]. +type ExecStartCheck = container.ExecStartOptions + +// ContainerExecInspect holds information returned by exec inspect. +// +// Deprecated: use [container.ExecInspect]. +type ContainerExecInspect = container.ExecInspect + +// ContainersPruneReport contains the response for Engine API: +// POST "/containers/prune" +// +// Deprecated: use [container.PruneReport]. +type ContainersPruneReport = container.PruneReport + +// ContainerPathStat is used to encode the header from +// GET "/containers/{name:.*}/archive" +// "Name" is the file or directory name. +// +// Deprecated: use [container.PathStat]. +type ContainerPathStat = container.PathStat + +// CopyToContainerOptions holds information +// about files to copy into a container. +// +// Deprecated: use [container.CopyToContainerOptions], +type CopyToContainerOptions = container.CopyToContainerOptions + +// ContainerStats contains response of Engine API: +// GET "/stats" +// +// Deprecated: use [container.StatsResponseReader]. +type ContainerStats = container.StatsResponseReader + +// ThrottlingData stores CPU throttling stats of one running container. +// Not used on Windows. +// +// Deprecated: use [container.ThrottlingData]. +type ThrottlingData = container.ThrottlingData + +// CPUUsage stores All CPU stats aggregated since container inception. +// +// Deprecated: use [container.CPUUsage]. +type CPUUsage = container.CPUUsage + +// CPUStats aggregates and wraps all CPU related info of container +// +// Deprecated: use [container.CPUStats]. +type CPUStats = container.CPUStats + +// MemoryStats aggregates all memory stats since container inception on Linux. +// Windows returns stats for commit and private working set only. +// +// Deprecated: use [container.MemoryStats]. +type MemoryStats = container.MemoryStats + +// BlkioStatEntry is one small entity to store a piece of Blkio stats +// Not used on Windows. +// +// Deprecated: use [container.BlkioStatEntry]. +type BlkioStatEntry = container.BlkioStatEntry + +// BlkioStats stores All IO service stats for data read and write. +// This is a Linux specific structure as the differences between expressing +// block I/O on Windows and Linux are sufficiently significant to make +// little sense attempting to morph into a combined structure. +// +// Deprecated: use [container.BlkioStats]. +type BlkioStats = container.BlkioStats + +// StorageStats is the disk I/O stats for read/write on Windows. +// +// Deprecated: use [container.StorageStats]. +type StorageStats = container.StorageStats + +// NetworkStats aggregates the network stats of one container +// +// Deprecated: use [container.NetworkStats]. +type NetworkStats = container.NetworkStats + +// PidsStats contains the stats of a container's pids +// +// Deprecated: use [container.PidsStats]. +type PidsStats = container.PidsStats + +// Stats is Ultimate struct aggregating all types of stats of one container +// +// Deprecated: use [container.Stats]. +type Stats = container.Stats + +// StatsJSON is newly used Networks +// +// Deprecated: use [container.StatsResponse]. +type StatsJSON = container.StatsResponse + +// EventsOptions holds parameters to filter events with. +// +// Deprecated: use [events.ListOptions]. +type EventsOptions = events.ListOptions + +// ImageSearchOptions holds parameters to search images with. +// +// Deprecated: use [registry.SearchOptions]. +type ImageSearchOptions = registry.SearchOptions + +// ImageImportSource holds source information for ImageImport +// +// Deprecated: use [image.ImportSource]. +type ImageImportSource image.ImportSource + +// ImageLoadResponse returns information to the client about a load process. +// +// Deprecated: use [image.LoadResponse]. +type ImageLoadResponse = image.LoadResponse + +// ContainerNode stores information about the node that a container +// is running on. It's only used by the Docker Swarm standalone API. +// +// Deprecated: ContainerNode was used for the classic Docker Swarm standalone API. It will be removed in the next release. +type ContainerNode struct { + ID string + IPAddress string `json:"IP"` + Addr string + Name string + Cpus int + Memory int64 + Labels map[string]string +} diff --git a/vendor/github.com/docker/docker/api/types/volume/options.go b/vendor/github.com/docker/docker/api/types/volume/options.go index 8b0dd13899..0b9645e006 100644 --- a/vendor/github.com/docker/docker/api/types/volume/options.go +++ b/vendor/github.com/docker/docker/api/types/volume/options.go @@ -6,3 +6,10 @@ import "github.com/docker/docker/api/types/filters" type ListOptions struct { Filters filters.Args } + +// PruneReport contains the response for Engine API: +// POST "/volumes/prune" +type PruneReport struct { + VolumesDeleted []string + SpaceReclaimed uint64 +} diff --git a/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go b/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go index 146e5bdf3d..f06f22dadb 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/buildargs.go @@ -4,8 +4,6 @@ import ( "fmt" "io" "sort" - - "github.com/docker/docker/runconfig/opts" ) // builtinAllowedBuildArgs is list of built-in allowed build args @@ -138,7 +136,7 @@ func (b *BuildArgs) getAllFromMapping(source map[string]*string) map[string]stri // FilterAllowed returns all allowed args without the filtered args func (b *BuildArgs) FilterAllowed(filter []string) []string { envs := []string{} - configEnv := opts.ConvertKVStringsToMap(filter) + configEnv := convertKVStringsToMap(filter) for key, val := range b.GetAllAllowed() { if _, ok := configEnv[key]; !ok { diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder.go b/vendor/github.com/docker/docker/builder/dockerfile/builder.go index 804d294bb2..be03511a3f 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/builder.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/builder.go @@ -159,7 +159,7 @@ func newBuilder(ctx context.Context, options builderOptions) (*Builder, error) { if config.Platform != "" { sp, err := platforms.Parse(config.Platform) if err != nil { - return nil, err + return nil, errdefs.InvalidParameter(err) } b.platform = &sp } @@ -187,7 +187,7 @@ func buildLabelOptions(labels map[string]string, stages []instructions.Stage) { func (b *Builder) build(ctx context.Context, source builder.Source, dockerfile *parser.Result) (*builder.Result, error) { defer b.imageSources.Unmount() - stages, metaArgs, err := instructions.Parse(dockerfile.AST) + stages, metaArgs, err := instructions.Parse(dockerfile.AST, nil) if err != nil { var uiErr *instructions.UnknownInstructionError if errors.As(err, &uiErr) { @@ -230,7 +230,8 @@ func processMetaArg(meta instructions.ArgCommand, shlex *shell.Lex, args *BuildA // shell.Lex currently only support the concatenated string format envs := convertMapToEnvList(args.GetAllAllowed()) if err := meta.Expand(func(word string) (string, error) { - return shlex.ProcessWord(word, envs) + newword, _, err := shlex.ProcessWord(word, envs) + return newword, err }); err != nil { return err } @@ -380,3 +381,14 @@ func convertMapToEnvList(m map[string]string) []string { } return result } + +// convertKVStringsToMap converts ["key=value"] to {"key":"value"} +func convertKVStringsToMap(values []string) map[string]string { + result := make(map[string]string, len(values)) + for _, value := range values { + k, v, _ := strings.Cut(value, "=") + result[k] = v + } + + return result +} diff --git a/vendor/github.com/docker/docker/builder/dockerfile/copy.go b/vendor/github.com/docker/docker/builder/dockerfile/copy.go index 7342a8961a..8f54816981 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/copy.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/copy.go @@ -477,7 +477,7 @@ func performCopyForInfo(dest copyInfo, source copyInfo, options copyFileOptions) } // dest.path must be used because destPath has already been cleaned of any // trailing slash - if endsInSlash(dest.path) || destExistsAsDir { + if destExistsAsDir || strings.HasSuffix(dest.path, string(os.PathSeparator)) { // source.path must be used to get the correct filename when the source // is a symlink destPath = filepath.Join(destPath, filepath.Base(source.path)) @@ -524,10 +524,6 @@ func copyFile(archiver *archive.Archiver, source, dest string, identity *idtools return nil } -func endsInSlash(path string) bool { - return strings.HasSuffix(path, string(filepath.Separator)) -} - // isExistingDirectory returns true if the path exists and is a directory func isExistingDirectory(path string) (bool, error) { destStat, err := os.Stat(path) diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go index 7183042012..c302eeebd5 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go @@ -166,17 +166,17 @@ func initializeStage(ctx context.Context, d dispatchRequest, cmd *instructions.S p, err := platforms.Parse(v) if err != nil { - return errors.Wrapf(err, "failed to parse platform %s", v) + return errors.Wrapf(errdefs.InvalidParameter(err), "failed to parse platform %s", v) } platform = &p } - image, err := d.getFromImage(ctx, d.shlex, cmd.BaseName, platform) + img, err := d.getFromImage(ctx, d.shlex, cmd.BaseName, platform) if err != nil { return err } state := d.state - if err := state.beginStage(cmd.Name, image); err != nil { + if err := state.beginStage(cmd.Name, img); err != nil { return err } if len(state.runConfig.OnBuild) > 0 { @@ -224,7 +224,7 @@ func (d *dispatchRequest) getExpandedString(shlex *shell.Lex, str string) (strin substitutionArgs = append(substitutionArgs, key+"="+value) } - name, err := shlex.ProcessWord(str, substitutionArgs) + name, _, err := shlex.ProcessWord(str, substitutionArgs) if err != nil { return "", err } diff --git a/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go b/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go index 3b6f1bd153..2bf74ed07f 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/evaluator.go @@ -30,7 +30,6 @@ import ( "github.com/docker/docker/errdefs" "github.com/docker/docker/image" "github.com/docker/docker/oci" - "github.com/docker/docker/runconfig/opts" "github.com/moby/buildkit/frontend/dockerfile/instructions" "github.com/moby/buildkit/frontend/dockerfile/shell" "github.com/pkg/errors" @@ -48,7 +47,8 @@ func dispatch(ctx context.Context, d dispatchRequest, cmd instructions.Command) if ex, ok := cmd.(instructions.SupportsSingleWordExpansion); ok { err := ex.Expand(func(word string) (string, error) { - return d.shlex.ProcessWord(word, envs) + newword, _, err := d.shlex.ProcessWord(word, envs) + return newword, err }) if err != nil { return errdefs.InvalidParameter(err) @@ -242,7 +242,7 @@ func (s *dispatchState) setDefaultPath() { if defaultPath == "" { return } - envMap := opts.ConvertKVStringsToMap(s.runConfig.Env) + envMap := convertKVStringsToMap(s.runConfig.Env) if _, ok := envMap["PATH"]; !ok { s.runConfig.Env = append(s.runConfig.Env, "PATH="+defaultPath) } diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals.go b/vendor/github.com/docker/docker/builder/dockerfile/internals.go index feca83e9f2..2439efe37b 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/internals.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/internals.go @@ -17,11 +17,11 @@ import ( "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/network" "github.com/docker/docker/builder" + networkSettings "github.com/docker/docker/daemon/network" "github.com/docker/docker/image" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/chrootarchive" "github.com/docker/docker/pkg/stringid" - "github.com/docker/docker/runconfig" "github.com/docker/go-connections/nat" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" @@ -130,26 +130,24 @@ func (b *Builder) performCopy(ctx context.Context, req dispatchRequest, inst cop commentStr := fmt.Sprintf("%s %s%s in %s ", inst.cmdName, chownComment, srcHash, inst.dest) // TODO: should this have been using origPaths instead of srcHash in the comment? - runConfigWithCommentCmd := copyRunConfig( - state.runConfig, - withCmdCommentString(commentStr, state.operatingSystem)) + runConfigWithCommentCmd := copyRunConfig(state.runConfig, withCmdCommentString(commentStr, state.operatingSystem)) hit, err := b.probeCache(state, runConfigWithCommentCmd) if err != nil || hit { return err } - imageMount, err := b.imageSources.Get(ctx, state.imageID, true, req.builder.platform) + imgMount, err := b.imageSources.Get(ctx, state.imageID, true, req.builder.platform) if err != nil { return errors.Wrapf(err, "failed to get destination image %q", state.imageID) } - rwLayer, err := imageMount.NewRWLayer() + rwLayer, err := imgMount.NewRWLayer() if err != nil { return err } defer rwLayer.Release() - destInfo, err := createDestInfo(state.runConfig.WorkingDir, inst, rwLayer, state.operatingSystem) + destInfo, err := createDestInfo(state.runConfig.WorkingDir, inst, rwLayer) if err != nil { return err } @@ -181,10 +179,10 @@ func (b *Builder) performCopy(ctx context.Context, req dispatchRequest, inst cop return errors.Wrapf(err, "failed to copy files") } } - return b.exportImage(ctx, state, rwLayer, imageMount.Image(), runConfigWithCommentCmd) + return b.exportImage(ctx, state, rwLayer, imgMount.Image(), runConfigWithCommentCmd) } -func createDestInfo(workingDir string, inst copyInstruction, rwLayer builder.RWLayer, platform string) (copyInfo, error) { +func createDestInfo(workingDir string, inst copyInstruction, rwLayer builder.RWLayer) (copyInfo, error) { // Twiddle the destination when it's a relative path - meaning, make it // relative to the WORKINGDIR dest, err := normalizeDest(workingDir, inst.dest) @@ -280,38 +278,38 @@ func withoutHealthcheck() runConfigModifier { } func copyRunConfig(runConfig *container.Config, modifiers ...runConfigModifier) *container.Config { - copy := *runConfig - copy.Cmd = copyStringSlice(runConfig.Cmd) - copy.Env = copyStringSlice(runConfig.Env) - copy.Entrypoint = copyStringSlice(runConfig.Entrypoint) - copy.OnBuild = copyStringSlice(runConfig.OnBuild) - copy.Shell = copyStringSlice(runConfig.Shell) - - if copy.Volumes != nil { - copy.Volumes = make(map[string]struct{}, len(runConfig.Volumes)) + cfgCopy := *runConfig + cfgCopy.Cmd = copyStringSlice(runConfig.Cmd) + cfgCopy.Env = copyStringSlice(runConfig.Env) + cfgCopy.Entrypoint = copyStringSlice(runConfig.Entrypoint) + cfgCopy.OnBuild = copyStringSlice(runConfig.OnBuild) + cfgCopy.Shell = copyStringSlice(runConfig.Shell) + + if cfgCopy.Volumes != nil { + cfgCopy.Volumes = make(map[string]struct{}, len(runConfig.Volumes)) for k, v := range runConfig.Volumes { - copy.Volumes[k] = v + cfgCopy.Volumes[k] = v } } - if copy.ExposedPorts != nil { - copy.ExposedPorts = make(nat.PortSet, len(runConfig.ExposedPorts)) + if cfgCopy.ExposedPorts != nil { + cfgCopy.ExposedPorts = make(nat.PortSet, len(runConfig.ExposedPorts)) for k, v := range runConfig.ExposedPorts { - copy.ExposedPorts[k] = v + cfgCopy.ExposedPorts[k] = v } } - if copy.Labels != nil { - copy.Labels = make(map[string]string, len(runConfig.Labels)) + if cfgCopy.Labels != nil { + cfgCopy.Labels = make(map[string]string, len(runConfig.Labels)) for k, v := range runConfig.Labels { - copy.Labels[k] = v + cfgCopy.Labels[k] = v } } for _, modifier := range modifiers { - modifier(©) + modifier(&cfgCopy) } - return © + return &cfgCopy } func copyStringSlice(orig []string) []string { @@ -335,7 +333,7 @@ func (b *Builder) probeCache(dispatchState *dispatchState, runConfig *container. if cachedID == "" || err != nil { return false, err } - fmt.Fprint(b.Stdout, " ---> Using cache\n") + _, _ = fmt.Fprintln(b.Stdout, " ---> Using cache") dispatchState.imageID = cachedID return true, nil @@ -354,16 +352,15 @@ func (b *Builder) create(ctx context.Context, runConfig *container.Config) (stri log.G(ctx).Debugf("[BUILDER] Command to be executed: %v", runConfig.Cmd) hostConfig := hostConfigFromOptions(b.options) - container, err := b.containerManager.Create(ctx, runConfig, hostConfig) + ctr, err := b.containerManager.Create(ctx, runConfig, hostConfig) if err != nil { return "", err } - // TODO: could this be moved into containerManager.Create() ? - for _, warning := range container.Warnings { - fmt.Fprintf(b.Stdout, " ---> [Warning] %s\n", warning) + for _, warning := range ctr.Warnings { + _, _ = fmt.Fprintf(b.Stdout, " ---> [Warning] %s\n", warning) } - fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(container.ID)) - return container.ID, nil + _, _ = fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(ctr.ID)) + return ctr.ID, nil } func hostConfigFromOptions(options *types.ImageBuildOptions) *container.HostConfig { @@ -385,7 +382,7 @@ func hostConfigFromOptions(options *types.ImageBuildOptions) *container.HostConf // This is in line with what the ContainerCreate API endpoint does. networkMode := options.NetworkMode if networkMode == "" || networkMode == network.NetworkDefault { - networkMode = runconfig.DefaultDaemonNetworkMode().NetworkName() + networkMode = networkSettings.DefaultNetwork } hc := &container.HostConfig{ diff --git a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go index b21c7e8a8c..f79f8e16e1 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/internals_windows.go @@ -10,6 +10,7 @@ import ( "github.com/containerd/containerd/platforms" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/mount" + "github.com/docker/docker/errdefs" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/jsonmessage" "golang.org/x/sys/windows" @@ -62,7 +63,7 @@ func lookupNTAccount(ctx context.Context, builder *Builder, accountName string, optionsPlatform, err := platforms.Parse(builder.options.Platform) if err != nil { - return idtools.Identity{}, err + return idtools.Identity{}, errdefs.InvalidParameter(err) } runConfig := copyRunConfig(state.runConfig, diff --git a/vendor/github.com/docker/docker/builder/remotecontext/remote.go b/vendor/github.com/docker/docker/builder/remotecontext/remote.go index 6bac5d1d62..a8aeb2d90e 100644 --- a/vendor/github.com/docker/docker/builder/remotecontext/remote.go +++ b/vendor/github.com/docker/docker/builder/remotecontext/remote.go @@ -44,8 +44,8 @@ func downloadRemote(remoteURL string) (string, io.ReadCloser, error) { // GetWithStatusError does an http.Get() and returns an error if the // status code is 4xx or 5xx. func GetWithStatusError(address string) (resp *http.Response, err error) { - // #nosec G107 - if resp, err = http.Get(address); err != nil { + resp, err = http.Get(address) // #nosec G107 -- ignore G107: Potential HTTP request made with variable url + if err != nil { if uerr, ok := err.(*url.Error); ok { if derr, ok := uerr.Err.(*net.DNSError); ok && !derr.IsTimeout { return nil, errdefs.NotFound(err) diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go index f2eeb6c570..60d91bc65b 100644 --- a/vendor/github.com/docker/docker/client/client.go +++ b/vendor/github.com/docker/docker/client/client.go @@ -49,6 +49,8 @@ import ( "net/url" "path" "strings" + "sync" + "sync/atomic" "time" "github.com/docker/docker/api" @@ -131,7 +133,10 @@ type Client struct { negotiateVersion bool // negotiated indicates that API version negotiation took place - negotiated bool + negotiated atomic.Bool + + // negotiateLock is used to single-flight the version negotiation process + negotiateLock sync.Mutex tp trace.TracerProvider @@ -266,7 +271,16 @@ func (cli *Client) Close() error { // be negotiated when making the actual requests, and for which cases // we cannot do the negotiation lazily. func (cli *Client) checkVersion(ctx context.Context) error { - if !cli.manualOverride && cli.negotiateVersion && !cli.negotiated { + if !cli.manualOverride && cli.negotiateVersion && !cli.negotiated.Load() { + // Ensure exclusive write access to version and negotiated fields + cli.negotiateLock.Lock() + defer cli.negotiateLock.Unlock() + + // May have been set during last execution of critical zone + if cli.negotiated.Load() { + return nil + } + ping, err := cli.Ping(ctx) if err != nil { return err @@ -312,6 +326,10 @@ func (cli *Client) ClientVersion() string { // added (1.24). func (cli *Client) NegotiateAPIVersion(ctx context.Context) { if !cli.manualOverride { + // Avoid concurrent modification of version-related fields + cli.negotiateLock.Lock() + defer cli.negotiateLock.Unlock() + ping, err := cli.Ping(ctx) if err != nil { // FIXME(thaJeztah): Ping returns an error when failing to connect to the API; we should not swallow the error here, and instead returning it. @@ -336,6 +354,10 @@ func (cli *Client) NegotiateAPIVersion(ctx context.Context) { // added (1.24). func (cli *Client) NegotiateAPIVersionPing(pingResponse types.Ping) { if !cli.manualOverride { + // Avoid concurrent modification of version-related fields + cli.negotiateLock.Lock() + defer cli.negotiateLock.Unlock() + cli.negotiateAPIVersionPing(pingResponse) } } @@ -361,7 +383,7 @@ func (cli *Client) negotiateAPIVersionPing(pingResponse types.Ping) { // Store the results, so that automatic API version negotiation (if enabled) // won't be performed on the next request. if cli.negotiateVersion { - cli.negotiated = true + cli.negotiated.Store(true) } } diff --git a/vendor/github.com/docker/docker/client/container_copy.go b/vendor/github.com/docker/docker/client/container_copy.go index 883be7fa34..8490a3b156 100644 --- a/vendor/github.com/docker/docker/client/container_copy.go +++ b/vendor/github.com/docker/docker/client/container_copy.go @@ -11,11 +11,11 @@ import ( "path/filepath" "strings" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" ) // ContainerStatPath returns stat information about a path inside the container filesystem. -func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) { +func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (container.PathStat, error) { query := url.Values{} query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API. @@ -23,14 +23,14 @@ func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path stri response, err := cli.head(ctx, urlStr, query, nil) defer ensureReaderClosed(response) if err != nil { - return types.ContainerPathStat{}, err + return container.PathStat{}, err } return getContainerPathStatFromHeader(response.header) } // CopyToContainer copies content into the container filesystem. // Note that `content` must be a Reader for a TAR archive -func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath string, content io.Reader, options types.CopyToContainerOptions) error { +func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath string, content io.Reader, options container.CopyToContainerOptions) error { query := url.Values{} query.Set("path", filepath.ToSlash(dstPath)) // Normalize the paths used in the API. // Do not allow for an existing directory to be overwritten by a non-directory and vice versa. @@ -55,14 +55,14 @@ func (cli *Client) CopyToContainer(ctx context.Context, containerID, dstPath str // CopyFromContainer gets the content from the container and returns it as a Reader // for a TAR archive to manipulate it in the host. It's up to the caller to close the reader. -func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) { +func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath string) (io.ReadCloser, container.PathStat, error) { query := make(url.Values, 1) query.Set("path", filepath.ToSlash(srcPath)) // Normalize the paths used in the API. apiPath := "/containers/" + containerID + "/archive" response, err := cli.get(ctx, apiPath, query, nil) if err != nil { - return nil, types.ContainerPathStat{}, err + return nil, container.PathStat{}, err } // In order to get the copy behavior right, we need to know information @@ -78,8 +78,8 @@ func (cli *Client) CopyFromContainer(ctx context.Context, containerID, srcPath s return response.body, stat, err } -func getContainerPathStatFromHeader(header http.Header) (types.ContainerPathStat, error) { - var stat types.ContainerPathStat +func getContainerPathStatFromHeader(header http.Header) (container.PathStat, error) { + var stat container.PathStat encodedStat := header.Get("X-Docker-Container-Path-Stat") statDecoder := base64.NewDecoder(base64.StdEncoding, strings.NewReader(encodedStat)) diff --git a/vendor/github.com/docker/docker/client/container_exec.go b/vendor/github.com/docker/docker/client/container_exec.go index 526a3876a4..9379448d1a 100644 --- a/vendor/github.com/docker/docker/client/container_exec.go +++ b/vendor/github.com/docker/docker/client/container_exec.go @@ -6,11 +6,12 @@ import ( "net/http" "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/versions" ) // ContainerExecCreate creates a new exec configuration to run an exec process. -func (cli *Client) ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error) { +func (cli *Client) ContainerExecCreate(ctx context.Context, container string, options container.ExecOptions) (types.IDResponse, error) { var response types.IDResponse // Make sure we negotiated (if the client is configured to do so), @@ -22,14 +23,14 @@ func (cli *Client) ContainerExecCreate(ctx context.Context, container string, co return response, err } - if err := cli.NewVersionError(ctx, "1.25", "env"); len(config.Env) != 0 && err != nil { + if err := cli.NewVersionError(ctx, "1.25", "env"); len(options.Env) != 0 && err != nil { return response, err } if versions.LessThan(cli.ClientVersion(), "1.42") { - config.ConsoleSize = nil + options.ConsoleSize = nil } - resp, err := cli.post(ctx, "/containers/"+container+"/exec", nil, config, nil) + resp, err := cli.post(ctx, "/containers/"+container+"/exec", nil, options, nil) defer ensureReaderClosed(resp) if err != nil { return response, err @@ -39,7 +40,7 @@ func (cli *Client) ContainerExecCreate(ctx context.Context, container string, co } // ContainerExecStart starts an exec process already created in the docker host. -func (cli *Client) ContainerExecStart(ctx context.Context, execID string, config types.ExecStartCheck) error { +func (cli *Client) ContainerExecStart(ctx context.Context, execID string, config container.ExecStartOptions) error { if versions.LessThan(cli.ClientVersion(), "1.42") { config.ConsoleSize = nil } @@ -52,7 +53,7 @@ func (cli *Client) ContainerExecStart(ctx context.Context, execID string, config // It returns a types.HijackedConnection with the hijacked connection // and the a reader to get output. It's up to the called to close // the hijacked connection by calling types.HijackedResponse.Close. -func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error) { +func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, config container.ExecAttachOptions) (types.HijackedResponse, error) { if versions.LessThan(cli.ClientVersion(), "1.42") { config.ConsoleSize = nil } @@ -62,8 +63,8 @@ func (cli *Client) ContainerExecAttach(ctx context.Context, execID string, confi } // ContainerExecInspect returns information about a specific exec process on the docker host. -func (cli *Client) ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error) { - var response types.ContainerExecInspect +func (cli *Client) ContainerExecInspect(ctx context.Context, execID string) (container.ExecInspect, error) { + var response container.ExecInspect resp, err := cli.get(ctx, "/exec/"+execID+"/json", nil, nil) if err != nil { return response, err diff --git a/vendor/github.com/docker/docker/client/container_prune.go b/vendor/github.com/docker/docker/client/container_prune.go index ca50923844..29c922da77 100644 --- a/vendor/github.com/docker/docker/client/container_prune.go +++ b/vendor/github.com/docker/docker/client/container_prune.go @@ -5,13 +5,13 @@ import ( "encoding/json" "fmt" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/filters" ) // ContainersPrune requests the daemon to delete unused data -func (cli *Client) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (types.ContainersPruneReport, error) { - var report types.ContainersPruneReport +func (cli *Client) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error) { + var report container.PruneReport if err := cli.NewVersionError(ctx, "1.25", "container prune"); err != nil { return report, err diff --git a/vendor/github.com/docker/docker/client/container_stats.go b/vendor/github.com/docker/docker/client/container_stats.go index 3fabb75f32..b5641daee9 100644 --- a/vendor/github.com/docker/docker/client/container_stats.go +++ b/vendor/github.com/docker/docker/client/container_stats.go @@ -4,12 +4,12 @@ import ( "context" "net/url" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" ) // ContainerStats returns near realtime stats for a given container. // It's up to the caller to close the io.ReadCloser returned. -func (cli *Client) ContainerStats(ctx context.Context, containerID string, stream bool) (types.ContainerStats, error) { +func (cli *Client) ContainerStats(ctx context.Context, containerID string, stream bool) (container.StatsResponseReader, error) { query := url.Values{} query.Set("stream", "0") if stream { @@ -18,10 +18,10 @@ func (cli *Client) ContainerStats(ctx context.Context, containerID string, strea resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil) if err != nil { - return types.ContainerStats{}, err + return container.StatsResponseReader{}, err } - return types.ContainerStats{ + return container.StatsResponseReader{ Body: resp.body, OSType: getDockerOS(resp.header.Get("Server")), }, nil @@ -29,17 +29,17 @@ func (cli *Client) ContainerStats(ctx context.Context, containerID string, strea // ContainerStatsOneShot gets a single stat entry from a container. // It differs from `ContainerStats` in that the API should not wait to prime the stats -func (cli *Client) ContainerStatsOneShot(ctx context.Context, containerID string) (types.ContainerStats, error) { +func (cli *Client) ContainerStatsOneShot(ctx context.Context, containerID string) (container.StatsResponseReader, error) { query := url.Values{} query.Set("stream", "0") query.Set("one-shot", "1") resp, err := cli.get(ctx, "/containers/"+containerID+"/stats", query, nil) if err != nil { - return types.ContainerStats{}, err + return container.StatsResponseReader{}, err } - return types.ContainerStats{ + return container.StatsResponseReader{ Body: resp.body, OSType: getDockerOS(resp.header.Get("Server")), }, nil diff --git a/vendor/github.com/docker/docker/client/events.go b/vendor/github.com/docker/docker/client/events.go index a9c48a9288..d3ab26bed8 100644 --- a/vendor/github.com/docker/docker/client/events.go +++ b/vendor/github.com/docker/docker/client/events.go @@ -6,7 +6,6 @@ import ( "net/url" "time" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/events" "github.com/docker/docker/api/types/filters" timetypes "github.com/docker/docker/api/types/time" @@ -16,7 +15,7 @@ import ( // by cancelling the context. Once the stream has been completely read an io.EOF error will // be sent over the error channel. If an error is sent all processing will be stopped. It's up // to the caller to reopen the stream in the event of an error by reinvoking this method. -func (cli *Client) Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error) { +func (cli *Client) Events(ctx context.Context, options events.ListOptions) (<-chan events.Message, <-chan error) { messages := make(chan events.Message) errs := make(chan error, 1) @@ -68,7 +67,7 @@ func (cli *Client) Events(ctx context.Context, options types.EventsOptions) (<-c return messages, errs } -func buildEventsQueryParams(cliVersion string, options types.EventsOptions) (url.Values, error) { +func buildEventsQueryParams(cliVersion string, options events.ListOptions) (url.Values, error) { query := url.Values{} ref := time.Now() diff --git a/vendor/github.com/docker/docker/client/image_import.go b/vendor/github.com/docker/docker/client/image_import.go index 5a890b0c59..43d55eda8e 100644 --- a/vendor/github.com/docker/docker/client/image_import.go +++ b/vendor/github.com/docker/docker/client/image_import.go @@ -7,13 +7,12 @@ import ( "strings" "github.com/distribution/reference" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/image" ) // ImageImport creates a new image based on the source options. // It returns the JSON content in the response body. -func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error) { +func (cli *Client) ImageImport(ctx context.Context, source image.ImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error) { if ref != "" { // Check if the given image name can be resolved if _, err := reference.ParseNormalizedNamed(ref); err != nil { diff --git a/vendor/github.com/docker/docker/client/image_load.go b/vendor/github.com/docker/docker/client/image_load.go index c825206ea5..c68f0013e6 100644 --- a/vendor/github.com/docker/docker/client/image_load.go +++ b/vendor/github.com/docker/docker/client/image_load.go @@ -6,13 +6,13 @@ import ( "net/http" "net/url" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/image" ) // ImageLoad loads an image in the docker host from the client host. // It's up to the caller to close the io.ReadCloser in the // ImageLoadResponse returned by this function. -func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, quiet bool) (types.ImageLoadResponse, error) { +func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, quiet bool) (image.LoadResponse, error) { v := url.Values{} v.Set("quiet", "0") if quiet { @@ -22,9 +22,9 @@ func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, quiet bool) ( "Content-Type": {"application/x-tar"}, }) if err != nil { - return types.ImageLoadResponse{}, err + return image.LoadResponse{}, err } - return types.ImageLoadResponse{ + return image.LoadResponse{ Body: resp.body, JSON: resp.header.Get("Content-Type") == "application/json", }, nil diff --git a/vendor/github.com/docker/docker/client/image_prune.go b/vendor/github.com/docker/docker/client/image_prune.go index 6b82d6ab6c..5ee987e248 100644 --- a/vendor/github.com/docker/docker/client/image_prune.go +++ b/vendor/github.com/docker/docker/client/image_prune.go @@ -5,13 +5,13 @@ import ( "encoding/json" "fmt" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/image" ) // ImagesPrune requests the daemon to delete unused data -func (cli *Client) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (types.ImagesPruneReport, error) { - var report types.ImagesPruneReport +func (cli *Client) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (image.PruneReport, error) { + var report image.PruneReport if err := cli.NewVersionError(ctx, "1.25", "image prune"); err != nil { return report, err diff --git a/vendor/github.com/docker/docker/client/image_pull.go b/vendor/github.com/docker/docker/client/image_pull.go index 6438cf6a96..1634c4c800 100644 --- a/vendor/github.com/docker/docker/client/image_pull.go +++ b/vendor/github.com/docker/docker/client/image_pull.go @@ -36,7 +36,7 @@ func (cli *Client) ImagePull(ctx context.Context, refStr string, options image.P resp, err := cli.tryImageCreate(ctx, query, options.RegistryAuth) if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil { - newAuthHeader, privilegeErr := options.PrivilegeFunc() + newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx) if privilegeErr != nil { return nil, privilegeErr } diff --git a/vendor/github.com/docker/docker/client/image_push.go b/vendor/github.com/docker/docker/client/image_push.go index e6a6b11eea..16f9c4651d 100644 --- a/vendor/github.com/docker/docker/client/image_push.go +++ b/vendor/github.com/docker/docker/client/image_push.go @@ -2,7 +2,9 @@ package client // import "github.com/docker/docker/client" import ( "context" + "encoding/json" "errors" + "fmt" "io" "net/http" "net/url" @@ -36,9 +38,23 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options image.Pu } } + if options.Platform != nil { + if err := cli.NewVersionError(ctx, "1.46", "platform"); err != nil { + return nil, err + } + + p := *options.Platform + pJson, err := json.Marshal(p) + if err != nil { + return nil, fmt.Errorf("invalid platform: %v", err) + } + + query.Set("platform", string(pJson)) + } + resp, err := cli.tryImagePush(ctx, name, query, options.RegistryAuth) if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil { - newAuthHeader, privilegeErr := options.PrivilegeFunc() + newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx) if privilegeErr != nil { return nil, privilegeErr } diff --git a/vendor/github.com/docker/docker/client/image_search.go b/vendor/github.com/docker/docker/client/image_search.go index 8971b139ae..0a07457574 100644 --- a/vendor/github.com/docker/docker/client/image_search.go +++ b/vendor/github.com/docker/docker/client/image_search.go @@ -7,7 +7,6 @@ import ( "net/url" "strconv" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" "github.com/docker/docker/api/types/registry" "github.com/docker/docker/errdefs" @@ -15,7 +14,7 @@ import ( // ImageSearch makes the docker host search by a term in a remote registry. // The list of results is not sorted in any fashion. -func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) { +func (cli *Client) ImageSearch(ctx context.Context, term string, options registry.SearchOptions) ([]registry.SearchResult, error) { var results []registry.SearchResult query := url.Values{} query.Set("term", term) @@ -34,7 +33,7 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I resp, err := cli.tryImageSearch(ctx, query, options.RegistryAuth) defer ensureReaderClosed(resp) if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil { - newAuthHeader, privilegeErr := options.PrivilegeFunc() + newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx) if privilegeErr != nil { return results, privilegeErr } diff --git a/vendor/github.com/docker/docker/client/interface.go b/vendor/github.com/docker/docker/client/interface.go index 45d233f253..cc60a5d13b 100644 --- a/vendor/github.com/docker/docker/client/interface.go +++ b/vendor/github.com/docker/docker/client/interface.go @@ -50,11 +50,11 @@ type ContainerAPIClient interface { ContainerCommit(ctx context.Context, container string, options container.CommitOptions) (types.IDResponse, error) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error) ContainerDiff(ctx context.Context, container string) ([]container.FilesystemChange, error) - ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error) - ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error) - ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error) + ContainerExecAttach(ctx context.Context, execID string, options container.ExecAttachOptions) (types.HijackedResponse, error) + ContainerExecCreate(ctx context.Context, container string, options container.ExecOptions) (types.IDResponse, error) + ContainerExecInspect(ctx context.Context, execID string) (container.ExecInspect, error) ContainerExecResize(ctx context.Context, execID string, options container.ResizeOptions) error - ContainerExecStart(ctx context.Context, execID string, config types.ExecStartCheck) error + ContainerExecStart(ctx context.Context, execID string, options container.ExecStartOptions) error ContainerExport(ctx context.Context, container string) (io.ReadCloser, error) ContainerInspect(ctx context.Context, container string) (types.ContainerJSON, error) ContainerInspectWithRaw(ctx context.Context, container string, getSize bool) (types.ContainerJSON, []byte, error) @@ -66,18 +66,18 @@ type ContainerAPIClient interface { ContainerRename(ctx context.Context, container, newContainerName string) error ContainerResize(ctx context.Context, container string, options container.ResizeOptions) error ContainerRestart(ctx context.Context, container string, options container.StopOptions) error - ContainerStatPath(ctx context.Context, container, path string) (types.ContainerPathStat, error) - ContainerStats(ctx context.Context, container string, stream bool) (types.ContainerStats, error) - ContainerStatsOneShot(ctx context.Context, container string) (types.ContainerStats, error) + ContainerStatPath(ctx context.Context, container, path string) (container.PathStat, error) + ContainerStats(ctx context.Context, container string, stream bool) (container.StatsResponseReader, error) + ContainerStatsOneShot(ctx context.Context, container string) (container.StatsResponseReader, error) ContainerStart(ctx context.Context, container string, options container.StartOptions) error ContainerStop(ctx context.Context, container string, options container.StopOptions) error ContainerTop(ctx context.Context, container string, arguments []string) (container.ContainerTopOKBody, error) ContainerUnpause(ctx context.Context, container string) error ContainerUpdate(ctx context.Context, container string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) ContainerWait(ctx context.Context, container string, condition container.WaitCondition) (<-chan container.WaitResponse, <-chan error) - CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, types.ContainerPathStat, error) - CopyToContainer(ctx context.Context, container, path string, content io.Reader, options types.CopyToContainerOptions) error - ContainersPrune(ctx context.Context, pruneFilters filters.Args) (types.ContainersPruneReport, error) + CopyFromContainer(ctx context.Context, container, srcPath string) (io.ReadCloser, container.PathStat, error) + CopyToContainer(ctx context.Context, container, path string, content io.Reader, options container.CopyToContainerOptions) error + ContainersPrune(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error) } // DistributionAPIClient defines API client methods for the registry @@ -92,29 +92,29 @@ type ImageAPIClient interface { BuildCancel(ctx context.Context, id string) error ImageCreate(ctx context.Context, parentReference string, options image.CreateOptions) (io.ReadCloser, error) ImageHistory(ctx context.Context, image string) ([]image.HistoryResponseItem, error) - ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error) + ImageImport(ctx context.Context, source image.ImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error) ImageInspectWithRaw(ctx context.Context, image string) (types.ImageInspect, []byte, error) ImageList(ctx context.Context, options image.ListOptions) ([]image.Summary, error) - ImageLoad(ctx context.Context, input io.Reader, quiet bool) (types.ImageLoadResponse, error) + ImageLoad(ctx context.Context, input io.Reader, quiet bool) (image.LoadResponse, error) ImagePull(ctx context.Context, ref string, options image.PullOptions) (io.ReadCloser, error) ImagePush(ctx context.Context, ref string, options image.PushOptions) (io.ReadCloser, error) ImageRemove(ctx context.Context, image string, options image.RemoveOptions) ([]image.DeleteResponse, error) - ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) + ImageSearch(ctx context.Context, term string, options registry.SearchOptions) ([]registry.SearchResult, error) ImageSave(ctx context.Context, images []string) (io.ReadCloser, error) ImageTag(ctx context.Context, image, ref string) error - ImagesPrune(ctx context.Context, pruneFilter filters.Args) (types.ImagesPruneReport, error) + ImagesPrune(ctx context.Context, pruneFilter filters.Args) (image.PruneReport, error) } // NetworkAPIClient defines API client methods for the networks type NetworkAPIClient interface { NetworkConnect(ctx context.Context, network, container string, config *network.EndpointSettings) error - NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) + NetworkCreate(ctx context.Context, name string, options network.CreateOptions) (network.CreateResponse, error) NetworkDisconnect(ctx context.Context, network, container string, force bool) error - NetworkInspect(ctx context.Context, network string, options types.NetworkInspectOptions) (types.NetworkResource, error) - NetworkInspectWithRaw(ctx context.Context, network string, options types.NetworkInspectOptions) (types.NetworkResource, []byte, error) - NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) + NetworkInspect(ctx context.Context, network string, options network.InspectOptions) (network.Inspect, error) + NetworkInspectWithRaw(ctx context.Context, network string, options network.InspectOptions) (network.Inspect, []byte, error) + NetworkList(ctx context.Context, options network.ListOptions) ([]network.Summary, error) NetworkRemove(ctx context.Context, network string) error - NetworksPrune(ctx context.Context, pruneFilter filters.Args) (types.NetworksPruneReport, error) + NetworksPrune(ctx context.Context, pruneFilter filters.Args) (network.PruneReport, error) } // NodeAPIClient defines API client methods for the nodes @@ -165,7 +165,7 @@ type SwarmAPIClient interface { // SystemAPIClient defines API client methods for the system type SystemAPIClient interface { - Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error) + Events(ctx context.Context, options events.ListOptions) (<-chan events.Message, <-chan error) Info(ctx context.Context) (system.Info, error) RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error) DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error) @@ -179,7 +179,7 @@ type VolumeAPIClient interface { VolumeInspectWithRaw(ctx context.Context, volumeID string) (volume.Volume, []byte, error) VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error) VolumeRemove(ctx context.Context, volumeID string, force bool) error - VolumesPrune(ctx context.Context, pruneFilter filters.Args) (types.VolumesPruneReport, error) + VolumesPrune(ctx context.Context, pruneFilter filters.Args) (volume.PruneReport, error) VolumeUpdate(ctx context.Context, volumeID string, version swarm.Version, options volume.UpdateOptions) error } diff --git a/vendor/github.com/docker/docker/client/network_connect.go b/vendor/github.com/docker/docker/client/network_connect.go index 5718946134..8daf890635 100644 --- a/vendor/github.com/docker/docker/client/network_connect.go +++ b/vendor/github.com/docker/docker/client/network_connect.go @@ -3,13 +3,12 @@ package client // import "github.com/docker/docker/client" import ( "context" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/network" ) // NetworkConnect connects a container to an existent network in the docker host. func (cli *Client) NetworkConnect(ctx context.Context, networkID, containerID string, config *network.EndpointSettings) error { - nc := types.NetworkConnect{ + nc := network.ConnectOptions{ Container: containerID, EndpointConfig: config, } diff --git a/vendor/github.com/docker/docker/client/network_create.go b/vendor/github.com/docker/docker/client/network_create.go index d510feb3db..850e31cc97 100644 --- a/vendor/github.com/docker/docker/client/network_create.go +++ b/vendor/github.com/docker/docker/client/network_create.go @@ -4,13 +4,13 @@ import ( "context" "encoding/json" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/network" "github.com/docker/docker/api/types/versions" ) // NetworkCreate creates a new network in the docker host. -func (cli *Client) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) { - var response types.NetworkCreateResponse +func (cli *Client) NetworkCreate(ctx context.Context, name string, options network.CreateOptions) (network.CreateResponse, error) { + var response network.CreateResponse // Make sure we negotiated (if the client is configured to do so), // as code below contains API-version specific handling of options. @@ -21,12 +21,13 @@ func (cli *Client) NetworkCreate(ctx context.Context, name string, options types return response, err } - networkCreateRequest := types.NetworkCreateRequest{ - NetworkCreate: options, + networkCreateRequest := network.CreateRequest{ + CreateOptions: options, Name: name, } if versions.LessThan(cli.version, "1.44") { - networkCreateRequest.CheckDuplicate = true //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44. + enabled := true + networkCreateRequest.CheckDuplicate = &enabled //nolint:staticcheck // ignore SA1019: CheckDuplicate is deprecated since API v1.44. } serverResp, err := cli.post(ctx, "/networks/create", nil, networkCreateRequest, nil) diff --git a/vendor/github.com/docker/docker/client/network_disconnect.go b/vendor/github.com/docker/docker/client/network_disconnect.go index dd15676656..aaf428d853 100644 --- a/vendor/github.com/docker/docker/client/network_disconnect.go +++ b/vendor/github.com/docker/docker/client/network_disconnect.go @@ -3,12 +3,15 @@ package client // import "github.com/docker/docker/client" import ( "context" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/network" ) // NetworkDisconnect disconnects a container from an existent network in the docker host. func (cli *Client) NetworkDisconnect(ctx context.Context, networkID, containerID string, force bool) error { - nd := types.NetworkDisconnect{Container: containerID, Force: force} + nd := network.DisconnectOptions{ + Container: containerID, + Force: force, + } resp, err := cli.post(ctx, "/networks/"+networkID+"/disconnect", nil, nd, nil) ensureReaderClosed(resp) return err diff --git a/vendor/github.com/docker/docker/client/network_inspect.go b/vendor/github.com/docker/docker/client/network_inspect.go index 0f90e2bb90..afc47de6fa 100644 --- a/vendor/github.com/docker/docker/client/network_inspect.go +++ b/vendor/github.com/docker/docker/client/network_inspect.go @@ -7,25 +7,20 @@ import ( "io" "net/url" - "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/network" ) // NetworkInspect returns the information for a specific network configured in the docker host. -func (cli *Client) NetworkInspect(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, error) { +func (cli *Client) NetworkInspect(ctx context.Context, networkID string, options network.InspectOptions) (network.Inspect, error) { networkResource, _, err := cli.NetworkInspectWithRaw(ctx, networkID, options) return networkResource, err } // NetworkInspectWithRaw returns the information for a specific network configured in the docker host and its raw representation. -func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, options types.NetworkInspectOptions) (types.NetworkResource, []byte, error) { +func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, options network.InspectOptions) (network.Inspect, []byte, error) { if networkID == "" { - return types.NetworkResource{}, nil, objectNotFoundError{object: "network", id: networkID} + return network.Inspect{}, nil, objectNotFoundError{object: "network", id: networkID} } - var ( - networkResource types.NetworkResource - resp serverResponse - err error - ) query := url.Values{} if options.Verbose { query.Set("verbose", "true") @@ -33,17 +28,19 @@ func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, if options.Scope != "" { query.Set("scope", options.Scope) } - resp, err = cli.get(ctx, "/networks/"+networkID, query, nil) + + resp, err := cli.get(ctx, "/networks/"+networkID, query, nil) defer ensureReaderClosed(resp) if err != nil { - return networkResource, nil, err + return network.Inspect{}, nil, err } - body, err := io.ReadAll(resp.body) + raw, err := io.ReadAll(resp.body) if err != nil { - return networkResource, nil, err + return network.Inspect{}, nil, err } - rdr := bytes.NewReader(body) - err = json.NewDecoder(rdr).Decode(&networkResource) - return networkResource, body, err + + var nw network.Inspect + err = json.NewDecoder(bytes.NewReader(raw)).Decode(&nw) + return nw, raw, err } diff --git a/vendor/github.com/docker/docker/client/network_list.go b/vendor/github.com/docker/docker/client/network_list.go index ed2acb5571..72957d47fe 100644 --- a/vendor/github.com/docker/docker/client/network_list.go +++ b/vendor/github.com/docker/docker/client/network_list.go @@ -5,12 +5,12 @@ import ( "encoding/json" "net/url" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/network" ) // NetworkList returns the list of networks configured in the docker host. -func (cli *Client) NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) { +func (cli *Client) NetworkList(ctx context.Context, options network.ListOptions) ([]network.Summary, error) { query := url.Values{} if options.Filters.Len() > 0 { //nolint:staticcheck // ignore SA1019 for old code @@ -21,7 +21,7 @@ func (cli *Client) NetworkList(ctx context.Context, options types.NetworkListOpt query.Set("filters", filterJSON) } - var networkResources []types.NetworkResource + var networkResources []network.Summary resp, err := cli.get(ctx, "/networks", query, nil) defer ensureReaderClosed(resp) if err != nil { diff --git a/vendor/github.com/docker/docker/client/network_prune.go b/vendor/github.com/docker/docker/client/network_prune.go index 7b5f831ef7..708cc61a4b 100644 --- a/vendor/github.com/docker/docker/client/network_prune.go +++ b/vendor/github.com/docker/docker/client/network_prune.go @@ -5,13 +5,13 @@ import ( "encoding/json" "fmt" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/network" ) // NetworksPrune requests the daemon to delete unused networks -func (cli *Client) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (types.NetworksPruneReport, error) { - var report types.NetworksPruneReport +func (cli *Client) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (network.PruneReport, error) { + var report network.PruneReport if err := cli.NewVersionError(ctx, "1.25", "network prune"); err != nil { return report, err diff --git a/vendor/github.com/docker/docker/client/plugin_install.go b/vendor/github.com/docker/docker/client/plugin_install.go index 69184619a2..a0d8c3500c 100644 --- a/vendor/github.com/docker/docker/client/plugin_install.go +++ b/vendor/github.com/docker/docker/client/plugin_install.go @@ -84,7 +84,7 @@ func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, resp, err := cli.tryPluginPrivileges(ctx, query, options.RegistryAuth) if errdefs.IsUnauthorized(err) && options.PrivilegeFunc != nil { // todo: do inspect before to check existing name before checking privileges - newAuthHeader, privilegeErr := options.PrivilegeFunc() + newAuthHeader, privilegeErr := options.PrivilegeFunc(ctx) if privilegeErr != nil { ensureReaderClosed(resp) return nil, privilegeErr @@ -105,7 +105,7 @@ func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values, ensureReaderClosed(resp) if !options.AcceptAllPermissions && options.AcceptPermissionsFunc != nil && len(privileges) > 0 { - accept, err := options.AcceptPermissionsFunc(privileges) + accept, err := options.AcceptPermissionsFunc(ctx, privileges) if err != nil { return nil, err } diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go index 50e213b50a..6eea9b4e4f 100644 --- a/vendor/github.com/docker/docker/client/request.go +++ b/vendor/github.com/docker/docker/client/request.go @@ -184,10 +184,10 @@ func (cli *Client) doRequest(req *http.Request) (serverResponse, error) { // `open //./pipe/docker_engine: Le fichier spécifié est introuvable.` if strings.Contains(err.Error(), `open //./pipe/docker_engine`) { // Checks if client is running with elevated privileges - if f, elevatedErr := os.Open("\\\\.\\PHYSICALDRIVE0"); elevatedErr == nil { + if f, elevatedErr := os.Open(`\\.\PHYSICALDRIVE0`); elevatedErr != nil { err = errors.Wrap(err, "in the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect") } else { - f.Close() + _ = f.Close() err = errors.Wrap(err, "this error may indicate that the docker daemon is not running") } } @@ -278,7 +278,7 @@ func encodeData(data interface{}) (*bytes.Buffer, error) { func ensureReaderClosed(response serverResponse) { if response.body != nil { // Drain up to 512 bytes and close the body to let the Transport reuse the connection - io.CopyN(io.Discard, response.body, 512) - response.body.Close() + _, _ = io.CopyN(io.Discard, response.body, 512) + _ = response.body.Close() } } diff --git a/vendor/github.com/docker/docker/client/volume_prune.go b/vendor/github.com/docker/docker/client/volume_prune.go index 9333f6ee78..9b09c30fa6 100644 --- a/vendor/github.com/docker/docker/client/volume_prune.go +++ b/vendor/github.com/docker/docker/client/volume_prune.go @@ -5,13 +5,13 @@ import ( "encoding/json" "fmt" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/volume" ) // VolumesPrune requests the daemon to delete unused data -func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args) (types.VolumesPruneReport, error) { - var report types.VolumesPruneReport +func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args) (volume.PruneReport, error) { + var report volume.PruneReport if err := cli.NewVersionError(ctx, "1.25", "volume prune"); err != nil { return report, err diff --git a/vendor/github.com/docker/docker/container/archive_windows.go b/vendor/github.com/docker/docker/container/archive_windows.go index b859493da0..77552d21fb 100644 --- a/vendor/github.com/docker/docker/container/archive_windows.go +++ b/vendor/github.com/docker/docker/container/archive_windows.go @@ -4,7 +4,7 @@ import ( "os" "path/filepath" - "github.com/docker/docker/api/types" + containertypes "github.com/docker/docker/api/types/container" "github.com/docker/docker/pkg/archive" "github.com/pkg/errors" ) @@ -45,7 +45,7 @@ func (container *Container) ResolvePath(path string) (resolvedPath, absPath stri // be acquired before calling this method and the given path should be fully // resolved to a path on the host corresponding to the given absolute path // inside the container. -func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.ContainerPathStat, err error) { +func (container *Container) StatPath(resolvedPath, absPath string) (stat *containertypes.PathStat, err error) { if container.BaseFS == "" { return nil, errors.New("StatPath: BaseFS of container " + container.ID + " is unexpectedly empty") } @@ -72,7 +72,7 @@ func (container *Container) StatPath(resolvedPath, absPath string) (stat *types. linkTarget = filepath.Join(string(filepath.Separator), linkTarget) } - return &types.ContainerPathStat{ + return &containertypes.PathStat{ Name: filepath.Base(absPath), Size: lstat.Size(), Mode: lstat.Mode(), diff --git a/vendor/github.com/docker/docker/container/container.go b/vendor/github.com/docker/docker/container/container.go index 9809124d8e..dfc056a427 100644 --- a/vendor/github.com/docker/docker/container/container.go +++ b/vendor/github.com/docker/docker/container/container.go @@ -42,6 +42,9 @@ import ( "github.com/moby/sys/symlink" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/trace" ) const ( @@ -200,7 +203,12 @@ func (container *Container) toDisk() (*Container, error) { // CheckpointTo makes the Container's current state visible to queries, and persists state. // Callers must hold a Container lock. -func (container *Container) CheckpointTo(store *ViewDB) error { +func (container *Container) CheckpointTo(ctx context.Context, store *ViewDB) error { + ctx, span := otel.Tracer("").Start(ctx, "container.CheckpointTo", trace.WithAttributes( + attribute.String("container.ID", container.ID), + attribute.String("container.Name", container.Name))) + defer span.End() + deepCopy, err := container.toDisk() if err != nil { return err diff --git a/vendor/github.com/docker/docker/container/state.go b/vendor/github.com/docker/docker/container/state.go index cdf88fe371..b3bba4ba2b 100644 --- a/vendor/github.com/docker/docker/container/state.go +++ b/vendor/github.com/docker/docker/container/state.go @@ -268,13 +268,23 @@ func (s *State) SetExitCode(ec int) { s.ExitCodeValue = ec } -// SetRunning sets the state of the container to "running". -func (s *State) SetRunning(ctr libcontainerdtypes.Container, tsk libcontainerdtypes.Task, initial bool) { +// SetRunning sets the running state along with StartedAt time. +func (s *State) SetRunning(ctr libcontainerdtypes.Container, tsk libcontainerdtypes.Task, start time.Time) { + s.setRunning(ctr, tsk, &start) +} + +// SetRunningExternal sets the running state without setting the `StartedAt` time (used for containers not started by Docker instead of SetRunning). +func (s *State) SetRunningExternal(ctr libcontainerdtypes.Container, tsk libcontainerdtypes.Task) { + s.setRunning(ctr, tsk, nil) +} + +// setRunning sets the state of the container to "running". +func (s *State) setRunning(ctr libcontainerdtypes.Container, tsk libcontainerdtypes.Task, start *time.Time) { s.ErrorMsg = "" s.Paused = false s.Running = true s.Restarting = false - if initial { + if start != nil { s.Paused = false } s.ExitCodeValue = 0 @@ -286,8 +296,8 @@ func (s *State) SetRunning(ctr libcontainerdtypes.Container, tsk libcontainerdty s.Pid = 0 } s.OOMKilled = false - if initial { - s.StartedAt = time.Now().UTC() + if start != nil { + s.StartedAt = start.UTC() } } diff --git a/vendor/github.com/docker/docker/container/stream/attach.go b/vendor/github.com/docker/docker/container/stream/attach.go index 6079d20d1e..c0b0302f46 100644 --- a/vendor/github.com/docker/docker/container/stream/attach.go +++ b/vendor/github.com/docker/docker/container/stream/attach.go @@ -150,6 +150,14 @@ func (c *Config) CopyStreams(ctx context.Context, cfg *AttachConfig) <-chan erro cfg.CStderr.Close() } + if cfg.Stdin != nil { + // In this case, `cfg.Stdin` is a stream from the client. + // The way `io.Copy` works we may get stuck waiting to read from `cfg.Stdin` even if the container has exited. + // This will cause the `io.Copy` to never return and the `group.Wait()` to never return. + // By closing cfg.Stdin we will cause the `io.Copy` to return and the `group.Wait()` to return. + cfg.Stdin.Close() + } + // Now with these closed, wait should return. if err := group.Wait(); err != nil { errs <- err diff --git a/vendor/github.com/docker/docker/container/view.go b/vendor/github.com/docker/docker/container/view.go index 5487beacaf..0f77aa58ca 100644 --- a/vendor/github.com/docker/docker/container/view.go +++ b/vendor/github.com/docker/docker/container/view.go @@ -1,3 +1,6 @@ +// FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16: +//go:build go1.21 + package container // import "github.com/docker/docker/container" import ( @@ -5,6 +8,7 @@ import ( "context" "errors" "fmt" + "maps" "strings" "time" @@ -331,6 +335,7 @@ func (v *View) transform(container *Container) *Snapshot { if container.HostConfig != nil { snapshot.Container.HostConfig.NetworkMode = string(container.HostConfig.NetworkMode) + snapshot.Container.HostConfig.Annotations = maps.Clone(container.HostConfig.Annotations) snapshot.HostConfig.Isolation = string(container.HostConfig.Isolation) for binding := range container.HostConfig.PortBindings { snapshot.PortBindings[binding] = struct{}{} diff --git a/vendor/github.com/docker/docker/daemon/cluster/provider/network.go b/vendor/github.com/docker/docker/daemon/cluster/provider/network.go index 533baa0e17..19da38249d 100644 --- a/vendor/github.com/docker/docker/daemon/cluster/provider/network.go +++ b/vendor/github.com/docker/docker/daemon/cluster/provider/network.go @@ -1,11 +1,11 @@ package provider // import "github.com/docker/docker/daemon/cluster/provider" -import "github.com/docker/docker/api/types" +import "github.com/docker/docker/api/types/network" // NetworkCreateRequest is a request when creating a network. type NetworkCreateRequest struct { ID string - types.NetworkCreateRequest + network.CreateRequest } // NetworkCreateResponse is a response when creating a network. diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver.go index 6ddde44b89..5cf3388174 100644 --- a/vendor/github.com/docker/docker/daemon/graphdriver/driver.go +++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver.go @@ -69,8 +69,8 @@ type ProtoDriver interface { // Status returns a set of key-value pairs which give low // level diagnostic status about this driver. Status() [][2]string - // Returns a set of key-value pairs which give low level information - // about the image/container driver is managing. + // GetMetadata returns a set of key-value pairs which give driver-specific + // low-level information about the image/container that the driver is managing. GetMetadata(id string) (map[string]string, error) // Cleanup performs necessary tasks to release resources // held by the driver, e.g., unmounting all layered filesystems diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go index 5591e3f187..249a9b6f3c 100644 --- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go +++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_freebsd.go @@ -1,19 +1,4 @@ package graphdriver // import "github.com/docker/docker/daemon/graphdriver" -import ( - "syscall" - - "golang.org/x/sys/unix" -) - // List of drivers that should be used in an order var priority = "zfs" - -// Mounted checks if the given path is mounted as the fs type -func Mounted(fsType FsMagic, mountPath string) (bool, error) { - var buf unix.Statfs_t - if err := syscall.Statfs(mountPath, &buf); err != nil { - return false, err - } - return FsMagic(buf.Type) == fsType, nil -} diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go index 5fc3158113..f85fa30732 100644 --- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go +++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_linux.go @@ -99,8 +99,8 @@ type fsChecker struct { } func (c *fsChecker) IsMounted(path string) bool { - m, _ := Mounted(c.t, path) - return m + fsType, _ := GetFSMagic(path) + return fsType == c.t } // NewDefaultChecker returns a check that parses /proc/mountinfo to check @@ -115,15 +115,3 @@ func (c *defaultChecker) IsMounted(path string) bool { m, _ := mountinfo.Mounted(path) return m } - -// Mounted checks if the given path is mounted as the fs type -func Mounted(fsType FsMagic, mountPath string) (bool, error) { - var buf unix.Statfs_t - if err := unix.Statfs(mountPath, &buf); err != nil { - if err == unix.ENOENT { // not exist, thus not mounted - err = nil - } - return false, err - } - return FsMagic(buf.Type) == fsType, nil -} diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go b/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go index 33108371bf..f39fd04e8c 100644 --- a/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go +++ b/vendor/github.com/docker/docker/daemon/graphdriver/plugin.go @@ -2,6 +2,7 @@ package graphdriver // import "github.com/docker/docker/daemon/graphdriver" import ( "fmt" + "os" "path/filepath" "github.com/docker/docker/errdefs" @@ -12,6 +13,9 @@ import ( ) func lookupPlugin(name string, pg plugingetter.PluginGetter, config Options) (Driver, error) { + if os.Getenv("DOCKERD_DEPRECATED_GRAPHDRIVER_PLUGINS") == "" { + return nil, fmt.Errorf("DEPRECATED: Experimental graphdriver plugins are deprecated, and disabled by default. This feature will be removed in the next release. See https://docs.docker.com/go/deprecated/") + } if !config.ExperimentalEnabled { return nil, fmt.Errorf("graphdriver plugins are only supported with experimental mode") } diff --git a/vendor/github.com/docker/docker/daemon/network/filter.go b/vendor/github.com/docker/docker/daemon/network/filter.go index 258a0f4446..867a1bf4f2 100644 --- a/vendor/github.com/docker/docker/daemon/network/filter.go +++ b/vendor/github.com/docker/docker/daemon/network/filter.go @@ -1,16 +1,15 @@ package network // import "github.com/docker/docker/daemon/network" import ( - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/network" "github.com/docker/docker/errdefs" - "github.com/docker/docker/runconfig" "github.com/pkg/errors" ) // FilterNetworks filters network list according to user specified filter // and returns user chosen networks -func FilterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.NetworkResource, error) { +func FilterNetworks(nws []network.Inspect, filter filters.Args) ([]network.Inspect, error) { // if filter is empty, return original network list if filter.Len() == 0 { return nws, nil @@ -71,7 +70,7 @@ func FilterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.N } if filter.Contains("type") { - typeNet := []types.NetworkResource{} + typeNet := []network.Inspect{} errFilter := filter.WalkValues("type", func(fval string) error { passList, err := filterNetworkByType(displayNet, fval) if err != nil { @@ -89,14 +88,14 @@ func FilterNetworks(nws []types.NetworkResource, filter filters.Args) ([]types.N return displayNet, nil } -func filterNetworkByUse(nws []types.NetworkResource, danglingOnly bool) []types.NetworkResource { - retNws := []types.NetworkResource{} +func filterNetworkByUse(nws []network.Inspect, danglingOnly bool) []network.Inspect { + retNws := []network.Inspect{} - filterFunc := func(nw types.NetworkResource) bool { + filterFunc := func(nw network.Inspect) bool { if danglingOnly { - return !runconfig.IsPreDefinedNetwork(nw.Name) && len(nw.Containers) == 0 && len(nw.Services) == 0 + return !IsPredefined(nw.Name) && len(nw.Containers) == 0 && len(nw.Services) == 0 } - return runconfig.IsPreDefinedNetwork(nw.Name) || len(nw.Containers) > 0 || len(nw.Services) > 0 + return IsPredefined(nw.Name) || len(nw.Containers) > 0 || len(nw.Services) > 0 } for _, nw := range nws { @@ -108,18 +107,18 @@ func filterNetworkByUse(nws []types.NetworkResource, danglingOnly bool) []types. return retNws } -func filterNetworkByType(nws []types.NetworkResource, netType string) ([]types.NetworkResource, error) { - retNws := []types.NetworkResource{} +func filterNetworkByType(nws []network.Inspect, netType string) ([]network.Inspect, error) { + retNws := []network.Inspect{} switch netType { case "builtin": for _, nw := range nws { - if runconfig.IsPreDefinedNetwork(nw.Name) { + if IsPredefined(nw.Name) { retNws = append(retNws, nw) } } case "custom": for _, nw := range nws { - if !runconfig.IsPreDefinedNetwork(nw.Name) { + if !IsPredefined(nw.Name) { retNws = append(retNws, nw) } } diff --git a/vendor/github.com/docker/docker/daemon/network/network_mode.go b/vendor/github.com/docker/docker/daemon/network/network_mode.go new file mode 100644 index 0000000000..f7cdeddca6 --- /dev/null +++ b/vendor/github.com/docker/docker/daemon/network/network_mode.go @@ -0,0 +1,13 @@ +package network + +// DefaultNetwork is the name of the default network driver to use for containers +// on the daemon platform. The default for Linux containers is "bridge" +// ([network.NetworkBridge]), and "nat" ([network.NetworkNat]) for Windows +// containers. +const DefaultNetwork = defaultNetwork + +// IsPredefined indicates if a network is predefined by the daemon. +func IsPredefined(network string) bool { + // TODO(thaJeztah): check if we can align the check for both platforms + return isPreDefined(network) +} diff --git a/vendor/github.com/docker/docker/daemon/network/network_mode_unix.go b/vendor/github.com/docker/docker/daemon/network/network_mode_unix.go new file mode 100644 index 0000000000..584b6cdd38 --- /dev/null +++ b/vendor/github.com/docker/docker/daemon/network/network_mode_unix.go @@ -0,0 +1,15 @@ +//go:build !windows + +package network + +import ( + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/api/types/network" +) + +const defaultNetwork = network.NetworkBridge + +func isPreDefined(network string) bool { + n := container.NetworkMode(network) + return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() +} diff --git a/vendor/github.com/docker/docker/daemon/network/network_mode_windows.go b/vendor/github.com/docker/docker/daemon/network/network_mode_windows.go new file mode 100644 index 0000000000..a827641d75 --- /dev/null +++ b/vendor/github.com/docker/docker/daemon/network/network_mode_windows.go @@ -0,0 +1,12 @@ +package network + +import ( + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/api/types/network" +) + +const defaultNetwork = network.NetworkNat + +func isPreDefined(network string) bool { + return !container.NetworkMode(network).IsUserDefined() +} diff --git a/vendor/github.com/docker/docker/image/image.go b/vendor/github.com/docker/docker/image/image.go index 9bfa8602f2..77b6731f5b 100644 --- a/vendor/github.com/docker/docker/image/image.go +++ b/vendor/github.com/docker/docker/image/image.go @@ -1,6 +1,7 @@ package image // import "github.com/docker/docker/image" import ( + "context" "encoding/json" "errors" "io" @@ -279,9 +280,9 @@ func NewHistory(author, comment, createdBy string, isEmptyLayer bool) History { // Exporter provides interface for loading and saving images type Exporter interface { - Load(io.ReadCloser, io.Writer, bool) error + Load(context.Context, io.ReadCloser, io.Writer, bool) error // TODO: Load(net.Context, io.ReadCloser, <- chan StatusMessage) error - Save([]string, io.Writer) error + Save(context.Context, []string, io.Writer) error } // NewFromJSON creates an Image configuration from json. diff --git a/vendor/github.com/docker/docker/internal/compatcontext/cancel.go b/vendor/github.com/docker/docker/internal/compatcontext/cancel.go deleted file mode 100644 index 3c29794b47..0000000000 --- a/vendor/github.com/docker/docker/internal/compatcontext/cancel.go +++ /dev/null @@ -1,89 +0,0 @@ -//go:build !go1.21 - -// Copyright (c) 2009 The Go Authors. All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// - Redistributions of source code must retain the above copyright -// -// notice, this list of conditions and the following disclaimer. -// - Redistributions in binary form must reproduce the above -// -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// - Neither the name of Google Inc. nor the names of its -// -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// Source: https://cs.opensource.google/go/go/+/refs/tags/go1.21.1:src/context/context.go -// The only modifications to the original source were: -// - replacing the usage of internal reflectlite with reflect -// - replacing the usage of private value function with Value method call -package compatcontext // import "github.com/docker/docker/internal/compatcontext" - -import ( - "context" - "reflect" - "time" -) - -// WithoutCancel returns a copy of parent that is not canceled when parent is canceled. -// The returned context returns no Deadline or Err, and its Done channel is nil. -// Calling [Cause] on the returned context returns nil. -func WithoutCancel(parent context.Context) context.Context { - if parent == nil { - panic("cannot create context from nil parent") - } - return withoutCancelCtx{parent} -} - -type withoutCancelCtx struct { - c context.Context -} - -func (withoutCancelCtx) Deadline() (deadline time.Time, ok bool) { - return -} - -func (withoutCancelCtx) Done() <-chan struct{} { - return nil -} - -func (withoutCancelCtx) Err() error { - return nil -} - -func (c withoutCancelCtx) Value(key any) any { - return c.c.Value(key) -} - -func (c withoutCancelCtx) String() string { - return contextName(c.c) + ".WithoutCancel" -} - -type stringer interface { - String() string -} - -func contextName(c context.Context) string { - if s, ok := c.(stringer); ok { - return s.String() - } - return reflect.TypeOf(c).String() -} diff --git a/vendor/github.com/docker/docker/internal/compatcontext/cancel_go121.go b/vendor/github.com/docker/docker/internal/compatcontext/cancel_go121.go deleted file mode 100644 index e43555b292..0000000000 --- a/vendor/github.com/docker/docker/internal/compatcontext/cancel_go121.go +++ /dev/null @@ -1,9 +0,0 @@ -//go:build go1.21 - -package compatcontext // import "github.com/docker/docker/internal/compatcontext" - -import "context" - -func WithoutCancel(ctx context.Context) context.Context { - return context.WithoutCancel(ctx) -} diff --git a/vendor/github.com/docker/docker/internal/safepath/join_windows.go b/vendor/github.com/docker/docker/internal/safepath/join_windows.go index 63c646a682..5acfc22ec8 100644 --- a/vendor/github.com/docker/docker/internal/safepath/join_windows.go +++ b/vendor/github.com/docker/docker/internal/safepath/join_windows.go @@ -8,7 +8,6 @@ import ( "github.com/containerd/log" "github.com/docker/docker/internal/cleanups" - "github.com/docker/docker/internal/compatcontext" "github.com/pkg/errors" "golang.org/x/sys/windows" ) @@ -27,9 +26,9 @@ func Join(ctx context.Context, path, subpath string) (*SafePath, error) { } parts := strings.Split(subpart, string(os.PathSeparator)) - cleanups := cleanups.Composite{} + cleanupJobs := cleanups.Composite{} defer func() { - if cErr := cleanups.Call(compatcontext.WithoutCancel(ctx)); cErr != nil { + if cErr := cleanupJobs.Call(context.WithoutCancel(ctx)); cErr != nil { log.G(ctx).WithError(cErr).Warn("failed to close handles after error") } }() @@ -45,7 +44,7 @@ func Join(ctx context.Context, path, subpath string) (*SafePath, error) { } return nil, errors.Wrapf(err, "failed to lock file %s", fullPath) } - cleanups.Add(func(context.Context) error { + cleanupJobs.Add(func(context.Context) error { if err := windows.CloseHandle(handle); err != nil { return &os.PathError{Op: "CloseHandle", Path: fullPath, Err: err} } @@ -75,7 +74,7 @@ func Join(ctx context.Context, path, subpath string) (*SafePath, error) { path: fullPath, sourceBase: base, sourceSubpath: subpart, - cleanup: cleanups.Release(), + cleanup: cleanupJobs.Release(), }, nil } diff --git a/vendor/github.com/docker/docker/internal/sliceutil/sliceutil.go b/vendor/github.com/docker/docker/internal/sliceutil/sliceutil.go index 0cb8ea7d68..5d5856ecc5 100644 --- a/vendor/github.com/docker/docker/internal/sliceutil/sliceutil.go +++ b/vendor/github.com/docker/docker/internal/sliceutil/sliceutil.go @@ -1,5 +1,5 @@ // FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16: -//go:build go1.19 +//go:build go1.21 package sliceutil diff --git a/vendor/github.com/docker/docker/internal/unix_noeintr/epoll_linux.go b/vendor/github.com/docker/docker/internal/unix_noeintr/epoll_linux.go new file mode 100644 index 0000000000..ef691ab3eb --- /dev/null +++ b/vendor/github.com/docker/docker/internal/unix_noeintr/epoll_linux.go @@ -0,0 +1,37 @@ +package unix_noeintr + +import ( + "errors" + + "golang.org/x/sys/unix" +) + +func EpollCreate() (int, error) { + for { + fd, err := unix.EpollCreate1(unix.EPOLL_CLOEXEC) + if errors.Is(err, unix.EINTR) { + continue + } + return fd, err + } +} + +func EpollCtl(epFd int, op int, fd int, event *unix.EpollEvent) error { + for { + err := unix.EpollCtl(epFd, op, fd, event) + if errors.Is(err, unix.EINTR) { + continue + } + return err + } +} + +func EpollWait(epFd int, events []unix.EpollEvent, msec int) (int, error) { + for { + n, err := unix.EpollWait(epFd, events, msec) + if errors.Is(err, unix.EINTR) { + continue + } + return n, err + } +} diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go index 43133a0950..cde64f08eb 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive.go @@ -20,7 +20,6 @@ import ( "syscall" "time" - "github.com/containerd/containerd/pkg/userns" "github.com/containerd/log" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/ioutils" @@ -98,24 +97,16 @@ func NewDefaultArchiver() *Archiver { type breakoutError error const ( - // Uncompressed represents the uncompressed. - Uncompressed Compression = iota - // Bzip2 is bzip2 compression algorithm. - Bzip2 - // Gzip is gzip compression algorithm. - Gzip - // Xz is xz compression algorithm. - Xz - // Zstd is zstd compression algorithm. - Zstd + Uncompressed Compression = 0 // Uncompressed represents the uncompressed. + Bzip2 Compression = 1 // Bzip2 is bzip2 compression algorithm. + Gzip Compression = 2 // Gzip is gzip compression algorithm. + Xz Compression = 3 // Xz is xz compression algorithm. + Zstd Compression = 4 // Zstd is zstd compression algorithm. ) const ( - // AUFSWhiteoutFormat is the default format for whiteouts - AUFSWhiteoutFormat WhiteoutFormat = iota - // OverlayWhiteoutFormat formats whiteout according to the overlay - // standard. - OverlayWhiteoutFormat + AUFSWhiteoutFormat WhiteoutFormat = 0 // AUFSWhiteoutFormat is the default format for whiteouts + OverlayWhiteoutFormat WhiteoutFormat = 1 // OverlayWhiteoutFormat formats whiteout according to the overlay standard. ) // IsArchivePath checks if the (possibly compressed) file at the given path @@ -159,7 +150,7 @@ func magicNumberMatcher(m []byte) matcher { // zstdMatcher detects zstd compression algorithm. // Zstandard compressed data is made of one or more frames. // There are two frame formats defined by Zstandard: Zstandard frames and Skippable frames. -// See https://tools.ietf.org/id/draft-kucherawy-dispatch-zstd-00.html#rfc.section.2 for more details. +// See https://datatracker.ietf.org/doc/html/rfc8878#section-3 for more details. func zstdMatcher() matcher { return func(source []byte) bool { if bytes.HasPrefix(source, zstdMagic) { @@ -541,8 +532,10 @@ func newTarAppender(idMapping idtools.IdentityMapping, writer io.Writer, chownOp } // CanonicalTarNameForPath canonicalizes relativePath to a POSIX-style path using -// forward slashes. It is an alias for filepath.ToSlash, which is a no-op on +// forward slashes. It is an alias for [filepath.ToSlash], which is a no-op on // Linux and Unix. +// +// Deprecated: use [filepath.ToSlash]. This function will be removed in the next release. func CanonicalTarNameForPath(relativePath string) string { return filepath.ToSlash(relativePath) } @@ -681,9 +674,11 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o inUserns, bestEffortXattrs bool chownOpts *idtools.Identity ) + + // TODO(thaJeztah): make opts a required argument. if opts != nil { Lchown = !opts.NoLchown - inUserns = opts.InUserNS + inUserns = opts.InUserNS // TODO(thaJeztah): consider deprecating opts.InUserNS and detect locally. chownOpts = opts.ChownOpts bestEffortXattrs = opts.BestEffortXattrs } @@ -718,6 +713,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o case tar.TypeBlock, tar.TypeChar: if inUserns { // cannot create devices in a userns + log.G(context.TODO()).WithFields(log.Fields{"path": path, "type": hdr.Typeflag}).Debug("skipping device nodes in a userns") return nil } // Handle this is an OS-specific way @@ -728,6 +724,11 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o case tar.TypeFifo: // Handle this is an OS-specific way if err := handleTarTypeBlockCharFifo(hdr, path); err != nil { + if inUserns && errors.Is(err, syscall.EPERM) { + // In most cases, cannot create a fifo if running in user namespace + log.G(context.TODO()).WithFields(log.Fields{"error": err, "path": path, "type": hdr.Typeflag}).Debug("creating fifo node in a userns") + return nil + } return err } @@ -771,7 +772,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o } if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil { msg := "failed to Lchown %q for UID %d, GID %d" - if errors.Is(err, syscall.EINVAL) && userns.RunningInUserNS() { + if inUserns && errors.Is(err, syscall.EINVAL) { msg += " (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid)" } return errors.Wrapf(err, msg, path, hdr.Uid, hdr.Gid) @@ -877,21 +878,16 @@ func NewTarballer(srcPath string, options *TarOptions) (*Tarballer, error) { return nil, err } - whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS) - if err != nil { - return nil, err - } - return &Tarballer{ // Fix the source path to work with long path names. This is a no-op // on platforms other than Windows. - srcPath: fixVolumePathPrefix(srcPath), + srcPath: addLongPathPrefix(srcPath), options: options, pm: pm, pipeReader: pipeReader, pipeWriter: pipeWriter, compressWriter: compressWriter, - whiteoutConverter: whiteoutConverter, + whiteoutConverter: getWhiteoutConverter(options.WhiteoutFormat), }, nil } @@ -1086,10 +1082,7 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err defer pools.BufioReader32KPool.Put(trBuf) var dirs []*tar.Header - whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS) - if err != nil { - return err - } + whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat) // Iterate through the files in the archive. loop: @@ -1452,6 +1445,8 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) { // NewTempArchive reads the content of src into a temporary file, and returns the contents // of that file as an archive. The archive can only be read once - as soon as reading completes, // the file will be deleted. +// +// Deprecated: NewTempArchive is only used in tests and will be removed in the next release. func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) { f, err := os.CreateTemp(dir, "") if err != nil { @@ -1473,6 +1468,8 @@ func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) { // TempArchive is a temporary archive. The archive can only be read once - as soon as reading completes, // the file will be deleted. +// +// Deprecated: TempArchive is only used in tests and will be removed in the next release. type TempArchive struct { *os.File Size int64 // Pre-computed from Stat().Size() as a convenience diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go index 2c3786cd50..45ac2aa6ce 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go @@ -6,19 +6,17 @@ import ( "path/filepath" "strings" + "github.com/containerd/containerd/pkg/userns" "github.com/docker/docker/pkg/system" "github.com/pkg/errors" "golang.org/x/sys/unix" ) -func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) { +func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter { if format == OverlayWhiteoutFormat { - if inUserNS { - return nil, errors.New("specifying OverlayWhiteoutFormat is not allowed in userns") - } - return overlayWhiteoutConverter{}, nil + return overlayWhiteoutConverter{} } - return nil, nil + return nil } type overlayWhiteoutConverter struct{} @@ -35,20 +33,25 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os } if fi.Mode()&os.ModeDir != 0 { + opaqueXattrName := "trusted.overlay.opaque" + if userns.RunningInUserNS() { + opaqueXattrName = "user.overlay.opaque" + } + // convert opaque dirs to AUFS format by writing an empty file with the prefix - opaque, err := system.Lgetxattr(path, "trusted.overlay.opaque") + opaque, err := system.Lgetxattr(path, opaqueXattrName) if err != nil { return nil, err } if len(opaque) == 1 && opaque[0] == 'y' { - delete(hdr.PAXRecords, paxSchilyXattr+"trusted.overlay.opaque") + delete(hdr.PAXRecords, paxSchilyXattr+opaqueXattrName) // create a header for the whiteout file // it should inherit some properties from the parent, but be a regular file wo = &tar.Header{ Typeflag: tar.TypeReg, Mode: hdr.Mode & int64(os.ModePerm), - Name: filepath.Join(hdr.Name, WhiteoutOpaqueDir), + Name: filepath.Join(hdr.Name, WhiteoutOpaqueDir), // #nosec G305 -- An archive is being created, not extracted. Size: 0, Uid: hdr.Uid, Uname: hdr.Uname, @@ -56,7 +59,7 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os Gname: hdr.Gname, AccessTime: hdr.AccessTime, ChangeTime: hdr.ChangeTime, - } //#nosec G305 -- An archive is being created, not extracted. + } } } @@ -69,9 +72,14 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo // if a directory is marked as opaque by the AUFS special file, we need to translate that to overlay if base == WhiteoutOpaqueDir { - err := unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0) + opaqueXattrName := "trusted.overlay.opaque" + if userns.RunningInUserNS() { + opaqueXattrName = "user.overlay.opaque" + } + + err := unix.Setxattr(dir, opaqueXattrName, []byte{'y'}, 0) if err != nil { - return false, errors.Wrapf(err, "setxattr(%q, trusted.overlay.opaque=y)", dir) + return false, errors.Wrapf(err, "setxattr(%q, %s=y)", dir, opaqueXattrName) } // don't write the file itself return false, err diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/docker/docker/pkg/archive/archive_other.go index 3de1d64c80..7dee1f7a46 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_other.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_other.go @@ -2,6 +2,6 @@ package archive // import "github.com/docker/docker/pkg/archive" -func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) { - return nil, nil +func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter { + return nil } diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go index ff59d01975..f559a30565 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go @@ -11,7 +11,6 @@ import ( "strings" "syscall" - "github.com/containerd/containerd/pkg/userns" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/system" "golang.org/x/sys/unix" @@ -21,9 +20,9 @@ func init() { sysStat = statUnix } -// fixVolumePathPrefix does platform specific processing to ensure that if -// the path being passed in is not in a volume path format, convert it to one. -func fixVolumePathPrefix(srcPath string) string { +// addLongPathPrefix adds the Windows long path prefix to the path provided if +// it does not already have it. It is a no-op on platforms other than Windows. +func addLongPathPrefix(srcPath string) string { return srcPath } @@ -95,7 +94,10 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) { } // handleTarTypeBlockCharFifo is an OS-specific helper function used by -// createTarFile to handle the following types of header: Block; Char; Fifo +// createTarFile to handle the following types of header: Block; Char; Fifo. +// +// Creating device nodes is not supported when running in a user namespace, +// produces a [syscall.EPERM] in most cases. func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { mode := uint32(hdr.Mode & 0o7777) switch hdr.Typeflag { @@ -107,12 +109,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { mode |= unix.S_IFIFO } - err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))) - if errors.Is(err, syscall.EPERM) && userns.RunningInUserNS() { - // In most cases, cannot create a device if running in user namespace - err = nil - } - return err + return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))) } func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go index 09a25832e8..e25c64b415 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go @@ -4,15 +4,27 @@ import ( "archive/tar" "os" "path/filepath" + "strings" "github.com/docker/docker/pkg/idtools" - "github.com/docker/docker/pkg/longpath" ) -// fixVolumePathPrefix does platform specific processing to ensure that if -// the path being passed in is not in a volume path format, convert it to one. -func fixVolumePathPrefix(srcPath string) string { - return longpath.AddPrefix(srcPath) +// longPathPrefix is the longpath prefix for Windows file paths. +const longPathPrefix = `\\?\` + +// addLongPathPrefix adds the Windows long path prefix to the path provided if +// it does not already have it. It is a no-op on platforms other than Windows. +// +// addLongPathPrefix is a copy of [github.com/docker/docker/pkg/longpath.AddPrefix]. +func addLongPathPrefix(srcPath string) string { + if strings.HasPrefix(srcPath, longPathPrefix) { + return srcPath + } + if strings.HasPrefix(srcPath, `\\`) { + // This is a UNC path, so we need to add 'UNC' to the path as well. + return longPathPrefix + `UNC` + srcPath[1:] + } + return longPathPrefix + srcPath } // getWalkRoot calculates the root path when performing a TarWithOptions. diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go index f9f16c9259..5f12ca4016 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes.go @@ -23,12 +23,9 @@ import ( type ChangeType int const ( - // ChangeModify represents the modify operation. - ChangeModify = iota - // ChangeAdd represents the add operation. - ChangeAdd - // ChangeDelete represents the delete operation. - ChangeDelete + ChangeModify = 0 // ChangeModify represents the modify operation. + ChangeAdd = 1 // ChangeAdd represents the add operation. + ChangeDelete = 2 // ChangeDelete represents the delete operation. ) func (c ChangeType) String() string { diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/docker/docker/pkg/archive/changes_other.go index 13a7d3c0c6..28f741a25d 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_other.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_other.go @@ -72,19 +72,23 @@ func collectFileInfo(sourceDir string) (*FileInfo, error) { return fmt.Errorf("collectFileInfo: Unexpectedly no parent for %s", relPath) } + s, err := system.Lstat(path) + if err != nil { + return err + } + info := &FileInfo{ name: filepath.Base(relPath), children: make(map[string]*FileInfo), parent: parent, + stat: s, } - s, err := system.Lstat(path) - if err != nil { - return err - } - info.stat = s - - info.capability, _ = system.Lgetxattr(path, "security.capability") + // system.Lgetxattr is only implemented on Linux and produces an error + // on other platforms. This code is intentionally left commented-out + // as a reminder to include this code if this would ever be implemented + // on other platforms. + // info.capability, _ = system.Lgetxattr(path, "security.capability") parent.children[info.name] = info diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go index 318f594212..e080e310ac 100644 --- a/vendor/github.com/docker/docker/pkg/archive/diff.go +++ b/vendor/github.com/docker/docker/pkg/archive/diff.go @@ -102,7 +102,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, continue } } - //#nosec G305 -- The joined path is guarded against path traversal. + // #nosec G305 -- The joined path is guarded against path traversal. path := filepath.Join(dest, hdr.Name) rel, err := filepath.Rel(dest, path) if err != nil { @@ -198,7 +198,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, } for _, hdr := range dirs { - //#nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice. + // #nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice. path := filepath.Join(dest, hdr.Name) if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil { return 0, err diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go index 6ecf06c816..f5453eb6df 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go @@ -2,16 +2,34 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" import ( "io" + "strings" "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/longpath" ) +// longPathPrefix is the longpath prefix for Windows file paths. +const longPathPrefix = `\\?\` + +// addLongPathPrefix adds the Windows long path prefix to the path provided if +// it does not already have it. It is a no-op on platforms other than Windows. +// +// addLongPathPrefix is a copy of [github.com/docker/docker/pkg/longpath.AddPrefix]. +func addLongPathPrefix(srcPath string) string { + if strings.HasPrefix(srcPath, longPathPrefix) { + return srcPath + } + if strings.HasPrefix(srcPath, `\\`) { + // This is a UNC path, so we need to add 'UNC' to the path as well. + return longPathPrefix + `UNC` + srcPath[1:] + } + return longPathPrefix + srcPath +} + func invokeUnpack(decompressedArchive io.ReadCloser, dest string, options *archive.TarOptions, root string) error { // Windows is different to Linux here because Windows does not support // chroot. Hence there is no point sandboxing a chrooted process to // do the unpack. We call inline instead within the daemon process. - return archive.Unpack(decompressedArchive, longpath.AddPrefix(dest), options) + return archive.Unpack(decompressedArchive, addLongPathPrefix(dest), options) } func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) { diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go index e3dd4cead0..d9f26074a5 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go @@ -14,7 +14,6 @@ import ( // applies it to the directory `dest`. Returns the size in bytes of the // contents of the layer. func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions, decompress bool) (size int64, err error) { - dest = filepath.Clean(dest) if decompress { decompressed, err := archive.DecompressStream(layer) if err != nil { @@ -33,5 +32,6 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions if options.ExcludePatterns == nil { options.ExcludePatterns = []string{} } + dest = filepath.Clean(dest) return doUnpackLayer(dest, layer, options) } diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go index fd29072e82..080957225f 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go @@ -6,18 +6,12 @@ import ( "path/filepath" "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/longpath" ) // applyLayerHandler parses a diff in the standard layer format from `layer`, and // applies it to the directory `dest`. Returns the size in bytes of the // contents of the layer. func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions, decompress bool) (size int64, err error) { - dest = filepath.Clean(dest) - - // Ensure it is a Windows-style volume path - dest = longpath.AddPrefix(dest) - if decompress { decompressed, err := archive.DecompressStream(layer) if err != nil { @@ -28,6 +22,8 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions layer = decompressed } + // Ensure it is a Windows-style volume path + dest = addLongPathPrefix(filepath.Clean(dest)) s, err := archive.UnpackLayer(dest, layer, nil) if err != nil { return 0, fmt.Errorf("ApplyLayer %s failed UnpackLayer to %s: %s", layer, dest, err) diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go index 82671d8cd5..05da97b0e4 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go @@ -9,6 +9,7 @@ import ( // NewAtomicFileWriter returns WriteCloser so that writing to it writes to a // temporary file and closing it atomically changes the temporary file to // destination path. Writing and closing concurrently is not allowed. +// NOTE: umask is not considered for the file's permissions. func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, error) { f, err := os.CreateTemp(filepath.Dir(filename), ".tmp-"+filepath.Base(filename)) if err != nil { @@ -26,7 +27,8 @@ func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, err }, nil } -// AtomicWriteFile atomically writes data to a file named by filename. +// AtomicWriteFile atomically writes data to a file named by filename and with the specified permission bits. +// NOTE: umask is not considered for the file's permissions. func AtomicWriteFile(filename string, data []byte, perm os.FileMode) error { f, err := NewAtomicFileWriter(filename, perm) if err != nil { diff --git a/vendor/github.com/docker/docker/pkg/longpath/longpath.go b/vendor/github.com/docker/docker/pkg/longpath/longpath.go index 1c5dde5218..fedb9eb83e 100644 --- a/vendor/github.com/docker/docker/pkg/longpath/longpath.go +++ b/vendor/github.com/docker/docker/pkg/longpath/longpath.go @@ -12,20 +12,24 @@ import ( ) // Prefix is the longpath prefix for Windows file paths. -const Prefix = `\\?\` +// +// Deprecated: this const is only used internally, and will be removed in the next release +const Prefix = longPathPrefix + +// longPathPrefix is the longpath prefix for Windows file paths. +const longPathPrefix = `\\?\` // AddPrefix adds the Windows long path prefix to the path provided if // it does not already have it. func AddPrefix(path string) string { - if !strings.HasPrefix(path, Prefix) { - if strings.HasPrefix(path, `\\`) { - // This is a UNC path, so we need to add 'UNC' to the path as well. - path = Prefix + `UNC` + path[1:] - } else { - path = Prefix + path - } + if strings.HasPrefix(path, longPathPrefix) { + return path + } + if strings.HasPrefix(path, `\\`) { + // This is a UNC path, so we need to add 'UNC' to the path as well. + return longPathPrefix + `UNC` + path[1:] } - return path + return longPathPrefix + path } // MkdirTemp is the equivalent of [os.MkdirTemp], except that on Windows diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers.go b/vendor/github.com/docker/docker/pkg/parsers/parsers.go deleted file mode 100644 index e438b5a40a..0000000000 --- a/vendor/github.com/docker/docker/pkg/parsers/parsers.go +++ /dev/null @@ -1,100 +0,0 @@ -// Package parsers provides helper functions to parse and validate different type -// of string. It can be hosts, unix addresses, tcp addresses, filters, kernel -// operating system versions. -package parsers // import "github.com/docker/docker/pkg/parsers" - -import ( - "fmt" - "strconv" - "strings" -) - -// ParseKeyValueOpt parses and validates the specified string as a key/value -// pair (key=value). -func ParseKeyValueOpt(opt string) (key string, value string, err error) { - k, v, ok := strings.Cut(opt, "=") - if !ok { - return "", "", fmt.Errorf("unable to parse key/value option: %s", opt) - } - return strings.TrimSpace(k), strings.TrimSpace(v), nil -} - -// ParseUintListMaximum parses and validates the specified string as the value -// found in some cgroup file (e.g. `cpuset.cpus`, `cpuset.mems`), which could be -// one of the formats below. Note that duplicates are actually allowed in the -// input string. It returns a `map[int]bool` with available elements from `val` -// set to `true`. Values larger than `maximum` cause an error if max is non zero, -// in order to stop the map becoming excessively large. -// Supported formats: -// -// 7 -// 1-6 -// 0,3-4,7,8-10 -// 0-0,0,1-7 -// 03,1-3 <- this is gonna get parsed as [1,2,3] -// 3,2,1 -// 0-2,3,1 -func ParseUintListMaximum(val string, maximum int) (map[int]bool, error) { - return parseUintList(val, maximum) -} - -// ParseUintList parses and validates the specified string as the value -// found in some cgroup file (e.g. `cpuset.cpus`, `cpuset.mems`), which could be -// one of the formats below. Note that duplicates are actually allowed in the -// input string. It returns a `map[int]bool` with available elements from `val` -// set to `true`. -// Supported formats: -// -// 7 -// 1-6 -// 0,3-4,7,8-10 -// 0-0,0,1-7 -// 03,1-3 <- this is gonna get parsed as [1,2,3] -// 3,2,1 -// 0-2,3,1 -func ParseUintList(val string) (map[int]bool, error) { - return parseUintList(val, 0) -} - -func parseUintList(val string, maximum int) (map[int]bool, error) { - if val == "" { - return map[int]bool{}, nil - } - - availableInts := make(map[int]bool) - split := strings.Split(val, ",") - errInvalidFormat := fmt.Errorf("invalid format: %s", val) - - for _, r := range split { - if !strings.Contains(r, "-") { - v, err := strconv.Atoi(r) - if err != nil { - return nil, errInvalidFormat - } - if maximum != 0 && v > maximum { - return nil, fmt.Errorf("value of out range, maximum is %d", maximum) - } - availableInts[v] = true - } else { - minS, maxS, _ := strings.Cut(r, "-") - min, err := strconv.Atoi(minS) - if err != nil { - return nil, errInvalidFormat - } - max, err := strconv.Atoi(maxS) - if err != nil { - return nil, errInvalidFormat - } - if max < min { - return nil, errInvalidFormat - } - if maximum != 0 && max > maximum { - return nil, fmt.Errorf("value of out range, maximum is %d", maximum) - } - for i := min; i <= max; i++ { - availableInts[i] = true - } - } - } - return availableInts, nil -} diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_linux.go b/vendor/github.com/docker/docker/pkg/reexec/command_linux.go index d7ec3d606f..952633c864 100644 --- a/vendor/github.com/docker/docker/pkg/reexec/command_linux.go +++ b/vendor/github.com/docker/docker/pkg/reexec/command_linux.go @@ -1,33 +1,26 @@ -package reexec // import "github.com/docker/docker/pkg/reexec" +package reexec import ( "os/exec" "syscall" - - "golang.org/x/sys/unix" ) -// Self returns the path to the current process's binary. -// Returns "/proc/self/exe". -func Self() string { - return "/proc/self/exe" -} - -// Command returns *exec.Cmd which has Path as current binary. Also it setting -// SysProcAttr.Pdeathsig to SIGTERM. -// This will use the in-memory version (/proc/self/exe) of the current binary, -// it is thus safe to delete or replace the on-disk binary (os.Args[0]). +// Command returns an [*exec.Cmd] which has Path as current binary which, +// on Linux, is set to the in-memory version (/proc/self/exe) of the current +// binary, it is thus safe to delete or replace the on-disk binary (os.Args[0]). +// +// On Linux, the Pdeathsig of [*exec.Cmd.SysProcAttr] is set to SIGTERM. +// This signal will be sent to the process when the OS thread which created +// the process dies. // -// As SysProcAttr.Pdeathsig is set, the signal will be sent to the process when -// the OS thread which created the process dies. It is the caller's -// responsibility to ensure that the creating thread is not terminated -// prematurely. See https://go.dev/issue/27505 for more details. +// It is the caller's responsibility to ensure that the creating thread is +// not terminated prematurely. See https://go.dev/issue/27505 for more details. func Command(args ...string) *exec.Cmd { return &exec.Cmd{ Path: Self(), Args: args, SysProcAttr: &syscall.SysProcAttr{ - Pdeathsig: unix.SIGTERM, + Pdeathsig: syscall.SIGTERM, }, } } diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_other.go b/vendor/github.com/docker/docker/pkg/reexec/command_other.go new file mode 100644 index 0000000000..b458ef2d20 --- /dev/null +++ b/vendor/github.com/docker/docker/pkg/reexec/command_other.go @@ -0,0 +1,19 @@ +//go:build freebsd || darwin || windows + +package reexec + +import ( + "os/exec" +) + +// Command returns *exec.Cmd with its Path set to the path of the current +// binary using the result of [Self]. For example if current binary is +// "my-binary" at "/usr/bin/" (or "my-binary.exe" at "C:\" on Windows), +// then cmd.Path is set to "/usr/bin/my-binary" and "C:\my-binary.exe" +// respectively. +func Command(args ...string) *exec.Cmd { + return &exec.Cmd{ + Path: Self(), + Args: args, + } +} diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go deleted file mode 100644 index 0df5195e70..0000000000 --- a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go +++ /dev/null @@ -1,23 +0,0 @@ -//go:build freebsd || darwin - -package reexec // import "github.com/docker/docker/pkg/reexec" - -import ( - "os/exec" -) - -// Self returns the path to the current process's binary. -// Uses os.Args[0]. -func Self() string { - return naiveSelf() -} - -// Command returns *exec.Cmd which has Path as current binary. -// For example if current binary is "docker" at "/usr/bin/", then cmd.Path will -// be set to "/usr/bin/docker". -func Command(args ...string) *exec.Cmd { - return &exec.Cmd{ - Path: Self(), - Args: args, - } -} diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go index bec9761701..3e98b989a3 100644 --- a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go @@ -1,15 +1,11 @@ //go:build !linux && !windows && !freebsd && !darwin -package reexec // import "github.com/docker/docker/pkg/reexec" +package reexec import ( "os/exec" ) -func Self() string { - return "" -} - // Command is unsupported on operating systems apart from Linux, Windows, and Darwin. func Command(args ...string) *exec.Cmd { return nil diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_windows.go b/vendor/github.com/docker/docker/pkg/reexec/command_windows.go deleted file mode 100644 index 438226890f..0000000000 --- a/vendor/github.com/docker/docker/pkg/reexec/command_windows.go +++ /dev/null @@ -1,21 +0,0 @@ -package reexec // import "github.com/docker/docker/pkg/reexec" - -import ( - "os/exec" -) - -// Self returns the path to the current process's binary. -// Uses os.Args[0]. -func Self() string { - return naiveSelf() -} - -// Command returns *exec.Cmd which has Path as current binary. -// For example if current binary is "docker.exe" at "C:\", then cmd.Path will -// be set to "C:\docker.exe". -func Command(args ...string) *exec.Cmd { - return &exec.Cmd{ - Path: Self(), - Args: args, - } -} diff --git a/vendor/github.com/docker/docker/pkg/reexec/reexec.go b/vendor/github.com/docker/docker/pkg/reexec/reexec.go index 54e934c2a0..b9d11a2a58 100644 --- a/vendor/github.com/docker/docker/pkg/reexec/reexec.go +++ b/vendor/github.com/docker/docker/pkg/reexec/reexec.go @@ -1,19 +1,23 @@ -// Package reexec facilitates the busybox style reexec of the docker binary that -// we require because of the forking limitations of using Go. Handlers can be -// registered with a name and the argv 0 of the exec of the binary will be used -// to find and execute custom init paths. -package reexec // import "github.com/docker/docker/pkg/reexec" +// Package reexec facilitates the busybox style reexec of a binary. +// +// Handlers can be registered with a name and the argv 0 of the exec of +// the binary will be used to find and execute custom init paths. +// +// It is used in dockerd to work around forking limitations when using Go. +package reexec import ( "fmt" "os" "os/exec" "path/filepath" + "runtime" ) var registeredInitializers = make(map[string]func()) -// Register adds an initialization func under the specified name +// Register adds an initialization func under the specified name. It panics +// if the given name is already registered. func Register(name string, initializer func()) { if _, exists := registeredInitializers[name]; exists { panic(fmt.Sprintf("reexec func already registered under name %q", name)) @@ -25,15 +29,24 @@ func Register(name string, initializer func()) { // Init is called as the first part of the exec process and returns true if an // initialization function was called. func Init() bool { - initializer, exists := registeredInitializers[os.Args[0]] - if exists { + if initializer, ok := registeredInitializers[os.Args[0]]; ok { initializer() - return true } return false } +// Self returns the path to the current process's binary. On Linux, it +// returns "/proc/self/exe", which provides the in-memory version of the +// current binary, whereas on other platforms it attempts to looks up the +// absolute path for os.Args[0], or otherwise returns os.Args[0] as-is. +func Self() string { + if runtime.GOOS == "linux" { + return "/proc/self/exe" + } + return naiveSelf() +} + func naiveSelf() string { name := os.Args[0] if filepath.Base(name) == name { diff --git a/vendor/github.com/docker/docker/pkg/stringid/stringid.go b/vendor/github.com/docker/docker/pkg/stringid/stringid.go index d3d1014acf..bffac8035e 100644 --- a/vendor/github.com/docker/docker/pkg/stringid/stringid.go +++ b/vendor/github.com/docker/docker/pkg/stringid/stringid.go @@ -22,6 +22,8 @@ var ( // IsShortID determines if id has the correct format and length for a short ID. // It checks the IDs length and if it consists of valid characters for IDs (a-f0-9). +// +// Deprecated: this function is no longer used, and will be removed in the next release. func IsShortID(id string) bool { if len(id) != shortLen { return false @@ -62,6 +64,8 @@ func GenerateRandomID() string { } // ValidateID checks whether an ID string is a valid, full-length image ID. +// +// Deprecated: use [github.com/docker/docker/image/v1.ValidateID] instead. Will be removed in the next release. func ValidateID(id string) error { if len(id) != fullLen { return errors.New("image ID '" + id + "' is invalid") diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go deleted file mode 100644 index 2290c2ce8b..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go +++ /dev/null @@ -1,145 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "context" - "os" - "path" - "strings" - - "github.com/containerd/cgroups/v3" - cgroupsV2 "github.com/containerd/cgroups/v3/cgroup2" - "github.com/containerd/containerd/pkg/userns" - "github.com/containerd/log" -) - -func newV2(options ...Opt) *SysInfo { - sysInfo := &SysInfo{ - CgroupUnified: true, - cg2GroupPath: "/", - } - for _, o := range options { - o(sysInfo) - } - - ops := []infoCollector{ - applyNetworkingInfo, - applyAppArmorInfo, - applySeccompInfo, - applyCgroupNsInfo, - } - - m, err := cgroupsV2.Load(sysInfo.cg2GroupPath) - if err != nil { - log.G(context.TODO()).Warn(err) - } else { - sysInfo.cg2Controllers = make(map[string]struct{}) - controllers, err := m.Controllers() - if err != nil { - log.G(context.TODO()).Warn(err) - } - for _, c := range controllers { - sysInfo.cg2Controllers[c] = struct{}{} - } - ops = append(ops, - applyMemoryCgroupInfoV2, - applyCPUCgroupInfoV2, - applyIOCgroupInfoV2, - applyCPUSetCgroupInfoV2, - applyPIDSCgroupInfoV2, - applyDevicesCgroupInfoV2, - ) - } - - for _, o := range ops { - o(sysInfo) - } - return sysInfo -} - -func getSwapLimitV2() bool { - _, g, err := cgroups.ParseCgroupFileUnified("/proc/self/cgroup") - if err != nil { - return false - } - - if g == "" { - return false - } - - cGroupPath := path.Join("/sys/fs/cgroup", g, "memory.swap.max") - if _, err = os.Stat(cGroupPath); os.IsNotExist(err) { - return false - } - return true -} - -func applyMemoryCgroupInfoV2(info *SysInfo) { - if _, ok := info.cg2Controllers["memory"]; !ok { - info.Warnings = append(info.Warnings, "Unable to find memory controller") - return - } - - info.MemoryLimit = true - info.SwapLimit = getSwapLimitV2() - info.MemoryReservation = true - info.OomKillDisable = false - info.MemorySwappiness = false - info.KernelMemory = false - info.KernelMemoryTCP = false -} - -func applyCPUCgroupInfoV2(info *SysInfo) { - if _, ok := info.cg2Controllers["cpu"]; !ok { - info.Warnings = append(info.Warnings, "Unable to find cpu controller") - return - } - info.CPUShares = true - info.CPUCfs = true - info.CPURealtime = false -} - -func applyIOCgroupInfoV2(info *SysInfo) { - if _, ok := info.cg2Controllers["io"]; !ok { - info.Warnings = append(info.Warnings, "Unable to find io controller") - return - } - - info.BlkioWeight = true - info.BlkioWeightDevice = true - info.BlkioReadBpsDevice = true - info.BlkioWriteBpsDevice = true - info.BlkioReadIOpsDevice = true - info.BlkioWriteIOpsDevice = true -} - -func applyCPUSetCgroupInfoV2(info *SysInfo) { - if _, ok := info.cg2Controllers["cpuset"]; !ok { - info.Warnings = append(info.Warnings, "Unable to find cpuset controller") - return - } - info.Cpuset = true - - cpus, err := os.ReadFile(path.Join("/sys/fs/cgroup", info.cg2GroupPath, "cpuset.cpus.effective")) - if err != nil { - return - } - info.Cpus = strings.TrimSpace(string(cpus)) - - mems, err := os.ReadFile(path.Join("/sys/fs/cgroup", info.cg2GroupPath, "cpuset.mems.effective")) - if err != nil { - return - } - info.Mems = strings.TrimSpace(string(mems)) -} - -func applyPIDSCgroupInfoV2(info *SysInfo) { - if _, ok := info.cg2Controllers["pids"]; !ok { - info.Warnings = append(info.Warnings, "Unable to find pids controller") - return - } - info.PidsLimit = true -} - -func applyDevicesCgroupInfoV2(info *SysInfo) { - info.CgroupDevicesEnabled = !userns.RunningInUserNS() -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go deleted file mode 100644 index 26fe99cfcc..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go +++ /dev/null @@ -1,15 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "runtime" -) - -// NumCPU returns the number of CPUs. On Linux and Windows, it returns -// the number of CPUs which are currently online. On other platforms, -// it's the equivalent of [runtime.NumCPU]. -func NumCPU() int { - if ncpu := numCPU(); ncpu > 0 { - return ncpu - } - return runtime.NumCPU() -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go deleted file mode 100644 index 0f47c081d1..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_linux.go +++ /dev/null @@ -1,17 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import "golang.org/x/sys/unix" - -// numCPU queries the system for the count of threads available -// for use to this process. -// -// Returns 0 on errors. Use |runtime.NumCPU| in that case. -func numCPU() int { - // Gets the affinity mask for a process: The very one invoking this function. - var mask unix.CPUSet - err := unix.SchedGetaffinity(0, &mask) - if err != nil { - return 0 - } - return mask.Count() -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_other.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_other.go deleted file mode 100644 index fcafd56ae3..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_other.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build !linux && !windows - -package sysinfo - -func numCPU() int { - // not implemented - return 0 -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go deleted file mode 100644 index ff4753445a..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu_windows.go +++ /dev/null @@ -1,36 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "unsafe" - - "golang.org/x/sys/windows" -) - -var ( - kernel32 = windows.NewLazySystemDLL("kernel32.dll") - getCurrentProcess = kernel32.NewProc("GetCurrentProcess") - getProcessAffinityMask = kernel32.NewProc("GetProcessAffinityMask") -) - -// Returns bit count of 1, used by NumCPU -func popcnt(x uint64) (n byte) { - x -= (x >> 1) & 0x5555555555555555 - x = (x>>2)&0x3333333333333333 + x&0x3333333333333333 - x += x >> 4 - x &= 0x0f0f0f0f0f0f0f0f - x *= 0x0101010101010101 - return byte(x >> 56) -} - -func numCPU() int { - // Gets the affinity mask for a process - var mask, sysmask uintptr - currentProcess, _, _ := getCurrentProcess.Call() - ret, _, _ := getProcessAffinityMask.Call(currentProcess, uintptr(unsafe.Pointer(&mask)), uintptr(unsafe.Pointer(&sysmask))) - if ret == 0 { - return 0 - } - // For every available thread a bit is set in the mask. - ncpu := int(popcnt(uint64(mask))) - return ncpu -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go deleted file mode 100644 index c41dbcb40c..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo.go +++ /dev/null @@ -1,170 +0,0 @@ -// Package sysinfo stores information about which features a kernel supports. -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import "github.com/docker/docker/pkg/parsers" - -// Opt for New(). -type Opt func(info *SysInfo) - -// SysInfo stores information about which features a kernel supports. -// TODO Windows: Factor out platform specific capabilities. -type SysInfo struct { - // Whether the kernel supports AppArmor or not - AppArmor bool - // Whether the kernel supports Seccomp or not - Seccomp bool - - cgroupMemInfo - cgroupCPUInfo - cgroupBlkioInfo - cgroupCpusetInfo - cgroupPids - - // Whether the kernel supports cgroup namespaces or not - CgroupNamespaces bool - - // Whether IPv4 forwarding is supported or not, if this was disabled, networking will not work - IPv4ForwardingDisabled bool - - // Whether bridge-nf-call-iptables is supported or not - BridgeNFCallIPTablesDisabled bool - - // Whether bridge-nf-call-ip6tables is supported or not - BridgeNFCallIP6TablesDisabled bool - - // Whether the cgroup has the mountpoint of "devices" or not - CgroupDevicesEnabled bool - - // Whether the cgroup is in unified mode (v2). - CgroupUnified bool - - // Warnings contains a slice of warnings that occurred while collecting - // system information. These warnings are intended to be informational - // messages for the user, and can either be logged or returned to the - // client; they are not intended to be parsed / used for other purposes, - // and do not have a fixed format. - Warnings []string - - // cgMounts is the list of cgroup v1 mount paths, indexed by subsystem, to - // inspect availability of subsystems. - cgMounts map[string]string - - // cg2GroupPath is the cgroup v2 group path to inspect availability of the controllers. - cg2GroupPath string - - // cg2Controllers is an index of available cgroup v2 controllers. - cg2Controllers map[string]struct{} -} - -type cgroupMemInfo struct { - // Whether memory limit is supported or not - MemoryLimit bool - - // Whether swap limit is supported or not - SwapLimit bool - - // Whether soft limit is supported or not - MemoryReservation bool - - // Whether OOM killer disable is supported or not - OomKillDisable bool - - // Whether memory swappiness is supported or not - MemorySwappiness bool - - // Whether kernel memory limit is supported or not. This option is used to - // detect support for kernel-memory limits on API < v1.42. Kernel memory - // limit (`kmem.limit_in_bytes`) is not supported on cgroups v2, and has been - // removed in kernel 5.4. - KernelMemory bool - - // Whether kernel memory TCP limit is supported or not. Kernel memory TCP - // limit (`memory.kmem.tcp.limit_in_bytes`) is not supported on cgroups v2. - KernelMemoryTCP bool -} - -type cgroupCPUInfo struct { - // Whether CPU shares is supported or not - CPUShares bool - - // Whether CPU CFS (Completely Fair Scheduler) is supported - CPUCfs bool - - // Whether CPU real-time scheduler is supported - CPURealtime bool -} - -type cgroupBlkioInfo struct { - // Whether Block IO weight is supported or not - BlkioWeight bool - - // Whether Block IO weight_device is supported or not - BlkioWeightDevice bool - - // Whether Block IO read limit in bytes per second is supported or not - BlkioReadBpsDevice bool - - // Whether Block IO write limit in bytes per second is supported or not - BlkioWriteBpsDevice bool - - // Whether Block IO read limit in IO per second is supported or not - BlkioReadIOpsDevice bool - - // Whether Block IO write limit in IO per second is supported or not - BlkioWriteIOpsDevice bool -} - -type cgroupCpusetInfo struct { - // Whether Cpuset is supported or not - Cpuset bool - - // Available Cpuset's cpus - Cpus string - - // Available Cpuset's memory nodes - Mems string -} - -type cgroupPids struct { - // Whether Pids Limit is supported or not - PidsLimit bool -} - -// IsCpusetCpusAvailable returns `true` if the provided string set is contained -// in cgroup's cpuset.cpus set, `false` otherwise. -// If error is not nil a parsing error occurred. -func (c cgroupCpusetInfo) IsCpusetCpusAvailable(provided string) (bool, error) { - return isCpusetListAvailable(provided, c.Cpus) -} - -// IsCpusetMemsAvailable returns `true` if the provided string set is contained -// in cgroup's cpuset.mems set, `false` otherwise. -// If error is not nil a parsing error occurred. -func (c cgroupCpusetInfo) IsCpusetMemsAvailable(provided string) (bool, error) { - return isCpusetListAvailable(provided, c.Mems) -} - -func isCpusetListAvailable(provided, available string) (bool, error) { - parsedAvailable, err := parsers.ParseUintList(available) - if err != nil { - return false, err - } - // 8192 is the normal maximum number of CPUs in Linux, so accept numbers up to this - // or more if we actually have more CPUs. - maxCPUs := 8192 - for m := range parsedAvailable { - if m > maxCPUs { - maxCPUs = m - } - } - parsedProvided, err := parsers.ParseUintListMaximum(provided, maxCPUs) - if err != nil { - return false, err - } - for k := range parsedProvided { - if !parsedAvailable[k] { - return false, nil - } - } - return true, nil -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go deleted file mode 100644 index 59bf0d278a..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go +++ /dev/null @@ -1,306 +0,0 @@ -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -import ( - "context" - "fmt" - "os" - "path" - "strings" - "sync" - - "github.com/containerd/cgroups/v3" - "github.com/containerd/cgroups/v3/cgroup1" - "github.com/containerd/containerd/pkg/seccomp" - "github.com/containerd/log" - "github.com/moby/sys/mountinfo" -) - -var ( - readMountinfoOnce sync.Once - readMountinfoErr error - cgroupMountinfo []*mountinfo.Info -) - -// readCgroupMountinfo returns a list of cgroup v1 mounts (i.e. the ones -// with fstype of "cgroup") for the current running process. -// -// The results are cached (to avoid re-reading mountinfo which is relatively -// expensive), so it is assumed that cgroup mounts are not being changed. -func readCgroupMountinfo() ([]*mountinfo.Info, error) { - readMountinfoOnce.Do(func() { - cgroupMountinfo, readMountinfoErr = mountinfo.GetMounts( - mountinfo.FSTypeFilter("cgroup"), - ) - }) - - return cgroupMountinfo, readMountinfoErr -} - -func findCgroupV1Mountpoints() (map[string]string, error) { - mounts, err := readCgroupMountinfo() - if err != nil { - return nil, err - } - - allSubsystems, err := cgroup1.ParseCgroupFile("/proc/self/cgroup") - if err != nil { - return nil, fmt.Errorf("Failed to parse cgroup information: %v", err) - } - - allMap := make(map[string]bool) - for s := range allSubsystems { - allMap[s] = false - } - - mps := make(map[string]string) - for _, mi := range mounts { - for _, opt := range strings.Split(mi.VFSOptions, ",") { - seen, known := allMap[opt] - if known && !seen { - allMap[opt] = true - mps[strings.TrimPrefix(opt, "name=")] = mi.Mountpoint - } - } - if len(mps) >= len(allMap) { - break - } - } - return mps, nil -} - -type infoCollector func(info *SysInfo) - -// WithCgroup2GroupPath specifies the cgroup v2 group path to inspect availability -// of the controllers. -// -// WithCgroup2GroupPath is expected to be used for rootless mode with systemd driver. -// -// e.g. g = "/user.slice/user-1000.slice/user@1000.service" -func WithCgroup2GroupPath(g string) Opt { - return func(o *SysInfo) { - if p := path.Clean(g); p != "" { - o.cg2GroupPath = p - } - } -} - -// New returns a new SysInfo, using the filesystem to detect which features -// the kernel supports. -func New(options ...Opt) *SysInfo { - if cgroups.Mode() == cgroups.Unified { - return newV2(options...) - } - return newV1() -} - -func newV1() *SysInfo { - var ( - err error - sysInfo = &SysInfo{} - ) - - ops := []infoCollector{ - applyNetworkingInfo, - applyAppArmorInfo, - applySeccompInfo, - applyCgroupNsInfo, - } - - sysInfo.cgMounts, err = findCgroupV1Mountpoints() - if err != nil { - log.G(context.TODO()).Warn(err) - } else { - ops = append(ops, - applyMemoryCgroupInfo, - applyCPUCgroupInfo, - applyBlkioCgroupInfo, - applyCPUSetCgroupInfo, - applyPIDSCgroupInfo, - applyDevicesCgroupInfo, - ) - } - - for _, o := range ops { - o(sysInfo) - } - return sysInfo -} - -// applyMemoryCgroupInfo adds the memory cgroup controller information to the info. -func applyMemoryCgroupInfo(info *SysInfo) { - mountPoint, ok := info.cgMounts["memory"] - if !ok { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup memory limit") - return - } - info.MemoryLimit = ok - - info.SwapLimit = cgroupEnabled(mountPoint, "memory.memsw.limit_in_bytes") - if !info.SwapLimit { - info.Warnings = append(info.Warnings, "Your kernel does not support swap memory limit") - } - info.MemoryReservation = cgroupEnabled(mountPoint, "memory.soft_limit_in_bytes") - if !info.MemoryReservation { - info.Warnings = append(info.Warnings, "Your kernel does not support memory reservation") - } - info.OomKillDisable = cgroupEnabled(mountPoint, "memory.oom_control") - if !info.OomKillDisable { - info.Warnings = append(info.Warnings, "Your kernel does not support oom control") - } - info.MemorySwappiness = cgroupEnabled(mountPoint, "memory.swappiness") - if !info.MemorySwappiness { - info.Warnings = append(info.Warnings, "Your kernel does not support memory swappiness") - } - - // Option is deprecated, but still accepted on API < v1.42 with cgroups v1, - // so setting the field to allow feature detection. - info.KernelMemory = cgroupEnabled(mountPoint, "memory.kmem.limit_in_bytes") - - // Option is deprecated in runc, but still accepted in our API, so setting - // the field to allow feature detection, but don't warn if it's missing, to - // make the daemon logs a bit less noisy. - info.KernelMemoryTCP = cgroupEnabled(mountPoint, "memory.kmem.tcp.limit_in_bytes") -} - -// applyCPUCgroupInfo adds the cpu cgroup controller information to the info. -func applyCPUCgroupInfo(info *SysInfo) { - mountPoint, ok := info.cgMounts["cpu"] - if !ok { - info.Warnings = append(info.Warnings, "Unable to find cpu cgroup in mounts") - return - } - - info.CPUShares = cgroupEnabled(mountPoint, "cpu.shares") - if !info.CPUShares { - info.Warnings = append(info.Warnings, "Your kernel does not support CPU shares") - } - - info.CPUCfs = cgroupEnabled(mountPoint, "cpu.cfs_quota_us") - if !info.CPUCfs { - info.Warnings = append(info.Warnings, "Your kernel does not support CPU CFS scheduler") - } - - info.CPURealtime = cgroupEnabled(mountPoint, "cpu.rt_period_us") - if !info.CPURealtime { - info.Warnings = append(info.Warnings, "Your kernel does not support CPU realtime scheduler") - } -} - -// applyBlkioCgroupInfo adds the blkio cgroup controller information to the info. -func applyBlkioCgroupInfo(info *SysInfo) { - mountPoint, ok := info.cgMounts["blkio"] - if !ok { - info.Warnings = append(info.Warnings, "Unable to find blkio cgroup in mounts") - return - } - - info.BlkioWeight = cgroupEnabled(mountPoint, "blkio.weight") - if !info.BlkioWeight { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio weight") - } - - info.BlkioWeightDevice = cgroupEnabled(mountPoint, "blkio.weight_device") - if !info.BlkioWeightDevice { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio weight_device") - } - - info.BlkioReadBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_bps_device") - if !info.BlkioReadBpsDevice { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.read_bps_device") - } - - info.BlkioWriteBpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_bps_device") - if !info.BlkioWriteBpsDevice { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.write_bps_device") - } - info.BlkioReadIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.read_iops_device") - if !info.BlkioReadIOpsDevice { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.read_iops_device") - } - - info.BlkioWriteIOpsDevice = cgroupEnabled(mountPoint, "blkio.throttle.write_iops_device") - if !info.BlkioWriteIOpsDevice { - info.Warnings = append(info.Warnings, "Your kernel does not support cgroup blkio throttle.write_iops_device") - } -} - -// applyCPUSetCgroupInfo adds the cpuset cgroup controller information to the info. -func applyCPUSetCgroupInfo(info *SysInfo) { - mountPoint, ok := info.cgMounts["cpuset"] - if !ok { - info.Warnings = append(info.Warnings, "Unable to find cpuset cgroup in mounts") - return - } - info.Cpuset = ok - - var err error - - cpus, err := os.ReadFile(path.Join(mountPoint, "cpuset.cpus")) - if err != nil { - return - } - info.Cpus = strings.TrimSpace(string(cpus)) - - mems, err := os.ReadFile(path.Join(mountPoint, "cpuset.mems")) - if err != nil { - return - } - info.Mems = strings.TrimSpace(string(mems)) -} - -// applyPIDSCgroupInfo adds whether the pids cgroup controller is available to the info. -func applyPIDSCgroupInfo(info *SysInfo) { - _, ok := info.cgMounts["pids"] - if !ok { - info.Warnings = append(info.Warnings, "Unable to find pids cgroup in mounts") - return - } - info.PidsLimit = true -} - -// applyDevicesCgroupInfo adds whether the devices cgroup controller is available to the info. -func applyDevicesCgroupInfo(info *SysInfo) { - _, ok := info.cgMounts["devices"] - info.CgroupDevicesEnabled = ok -} - -// applyNetworkingInfo adds networking information to the info. -func applyNetworkingInfo(info *SysInfo) { - info.IPv4ForwardingDisabled = !readProcBool("/proc/sys/net/ipv4/ip_forward") - info.BridgeNFCallIPTablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-iptables") - info.BridgeNFCallIP6TablesDisabled = !readProcBool("/proc/sys/net/bridge/bridge-nf-call-ip6tables") -} - -// applyAppArmorInfo adds whether AppArmor is enabled to the info. -func applyAppArmorInfo(info *SysInfo) { - if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) { - if _, err := os.ReadFile("/sys/kernel/security/apparmor/profiles"); err == nil { - info.AppArmor = true - } - } -} - -// applyCgroupNsInfo adds whether cgroupns is enabled to the info. -func applyCgroupNsInfo(info *SysInfo) { - if _, err := os.Stat("/proc/self/ns/cgroup"); !os.IsNotExist(err) { - info.CgroupNamespaces = true - } -} - -// applySeccompInfo checks if Seccomp is supported, via CONFIG_SECCOMP. -func applySeccompInfo(info *SysInfo) { - info.Seccomp = seccomp.IsEnabled() -} - -func cgroupEnabled(mountPoint, name string) bool { - _, err := os.Stat(path.Join(mountPoint, name)) - return err == nil -} - -func readProcBool(path string) bool { - val, err := os.ReadFile(path) - if err != nil { - return false - } - return strings.TrimSpace(string(val)) == "1" -} diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_other.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_other.go deleted file mode 100644 index 37742db781..0000000000 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_other.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build !linux - -package sysinfo // import "github.com/docker/docker/pkg/sysinfo" - -// New returns an empty SysInfo for non linux for now. -func New(options ...Opt) *SysInfo { - return &SysInfo{} -} diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go index 8bd2850f8e..69a26d5978 100644 --- a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go +++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go @@ -242,7 +242,7 @@ func (ts *tarSum) Read(buf []byte) (int, error) { return 0, err } - //#nosec G305 -- The joined path is not passed to any filesystem APIs. + // #nosec G305 -- The joined path is not passed to any filesystem APIs. ts.currentFile = path.Join(".", path.Join("/", currentHeader.Name)) if err := ts.encodeHeader(currentHeader); err != nil { return 0, err diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go b/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go index 746afde8d5..3c4e143138 100644 --- a/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go +++ b/vendor/github.com/docker/docker/plugin/v2/plugin_linux.go @@ -1,5 +1,5 @@ // FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16: -//go:build go1.19 +//go:build go1.21 package v2 // import "github.com/docker/docker/plugin/v2" diff --git a/vendor/github.com/docker/docker/runconfig/config.go b/vendor/github.com/docker/docker/runconfig/config.go deleted file mode 100644 index 81047ea6d1..0000000000 --- a/vendor/github.com/docker/docker/runconfig/config.go +++ /dev/null @@ -1,81 +0,0 @@ -package runconfig // import "github.com/docker/docker/runconfig" - -import ( - "encoding/json" - "io" - - "github.com/docker/docker/api/types/container" - networktypes "github.com/docker/docker/api/types/network" - "github.com/docker/docker/pkg/sysinfo" -) - -// ContainerDecoder implements httputils.ContainerDecoder -// calling DecodeContainerConfig. -type ContainerDecoder struct { - GetSysInfo func() *sysinfo.SysInfo -} - -// DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder -func (r ContainerDecoder) DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) { - var si *sysinfo.SysInfo - if r.GetSysInfo != nil { - si = r.GetSysInfo() - } else { - si = sysinfo.New() - } - - return decodeContainerConfig(src, si) -} - -// decodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper -// struct and returns both a Config and a HostConfig struct, and performs some -// validation. Certain parameters need daemon-side validation that cannot be done -// on the client, as only the daemon knows what is valid for the platform. -// Be aware this function is not checking whether the resulted structs are nil, -// it's your business to do so -func decodeContainerConfig(src io.Reader, si *sysinfo.SysInfo) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) { - var w ContainerConfigWrapper - if err := loadJSON(src, &w); err != nil { - return nil, nil, nil, err - } - - hc := w.getHostConfig() - if hc == nil { - // We may not be passed a host config, such as in the case of docker commit - return w.Config, hc, w.NetworkingConfig, nil - } - if err := validateNetMode(w.Config, hc); err != nil { - return nil, nil, nil, err - } - if err := validateIsolation(hc); err != nil { - return nil, nil, nil, err - } - if err := validateQoS(hc); err != nil { - return nil, nil, nil, err - } - if err := validateResources(hc, si); err != nil { - return nil, nil, nil, err - } - if err := validatePrivileged(hc); err != nil { - return nil, nil, nil, err - } - if err := validateReadonlyRootfs(hc); err != nil { - return nil, nil, nil, err - } - if w.Config != nil && w.Config.Volumes == nil { - w.Config.Volumes = make(map[string]struct{}) - } - return w.Config, hc, w.NetworkingConfig, nil -} - -// loadJSON is similar to api/server/httputils.ReadJSON() -func loadJSON(src io.Reader, out interface{}) error { - dec := json.NewDecoder(src) - if err := dec.Decode(&out); err != nil { - return invalidJSONError{Err: err} - } - if dec.More() { - return validationError("unexpected content after JSON") - } - return nil -} diff --git a/vendor/github.com/docker/docker/runconfig/config_unix.go b/vendor/github.com/docker/docker/runconfig/config_unix.go deleted file mode 100644 index 1ba361123f..0000000000 --- a/vendor/github.com/docker/docker/runconfig/config_unix.go +++ /dev/null @@ -1,59 +0,0 @@ -//go:build !windows - -package runconfig // import "github.com/docker/docker/runconfig" - -import ( - "github.com/docker/docker/api/types/container" - networktypes "github.com/docker/docker/api/types/network" -) - -// ContainerConfigWrapper is a Config wrapper that holds the container Config (portable) -// and the corresponding HostConfig (non-portable). -type ContainerConfigWrapper struct { - *container.Config - InnerHostConfig *container.HostConfig `json:"HostConfig,omitempty"` - Cpuset string `json:",omitempty"` // Deprecated. Exported for backwards compatibility. - NetworkingConfig *networktypes.NetworkingConfig `json:"NetworkingConfig,omitempty"` - *container.HostConfig // Deprecated. Exported to read attributes from json that are not in the inner host config structure. -} - -// getHostConfig gets the HostConfig of the Config. -// It's mostly there to handle Deprecated fields of the ContainerConfigWrapper -func (w *ContainerConfigWrapper) getHostConfig() *container.HostConfig { - hc := w.HostConfig - - if hc == nil && w.InnerHostConfig != nil { - hc = w.InnerHostConfig - } else if hc != nil && w.InnerHostConfig != nil { - if hc.Memory != 0 && w.InnerHostConfig.Memory == 0 { - w.InnerHostConfig.Memory = hc.Memory - } - if hc.MemorySwap != 0 && w.InnerHostConfig.MemorySwap == 0 { - w.InnerHostConfig.MemorySwap = hc.MemorySwap - } - if hc.CPUShares != 0 && w.InnerHostConfig.CPUShares == 0 { - w.InnerHostConfig.CPUShares = hc.CPUShares - } - if hc.CpusetCpus != "" && w.InnerHostConfig.CpusetCpus == "" { - w.InnerHostConfig.CpusetCpus = hc.CpusetCpus - } - - if hc.VolumeDriver != "" && w.InnerHostConfig.VolumeDriver == "" { - w.InnerHostConfig.VolumeDriver = hc.VolumeDriver - } - - hc = w.InnerHostConfig - } - - if hc != nil { - if w.Cpuset != "" && hc.CpusetCpus == "" { - hc.CpusetCpus = w.Cpuset - } - } - - // Make sure NetworkMode has an acceptable value. We do this to ensure - // backwards compatible API behavior. - SetDefaultNetModeIfBlank(hc) - - return hc -} diff --git a/vendor/github.com/docker/docker/runconfig/config_windows.go b/vendor/github.com/docker/docker/runconfig/config_windows.go deleted file mode 100644 index cced59d4df..0000000000 --- a/vendor/github.com/docker/docker/runconfig/config_windows.go +++ /dev/null @@ -1,19 +0,0 @@ -package runconfig // import "github.com/docker/docker/runconfig" - -import ( - "github.com/docker/docker/api/types/container" - networktypes "github.com/docker/docker/api/types/network" -) - -// ContainerConfigWrapper is a Config wrapper that holds the container Config (portable) -// and the corresponding HostConfig (non-portable). -type ContainerConfigWrapper struct { - *container.Config - HostConfig *container.HostConfig `json:"HostConfig,omitempty"` - NetworkingConfig *networktypes.NetworkingConfig `json:"NetworkingConfig,omitempty"` -} - -// getHostConfig gets the HostConfig of the Config. -func (w *ContainerConfigWrapper) getHostConfig() *container.HostConfig { - return w.HostConfig -} diff --git a/vendor/github.com/docker/docker/runconfig/errors.go b/vendor/github.com/docker/docker/runconfig/errors.go deleted file mode 100644 index a0ca32a7b9..0000000000 --- a/vendor/github.com/docker/docker/runconfig/errors.go +++ /dev/null @@ -1,58 +0,0 @@ -package runconfig // import "github.com/docker/docker/runconfig" - -const ( - // ErrConflictContainerNetworkAndLinks conflict between --net=container and links - ErrConflictContainerNetworkAndLinks validationError = "conflicting options: container type network can't be used with links. This would result in undefined behavior" - // ErrConflictSharedNetwork conflict between private and other networks - ErrConflictSharedNetwork validationError = "container sharing network namespace with another container or host cannot be connected to any other network" - // ErrConflictHostNetwork conflict from being disconnected from host network or connected to host network. - ErrConflictHostNetwork validationError = "container cannot be disconnected from host network or connected to host network" - // ErrConflictNoNetwork conflict between private and other networks - ErrConflictNoNetwork validationError = "container cannot be connected to multiple networks with one of the networks in private (none) mode" - // ErrConflictNetworkAndDNS conflict between --dns and the network mode - ErrConflictNetworkAndDNS validationError = "conflicting options: dns and the network mode" - // ErrConflictNetworkHostname conflict between the hostname and the network mode - ErrConflictNetworkHostname validationError = "conflicting options: hostname and the network mode" - // ErrConflictHostNetworkAndLinks conflict between --net=host and links - ErrConflictHostNetworkAndLinks validationError = "conflicting options: host type networking can't be used with links. This would result in undefined behavior" - // ErrConflictContainerNetworkAndMac conflict between the mac address and the network mode - ErrConflictContainerNetworkAndMac validationError = "conflicting options: mac-address and the network mode" - // ErrConflictNetworkHosts conflict between add-host and the network mode - ErrConflictNetworkHosts validationError = "conflicting options: custom host-to-IP mapping and the network mode" - // ErrConflictNetworkPublishPorts conflict between the publish options and the network mode - ErrConflictNetworkPublishPorts validationError = "conflicting options: port publishing and the container type network mode" - // ErrConflictNetworkExposePorts conflict between the expose option and the network mode - ErrConflictNetworkExposePorts validationError = "conflicting options: port exposing and the container type network mode" - // ErrUnsupportedNetworkAndIP conflict between network mode and requested ip address - ErrUnsupportedNetworkAndIP validationError = "user specified IP address is supported on user defined networks only" - // ErrUnsupportedNetworkNoSubnetAndIP conflict between network with no configured subnet and requested ip address - ErrUnsupportedNetworkNoSubnetAndIP validationError = "user specified IP address is supported only when connecting to networks with user configured subnets" - // ErrUnsupportedNetworkAndAlias conflict between network mode and alias - ErrUnsupportedNetworkAndAlias validationError = "network-scoped alias is supported only for containers in user defined networks" - // ErrConflictUTSHostname conflict between the hostname and the UTS mode - ErrConflictUTSHostname validationError = "conflicting options: hostname and the UTS mode" - // ErrEmptyConfig when container config is nil - ErrEmptyConfig validationError = "config cannot be empty in order to create a container" -) - -type validationError string - -func (e validationError) Error() string { - return string(e) -} - -func (e validationError) InvalidParameter() {} - -type invalidJSONError struct { - Err error -} - -func (e invalidJSONError) Error() string { - return "invalid JSON: " + e.Err.Error() -} - -func (e invalidJSONError) Unwrap() error { - return e.Err -} - -func (e invalidJSONError) InvalidParameter() {} diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig.go b/vendor/github.com/docker/docker/runconfig/hostconfig.go deleted file mode 100644 index 84a4ae0b6f..0000000000 --- a/vendor/github.com/docker/docker/runconfig/hostconfig.go +++ /dev/null @@ -1,54 +0,0 @@ -package runconfig // import "github.com/docker/docker/runconfig" - -import ( - "strings" - - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/api/types/network" -) - -// SetDefaultNetModeIfBlank changes the NetworkMode in a HostConfig structure -// to default if it is not populated. This ensures backwards compatibility after -// the validation of the network mode was moved from the docker CLI to the -// docker daemon. -func SetDefaultNetModeIfBlank(hc *container.HostConfig) { - if hc != nil && hc.NetworkMode == "" { - hc.NetworkMode = network.NetworkDefault - } -} - -// validateNetContainerMode ensures that the various combinations of requested -// network settings wrt container mode are valid. -func validateNetContainerMode(c *container.Config, hc *container.HostConfig) error { - parts := strings.Split(string(hc.NetworkMode), ":") - if parts[0] == "container" { - if len(parts) < 2 || parts[1] == "" { - return validationError("Invalid network mode: invalid container format container:") - } - } - - if hc.NetworkMode.IsContainer() && c.Hostname != "" { - return ErrConflictNetworkHostname - } - - if hc.NetworkMode.IsContainer() && len(hc.Links) > 0 { - return ErrConflictContainerNetworkAndLinks - } - - if hc.NetworkMode.IsContainer() && len(hc.DNS) > 0 { - return ErrConflictNetworkAndDNS - } - - if hc.NetworkMode.IsContainer() && len(hc.ExtraHosts) > 0 { - return ErrConflictNetworkHosts - } - - if hc.NetworkMode.IsContainer() && (len(hc.PortBindings) > 0 || hc.PublishAllPorts) { - return ErrConflictNetworkPublishPorts - } - - if hc.NetworkMode.IsContainer() && len(c.ExposedPorts) > 0 { - return ErrConflictNetworkExposePorts - } - return nil -} diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go deleted file mode 100644 index 0a60c9b805..0000000000 --- a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go +++ /dev/null @@ -1,83 +0,0 @@ -//go:build !windows - -package runconfig // import "github.com/docker/docker/runconfig" - -import ( - "fmt" - "runtime" - - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/api/types/network" - "github.com/docker/docker/pkg/sysinfo" -) - -// DefaultDaemonNetworkMode returns the default network stack the daemon should -// use. -func DefaultDaemonNetworkMode() container.NetworkMode { - return network.NetworkBridge -} - -// IsPreDefinedNetwork indicates if a network is predefined by the daemon -func IsPreDefinedNetwork(network string) bool { - n := container.NetworkMode(network) - return n.IsBridge() || n.IsHost() || n.IsNone() || n.IsDefault() -} - -// validateNetMode ensures that the various combinations of requested -// network settings are valid. -func validateNetMode(c *container.Config, hc *container.HostConfig) error { - err := validateNetContainerMode(c, hc) - if err != nil { - return err - } - if hc.UTSMode.IsHost() && c.Hostname != "" { - return ErrConflictUTSHostname - } - if hc.NetworkMode.IsHost() && len(hc.Links) > 0 { - return ErrConflictHostNetworkAndLinks - } - return nil -} - -// validateIsolation performs platform specific validation of -// isolation in the hostconfig structure. Linux only supports "default" -// which is LXC container isolation -func validateIsolation(hc *container.HostConfig) error { - if !hc.Isolation.IsValid() { - return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS) - } - return nil -} - -// validateQoS performs platform specific validation of the QoS settings -func validateQoS(hc *container.HostConfig) error { - if hc.IOMaximumBandwidth != 0 { - return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS) - } - if hc.IOMaximumIOps != 0 { - return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS) - } - return nil -} - -// validateResources performs platform specific validation of the resource settings -// cpu-rt-runtime and cpu-rt-period can not be greater than their parent, cpu-rt-runtime requires sys_nice -func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { - if (hc.Resources.CPURealtimePeriod != 0 || hc.Resources.CPURealtimeRuntime != 0) && !si.CPURealtime { - return fmt.Errorf("Your kernel does not support CPU real-time scheduler") - } - if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod { - return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period") - } - return nil -} - -// validatePrivileged performs platform specific validation of the Privileged setting -func validatePrivileged(_ *container.HostConfig) error { - return nil -} - -// validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting -func validateReadonlyRootfs(_ *container.HostConfig) error { - return nil -} diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go b/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go deleted file mode 100644 index 579b9787d6..0000000000 --- a/vendor/github.com/docker/docker/runconfig/hostconfig_windows.go +++ /dev/null @@ -1,74 +0,0 @@ -package runconfig // import "github.com/docker/docker/runconfig" - -import ( - "fmt" - - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/api/types/network" - "github.com/docker/docker/pkg/sysinfo" -) - -// DefaultDaemonNetworkMode returns the default network stack the daemon should -// use. -func DefaultDaemonNetworkMode() container.NetworkMode { - return network.NetworkNat -} - -// IsPreDefinedNetwork indicates if a network is predefined by the daemon -func IsPreDefinedNetwork(network string) bool { - return !container.NetworkMode(network).IsUserDefined() -} - -// validateNetMode ensures that the various combinations of requested -// network settings are valid. -func validateNetMode(c *container.Config, hc *container.HostConfig) error { - if err := validateNetContainerMode(c, hc); err != nil { - return err - } - if hc.NetworkMode.IsContainer() && hc.Isolation.IsHyperV() { - return fmt.Errorf("Using the network stack of another container is not supported while using Hyper-V Containers") - } - return nil -} - -// validateIsolation performs platform specific validation of the -// isolation in the hostconfig structure. Windows supports 'default' (or -// blank), 'process', or 'hyperv'. -func validateIsolation(hc *container.HostConfig) error { - if !hc.Isolation.IsValid() { - return fmt.Errorf("Invalid isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation) - } - return nil -} - -// validateQoS performs platform specific validation of the Qos settings -func validateQoS(_ *container.HostConfig) error { - return nil -} - -// validateResources performs platform specific validation of the resource settings -func validateResources(hc *container.HostConfig, _ *sysinfo.SysInfo) error { - if hc.Resources.CPURealtimePeriod != 0 { - return fmt.Errorf("Windows does not support CPU real-time period") - } - if hc.Resources.CPURealtimeRuntime != 0 { - return fmt.Errorf("Windows does not support CPU real-time runtime") - } - return nil -} - -// validatePrivileged performs platform specific validation of the Privileged setting -func validatePrivileged(hc *container.HostConfig) error { - if hc.Privileged { - return fmt.Errorf("Windows does not support privileged mode") - } - return nil -} - -// validateReadonlyRootfs performs platform specific validation of the ReadonlyRootfs setting -func validateReadonlyRootfs(hc *container.HostConfig) error { - if hc.ReadonlyRootfs { - return fmt.Errorf("Windows does not support root filesystem in read-only mode") - } - return nil -} diff --git a/vendor/github.com/docker/docker/runconfig/opts/parse.go b/vendor/github.com/docker/docker/runconfig/opts/parse.go deleted file mode 100644 index 834f32d73d..0000000000 --- a/vendor/github.com/docker/docker/runconfig/opts/parse.go +++ /dev/null @@ -1,16 +0,0 @@ -package opts // import "github.com/docker/docker/runconfig/opts" - -import ( - "strings" -) - -// ConvertKVStringsToMap converts ["key=value"] to {"key":"value"} -func ConvertKVStringsToMap(values []string) map[string]string { - result := make(map[string]string, len(values)) - for _, value := range values { - k, v, _ := strings.Cut(value, "=") - result[k] = v - } - - return result -} diff --git a/vendor/github.com/docker/docker/volume/mounts/linux_parser.go b/vendor/github.com/docker/docker/volume/mounts/linux_parser.go index 1532187c77..898661a574 100644 --- a/vendor/github.com/docker/docker/volume/mounts/linux_parser.go +++ b/vendor/github.com/docker/docker/volume/mounts/linux_parser.go @@ -204,6 +204,30 @@ func linuxValidMountMode(mode string) bool { return true } +var validTmpfsOptions = map[string]bool{ + "exec": true, + "noexec": true, +} + +func validateTmpfsOptions(rawOptions [][]string) ([]string, error) { + var options []string + for _, opt := range rawOptions { + if len(opt) < 1 || len(opt) > 2 { + return nil, errors.New("invalid option array length") + } + if _, ok := validTmpfsOptions[opt[0]]; !ok { + return nil, errors.New("invalid option: " + opt[0]) + } + + if len(opt) == 1 { + options = append(options, opt[0]) + } else { + options = append(options, fmt.Sprintf("%s=%s", opt[0], opt[1])) + } + } + return options, nil +} + func (p *linuxParser) ReadWrite(mode string) bool { if !linuxValidMountMode(mode) { return false @@ -406,6 +430,15 @@ func (p *linuxParser) ConvertTmpfsOptions(opt *mount.TmpfsOptions, readOnly bool rawOpts = append(rawOpts, fmt.Sprintf("size=%d%s", size, suffix)) } + + if opt != nil && len(opt.Options) > 0 { + tmpfsOpts, err := validateTmpfsOptions(opt.Options) + if err != nil { + return "", err + } + rawOpts = append(rawOpts, tmpfsOpts...) + } + return strings.Join(rawOpts, ","), nil } diff --git a/vendor/github.com/godbus/dbus/v5/CONTRIBUTING.md b/vendor/github.com/godbus/dbus/v5/CONTRIBUTING.md deleted file mode 100644 index c88f9b2bdd..0000000000 --- a/vendor/github.com/godbus/dbus/v5/CONTRIBUTING.md +++ /dev/null @@ -1,50 +0,0 @@ -# How to Contribute - -## Getting Started - -- Fork the repository on GitHub -- Read the [README](README.markdown) for build and test instructions -- Play with the project, submit bugs, submit patches! - -## Contribution Flow - -This is a rough outline of what a contributor's workflow looks like: - -- Create a topic branch from where you want to base your work (usually master). -- Make commits of logical units. -- Make sure your commit messages are in the proper format (see below). -- Push your changes to a topic branch in your fork of the repository. -- Make sure the tests pass, and add any new tests as appropriate. -- Submit a pull request to the original repository. - -Thanks for your contributions! - -### Format of the Commit Message - -We follow a rough convention for commit messages that is designed to answer two -questions: what changed and why. The subject line should feature the what and -the body of the commit should describe the why. - -``` -scripts: add the test-cluster command - -this uses tmux to setup a test cluster that you can easily kill and -start for debugging. - -Fixes #38 -``` - -The format can be described more formally as follows: - -``` -: - - - -