Do we actually need this function to be NodePort-specific? I guess in the future we will support multiple NodePort IP addrs per netdev, so maybe we could use a generic IPAddrs() method instead?

To elaborate more - I don't want to leak any LB details (in this case NodePort) into this relatively generic package.

Since this method is about picking the single nodeport frontend for the device I would keep it NodePort-specific. However, you're right it shouldn't be here. I'll move it to a more appropriate place. In the future this would go away completely once service load-balancing is refactored to support multiple frontends per device.

I believe in the past we've seen issues where the netlink can be unreliabe, should we try to reestablish the nl connection/sub if the channel gets closed?

Oh that's a bummer. Would require fair bit of additional complexity to resubscribe as it needs to relist from scratch in order to make sure no update has been missed.

Do you have any more info about the unreliability?

netlink man page has this to say:

       Netlink is not a reliable protocol.  It tries its best to deliver
       a message to its destination(s), but may drop messages when an
       out-of-memory condition or other error occurs.  For reliable
       transfer the sender can request an acknowledgement from the
       receiver by setting the NLM_F_ACK flag.  An acknowledgement is an
       NLMSG_ERROR packet with the error field set to 0.  The
       application must generate acknowledgements for received messages
       itself.  The kernel tries to send an NLMSG_ERROR message for
       every failed packet.  A user process should follow this
       convention too.

       However, reliable transmissions from kernel to user are
       impossible in any case.  The kernel can't send a netlink message
       if the socket buffer is full: the message will be dropped and the
       kernel and the user-space process will no longer have the same
       view of kernel state.  It is up to the application to detect when
       this happens (via the ENOBUFS error returned by [recvmsg(2)](https://man7.org/linux/man-pages/man2/recvmsg.2.html)) and
       resynchronize.

The go netlink library doesn't do the ACKs so this is indeed is pretty unreliable and may miss updates.
Not sure in what scenarios the netlink socket would get closed, but wouldn't be surprised it can happen
in OOM situations.

I'll need to think a bit how we can make this reliable...

EDIT: Could maybe check sequence numbers of all updates and then restart everything from scratch if there's a missing update or any other error. Though maybe ENOBUFS would be sent to the ErrorCallback when that would happen.

Yeah, correct.

A timeout was added by a contributor to the nl library to solve issues where the socket would hang indefinitely (I don't think it was clear what the actual underlying issue was, potentially just a bug in netlink?).

Could we propose/add the feature ourselves?

The recvfrom hang has been fixed 1 year ago: vishvananda/netlink#793. Unfortunately the netlink library seems to not be maintained well anymore. I'll likely look into actively maintained alternative libraries that would also allow cleanly distinguishing between initial listing and updates.

Is this necessary even though there is an if d == nil at the end of the loop?

Point is to stop processing further updates for this link. I could instead add a break label and do break updateLoop on line 438, but this seems nicer.

EDIT: Ah, but now I'm likely making unfounded assumption here about ifindex not being reused too quickly. Will figure out what I can actually assume and fix the code accordingly. Wonder what fun races this thing has with regards to addresses and routes. Likely the correct way to do this (which is not easy with this netlink library) is to have a single netlink socket over which we get address, link and route updates.

EDIT2: At least locally I'm not seeing any reuse of ifindex. Not quite sure how paranoid this code should be. Thoughts?

Not saying you need to change this, but I'm curious: why a struct of func pointers instead of an interface?

Less boilerplate and makes it easy to override/wrap one of the methods to inject slightly different behavior in tests.

I'm guessing there's no need for a backoff here?

I removed the backoff in the end as it doesn't really bring much value, plus the logic for resetting the backoff would've been a bit involved (when would we even reset it?).

It'd be call if in the future each Cell could individually set a bit saying that the device detection is required.

I would get rid of this AreDevicesRequired stuff completely in the future and have each feature decide how to function or not without any devices.