Sign In
golang
/
flannel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 59ab6afa56
Branches Tags
flannel
/
backend
/
ipsec
/
handle_xfrm.go

handle_xfrm.go 2.1 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. // Copyright 2017 flannel authors
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. // +build !windows
    15. 

  15. 

  16. package ipsec
    17. 

  17. 

  18. import (
    19. 

  19. 	"fmt"
    20. 

  20. 	"net"
    21. 

  21. 

  22. 	log "github.com/golang/glog"
    23. 

  23. 	"github.com/vishvananda/netlink"
    24. 

  24. 

  25. 	"github.com/coreos/flannel/subnet"
    26. 

  26. )
    27. 

  27. 

  28. func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID int) error {
    29. 

  29. 	src := myLease.Subnet.ToIPNet()
    30. 

  30. 

  31. 	dst := remoteLease.Subnet.ToIPNet()
    32. 

  32. 

  33. 	policy := netlink.XfrmPolicy{
    34. 

  34. 		Src: src,
    35. 

  35. 		Dst: dst,
    36. 

  36. 		Dir: dir,
    37. 

  37. 	}
    38. 

  38. 

  39. 	tunnelLeft := myLease.Attrs.PublicIP.ToIP()
    40. 

  40. 	tunnelRight := remoteLease.Attrs.PublicIP.ToIP()
    41. 

  41. 

  42. 	tmpl := netlink.XfrmPolicyTmpl{
    43. 

  43. 		Src:   tunnelLeft,
    44. 

  44. 		Dst:   tunnelRight,
    45. 

  45. 		Proto: netlink.XFRM_PROTO_ESP,
    46. 

  46. 		Mode:  netlink.XFRM_MODE_TUNNEL,
    47. 

  47. 		Reqid: reqID,
    48. 

  48. 	}
    49. 

  49. 

  50. 	log.Infof("Adding ipsec policy: %+v", tmpl)
    51. 

  51. 

  52. 	policy.Tmpls = append(policy.Tmpls, tmpl)
    53. 

  53. 

  54. 	if err := netlink.XfrmPolicyAdd(&policy); err != nil {
    55. 

  55. 		return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
    56. 

  56. 	}
    57. 

  57. 

  58. 	return nil
    59. 

  59. }
    60. 

  60. 

  61. func DeleteXFRMPolicy(localSubnet, remoteSubnet *net.IPNet, localPublicIP, remotePublicIP net.IP, dir netlink.Dir, reqID int) error {
    62. 

  62. 	src := localSubnet
    63. 

  63. 	dst := remoteSubnet
    64. 

  64. 

  65. 	policy := netlink.XfrmPolicy{
    66. 

  66. 		Src: src,
    67. 

  67. 		Dst: dst,
    68. 

  68. 		Dir: dir,
    69. 

  69. 	}
    70. 

  70. 

  71. 	tunnelLeft := localPublicIP
    72. 

  72. 	tunnelRight := remotePublicIP
    73. 

  73. 

  74. 	tmpl := netlink.XfrmPolicyTmpl{
    75. 

  75. 		Src:   tunnelLeft,
    76. 

  76. 		Dst:   tunnelRight,
    77. 

  77. 		Proto: netlink.XFRM_PROTO_ESP,
    78. 

  78. 		Mode:  netlink.XFRM_MODE_TUNNEL,
    79. 

  79. 		Reqid: reqID,
    80. 

  80. 	}
    81. 

  81. 

  82. 	log.Infof("Deleting ipsec policy: %+v", tmpl)
    83. 

  83. 

  84. 	policy.Tmpls = append(policy.Tmpls, tmpl)
    85. 

  85. 

  86. 	if err := netlink.XfrmPolicyDel(&policy); err != nil {
    87. 

  87. 		return fmt.Errorf("error deleting policy: %+v err: %v", policy, err)
    88. 

  88. 	}
    89. 

  89. 

  90. 	return nil
    91. 

  91. }
    92.