xfrm_policy.go 2.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. package netlink
  2. import (
  3. "fmt"
  4. "net"
  5. )
  6. // Dir is an enum representing an ipsec template direction.
  7. type Dir uint8
  8. const (
  9. XFRM_DIR_IN Dir = iota
  10. XFRM_DIR_OUT
  11. XFRM_DIR_FWD
  12. XFRM_SOCKET_IN
  13. XFRM_SOCKET_OUT
  14. XFRM_SOCKET_FWD
  15. )
  16. func (d Dir) String() string {
  17. switch d {
  18. case XFRM_DIR_IN:
  19. return "dir in"
  20. case XFRM_DIR_OUT:
  21. return "dir out"
  22. case XFRM_DIR_FWD:
  23. return "dir fwd"
  24. case XFRM_SOCKET_IN:
  25. return "socket in"
  26. case XFRM_SOCKET_OUT:
  27. return "socket out"
  28. case XFRM_SOCKET_FWD:
  29. return "socket fwd"
  30. }
  31. return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN)
  32. }
  33. // PolicyAction is an enum representing an ipsec policy action.
  34. type PolicyAction uint8
  35. const (
  36. XFRM_POLICY_ALLOW PolicyAction = 0
  37. XFRM_POLICY_BLOCK PolicyAction = 1
  38. )
  39. func (a PolicyAction) String() string {
  40. switch a {
  41. case XFRM_POLICY_ALLOW:
  42. return "allow"
  43. case XFRM_POLICY_BLOCK:
  44. return "block"
  45. default:
  46. return fmt.Sprintf("action %d", a)
  47. }
  48. }
  49. // XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec
  50. // policy. These rules are matched with XfrmState to determine encryption
  51. // and authentication algorithms.
  52. type XfrmPolicyTmpl struct {
  53. Dst net.IP
  54. Src net.IP
  55. Proto Proto
  56. Mode Mode
  57. Spi int
  58. Reqid int
  59. }
  60. func (t XfrmPolicyTmpl) String() string {
  61. return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Spi: 0x%x, Reqid: 0x%x}",
  62. t.Dst, t.Src, t.Proto, t.Mode, t.Spi, t.Reqid)
  63. }
  64. // XfrmPolicy represents an ipsec policy. It represents the overlay network
  65. // and has a list of XfrmPolicyTmpls representing the base addresses of
  66. // the policy.
  67. type XfrmPolicy struct {
  68. Dst *net.IPNet
  69. Src *net.IPNet
  70. Proto Proto
  71. DstPort int
  72. SrcPort int
  73. Dir Dir
  74. Priority int
  75. Index int
  76. Action PolicyAction
  77. Ifindex int
  78. Mark *XfrmMark
  79. Tmpls []XfrmPolicyTmpl
  80. }
  81. func (p XfrmPolicy) String() string {
  82. return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, DstPort: %d, SrcPort: %d, Dir: %s, Priority: %d, Index: %d, Action: %s, Ifindex: %d, Mark: %s, Tmpls: %s}",
  83. p.Dst, p.Src, p.Proto, p.DstPort, p.SrcPort, p.Dir, p.Priority, p.Index, p.Action, p.Ifindex, p.Mark, p.Tmpls)
  84. }