登入
golang
/
flannel
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
分支: master
分支列表 標籤列表
flannel
/
vendor
/
github.com
/
vishvananda
/
netlink
/
xfrm_policy.go

xfrm_policy.go 2.1 KB
永久連結 文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. package netlink
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"net"
    6. 

  6. )
    7. 

  7. 

  8. // Dir is an enum representing an ipsec template direction.
    9. 

  9. type Dir uint8
    10. 

  10. 

  11. const (
    12. 

  12. 	XFRM_DIR_IN Dir = iota
    13. 

  13. 	XFRM_DIR_OUT
    14. 

  14. 	XFRM_DIR_FWD
    15. 

  15. 	XFRM_SOCKET_IN
    16. 

  16. 	XFRM_SOCKET_OUT
    17. 

  17. 	XFRM_SOCKET_FWD
    18. 

  18. )
    19. 

  19. 

  20. func (d Dir) String() string {
    21. 

  21. 	switch d {
    22. 

  22. 	case XFRM_DIR_IN:
    23. 

  23. 		return "dir in"
    24. 

  24. 	case XFRM_DIR_OUT:
    25. 

  25. 		return "dir out"
    26. 

  26. 	case XFRM_DIR_FWD:
    27. 

  27. 		return "dir fwd"
    28. 

  28. 	case XFRM_SOCKET_IN:
    29. 

  29. 		return "socket in"
    30. 

  30. 	case XFRM_SOCKET_OUT:
    31. 

  31. 		return "socket out"
    32. 

  32. 	case XFRM_SOCKET_FWD:
    33. 

  33. 		return "socket fwd"
    34. 

  34. 	}
    35. 

  35. 	return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN)
    36. 

  36. }
    37. 

  37. 

  38. // PolicyAction is an enum representing an ipsec policy action.
    39. 

  39. type PolicyAction uint8
    40. 

  40. 

  41. const (
    42. 

  42. 	XFRM_POLICY_ALLOW PolicyAction = 0
    43. 

  43. 	XFRM_POLICY_BLOCK PolicyAction = 1
    44. 

  44. )
    45. 

  45. 

  46. func (a PolicyAction) String() string {
    47. 

  47. 	switch a {
    48. 

  48. 	case XFRM_POLICY_ALLOW:
    49. 

  49. 		return "allow"
    50. 

  50. 	case XFRM_POLICY_BLOCK:
    51. 

  51. 		return "block"
    52. 

  52. 	default:
    53. 

  53. 		return fmt.Sprintf("action %d", a)
    54. 

  54. 	}
    55. 

  55. }
    56. 

  56. 

  57. // XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec
    58. 

  58. // policy. These rules are matched with XfrmState to determine encryption
    59. 

  59. // and authentication algorithms.
    60. 

  60. type XfrmPolicyTmpl struct {
    61. 

  61. 	Dst   net.IP
    62. 

  62. 	Src   net.IP
    63. 

  63. 	Proto Proto
    64. 

  64. 	Mode  Mode
    65. 

  65. 	Spi   int
    66. 

  66. 	Reqid int
    67. 

  67. }
    68. 

  68. 

  69. func (t XfrmPolicyTmpl) String() string {
    70. 

  70. 	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Spi: 0x%x, Reqid: 0x%x}",
    71. 

  71. 		t.Dst, t.Src, t.Proto, t.Mode, t.Spi, t.Reqid)
    72. 

  72. }
    73. 

  73. 

  74. // XfrmPolicy represents an ipsec policy. It represents the overlay network
    75. 

  75. // and has a list of XfrmPolicyTmpls representing the base addresses of
    76. 

  76. // the policy.
    77. 

  77. type XfrmPolicy struct {
    78. 

  78. 	Dst      *net.IPNet
    79. 

  79. 	Src      *net.IPNet
    80. 

  80. 	Proto    Proto
    81. 

  81. 	DstPort  int
    82. 

  82. 	SrcPort  int
    83. 

  83. 	Dir      Dir
    84. 

  84. 	Priority int
    85. 

  85. 	Index    int
    86. 

  86. 	Action   PolicyAction
    87. 

  87. 	Ifindex  int
    88. 

  88. 	Mark     *XfrmMark
    89. 

  89. 	Tmpls    []XfrmPolicyTmpl
    90. 

  90. }
    91. 

  91. 

  92. func (p XfrmPolicy) String() string {
    93. 

  93. 	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, DstPort: %d, SrcPort: %d, Dir: %s, Priority: %d, Index: %d, Action: %s, Ifindex: %d, Mark: %s, Tmpls: %s}",
    94. 

  94. 		p.Dst, p.Src, p.Proto, p.DstPort, p.SrcPort, p.Dir, p.Priority, p.Index, p.Action, p.Ifindex, p.Mark, p.Tmpls)
    95. 

  95. }
    96.