xfrm_state.go 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
  1. package netlink
  2. import (
  3. "fmt"
  4. "net"
  5. "time"
  6. )
  7. // XfrmStateAlgo represents the algorithm to use for the ipsec encryption.
  8. type XfrmStateAlgo struct {
  9. Name string
  10. Key []byte
  11. TruncateLen int // Auth only
  12. ICVLen int // AEAD only
  13. }
  14. func (a XfrmStateAlgo) String() string {
  15. base := fmt.Sprintf("{Name: %s, Key: 0x%x", a.Name, a.Key)
  16. if a.TruncateLen != 0 {
  17. base = fmt.Sprintf("%s, Truncate length: %d", base, a.TruncateLen)
  18. }
  19. if a.ICVLen != 0 {
  20. base = fmt.Sprintf("%s, ICV length: %d", base, a.ICVLen)
  21. }
  22. return fmt.Sprintf("%s}", base)
  23. }
  24. // EncapType is an enum representing the optional packet encapsulation.
  25. type EncapType uint8
  26. const (
  27. XFRM_ENCAP_ESPINUDP_NONIKE EncapType = iota + 1
  28. XFRM_ENCAP_ESPINUDP
  29. )
  30. func (e EncapType) String() string {
  31. switch e {
  32. case XFRM_ENCAP_ESPINUDP_NONIKE:
  33. return "espinudp-non-ike"
  34. case XFRM_ENCAP_ESPINUDP:
  35. return "espinudp"
  36. }
  37. return "unknown"
  38. }
  39. // XfrmStateEncap represents the encapsulation to use for the ipsec encryption.
  40. type XfrmStateEncap struct {
  41. Type EncapType
  42. SrcPort int
  43. DstPort int
  44. OriginalAddress net.IP
  45. }
  46. func (e XfrmStateEncap) String() string {
  47. return fmt.Sprintf("{Type: %s, Srcport: %d, DstPort: %d, OriginalAddress: %v}",
  48. e.Type, e.SrcPort, e.DstPort, e.OriginalAddress)
  49. }
  50. // XfrmStateLimits represents the configured limits for the state.
  51. type XfrmStateLimits struct {
  52. ByteSoft uint64
  53. ByteHard uint64
  54. PacketSoft uint64
  55. PacketHard uint64
  56. TimeSoft uint64
  57. TimeHard uint64
  58. TimeUseSoft uint64
  59. TimeUseHard uint64
  60. }
  61. // XfrmStateStats represents the current number of bytes/packets
  62. // processed by this State, the State's installation and first use
  63. // time and the replay window counters.
  64. type XfrmStateStats struct {
  65. ReplayWindow uint32
  66. Replay uint32
  67. Failed uint32
  68. Bytes uint64
  69. Packets uint64
  70. AddTime uint64
  71. UseTime uint64
  72. }
  73. // XfrmState represents the state of an ipsec policy. It optionally
  74. // contains an XfrmStateAlgo for encryption and one for authentication.
  75. type XfrmState struct {
  76. Dst net.IP
  77. Src net.IP
  78. Proto Proto
  79. Mode Mode
  80. Spi int
  81. Reqid int
  82. ReplayWindow int
  83. Limits XfrmStateLimits
  84. Statistics XfrmStateStats
  85. Mark *XfrmMark
  86. Auth *XfrmStateAlgo
  87. Crypt *XfrmStateAlgo
  88. Aead *XfrmStateAlgo
  89. Encap *XfrmStateEncap
  90. ESN bool
  91. }
  92. func (sa XfrmState) String() string {
  93. return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t",
  94. sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN)
  95. }
  96. func (sa XfrmState) Print(stats bool) string {
  97. if !stats {
  98. return sa.String()
  99. }
  100. at := time.Unix(int64(sa.Statistics.AddTime), 0).Format(time.UnixDate)
  101. ut := "-"
  102. if sa.Statistics.UseTime > 0 {
  103. ut = time.Unix(int64(sa.Statistics.UseTime), 0).Format(time.UnixDate)
  104. }
  105. return fmt.Sprintf("%s, ByteSoft: %s, ByteHard: %s, PacketSoft: %s, PacketHard: %s, TimeSoft: %d, TimeHard: %d, TimeUseSoft: %d, TimeUseHard: %d, Bytes: %d, Packets: %d, "+
  106. "AddTime: %s, UseTime: %s, ReplayWindow: %d, Replay: %d, Failed: %d",
  107. sa.String(), printLimit(sa.Limits.ByteSoft), printLimit(sa.Limits.ByteHard), printLimit(sa.Limits.PacketSoft), printLimit(sa.Limits.PacketHard),
  108. sa.Limits.TimeSoft, sa.Limits.TimeHard, sa.Limits.TimeUseSoft, sa.Limits.TimeUseHard, sa.Statistics.Bytes, sa.Statistics.Packets, at, ut,
  109. sa.Statistics.ReplayWindow, sa.Statistics.Replay, sa.Statistics.Failed)
  110. }
  111. func printLimit(lmt uint64) string {
  112. if lmt == ^uint64(0) {
  113. return "(INF)"
  114. }
  115. return fmt.Sprintf("%d", lmt)
  116. }