2014-09-01 03:27:34 +00:00
|
|
|
package netlink
|
|
|
|
|
|
|
|
import (
|
2016-05-09 23:53:16 +00:00
|
|
|
"fmt"
|
2014-09-01 03:27:34 +00:00
|
|
|
"net"
|
2016-05-18 17:20:27 +00:00
|
|
|
|
|
|
|
"github.com/vishvananda/netlink/nl"
|
2014-09-01 03:27:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// XfrmStateAlgo represents the algorithm to use for the ipsec encryption.
|
|
|
|
type XfrmStateAlgo struct {
|
|
|
|
Name string
|
|
|
|
Key []byte
|
|
|
|
TruncateLen int // Auth only
|
|
|
|
}
|
|
|
|
|
2016-05-09 23:53:16 +00:00
|
|
|
func (a XfrmStateAlgo) String() string {
|
|
|
|
return fmt.Sprintf("{Name: %s, Key: 0x%x, TruncateLen: %d}", a.Name, a.Key, a.TruncateLen)
|
|
|
|
}
|
|
|
|
|
2016-05-13 23:42:24 +00:00
|
|
|
// EncapType is an enum representing the optional packet encapsulation.
|
2014-09-16 00:04:48 +00:00
|
|
|
type EncapType uint8
|
|
|
|
|
|
|
|
const (
|
2015-02-12 19:16:19 +00:00
|
|
|
XFRM_ENCAP_ESPINUDP_NONIKE EncapType = iota + 1
|
|
|
|
XFRM_ENCAP_ESPINUDP
|
2014-09-16 00:04:48 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func (e EncapType) String() string {
|
|
|
|
switch e {
|
|
|
|
case XFRM_ENCAP_ESPINUDP_NONIKE:
|
2016-05-13 23:42:24 +00:00
|
|
|
return "espinudp-non-ike"
|
2014-09-16 00:04:48 +00:00
|
|
|
case XFRM_ENCAP_ESPINUDP:
|
|
|
|
return "espinudp"
|
|
|
|
}
|
|
|
|
return "unknown"
|
|
|
|
}
|
|
|
|
|
2016-03-20 00:12:26 +00:00
|
|
|
// XfrmStateEncap represents the encapsulation to use for the ipsec encryption.
|
2014-09-16 00:04:48 +00:00
|
|
|
type XfrmStateEncap struct {
|
|
|
|
Type EncapType
|
|
|
|
SrcPort int
|
|
|
|
DstPort int
|
|
|
|
OriginalAddress net.IP
|
|
|
|
}
|
|
|
|
|
2016-05-09 23:53:16 +00:00
|
|
|
func (e XfrmStateEncap) String() string {
|
|
|
|
return fmt.Sprintf("{Type: %s, Srcport: %d, DstPort: %d, OriginalAddress: %v}",
|
|
|
|
e.Type, e.SrcPort, e.DstPort, e.OriginalAddress)
|
|
|
|
}
|
|
|
|
|
2016-05-18 17:20:27 +00:00
|
|
|
// XfrmStateLimits represents the configured limits for the state.
|
|
|
|
type XfrmStateLimits struct {
|
|
|
|
ByteSoft uint64
|
|
|
|
ByteHard uint64
|
|
|
|
PacketSoft uint64
|
|
|
|
PacketHard uint64
|
|
|
|
TimeSoft uint64
|
|
|
|
TimeHard uint64
|
|
|
|
TimeUseSoft uint64
|
|
|
|
TimeUseHard uint64
|
|
|
|
}
|
|
|
|
|
2014-09-01 03:27:34 +00:00
|
|
|
// XfrmState represents the state of an ipsec policy. It optionally
|
|
|
|
// contains an XfrmStateAlgo for encryption and one for authentication.
|
|
|
|
type XfrmState struct {
|
2014-09-16 00:04:48 +00:00
|
|
|
Dst net.IP
|
|
|
|
Src net.IP
|
|
|
|
Proto Proto
|
|
|
|
Mode Mode
|
|
|
|
Spi int
|
|
|
|
Reqid int
|
2014-09-15 23:13:06 +00:00
|
|
|
ReplayWindow int
|
2016-05-18 17:20:27 +00:00
|
|
|
Limits XfrmStateLimits
|
2016-05-01 03:31:59 +00:00
|
|
|
Mark *XfrmMark
|
2014-09-16 00:04:48 +00:00
|
|
|
Auth *XfrmStateAlgo
|
|
|
|
Crypt *XfrmStateAlgo
|
|
|
|
Encap *XfrmStateEncap
|
2014-09-01 03:27:34 +00:00
|
|
|
}
|
2016-05-09 23:53:16 +00:00
|
|
|
|
|
|
|
func (sa XfrmState) String() string {
|
|
|
|
return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, Auth: %v, Crypt: %v, Encap: %v",
|
|
|
|
sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.Auth, sa.Crypt, sa.Encap)
|
|
|
|
}
|
2016-05-18 17:20:27 +00:00
|
|
|
func (sa XfrmState) Print(stats bool) string {
|
|
|
|
if !stats {
|
|
|
|
return sa.String()
|
|
|
|
}
|
|
|
|
|
|
|
|
return fmt.Sprintf("%s, ByteSoft: %s, ByteHard: %s, PacketSoft: %s, PacketHard: %s, TimeSoft: %d, TimeHard: %d, TimeUseSoft: %d, TimeUseHard: %d",
|
|
|
|
sa.String(), printLimit(sa.Limits.ByteSoft), printLimit(sa.Limits.ByteHard), printLimit(sa.Limits.PacketSoft), printLimit(sa.Limits.PacketHard),
|
|
|
|
sa.Limits.TimeSoft, sa.Limits.TimeHard, sa.Limits.TimeUseSoft, sa.Limits.TimeUseHard)
|
|
|
|
}
|
|
|
|
|
|
|
|
func printLimit(lmt uint64) string {
|
|
|
|
if lmt == nl.XFRM_INF {
|
|
|
|
return "(INF)"
|
|
|
|
}
|
|
|
|
return fmt.Sprintf("%d", lmt)
|
|
|
|
}
|