2014-09-01 03:27:34 +00:00
|
|
|
package netlink
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Dir is an enum representing an ipsec template direction.
|
|
|
|
|
type Dir uint8
|
|
|
|
|
|
|
|
|
|
const (
|
2014-09-16 00:03:37 +00:00
|
|
|
XFRM_DIR_IN Dir = iota
|
|
|
|
|
XFRM_DIR_OUT Dir = iota
|
|
|
|
|
XFRM_DIR_FWD Dir = iota
|
|
|
|
|
XFRM_SOCKET_IN Dir = iota
|
|
|
|
|
XFRM_SOCKET_OUT Dir = iota
|
|
|
|
|
XFRM_SOCKET_FWD Dir = iota
|
2014-09-01 03:27:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (d Dir) String() string {
|
|
|
|
|
switch d {
|
|
|
|
|
case XFRM_DIR_IN:
|
2014-09-16 00:03:37 +00:00
|
|
|
return "dir in"
|
2014-09-01 03:27:34 +00:00
|
|
|
case XFRM_DIR_OUT:
|
2014-09-16 00:03:37 +00:00
|
|
|
return "dir out"
|
|
|
|
|
case XFRM_DIR_FWD:
|
|
|
|
|
return "dir fwd"
|
|
|
|
|
case XFRM_SOCKET_IN:
|
|
|
|
|
return "socket in"
|
|
|
|
|
case XFRM_SOCKET_OUT:
|
|
|
|
|
return "socket out"
|
|
|
|
|
case XFRM_SOCKET_FWD:
|
|
|
|
|
return "socket fwd"
|
2014-09-01 03:27:34 +00:00
|
|
|
}
|
2014-09-16 00:03:37 +00:00
|
|
|
return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN)
|
2014-09-01 03:27:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec
|
|
|
|
|
// policy. These rules are matched with XfrmState to determine encryption
|
|
|
|
|
// and authentication algorithms.
|
|
|
|
|
type XfrmPolicyTmpl struct {
|
|
|
|
|
Dst net.IP
|
|
|
|
|
Src net.IP
|
|
|
|
|
Proto Proto
|
|
|
|
|
Mode Mode
|
|
|
|
|
Reqid int
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// XfrmPolicy represents an ipsec policy. It represents the overlay network
|
|
|
|
|
// and has a list of XfrmPolicyTmpls representing the base addresses of
|
|
|
|
|
// the policy.
|
|
|
|
|
type XfrmPolicy struct {
|
2014-09-07 18:27:29 +00:00
|
|
|
Dst *net.IPNet
|
|
|
|
|
Src *net.IPNet
|
2014-09-01 03:27:34 +00:00
|
|
|
Dir Dir
|
|
|
|
|
Priority int
|
|
|
|
|
Index int
|
|
|
|
|
Tmpls []XfrmPolicyTmpl
|
|
|
|
|
}
|
