mirror of
https://github.com/vishvananda/netlink
synced 2024-12-27 00:52:11 +00:00
Support XFRM extra-flag attribute
Add support of XFRMA_SA_EXTRA_FLAGS attribute of XFRM State interface. The attribute is a 32bit flag and currently two flags (XFRM_SA_XFLAG_DONT_ENCAP_DSCP and XFRM_SA_XFLAG_OSEQ_MAY_WRAP) are defined. Two boolean flags added to XfrmState struct are correspoinding to those flags. Naming of the flags are taken from iproute2's options (extra-flag dont-encap-dscp | oseq-may-wrap).
This commit is contained in:
parent
c94808a88b
commit
1f7c9af2fa
@ -28,6 +28,11 @@ const (
|
||||
XFRM_STATE_ESN = 128
|
||||
)
|
||||
|
||||
const (
|
||||
XFRM_SA_XFLAG_DONT_ENCAP_DSCP = 1
|
||||
XFRM_SA_XFLAG_OSEQ_MAY_WRAP = 2
|
||||
)
|
||||
|
||||
// struct xfrm_usersa_id {
|
||||
// xfrm_address_t daddr;
|
||||
// __be32 spi;
|
||||
@ -103,6 +108,7 @@ func (msg *XfrmStats) Serialize() []byte {
|
||||
// };
|
||||
//
|
||||
// #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
|
||||
// #define XFRM_SA_XFLAG_OSEQ_MAY_WRAP 2
|
||||
//
|
||||
|
||||
type XfrmUsersaInfo struct {
|
||||
|
@ -84,28 +84,30 @@ type XfrmStateStats struct {
|
||||
// XfrmState represents the state of an ipsec policy. It optionally
|
||||
// contains an XfrmStateAlgo for encryption and one for authentication.
|
||||
type XfrmState struct {
|
||||
Dst net.IP
|
||||
Src net.IP
|
||||
Proto Proto
|
||||
Mode Mode
|
||||
Spi int
|
||||
Reqid int
|
||||
ReplayWindow int
|
||||
Limits XfrmStateLimits
|
||||
Statistics XfrmStateStats
|
||||
Mark *XfrmMark
|
||||
OutputMark *XfrmMark
|
||||
Ifid int
|
||||
Auth *XfrmStateAlgo
|
||||
Crypt *XfrmStateAlgo
|
||||
Aead *XfrmStateAlgo
|
||||
Encap *XfrmStateEncap
|
||||
ESN bool
|
||||
Dst net.IP
|
||||
Src net.IP
|
||||
Proto Proto
|
||||
Mode Mode
|
||||
Spi int
|
||||
Reqid int
|
||||
ReplayWindow int
|
||||
Limits XfrmStateLimits
|
||||
Statistics XfrmStateStats
|
||||
Mark *XfrmMark
|
||||
OutputMark *XfrmMark
|
||||
Ifid int
|
||||
Auth *XfrmStateAlgo
|
||||
Crypt *XfrmStateAlgo
|
||||
Aead *XfrmStateAlgo
|
||||
Encap *XfrmStateEncap
|
||||
ESN bool
|
||||
DontEncapDSCP bool
|
||||
OSeqMayWrap bool
|
||||
}
|
||||
|
||||
func (sa XfrmState) String() string {
|
||||
return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %v, Ifid: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t",
|
||||
sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.Ifid, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN)
|
||||
return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %v, Ifid: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t, DontEncapDSCP: %t, OSeqMayWrap: %t",
|
||||
sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.Ifid, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN, sa.DontEncapDSCP, sa.OSeqMayWrap)
|
||||
}
|
||||
func (sa XfrmState) Print(stats bool) string {
|
||||
if !stats {
|
||||
|
@ -166,6 +166,17 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error {
|
||||
req.AddData(out)
|
||||
}
|
||||
}
|
||||
if state.OSeqMayWrap || state.DontEncapDSCP {
|
||||
var flags uint32
|
||||
if state.DontEncapDSCP {
|
||||
flags |= nl.XFRM_SA_XFLAG_DONT_ENCAP_DSCP
|
||||
}
|
||||
if state.OSeqMayWrap {
|
||||
flags |= nl.XFRM_SA_XFLAG_OSEQ_MAY_WRAP
|
||||
}
|
||||
out := nl.NewRtAttr(nl.XFRMA_SA_EXTRA_FLAGS, nl.Uint32Attr(flags))
|
||||
req.AddData(out)
|
||||
}
|
||||
|
||||
if state.Ifid != 0 {
|
||||
ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(state.Ifid)))
|
||||
@ -385,6 +396,14 @@ func parseXfrmState(m []byte, family int) (*XfrmState, error) {
|
||||
state.Mark = new(XfrmMark)
|
||||
state.Mark.Value = mark.Value
|
||||
state.Mark.Mask = mark.Mask
|
||||
case nl.XFRMA_SA_EXTRA_FLAGS:
|
||||
flags := native.Uint32(attr.Value)
|
||||
if (flags & nl.XFRM_SA_XFLAG_DONT_ENCAP_DSCP) != 0 {
|
||||
state.DontEncapDSCP = true
|
||||
}
|
||||
if (flags & nl.XFRM_SA_XFLAG_OSEQ_MAY_WRAP) != 0 {
|
||||
state.OSeqMayWrap = true
|
||||
}
|
||||
case nl.XFRMA_SET_MARK:
|
||||
if state.OutputMark == nil {
|
||||
state.OutputMark = new(XfrmMark)
|
||||
|
Loading…
Reference in New Issue
Block a user