RepoMirrors/netlink
1
0
Fork 0
mirror of https://github.com/vishvananda/netlink synced 2024-12-27 17:12:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support XFRM extra-flag attribute

Browse Source 
Add support of XFRMA_SA_EXTRA_FLAGS attribute of XFRM State interface.
The attribute is a 32bit flag and currently two flags
(XFRM_SA_XFLAG_DONT_ENCAP_DSCP and XFRM_SA_XFLAG_OSEQ_MAY_WRAP) are
defined. Two boolean flags added to XfrmState struct are correspoinding
to those flags. Naming of the flags are taken from iproute2's options
(extra-flag dont-encap-dscp | oseq-may-wrap).
This commit is contained in:
Yutaro Hayakawa 2022-05-08 14:07:32 +09:00 committed by Alessandro Boch
parent c94808a88b
commit 1f7c9af2fa
3 changed files with 46 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nl/xfrm_state_linux.go
View File

@ -28,6 +28,11 @@ const (
XFRM_STATE_ESN = 128
)
const (
XFRM_SA_XFLAG_DONT_ENCAP_DSCP = 1
XFRM_SA_XFLAG_OSEQ_MAY_WRAP = 2
)
// struct xfrm_usersa_id {
// xfrm_address_t daddr;
// __be32 spi;
@ -103,6 +108,7 @@ func (msg *XfrmStats) Serialize() []byte {
// };
//
// #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
// #define XFRM_SA_XFLAG_OSEQ_MAY_WRAP 2
//
type XfrmUsersaInfo struct {

40
xfrm_state.go
View File

@ -84,28 +84,30 @@ type XfrmStateStats struct {
// XfrmState represents the state of an ipsec policy. It optionally
// contains an XfrmStateAlgo for encryption and one for authentication.
type XfrmState struct {
Dst net.IP
Src net.IP
Proto Proto
Mode Mode
Spi int
Reqid int
ReplayWindow int
Limits XfrmStateLimits
Statistics XfrmStateStats
Mark *XfrmMark
OutputMark *XfrmMark
Ifid int
Auth *XfrmStateAlgo
Crypt *XfrmStateAlgo
Aead *XfrmStateAlgo
Encap *XfrmStateEncap
ESN bool
Dst net.IP
Src net.IP
Proto Proto
Mode Mode
Spi int
Reqid int
ReplayWindow int
Limits XfrmStateLimits
Statistics XfrmStateStats
Mark *XfrmMark
OutputMark *XfrmMark
Ifid int
Auth *XfrmStateAlgo
Crypt *XfrmStateAlgo
Aead *XfrmStateAlgo
Encap *XfrmStateEncap
ESN bool
DontEncapDSCP bool
OSeqMayWrap bool
}
func (sa XfrmState) String() string {
return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %v, Ifid: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t",
sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.Ifid, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN)
return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %v, Ifid: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t, DontEncapDSCP: %t, OSeqMayWrap: %t",
sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.Ifid, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN, sa.DontEncapDSCP, sa.OSeqMayWrap)
}
func (sa XfrmState) Print(stats bool) string {
if !stats {

19
xfrm_state_linux.go
View File

@ -166,6 +166,17 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error {
req.AddData(out)
}
}
if state.OSeqMayWrap || state.DontEncapDSCP {
var flags uint32
if state.DontEncapDSCP {
flags |= nl.XFRM_SA_XFLAG_DONT_ENCAP_DSCP
}
if state.OSeqMayWrap {
flags |= nl.XFRM_SA_XFLAG_OSEQ_MAY_WRAP
}
out := nl.NewRtAttr(nl.XFRMA_SA_EXTRA_FLAGS, nl.Uint32Attr(flags))
req.AddData(out)
}
if state.Ifid != 0 {
ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(state.Ifid)))
@ -385,6 +396,14 @@ func parseXfrmState(m []byte, family int) (*XfrmState, error) {
state.Mark = new(XfrmMark)
state.Mark.Value = mark.Value
state.Mark.Mask = mark.Mask
case nl.XFRMA_SA_EXTRA_FLAGS:
flags := native.Uint32(attr.Value)
if (flags & nl.XFRM_SA_XFLAG_DONT_ENCAP_DSCP) != 0 {
state.DontEncapDSCP = true
}
if (flags & nl.XFRM_SA_XFLAG_OSEQ_MAY_WRAP) != 0 {
state.OSeqMayWrap = true
}
case nl.XFRMA_SET_MARK:
if state.OutputMark == nil {
state.OutputMark = new(XfrmMark)