mirror of https://github.com/vishvananda/netlink
Allow SPI to be passed in policy template (#127)
- It is part of the ID and it is needed when you program policies for different SAs which share same src and dst Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
Alessandro Boch
Vish Ishaya
parent
388bbd0e99
commit
9b552a7a61
|
|
@ -43,12 +43,13 @@ type XfrmPolicyTmpl struct {
|
||||||
Src net.IP
|
Src net.IP
|
||||||
Proto Proto
|
Proto Proto
|
||||||
Mode Mode
|
Mode Mode
|
||||||
|
Spi int
|
||||||
Reqid int
|
Reqid int
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t XfrmPolicyTmpl) String() string {
|
func (t XfrmPolicyTmpl) String() string {
|
||||||
return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Reqid: 0x%x}",
|
return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Spi: 0x%x, Reqid: 0x%x}",
|
||||||
t.Dst, t.Src, t.Proto, t.Mode, t.Reqid)
|
t.Dst, t.Src, t.Proto, t.Mode, t.Spi, t.Reqid)
|
||||||
}
|
}
|
||||||
|
|
||||||
// XfrmPolicy represents an ipsec policy. It represents the overlay network
|
// XfrmPolicy represents an ipsec policy. It represents the overlay network
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,7 @@ func (h *Handle) xfrmPolicyAddOrUpdate(policy *XfrmPolicy, nlProto int) error {
|
||||||
userTmpl.XfrmId.Daddr.FromIP(tmpl.Dst)
|
userTmpl.XfrmId.Daddr.FromIP(tmpl.Dst)
|
||||||
userTmpl.Saddr.FromIP(tmpl.Src)
|
userTmpl.Saddr.FromIP(tmpl.Src)
|
||||||
userTmpl.XfrmId.Proto = uint8(tmpl.Proto)
|
userTmpl.XfrmId.Proto = uint8(tmpl.Proto)
|
||||||
|
userTmpl.XfrmId.Spi = nl.Swap32(uint32(tmpl.Spi))
|
||||||
userTmpl.Mode = uint8(tmpl.Mode)
|
userTmpl.Mode = uint8(tmpl.Mode)
|
||||||
userTmpl.Reqid = uint32(tmpl.Reqid)
|
userTmpl.Reqid = uint32(tmpl.Reqid)
|
||||||
userTmpl.Aalgos = ^uint32(0)
|
userTmpl.Aalgos = ^uint32(0)
|
||||||
|
|
@ -240,6 +241,7 @@ func parseXfrmPolicy(m []byte, family int) (*XfrmPolicy, error) {
|
||||||
resTmpl.Src = tmpl.Saddr.ToIP()
|
resTmpl.Src = tmpl.Saddr.ToIP()
|
||||||
resTmpl.Proto = Proto(tmpl.XfrmId.Proto)
|
resTmpl.Proto = Proto(tmpl.XfrmId.Proto)
|
||||||
resTmpl.Mode = Mode(tmpl.Mode)
|
resTmpl.Mode = Mode(tmpl.Mode)
|
||||||
|
resTmpl.Spi = int(nl.Swap32(tmpl.XfrmId.Spi))
|
||||||
resTmpl.Reqid = int(tmpl.Reqid)
|
resTmpl.Reqid = int(tmpl.Reqid)
|
||||||
policy.Tmpls = append(policy.Tmpls, resTmpl)
|
policy.Tmpls = append(policy.Tmpls, resTmpl)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -147,7 +147,7 @@ func compareTemplates(a, b []XfrmPolicyTmpl) bool {
|
||||||
}
|
}
|
||||||
for i, ta := range a {
|
for i, ta := range a {
|
||||||
tb := b[i]
|
tb := b[i]
|
||||||
if !ta.Dst.Equal(tb.Dst) || !ta.Src.Equal(tb.Src) ||
|
if !ta.Dst.Equal(tb.Dst) || !ta.Src.Equal(tb.Src) || ta.Spi != tb.Spi ||
|
||||||
ta.Mode != tb.Mode || ta.Reqid != tb.Reqid || ta.Proto != tb.Proto {
|
ta.Mode != tb.Mode || ta.Reqid != tb.Reqid || ta.Proto != tb.Proto {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
@ -190,6 +190,7 @@ func getPolicy() *XfrmPolicy {
|
||||||
Dst: net.ParseIP("127.0.0.2"),
|
Dst: net.ParseIP("127.0.0.2"),
|
||||||
Proto: XFRM_PROTO_ESP,
|
Proto: XFRM_PROTO_ESP,
|
||||||
Mode: XFRM_MODE_TUNNEL,
|
Mode: XFRM_MODE_TUNNEL,
|
||||||
|
Spi: 0xabcdef99,
|
||||||
}
|
}
|
||||||
policy.Tmpls = append(policy.Tmpls, tmpl)
|
policy.Tmpls = append(policy.Tmpls, tmpl)
|
||||||
return policy
|
return policy
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue