RepoMirrors
/
netlink
mirror of https://github.com/vishvananda/netlink
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow to program L4 fields in policy selector (#113) 

Signed-off-by: Alessandro Boch <aboch@docker.com>
This commit is contained in:
Alessandro Boch 2016-05-09 09:19:18 -07:00 committed by Vish Ishaya
parent 14f41c27fa
commit a123807666
4 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xfrm_policy.go
View File

@ -52,6 +52,9 @@ type XfrmPolicyTmpl struct {
type XfrmPolicy struct { type XfrmPolicy struct {
Dst *net.IPNet Dst *net.IPNet
Src *net.IPNet Src *net.IPNet
Proto Proto
DstPort int
SrcPort int
Dir Dir Dir Dir
Priority int Priority int
Index int Index int

8
xfrm_policy_linux.go
View File

@ -14,6 +14,11 @@ func selFromPolicy(sel *nl.XfrmSelector, policy *XfrmPolicy) {
sel.PrefixlenD = uint8(prefixlenD) sel.PrefixlenD = uint8(prefixlenD)
prefixlenS, _ := policy.Src.Mask.Size() prefixlenS, _ := policy.Src.Mask.Size()
sel.PrefixlenS = uint8(prefixlenS) sel.PrefixlenS = uint8(prefixlenS)
sel.Proto = uint8(policy.Proto)
sel.Dport = nl.Swap16(uint16(policy.DstPort))
sel.Sport = nl.Swap16(uint16(policy.SrcPort))
sel.DportMask = ^uint16(0)
sel.SportMask = ^uint16(0)
} }
// XfrmPolicyAdd will add an xfrm policy to the system. // XfrmPolicyAdd will add an xfrm policy to the system.
@ -160,6 +165,9 @@ func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) {
policy.Dst = msg.Sel.Daddr.ToIPNet(msg.Sel.PrefixlenD) policy.Dst = msg.Sel.Daddr.ToIPNet(msg.Sel.PrefixlenD)
policy.Src = msg.Sel.Saddr.ToIPNet(msg.Sel.PrefixlenS) policy.Src = msg.Sel.Saddr.ToIPNet(msg.Sel.PrefixlenS)
policy.Proto = Proto(msg.Sel.Proto)
policy.DstPort = int(nl.Swap16(msg.Sel.Dport))
policy.SrcPort = int(nl.Swap16(msg.Sel.Sport))
policy.Priority = int(msg.Priority) policy.Priority = int(msg.Priority)
policy.Index = int(msg.Index) policy.Index = int(msg.Index)
policy.Dir = Dir(msg.Dir) policy.Dir = Dir(msg.Dir)

24
xfrm_policy_test.go
View File

@ -1,6 +1,7 @@
package netlink package netlink
import ( import (
"bytes"
"net" "net"
"testing" "testing"
) )
@ -14,6 +15,9 @@ func TestXfrmPolicyAddUpdateDel(t *testing.T) {
policy := XfrmPolicy{ policy := XfrmPolicy{
Src: src, Src: src,
Dst: dst, Dst: dst,
Proto: 17,
DstPort: 1234,
SrcPort: 5678,
Dir: XFRM_DIR_OUT, Dir: XFRM_DIR_OUT,
Mark: &XfrmMark{ Mark: &XfrmMark{
Value: 0xabff22, Value: 0xabff22,
@ -40,6 +44,16 @@ func TestXfrmPolicyAddUpdateDel(t *testing.T) {
t.Fatal("Policy not added properly") t.Fatal("Policy not added properly")
} }
// Verify Selector fields
if !compareIPNet(policies[0].Dst, policy.Dst) ||
!compareIPNet(policies[0].Src, policy.Src) ||
policies[0].Proto != policy.Proto ||
policies[0].DstPort != policy.DstPort ||
policies[0].SrcPort != policy.SrcPort {
t.Fatalf("Incorrect policy data retrieved. Expected %v. Got %v.",
policy, policies[0])
}
// Modify the policy // Modify the policy
policy.Priority = 100 policy.Priority = 100
if err := XfrmPolicyUpdate(&policy); err != nil { if err := XfrmPolicyUpdate(&policy); err != nil {
@ -65,3 +79,13 @@ func TestXfrmPolicyAddUpdateDel(t *testing.T) {
t.Fatal("Policy not removed properly") t.Fatal("Policy not removed properly")
} }
} }
func compareIPNet(a, b *net.IPNet) bool {
if a == b {
return true
}
if a == nil || b == nil {
return false
}
return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask)
}

2
xfrm_state_linux.go
View File

@ -40,7 +40,7 @@ func writeMark(m *XfrmMark) []byte {
Mask: m.Mask, Mask: m.Mask,
} }
if mark.Mask == 0 { if mark.Mask == 0 {
mark.Mask = 0xfffffff mark.Mask = ^uint32(0)
} }
return mark.Serialize() return mark.Serialize()
} }