XFRM interfaces are available in Linux Kernel 4.19+
When an IF_ID is applied to a XFRM policy and state, the corresponding
traffic will be sent through the virtual interface with the same IF_ID.
The action and ifindex fields aren't represented in the XfrmPolicy type
although they exist in the the linux equivalent data structures. They
are represented in the serialized versions of those datatypes. So this
patch simply exposes those fields to the user-consumable side of the
API. This patch makes the policy's action a specific type in the same
style as the Dir field in XfrmPolicy.
Update the existing unit tests to compare Ifindex and Action fields in
the XFRM structure. Verify that the default policy returns an action of
ALLOW and an ifindex of 0. Add a unit test to add and read back a
policy to the loopback interface (ifindex 1) with action "block".
Signed-off-by: Chris Telfer <ctelfer@docker.com>
- It is part of the ID and it is needed when you
program policies for different SAs which share
same src and dst
Signed-off-by: Alessandro Boch <aboch@docker.com>
* Add Mark to xrfm state
Signed-off-by: Alessandro Boch <aboch@docker.com>
* Add Mark to xfrm policies
Signed-off-by: Alessandro Boch <aboch@docker.com>