github.com/sagernet/netlink@v0.0.0-20240612041022-b9a21c07ac6a/xfrm_policy.go

github.com/sagernet/netlink@v0.0.0-20240612041022-b9a21c07ac6a/xfrm_policy.go (about)

     1  package netlink
     2  
     3  import (
     4  	"fmt"
     5  	"net"
     6  )
     7  
     8  // Dir is an enum representing an ipsec template direction.
     9  type Dir uint8
    10  
    11  const (
    12  	XFRM_DIR_IN Dir = iota
    13  	XFRM_DIR_OUT
    14  	XFRM_DIR_FWD
    15  	XFRM_SOCKET_IN
    16  	XFRM_SOCKET_OUT
    17  	XFRM_SOCKET_FWD
    18  )
    19  
    20  func (d Dir) String() string {
    21  	switch d {
    22  	case XFRM_DIR_IN:
    23  		return "dir in"
    24  	case XFRM_DIR_OUT:
    25  		return "dir out"
    26  	case XFRM_DIR_FWD:
    27  		return "dir fwd"
    28  	case XFRM_SOCKET_IN:
    29  		return "socket in"
    30  	case XFRM_SOCKET_OUT:
    31  		return "socket out"
    32  	case XFRM_SOCKET_FWD:
    33  		return "socket fwd"
    34  	}
    35  	return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN)
    36  }
    37  
    38  // PolicyAction is an enum representing an ipsec policy action.
    39  type PolicyAction uint8
    40  
    41  const (
    42  	XFRM_POLICY_ALLOW PolicyAction = 0
    43  	XFRM_POLICY_BLOCK PolicyAction = 1
    44  )
    45  
    46  func (a PolicyAction) String() string {
    47  	switch a {
    48  	case XFRM_POLICY_ALLOW:
    49  		return "allow"
    50  	case XFRM_POLICY_BLOCK:
    51  		return "block"
    52  	default:
    53  		return fmt.Sprintf("action %d", a)
    54  	}
    55  }
    56  
    57  // XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec
    58  // policy. These rules are matched with XfrmState to determine encryption
    59  // and authentication algorithms.
    60  type XfrmPolicyTmpl struct {
    61  	Dst      net.IP
    62  	Src      net.IP
    63  	Proto    Proto
    64  	Mode     Mode
    65  	Spi      int
    66  	Reqid    int
    67  	Optional int
    68  }
    69  
    70  func (t XfrmPolicyTmpl) String() string {
    71  	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Spi: 0x%x, Reqid: 0x%x}",
    72  		t.Dst, t.Src, t.Proto, t.Mode, t.Spi, t.Reqid)
    73  }
    74  
    75  // XfrmPolicy represents an ipsec policy. It represents the overlay network
    76  // and has a list of XfrmPolicyTmpls representing the base addresses of
    77  // the policy.
    78  type XfrmPolicy struct {
    79  	Dst      *net.IPNet
    80  	Src      *net.IPNet
    81  	Proto    Proto
    82  	DstPort  int
    83  	SrcPort  int
    84  	Dir      Dir
    85  	Priority int
    86  	Index    int
    87  	Action   PolicyAction
    88  	Ifindex  int
    89  	Ifid     int
    90  	Mark     *XfrmMark
    91  	Tmpls    []XfrmPolicyTmpl
    92  }
    93  
    94  func (p XfrmPolicy) String() string {
    95  	return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, DstPort: %d, SrcPort: %d, Dir: %s, Priority: %d, Index: %d, Action: %s, Ifindex: %d, Ifid: %d, Mark: %s, Tmpls: %s}",
    96  		p.Dst, p.Src, p.Proto, p.DstPort, p.SrcPort, p.Dir, p.Priority, p.Index, p.Action, p.Ifindex, p.Ifid, p.Mark, p.Tmpls)
    97  }