1package netlink 2 3import ( 4 "fmt" 5 "net" 6) 7 8// Dir is an enum representing an ipsec template direction. 9type Dir uint8 10 11const ( 12 XFRM_DIR_IN Dir = iota 13 XFRM_DIR_OUT 14 XFRM_DIR_FWD 15 XFRM_SOCKET_IN 16 XFRM_SOCKET_OUT 17 XFRM_SOCKET_FWD 18) 19 20func (d Dir) String() string { 21 switch d { 22 case XFRM_DIR_IN: 23 return "dir in" 24 case XFRM_DIR_OUT: 25 return "dir out" 26 case XFRM_DIR_FWD: 27 return "dir fwd" 28 case XFRM_SOCKET_IN: 29 return "socket in" 30 case XFRM_SOCKET_OUT: 31 return "socket out" 32 case XFRM_SOCKET_FWD: 33 return "socket fwd" 34 } 35 return fmt.Sprintf("socket %d", d-XFRM_SOCKET_IN) 36} 37 38// XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec 39// policy. These rules are matched with XfrmState to determine encryption 40// and authentication algorithms. 41type XfrmPolicyTmpl struct { 42 Dst net.IP 43 Src net.IP 44 Proto Proto 45 Mode Mode 46 Spi int 47 Reqid int 48} 49 50func (t XfrmPolicyTmpl) String() string { 51 return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, Mode: %s, Spi: 0x%x, Reqid: 0x%x}", 52 t.Dst, t.Src, t.Proto, t.Mode, t.Spi, t.Reqid) 53} 54 55// XfrmPolicy represents an ipsec policy. It represents the overlay network 56// and has a list of XfrmPolicyTmpls representing the base addresses of 57// the policy. 58type XfrmPolicy struct { 59 Dst *net.IPNet 60 Src *net.IPNet 61 Proto Proto 62 DstPort int 63 SrcPort int 64 Dir Dir 65 Priority int 66 Index int 67 Mark *XfrmMark 68 Tmpls []XfrmPolicyTmpl 69} 70 71func (p XfrmPolicy) String() string { 72 return fmt.Sprintf("{Dst: %v, Src: %v, Proto: %s, DstPort: %d, SrcPort: %d, Dir: %s, Priority: %d, Index: %d, Mark: %s, Tmpls: %s}", 73 p.Dst, p.Src, p.Proto, p.DstPort, p.SrcPort, p.Dir, p.Priority, p.Index, p.Mark, p.Tmpls) 74} 75