summaryrefslogtreecommitdiff
path: root/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/vishvananda/netlink/xfrm_state_linux.go')
-rw-r--r--vendor/github.com/vishvananda/netlink/xfrm_state_linux.go39
1 files changed, 26 insertions, 13 deletions
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
index 6a7bc0dec..5dfdb33e4 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
@@ -2,10 +2,10 @@ package netlink
import (
"fmt"
- "syscall"
"unsafe"
"github.com/vishvananda/netlink/nl"
+ "golang.org/x/sys/unix"
)
func writeStateAlgo(a *XfrmStateAlgo) []byte {
@@ -69,8 +69,10 @@ func writeReplayEsn(replayWindow int) []byte {
ReplayWindow: uint32(replayWindow),
}
- // taken from iproute2/ip/xfrm_state.c:
- replayEsn.BmpLen = uint32((replayWindow + (4 * 8) - 1) / (4 * 8))
+ // Linux stores the bitmap to identify the already received sequence packets in blocks of uint32 elements.
+ // Therefore bitmap length is the minimum number of uint32 elements needed. The following is a ceiling operation.
+ bytesPerElem := int(unsafe.Sizeof(replayEsn.BmpLen)) // Any uint32 variable is good for this
+ replayEsn.BmpLen = uint32((replayWindow + (bytesPerElem * 8) - 1) / (bytesPerElem * 8))
return replayEsn.Serialize()
}
@@ -111,7 +113,7 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error {
if state.Spi == 0 {
return fmt.Errorf("Spi must be set when adding xfrm state.")
}
- req := h.newNetlinkRequest(nlProto, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+ req := h.newNetlinkRequest(nlProto, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
msg := xfrmUsersaInfoFromXfrmState(state)
@@ -157,13 +159,13 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error {
req.AddData(out)
}
- _, err := req.Execute(syscall.NETLINK_XFRM, 0)
+ _, err := req.Execute(unix.NETLINK_XFRM, 0)
return err
}
func (h *Handle) xfrmStateAllocSpi(state *XfrmState) (*XfrmState, error) {
req := h.newNetlinkRequest(nl.XFRM_MSG_ALLOCSPI,
- syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+ unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK)
msg := &nl.XfrmUserSpiInfo{}
msg.XfrmUsersaInfo = *(xfrmUsersaInfoFromXfrmState(state))
@@ -177,7 +179,7 @@ func (h *Handle) xfrmStateAllocSpi(state *XfrmState) (*XfrmState, error) {
req.AddData(out)
}
- msgs, err := req.Execute(syscall.NETLINK_XFRM, 0)
+ msgs, err := req.Execute(unix.NETLINK_XFRM, 0)
if err != nil {
return nil, err
}
@@ -216,9 +218,9 @@ func XfrmStateList(family int) ([]XfrmState, error) {
// Equivalent to: `ip xfrm state show`.
// The list can be filtered by ip family.
func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) {
- req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, syscall.NLM_F_DUMP)
+ req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, unix.NLM_F_DUMP)
- msgs, err := req.Execute(syscall.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
+ msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
if err != nil {
return nil, err
}
@@ -255,7 +257,7 @@ func (h *Handle) XfrmStateGet(state *XfrmState) (*XfrmState, error) {
}
func (h *Handle) xfrmStateGetOrDelete(state *XfrmState, nlProto int) (*XfrmState, error) {
- req := h.newNetlinkRequest(nlProto, syscall.NLM_F_ACK)
+ req := h.newNetlinkRequest(nlProto, unix.NLM_F_ACK)
msg := &nl.XfrmUsersaId{}
msg.Family = uint16(nl.GetIPFamily(state.Dst))
@@ -278,7 +280,7 @@ func (h *Handle) xfrmStateGetOrDelete(state *XfrmState, nlProto int) (*XfrmState
resType = 0
}
- msgs, err := req.Execute(syscall.NETLINK_XFRM, uint16(resType))
+ msgs, err := req.Execute(unix.NETLINK_XFRM, uint16(resType))
if err != nil {
return nil, err
}
@@ -308,6 +310,7 @@ func xfrmStateFromXfrmUsersaInfo(msg *nl.XfrmUsersaInfo) *XfrmState {
state.Reqid = int(msg.Reqid)
state.ReplayWindow = int(msg.ReplayWindow)
lftToLimits(&msg.Lft, &state.Limits)
+ curToStats(&msg.Curlft, &msg.Stats, &state.Statistics)
return &state
}
@@ -386,11 +389,11 @@ func XfrmStateFlush(proto Proto) error {
// proto = 0 means any transformation protocols
// Equivalent to: `ip xfrm state flush [ proto XFRM-PROTO ]`
func (h *Handle) XfrmStateFlush(proto Proto) error {
- req := h.newNetlinkRequest(nl.XFRM_MSG_FLUSHSA, syscall.NLM_F_ACK)
+ req := h.newNetlinkRequest(nl.XFRM_MSG_FLUSHSA, unix.NLM_F_ACK)
req.AddData(&nl.XfrmUsersaFlush{Proto: uint8(proto)})
- _, err := req.Execute(syscall.NETLINK_XFRM, 0)
+ _, err := req.Execute(unix.NETLINK_XFRM, 0)
if err != nil {
return err
}
@@ -429,6 +432,16 @@ func lftToLimits(lft *nl.XfrmLifetimeCfg, lmts *XfrmStateLimits) {
*lmts = *(*XfrmStateLimits)(unsafe.Pointer(lft))
}
+func curToStats(cur *nl.XfrmLifetimeCur, wstats *nl.XfrmStats, stats *XfrmStateStats) {
+ stats.Bytes = cur.Bytes
+ stats.Packets = cur.Packets
+ stats.AddTime = cur.AddTime
+ stats.UseTime = cur.UseTime
+ stats.ReplayWindow = wstats.ReplayWindow
+ stats.Replay = wstats.Replay
+ stats.Failed = wstats.IntegrityFailed
+}
+
func xfrmUsersaInfoFromXfrmState(state *XfrmState) *nl.XfrmUsersaInfo {
msg := &nl.XfrmUsersaInfo{}
msg.Family = uint16(nl.GetIPFamily(state.Dst))
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-19 01:46:34 +0000